ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 80 discussion

Actual exam question from Microsoft's SC-200
Question #: 80
Topic #: 3
[All SC-200 Questions]

DRAG DROP -

You have a Microsoft Sentinel workspace that contains an Azure AD data connector.

You need to associate a bookmark with an Azure AD-related incident.

What should you do? To answer, drag the appropriate blades to the correct tasks. Each blade may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Fez786 at Sept. 9, 2023, 7:02 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
danb67
Highly Voted 1 year, 7 months ago
Logs and Hunting. You create a bookmark based on a query you have run. So go to logs and run a query. Choose one of the results and then you get the option to save as Bookmark. Only once you have created the query will you then see the query on the hunting blade under bookmarks. Then in the hunting blade we have the option to link the new bookmark to an incident. Based on real world experience I go with Logs and Hunting
upvoted 18 times
Tuitor01
6 months, 1 week ago
Yup, the only place you can create a bookmark is from the logs blade, you select your results, you click, create bookmark on top of the result tables, then in the bookmark table (previous blade) you select you bookmark assign to new or existent incident.
upvoted 3 times
...
shadowdark83
1 year, 7 months ago
Correct!
upvoted 2 times
...
...
DChilds
Highly Voted 1 year, 1 month ago
Answer is correct: Hunting blade Hunting blade https://learn.microsoft.com/en-us/azure/sentinel/bookmarks#add-bookmarks-to-a-new-or-existing-incident
upvoted 5 times
...
HAjouz
Most Recent 3 months, 3 weeks ago
Hunting blade - hunting blade
upvoted 1 times
...
smanzana
10 months, 3 weeks ago
I think that hunting blade and logs blade are the correct answers
upvoted 1 times
...
danituga
1 year ago
1. From the Hunting tab, select a hunt. 2. Select View query results. This action opens the query results in the Logs pane. 3. Select Add bookmark source: https://learn.microsoft.com/en-us/azure/sentinel/bookmarks Answer is: Hunting blade Logs blade
upvoted 3 times
...
Shaddy43
1 year, 2 months ago
Hunting bookmarks in Microsoft Sentinel help you by preserving the queries you ran in Microsoft Sentinel - Logs, along with the query results that you deem relevant. https://learn.microsoft.com/en-us/azure/sentinel/bookmarks 1. Logs 2. Hunting
upvoted 1 times
...
Murtuza
1 year, 5 months ago
For adding a bookmark to an existing incident: Select one incident
upvoted 1 times
...
Murtuza
1 year, 6 months ago
This link suggests HUNTING and then INCIDENTS https://learn.microsoft.com/en-us/azure/sentinel/bookmarks
upvoted 3 times
Ramye
1 year, 3 months ago
can you explain why you think Hunting and Incidents? This is not clear in the info with the link. thx
upvoted 1 times
Ramye
1 year, 3 months ago
I got it - it says clearly here: https://learn.microsoft.com/en-us/azure/sentinel/bookmarks#add-bookmarks-to-a-new-or-existing-incident "In the Azure portal, navigate to Microsoft Sentinel > Threat management > Hunting > Bookmarks tab, and select the bookmark or bookmarks you want to add to an incident."
upvoted 2 times
...
...
...
ethhacker
1 year, 6 months ago
Select a hunting query from the Microsoft Sentinel hunting page and click "View query results" in hunting query details to view the results in Log Analytics. Use the check boxes to select one or more rows that contain the information you find interesting and click "Add bookmark". This preserves the data in the row for future reference. Learn more
upvoted 1 times
...
kabooze
1 year, 7 months ago
It's both hunting https://learn.microsoft.com/en-us/azure/sentinel/bookmarks check the comment in the purple box where it says that although you do the bookmarking in "logs", this option is only available if you go via the sentinel interface.
upvoted 2 times
...
danb67
1 year, 7 months ago
So in my tenant I can't create a Boomark in the hunting blade. To create a bookmark you do it from the logs page. Question may be outtdated now. https://learn.microsoft.com/en-us/azure/sentinel/investigate-incidents#dive-deeper-into-your-data-in-logs Then from the logs page you can assign the bookmark to an incident Log and Logs for me
upvoted 1 times
danb67
1 year, 7 months ago
hmmmm did some more digging and you can run a query from the bookmarks page abd it then takes you to the logs page to actually create the bookmark.
upvoted 1 times
...
...
chepeerick
1 year, 8 months ago
Hunting and incident
upvoted 2 times
...
SaHaGe
1 year, 8 months ago
The second is Incident R: https://learn.microsoft.com/en-us/azure/sentinel/bookmarks#add-bookmarks-to-a-new-or-existing-incident
upvoted 1 times
...
cris_exam
1 year, 8 months ago
Close I could get to getting some more in depth on this is that this below article explaining how to save as a bookmark and then you can add it to an incident (aka associating bookmark to incident) - all this is done from the Incidents tab. https://learn.microsoft.com/en-us/azure/sentinel/investigate-incidents#dive-deeper-into-your-data-in-logs So, the answers as I judge this question are: Hunting and Incidents
upvoted 1 times
...
Anil0512
1 year, 8 months ago
I would go for. Hunting and Incidents
upvoted 1 times
...
Jacek_
1 year, 9 months ago
Twice hunting blade ?
upvoted 2 times
...
mali1969
1 year, 9 months ago
Correct Creating a bookmark by using the = hunting blade Associate a bookmark with incident by using the = hunting blade
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel