Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam

Exam SC-200 topic 1 question 31 discussion

Actual exam question from Microsoft's SC-200
Question #: 31
Topic #: 1
[All SC-200 Questions]

You have a Microsoft 365 subscription that uses Microsoft 365 Defender.
You need to identify all the entities affected by an incident.
Which tab should you use in the Microsoft 365 Defender portal?

  • A. Investigations
  • B. Devices
  • C. Evidence and Response
  • D. Alerts
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Pointless
Highly Voted 2 weeks, 6 days ago
Correct Answer - C, Evidence and Response. Question emphasizes on 'incident'. Though you can view affected entities by clicking on Alerts tab > Alert list, it will be for that particular alert one alert doesn't necessarily be an incident. An incident can have multiple alerts. So you need to click on Incidents tab, open the Incident, go to Evidences and Response tab and look there.
upvoted 25 times
Nickname01
1 year, 12 months ago
Correct answer is indeed C: wheb you click on an incident it will open the Summary tab, on the summery tab you can see the overview of evidence with a option to view all entities, this will bring you to "Evidence and Response".
upvoted 5 times
...
...
Metasploit
Highly Voted 1 year, 11 months ago
Selected Answer: C
Question Keywords: "...identify all the entities AFFECTED BY AN INCIDENT." Answer: C Evidence and response. "The Evidence and Response tab shows all the supported events and suspicious entities in the alerts in the incident." https://learn.microsoft.com/en-us/microsoft-365/security/defender/investigate-incidents?view=o365-worldwide#evidence-and-response
upvoted 7 times
...
Lone__Wolf
Most Recent 2 weeks, 6 days ago
Selected Answer: C
The "Evidence and Response" tab in the Microsoft 365 Defender portal can be used to identify all the entities affected by an incident. In the "Evidence and Response" tab, you can access information about the scope of the incident and the entities that were affected. This information can help you understand the extent of the incident and determine the necessary steps to respond to it.
upvoted 3 times
...
kazaki
9 months, 3 weeks ago
Evidence and Response
upvoted 1 times
...
chepeerick
11 months, 3 weeks ago
Selected Answer: C
correct C
upvoted 1 times
...
Candice79
1 year ago
Assets is actually correct https://learn.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview?view=o365-worldwide
upvoted 1 times
hovlund
1 year ago
That is not an option....
upvoted 1 times
...
...
Oryx360
1 year, 1 month ago
Selected Answer: A
A. Investigations To identify all the entities affected by an incident in the Microsoft 365 Defender portal, you should use the "Investigations" tab. The Investigations tab provides a centralized location where you can manage and track incidents, perform analysis, and review related entities and evidence associated with the incident. Using the Investigations tab, you can explore the scope of the incident, review impacted devices, users, and other entities, and gather evidence to understand the nature and extent of the security issue. This tab allows you to perform a comprehensive investigation to ensure that you have a clear understanding of the incident's impact on your environment. The other options (B, C, and D) are relevant to incident response and security management but may not provide the same level of comprehensive analysis and entity identification as the Investigations tab.
upvoted 3 times
danb67
12 months ago
do a lab mate this is the wrong answer - Evidence and Response is correct
upvoted 1 times
...
...
Solozero
1 year, 3 months ago
Selected Answer: C
The Alerts tab is primarily used for monitoring and managing security alerts generated by various Microsoft 365 Defender services. While it can provide insights into individual alerts, it may not provide a holistic view of all entities affected by an incident. So defintely C
upvoted 1 times
...
CodexFT
1 year, 5 months ago
Selected Answer: C
Evidence as response - contains all the details of entities on an incident
upvoted 2 times
...
Anko6116
1 year, 8 months ago
Selected Answer: C
The Evidence and Response tab shows all the supported events and suspicious entities in the alerts in the incident. https://learn.microsoft.com/en-us/microsoft-365/security/defender/investigate-incidents?view=o365-worldwide
upvoted 1 times
...
Locian
1 year, 9 months ago
Selected Answer: C
C is the correct answer
upvoted 1 times
...
celomomo
1 year, 9 months ago
The Evidence and Response tab shows all the supported events and suspicious entities in the alerts in the incident. https://learn.microsoft.com/en-us/microsoft-365/security/defender/investigate-incidents?view=o365-worldwide
upvoted 3 times
celomomo
1 year, 9 months ago
Answer is correct as C
upvoted 3 times
...
...
SuperGraham
1 year, 9 months ago
Selected Answer: C
C - Evidence and Response https://learn.microsoft.com/en-us/microsoft-365/security/defender/investigate-incidents#evidence-and-response The description even says 'Microsoft 365 Defender automatically investigates all the incidents' supported events and suspicious entities in the alerts, providing you with information about the important emails, files, processes, services, IP Addresses, and more.'
upvoted 2 times
...
[Removed]
1 year, 9 months ago
Selected Answer: C
C - Evidence and Response https://learn.microsoft.com/en-us/microsoft-365/security/defender/investigate-incidents#evidence-and-response The description even says 'Microsoft 365 Defender automatically investigates all the incidents' supported events and suspicious entities in the alerts, providing you with information about the important emails, files, processes, services, IP Addresses, and more.'
upvoted 2 times
...
[Removed]
1 year, 9 months ago
C - Evidence and Response https://learn.microsoft.com/en-us/microsoft-365/security/defender/investigate-incidents#evidence-and-response The description even says 'Microsoft 365 Defender automatically investigates all the incidents' supported events and suspicious entities in the alerts, providing you with information about the important emails, files, processes, services, IP Addresses, and more.'
upvoted 1 times
...
Apocalypse03
1 year, 9 months ago
Selected Answer: C
To identify all the entities affected by an incident in the Microsoft 365 Defender portal, you should use the Evidence and Response tab. The Evidence and Response tab in the Microsoft 365 Defender portal provides a detailed view of an incident, including information about the affected entities. When you select an incident in the Investigations tab, the Evidence and Response tab will display information about the affected users, devices, applications, and other entities. You can use this information to understand the scope of the incident and to determine which entities may have been compromised or affected by the incident. The Devices, Alerts, and Investigations tabs may also contain information about affected entities, but the Evidence and Response tab provides the most comprehensive view of the entities involved in an incident.
upvoted 3 times
...
Ahmed_Root
1 year, 10 months ago
Selected Answer: D
On the Alerts tab, you can view the alert queue for alerts related to the incident and other information about them such as: Severity, The entities that were involved in the alert. ...
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...