SC-200 Perform threat hunting • Timed 50 Questions
This is a timed practice session. You have 50 minutes to answer 50 questions — approximately 1 minute per question, matching real SC-200 exam pace. Answer every question before time expires.
Time remaining
50:00
Exam-pace drill
Allow 1 minute per question. On the real SC-200 exam you have approximately 72 seconds per question — this session trains you to maintain that pace under pressure.
A security analyst is using KQL in Microsoft Sentinel to hunt for potential data exfiltration by a user who has been sending unusually large amounts of data to an external IP address. Which KQL operator should the analyst use to identify the top source IP addresses and total bytes sent over the last 7 days?