SC-200 • Timed Practice Test 4
This is a timed practice session. You have 10 minutes to answer 10 questions — approximately 1 minute per question, matching real SC-200 exam pace. Answer every question before time expires.
Time remaining
10:00
Exam-pace drill
Allow 1 minute per question. On the real SC-200 exam you have approximately 72 seconds per question — this session trains you to maintain that pace under pressure.
A SOC analyst is creating a new analytics rule in Microsoft Sentinel to detect when a user account is disabled. The analyst needs to select a rule template that uses Microsoft Entra ID audit logs. Which rule type should the analyst choose?