Which two KQL queries should you use?

You need to determine If you have unwanted incoming web service calls in your tenant during the last seven days.

Which two KQL queries should you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A)

B)

C)

D)

E)

A . Option A
B . Option B
C . Option C
D . Option D

View Answer

Answer: AC

Explanation:

The task is to identify unwanted incoming web service calls during the last seven days. To do this, we

need to look at KQL (Kusto Query Language) queries that would filter out web service calls based on

the timestamp (to ensure the calls are within the last seven days) and by certain characteristics that

would indicate they are unwanted, such as the wrong type of protocol (SOAP in this case, as Contoso

Ltd. plans to dismiss using it).

Looking at the options:

Option A: This query selects all traces where the timestamp is within the last 7 days and where the custom dimension has a value of ‘RT0008’, and where the category is either ‘ODataV4’, ‘ODataV3’, or ‘Api’. This query would show all API calls except SOAP, so it does not directly answer the question about unwanted calls.

Option B: This query filters for traces with a timestamp within the last 7 days, where ‘RT0008’ is present, and specifically looks for the category ‘SOAP’. This query is correct because it directly targets SOAP calls, which are the unwanted calls according to Contoso Ltd.’s plans.

Option C: Similar to option B, this query filters for traces within the last 7 days and looks for ‘RT0008’ but uses the equality operator for the category ‘SOAP’. This would also correctly return the unwanted SOAP calls.

Option D: This query also filters for traces within the last 7 days, but it excludes the ‘ODataV4’ category, which doesn’t necessarily target the unwanted SOAP calls.

Option E: This query selects traces where the timestamp is within the last 7 days and the custom dimension has ‘RT0008’. However, it filters out categories ‘ODataV4’ and ‘Api’, which does not directly help in identifying the unwanted SOAP calls.

Therefore, the queries that should be used to determine if there are unwanted incoming web service calls (SOAP calls) in the tenant during the last seven days are Options B and

C. These queries are specific to identifying SOAP protocol usage, which is what Contoso Ltd. considers unwanted.