What should you do?

SC-200 V6 0 Comments

You have a Microsoft Sentinel workspace that contains the following incident.

Brute force attack against Azure Portal analytics rule has been triggered.

You need to identify the geolocation information that corresponds to the incident.

What should you do?
A . From Overview, review the Potential malicious events map.
B. From Incidents, review the details of the iPCustomEntity entity associated with the incident.
C. From Incidents, review the details of the AccouncCuscomEntity entity associated with the incident.
D. From Investigation, review insights on the incident entity.

Answer: A

Explanation:

Potential malicious events: When traffic is detected from sources that are known to be malicious, Microsoft Sentinel alerts you on the map. If you see orange, it is inbound traffic: someone is trying to access your organization from a known malicious IP address. If you see Outbound (red) activity, it means that data from your network is being streamed out of your organization to a known malicious IP address.

Latest SC-200 Dumps Valid Version with 75 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SC-200 PDF     SC-200 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments