Exam SC-200 Topic 1 Question 292 Discussion
Actual exam question for Microsoft's SC-200 exam
Question #: 292
Topic #: 1
Question #: 292
Topic #: 1
You plan to create a custom Azure Sentinel query that will provide a visual representation of the security alerts generated by Azure Security Center.
You need to create a query that will be used to display a bar graph. What should you include in the query?
You need to create a query that will be used to display a bar graph. What should you include in the query?
Suggested Answer: C Vote an answer
To create a custom Azure Sentinel query that provides a visual representation of security alerts generated by Azure Security Center in a bar graph, you need to include elements that aggregate and summarize the data for visualization. Let's analyze the options:
* A. extend: This operator is used to create calculated columns or add new fields to the query results.
While useful for manipulating data, it's not directly responsible for aggregating data for a bar graph.
* B. bin: This operator groups data into discrete intervals (bins) based on a specified time or numeric range. It's useful for time-based visualizations, such as grouping alerts by time periods (e.g., daily or hourly), which is often needed for bar graphs.
* C. count: This operator aggregates data by counting the number of records, which is essential for a bar graph to show the frequency of security alerts.
* D. workspace: This specifies the Azure Sentinel workspace to query but doesn't directly contribute to the aggregation or visualization logic needed for a bar graph.
For a bar graph, you typically need to aggregate data (e.g., count alerts) and possibly group it by a category or time interval. The count operator is critical to calculate the number of alerts, and bin is often used to group alerts by time for time-based visualizations like a bar graph. However, count is the most essential for summarizing the data to display in a bar graph.
* A. extend: This operator is used to create calculated columns or add new fields to the query results.
While useful for manipulating data, it's not directly responsible for aggregating data for a bar graph.
* B. bin: This operator groups data into discrete intervals (bins) based on a specified time or numeric range. It's useful for time-based visualizations, such as grouping alerts by time periods (e.g., daily or hourly), which is often needed for bar graphs.
* C. count: This operator aggregates data by counting the number of records, which is essential for a bar graph to show the frequency of security alerts.
* D. workspace: This specifies the Azure Sentinel workspace to query but doesn't directly contribute to the aggregation or visualization logic needed for a bar graph.
For a bar graph, you typically need to aggregate data (e.g., count alerts) and possibly group it by a category or time interval. The count operator is critical to calculate the number of alerts, and bin is often used to group alerts by time for time-based visualizations like a bar graph. However, count is the most essential for summarizing the data to display in a bar graph.
by Beryl at May 13, 2026, 08:07 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).