ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 90 discussion

Actual exam question from Microsoft's SC-200
Question #: 90
Topic #: 3
[All SC-200 Questions]

You have a Microsoft Sentinel workspace.

You investigate an incident that has the following entities:
• A user account named User1
• An IP address of 192.168.10.200
• An Azure virtual machine named VM1
• An on-premises server named Server1

You need to label an entity as an indicator of compromise (IoC) directly by using the incidents page.

Which entity can you label?

  • A. 192.168.10.200
  • B. VM1
  • C. Server1
  • D. User1
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Fez786 at Sept. 9, 2023, 7:07 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ramye
Highly Voted 8 months, 1 week ago
Selected Answer: A
Only the following types of entities can be added as threat indicators: Domain name IP address (IPv4 and IPv6) URL File (hash) Check item 4 in the following link https://learn.microsoft.com/en-us/azure/sentinel/add-entity-to-threat-intelligence?tabs=incidents#add-an-entity-to-your-indicators-list
upvoted 5 times
Ramye
7 months, 4 weeks ago
I should have clarified that these are for to label an entity as an indicator of compromise (IoC)
upvoted 2 times
...
...
Murtuza
Most Recent 10 months, 2 weeks ago
When investigating an incident, you examine entities and their context as an important part of understanding the scope and nature of the incident. In the course of the investigation, you may discover a domain name, URL, file, or IP address in the incident that should be labeled and tracked as an indicator of compromise (IOC), a threat indicator.
upvoted 1 times
...
chepeerick
1 year ago
Correct option
upvoted 1 times
...
chepeerick
1 year ago
correct
upvoted 1 times
...
Anil0512
1 year, 1 month ago
A - IP address is correct.
upvoted 3 times
...
jamclash
1 year, 1 month ago
correct Answer A. Its mentioned in threat index section. https://learn.microsoft.com/en-us/azure/sentinel/add-entity-to-threat-intelligence?tabs=incidents
upvoted 3 times
...
mali1969
1 year, 1 month ago
Selected Answer: A
you can label an entity as an indicator of compromise (IoC) directly by using the incidents page in Microsoft Sentinel if the entity is one of the following types: domain name, IP address, URL, or file. Therefore, the correct answer is A. 192.168.10.200, since it is an IP address and the other entities are not of the supported types.
upvoted 3 times
...
Fez786
1 year, 1 month ago
This new question arrived today 9th september 2023. Can someone please verify the correct answer?
upvoted 2 times
Ramye
8 months, 1 week ago
A correct answer https://learn.microsoft.com/en-us/azure/sentinel/add-entity-to-threat-intelligence?tabs=incidents#add-an-entity-to-your-indicators-list
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago