You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You need to identify all the entities affected by an incident. Which tab should you use in the Microsoft 365 Defender portal?
Correct Answer - C, Evidence and Response.
Question emphasizes on 'incident'. Though you can view affected entities by clicking on Alerts tab > Alert list, it will be for that particular alert one alert doesn't necessarily be an incident. An incident can have multiple alerts. So you need to click on Incidents tab, open the Incident, go to Evidences and Response tab and look there.
Correct answer is indeed C: wheb you click on an incident it will open the Summary tab, on the summery tab you can see the overview of evidence with a option to view all entities, this will bring you to "Evidence and Response".
Question Keywords: "...identify all the entities AFFECTED BY AN INCIDENT."
Answer: C Evidence and response.
"The Evidence and Response tab shows all the supported events and suspicious entities in the alerts in the incident."
https://learn.microsoft.com/en-us/microsoft-365/security/defender/investigate-incidents?view=o365-worldwide#evidence-and-response
The correct answer is A. Investigations.
The Investigations tab in the Microsoft 365 Defender portal is specifically designed to provide a comprehensive view of incidents, including all affected entities. It correlates alerts and other data to give you a complete picture of the attack scope. This is where you'd go to identify all the users, devices, mailboxes, and other entities involved in a given incident.
The "Evidence and Response" tab in the Microsoft 365 Defender portal can be used to identify all the entities affected by an incident. In the "Evidence and Response" tab, you can access information about the scope of the incident and the entities that were affected. This information can help you understand the extent of the incident and determine the necessary steps to respond to it.
A. Investigations
To identify all the entities affected by an incident in the Microsoft 365 Defender portal, you should use the "Investigations" tab. The Investigations tab provides a centralized location where you can manage and track incidents, perform analysis, and review related entities and evidence associated with the incident.
Using the Investigations tab, you can explore the scope of the incident, review impacted devices, users, and other entities, and gather evidence to understand the nature and extent of the security issue. This tab allows you to perform a comprehensive investigation to ensure that you have a clear understanding of the incident's impact on your environment.
The other options (B, C, and D) are relevant to incident response and security management but may not provide the same level of comprehensive analysis and entity identification as the Investigations tab.
The Alerts tab is primarily used for monitoring and managing security alerts generated by various Microsoft 365 Defender services. While it can provide insights into individual alerts, it may not provide a holistic view of all entities affected by an incident. So defintely C
The Evidence and Response tab shows all the supported events and suspicious entities in the alerts in the incident.
https://learn.microsoft.com/en-us/microsoft-365/security/defender/investigate-incidents?view=o365-worldwide
The Evidence and Response tab shows all the supported events and suspicious entities in the alerts in the incident.
https://learn.microsoft.com/en-us/microsoft-365/security/defender/investigate-incidents?view=o365-worldwide
C - Evidence and Response
https://learn.microsoft.com/en-us/microsoft-365/security/defender/investigate-incidents#evidence-and-response
The description even says 'Microsoft 365 Defender automatically investigates all the incidents' supported events and suspicious entities in the alerts, providing you with information about the important emails, files, processes, services, IP Addresses, and more.'
C - Evidence and Response
https://learn.microsoft.com/en-us/microsoft-365/security/defender/investigate-incidents#evidence-and-response
The description even says 'Microsoft 365 Defender automatically investigates all the incidents' supported events and suspicious entities in the alerts, providing you with information about the important emails, files, processes, services, IP Addresses, and more.'
This section is not available anymore. Please use the main Exam Page.SC-200 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Pointless
Highly Voted 7 months, 1 week agoNickname01
2 years, 6 months agoMetasploit
Highly Voted 2 years, 6 months agoOnimole
Most Recent 1 month, 2 weeks agoHAjouz
2 months, 1 week agoNikki0222
6 months, 1 week agoLone__Wolf
7 months, 1 week agokazaki
1 year, 4 months agochepeerick
1 year, 6 months agoCandice79
1 year, 6 months agohovlund
1 year, 6 months agoOryx360
1 year, 8 months agodanb67
1 year, 6 months agoSolozero
1 year, 10 months agoCodexFT
2 years agoAnko6116
2 years, 2 months agoLocian
2 years, 3 months agocelomomo
2 years, 3 months agocelomomo
2 years, 3 months agoSuperGraham
2 years, 4 months ago[Removed]
2 years, 4 months ago