Microsoft Security Operations Analyst — Question 107

You have a Microsoft Sentinel workspace that uses the Microsoft 365 Defender data connector.

From Microsoft Sentinel, you investigate a Microsoft 365 incident.

You need to update the incident to include an alert generated by Microsoft Defender for Cloud Apps.

What should you use?

Answer options

• A. the entity side panel of the Timeline card in Microsoft Sentinel
• B. the Timeline tab on the incidents page of Microsoft Sentinel
• C. the investigation graph on the incidents page of Microsoft Sentinel
• D. the Alerts page in the Microsoft 365 Defender portal

Correct answer: A

Explanation

The correct choice is A because the entity side panel of the Timeline card in Microsoft Sentinel allows you to incorporate alerts directly into an incident. The other options do not provide the functionality to add alerts to incidents in the same way, focusing instead on viewing or managing incidents without the specific alert integration.