Microsoft Security Operations Analyst — Question 52

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You need to identify all the entities affected by an incident.

Which tab should you use in the Microsoft Defender portal?

Answer options

• A. Investigations
• B. Assets
• C. Evidence and Response
• D. Alerts

Correct answer: C

Explanation

The correct answer is C, as the 'Evidence and Response' tab provides detailed information about all entities affected by an incident, allowing for comprehensive analysis and response. The 'Investigations' tab focuses on ongoing investigations, 'Assets' displays the resources in your environment, and 'Alerts' shows security alerts, but does not detail incident impact.