ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 26 discussion

Actual exam question from Microsoft's MS-102
Question #: 26
Topic #: 1
[All MS-102 Questions]

You have a Microsoft 365 tenant.
You plan to manage incidents in the tenant by using the Microsoft 365 Defender.
Which Microsoft service source will appear on the Incidents page of the Microsoft 365 Defender portal?

  • A. Microsoft Sentinel
  • B. Microsoft Defender for Cloud
  • C. Azure Arc
  • D. Microsoft Defender for Identity
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Greatone1 at Aug. 23, 2023, 6:27 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Shloeb
Highly Voted 1 year, 6 months ago
What kind of questions are these? How does this help in getting certified? Microsoft has lost their mind
upvoted 29 times
NrdAlrt
1 year, 5 months ago
I keep thinking this. Such obscure specific trivia for such a massive platform. Guess that prevents too many people from passing anyway.
upvoted 6 times
...
...
GenPatton
Highly Voted 1 year, 6 months ago
Selected Answer: D
Microsoft Sentinel is a SIEM system and will not forward alerts to M365 Defender. Events will rather be forwarded from M365 Defender TO Sentinel. Azure ARC and Defender for Cloud (not Defender for Cloud Apps) will send their alerts to Sentinel. That leaves MS Defender for Identity and that will indeed send alerts to M365 Defender interface.
upvoted 20 times
...
A320
Most Recent 3 days, 12 hours ago
Selected Answer: D
By choosing a specific source, you can only select answer D and NOT A, B, C. For more details read the next link: https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/microsoft-365-defender-incident-overview/2174343
upvoted 1 times
...
Ody
5 months, 1 week ago
Selected Answer: D
On the Incidents page, you can filter for Service Source The options are: Defender for Cloud Apps Defender for Endpoint Defender XDR Defender for Office 365 App Governance AAD Identity Protection Data Loss Prevention
upvoted 2 times
fabiomartinsnet
4 weeks, 1 day ago
For me it only shows MS Def for Cloud Apps, MS Defender XSR and App Governance...
upvoted 1 times
...
...
wakh
8 months, 2 weeks ago
M365 defender now called XDR consists of Defender for identity, office apps, endpoints etc. Sentinel, defender for cloud, azure arc are in Azure Cloud so totally different from M365 defender(XDR). So answer is D.
upvoted 1 times
...
Blixa
1 year, 4 months ago
It also seems to depend on what you have licensed.. looking in my trial tenant I only see "Defender for Cloud Apps" but looking in my production tenant I can filter it on "Defender for Cloud"
upvoted 2 times
GLLimaBR
1 year ago
I see it that way too. The term "Defender for Cloud" leads people to make a mistake in understanding.
upvoted 1 times
...
...
gomezmax
1 year, 7 months ago
C. Azure Arc Right Answer
upvoted 1 times
...
Casticod
1 year, 7 months ago
Real Question in exam
upvoted 4 times
...
cb0900
1 year, 7 months ago
You can filter the alerts based on the Service Sources: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/alerts-queue?view=o365-worldwide#service-sources
upvoted 4 times
...
Greatone1
1 year, 7 months ago
Selected Answer: D
D is correct https://www.examtopics.com/discussions/microsoft/view/56970-exam-ms-101-topic-2-question-70-discussion/
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago