SC-200 Respond to security incidents • Set 13
SC-200 Respond to security incidents Practice Test 13 — 15 questions with explanations. Free, no signup.
Your organization uses Microsoft Sentinel. You have a scheduled analytics rule that queries Windows Security Events to detect local admin group modifications. The rule runs every hour and looks back 1 hour. However, you are missing events that occur within the first few minutes of the hour. What is the most likely cause?