Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Discussions
  3. Microsoft
  4. Microsoft Certified: Security Operations Analyst Associate
  5. SC-200 Discussions
  6. SC-200 Exam Topic 3 Question 23 Discussion
 Microsoft Discussions
Exam SC-200 All Questions
Exam SC-200 All Questions

View all questions & answers for the SC-200 exam

Go to Exam

Microsoft Certified: Security Operations Analyst Associate SC-200 Question # 23 Topic 3 Discussion

SC-200 Exam Topic 3 Question 23 Discussion:
Question #: 23
Topic #: 3

You have a Microsoft Sentinel workspace that contains the following incident.

Brute force attack against Azure Portal analytics rule has been triggered.

You need to identify the geolocation information that corresponds to the incident.

What should you do?
A.

From Overview, review the Potential malicious events map.

B.

From Incidents, review the details of the iPCustomEntity entity associated with the incident.

C.

From Incidents, review the details of the AccouncCuscomEntity entity associated with the incident.

D.

From Investigation, review insights on the incident entity.

Get Premium SC-200 Questions
Actual exam question for Microsoft SC-200 exam by Zephyr97545 at May 2, 2026, 1:09:33 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit