ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 2 discussion

Actual exam question from Microsoft's SC-200
Question #: 2
Topic #: 3
[All SC-200 Questions]

HOTSPOT -
From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
by zaqwsx at Oct. 8, 2021, 10:21 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Haz56
Highly Voted 2 years, 11 months ago
Definitely "Entities", as this button shows items in 3 sections: 1) Entities involved in the incident (user, device, IP etc.), 2) Alerts and 3) Bookmarks. These are the items associated with the incident.
upvoted 23 times
...
zaqwsx
Highly Voted 3 years, 4 months ago
what is item? xD IMO here can be also entities answer
upvoted 14 times
Jos8
3 years, 1 month ago
I think this is not correct because in this case, this is a Bookmark... and is like Remilia said: ''In the Entities tab, you can see all the entities that you mapped as part of the alert rule definition.''
upvoted 2 times
...
...
Harryd82
Most Recent 9 months, 3 weeks ago
Running Processes Entities
upvoted 3 times
TechyStacy
1 month ago
Was in exam 4th July,2025. Scored 857.
upvoted 2 times
...
...
MentalG
11 months, 1 week ago
Running Processes Entities
upvoted 2 times
...
ApexPredator84
1 year, 2 months ago
Second one has to be entities...I use sentinel everyday
upvoted 8 times
...
mc250616
1 year, 2 months ago
For second one I'll go with Entities for second.
upvoted 2 times
...
chepeerick
1 year, 3 months ago
Running and enteties
upvoted 3 times
...
danb67
1 year, 4 months ago
Processes Entities I use Sentinel in a production environment and just tested. If you click Entities then you see all the related entities. Simples.
upvoted 1 times
...
Fez786
1 year, 5 months ago
1. Running processes 2. Entities
upvoted 2 times
...
donathon
1 year, 5 months ago
Running processes and Entities
upvoted 2 times
...
Marchiano
1 year, 7 months ago
I'll go with Info for the 2nd one, and this is because this tab will appear automatically after clicking on any of the displayed processes. The other options are available as well, so we can't select all of them.
upvoted 2 times
Marchiano
1 year, 6 months ago
changed my mind to Entities, all the items involved in the alert are displayed after selecting Entities
upvoted 1 times
...
...
mimguy
1 year, 7 months ago
On the exam July 7 2023
upvoted 3 times
...
Whatsamattr81
2 years, 6 months ago
Difficult call... I'd go with Entities for the second one.
upvoted 4 times
...
Sorrynotsorry
2 years, 11 months ago
items are entities.. Correct answer is Processes and Entities
upvoted 8 times
...
Contactfornitish
2 years, 11 months ago
Timeline != Items
upvoted 2 times
...
josepedroche
3 years ago
Correct answers: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-incident-timeline/ba-p/2267683
upvoted 1 times
...
Ana22
3 years ago
Based on the provided URL the given answer seems correct.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel