SC-900 Describe the capabilities of Microsoft security solutions • Set 9
SC-900 Describe the capabilities of Microsoft security solutions Practice Test 9 — 15 questions with explanations. Free, no signup.
A security analyst wants to create a custom detection rule that tracks a specific multi-stage attack pattern: a user receives a phishing email, clicks a link, and then a script is executed on their device. The analyst needs to write a Kusto Query Language (KQL) query to detect this pattern and schedule it to run automatically, generating alerts. Which Microsoft 365 Defender capability should they use?