ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 90 discussion

Actual exam question from Microsoft's SC-200
Question #: 90
Topic #: 3
[All SC-200 Questions]

You have a Microsoft Sentinel workspace.

You investigate an incident that has the following entities:
• A user account named User1
• An IP address of 192.168.10.200
• An Azure virtual machine named VM1
• An on-premises server named Server1

You need to label an entity as an indicator of compromise (IoC) directly by using the incidents page.

Which entity can you label?

  • A. 192.168.10.200
  • B. VM1
  • C. Server1
  • D. User1
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Fez786 at Sept. 9, 2023, 7:07 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ramye
Highly Voted 9 months, 3 weeks ago
Selected Answer: A
Only the following types of entities can be added as threat indicators: Domain name IP address (IPv4 and IPv6) URL File (hash) Check item 4 in the following link https://learn.microsoft.com/en-us/azure/sentinel/add-entity-to-threat-intelligence?tabs=incidents#add-an-entity-to-your-indicators-list
upvoted 8 times
Ramye
9 months, 2 weeks ago
I should have clarified that these are for to label an entity as an indicator of compromise (IoC)
upvoted 2 times
...
...
Murtuza
Most Recent 12 months ago
When investigating an incident, you examine entities and their context as an important part of understanding the scope and nature of the incident. In the course of the investigation, you may discover a domain name, URL, file, or IP address in the incident that should be labeled and tracked as an indicator of compromise (IOC), a threat indicator.
upvoted 1 times
...
chepeerick
1 year, 1 month ago
Correct option
upvoted 1 times
...
chepeerick
1 year, 1 month ago
correct
upvoted 1 times
...
Anil0512
1 year, 2 months ago
A - IP address is correct.
upvoted 3 times
...
jamclash
1 year, 3 months ago
correct Answer A. Its mentioned in threat index section. https://learn.microsoft.com/en-us/azure/sentinel/add-entity-to-threat-intelligence?tabs=incidents
upvoted 3 times
...
mali1969
1 year, 3 months ago
Selected Answer: A
you can label an entity as an indicator of compromise (IoC) directly by using the incidents page in Microsoft Sentinel if the entity is one of the following types: domain name, IP address, URL, or file. Therefore, the correct answer is A. 192.168.10.200, since it is an IP address and the other entities are not of the supported types.
upvoted 3 times
...
Fez786
1 year, 3 months ago
This new question arrived today 9th september 2023. Can someone please verify the correct answer?
upvoted 2 times
Ramye
9 months, 3 weeks ago
A correct answer https://learn.microsoft.com/en-us/azure/sentinel/add-entity-to-threat-intelligence?tabs=incidents#add-an-entity-to-your-indicators-list
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel