Microsoft Exam SC-200 Topic 3 Question 40 Discussion

Actual exam question for Microsoft's SC-200 exam

Question #: 40
Topic #: 3

[All SC-200 Questions]

You have a Microsoft Sentinel workspace that contains the following incident.

Brute force attack against Azure Portal analytics rule has been triggered.

You need to identify the geolocation information that corresponds to the incident.

What should you do?

AFrom Overview, review the Potential malicious events map.

BFrom Incidents, review the details of the iPCustomEntity entity associated with the incident.

CFrom Incidents, review the details of the AccouncCuscomEntity entity associated with the incident.

DFrom Investigation, review insights on the incident entity.

Show Suggested Answer

Suggested Answer: A

Potential malicious events: When traffic is detected from sources that are known to be malicious, Microsoft Sentinel alerts you on the map. If you see orange, it is inbound traffic: someone is trying to access your organization from a known malicious IP address. If you see Outbound (red) activity, it means that data from your network is being streamed out of your organization to a known malicious IP address.

by Rickie at Aug 04, 2022, 07:59 PM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!