ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 27 discussion

Actual exam question from Microsoft's SC-200
Question #: 27
Topic #: 3
[All SC-200 Questions]

You are investigating an incident in Azure Sentinel that contains more than 127 alerts.
You discover eight alerts in the incident that require further investigation.
You need to escalate the alerts to another Azure Sentinel administrator.
What should you do to provide the alerts to the administrator?

  • A. Create a Microsoft incident creation rule
  • B. Share the incident URL
  • C. Create a scheduled query rule
  • D. Assign the incident
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Eltooth at Sept. 30, 2021, 6:07 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Eltooth
Highly Voted 3 years, 10 months ago
Correct - D
upvoted 7 times
...
HAjouz
Most Recent 5 months, 3 weeks ago
Selected Answer: B
sorry but I dont think so. if you assign the incident you don't have ownership of it anymore - you just need to delegate the alerts to someone else - hence sharing URL and asking them to investigate the alerts not pass on all the incident to them
upvoted 1 times
Onimole
4 months, 4 weeks ago
maginging sharing 8 links :D What if it was 25 incidents, would you share 25 links too?
upvoted 1 times
...
...
xRiot007
8 months, 1 week ago
Selected Answer: D
Escalation to another person is done by assigning that incident to the respective person
upvoted 2 times
...
chepeerick
1 year, 9 months ago
Correct option
upvoted 1 times
...
JoeP1
2 years ago
Selected Answer: D
D - Assign the incident is the best option, but you can also tag or bookmark the alerts that need further investigation.
upvoted 3 times
...
antoniokt
2 years, 5 months ago
Selected Answer: D
D is good
upvoted 3 times
...
[Removed]
2 years, 5 months ago
Selected Answer: B
should share the incident URL. This will allow the administrator to access the incident and review the relevant alerts without needing to sift through the entire incident. Assigning the incident or creating a scheduled query rule would not be useful for this scenario, as they would not provide a focused view of the specific alerts that require further investigation.
upvoted 1 times
talosDevbot
10 months, 1 week ago
question is asking "to escalate the alerts to another Azure Sentinel administrator"
upvoted 2 times
...
...
ACSC
2 years, 8 months ago
Selected Answer: D
https://learn.microsoft.com/en-us/azure/sentinel/investigate-cases#how-to-investigate-incidents
upvoted 3 times
...
Fukacz
2 years, 11 months ago
You should also let him know and share URL
upvoted 1 times
billo79152718
2 years ago
Well then he/she should not have the Azure Sentinel Administrator role delegated. :-D
upvoted 1 times
...
...
amsioso
2 years, 11 months ago
D Incidents can be assigned to a specific user or to a group. For each incident you can assign an owner, by setting the Owner field. All incidents start as unassigned. You can also add comments so that other analysts will be able to understand what you investigated and what your concerns are around the incident.
upvoted 3 times
...
Kamal_SriLanka
3 years, 1 month ago
D is correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel