SC-200 Perform threat hunting • Set 6
SC-200 Perform threat hunting Practice Test 6 — 15 questions with explanations. Free, no signup.
Your organization uses Microsoft Sentinel and Microsoft Defender XDR. You want to create a hunting query that finds users who have accessed a high number of distinct Azure resources within a short time frame, which may indicate credential theft. Which KQL query would be most effective?