C. Evidence and Response
Considering that affected entities could include unmanaged ones by "Assets" like IP addresses, the correct tab to use in the Microsoft Defender portal to identify all entities affected by an incident would likely be Evidence and Response (C).
This tab provides broader insight into the evidence collected during the investigation, which includes both managed and unmanaged entities, such as IP addresses, files, or processes.
Kind of a crap question because you would really use both. Assets for Devices, Users, Mailbox, etc and Evidence and Response for IPs, Processes, Files, etc.
I'll go with D) Alerts
Important part of the question is identifying all the entities AFFECTED by an incident.
The Assets and Evidence & Response tabs show entities that are part of or related to the incident, not necessarily affected.
Alerts tab will show you "events of the alert, which other triggered alerts caused the current alert, and all the affected entities and activities involved in the attack, including devices, files, users, and mailboxes".
The table in the Alerts tab also has a column for Impacted entities
Correct me if I wrong, but should answer be B. Assets ?
https://learn.microsoft.com/en-us/defender-xdr/investigate-incidents#alerts
Easily view and manage all your assets in one place with the new Assets tab. This unified view includes Devices, Users, Mailboxes and Apps.
The Assets tab displays the total number of assets beside its name. A list of different categories with the number of assets within that category is presented when selecting the Assets tab.
All assets affected at one place.
Evidence and Response: This tab provides detailed information about all the evidence related to an incident. This includes the entities (such as files, devices, users, IP addresses, etc.) that are involved or impacted by the incident. The tab allows you to see how these entities are related to the threat and what actions have been taken or need to be taken. This is the most appropriate place to view all affected entities within an incident.
I vote D, the key here being "identify ALL the entities"
https://learn.microsoft.com/en-us/defender-xdr/investigate-incidents
Alerts
On the Alerts tab, you can view the alert queue for alerts related to the incident and other information about them such as:
Severity.
The entities that were involved in the alert.
The source of the alerts (Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Defender for Cloud Apps, and the app governance add-on).
The reason they were linked together.
Evidence and Response:
This tab provides a detailed view of all the evidence collected during the investigation, including affected entities such as files, processes, users, and devices. It also shows the response actions taken for the incident.
Alert is better to identifying all the entities affected by an incident
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.SC-200 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
user636
Highly Voted 7 months, 3 weeks agoAdel614
Most Recent 5 days, 19 hours agoOptimizor_IT
1 week, 5 days agoOnimole
1 month agoHAjouz
4 months, 1 week agoItsmebigal
4 months, 3 weeks agoItsmebigal
4 months, 3 weeks agosapphire
5 months, 1 week agorebecchu0731
5 months, 3 weeks agoVeiN
5 months, 3 weeks agotalosDevbot
6 months, 1 week agoAnother_one
6 months, 3 weeks agog_man_rap
8 months agoStudytime2023
8 months, 4 weeks agoscfitzp
9 months, 1 week ago90158a0
9 months, 2 weeks agoHawklx
9 months, 2 weeks ago