Microsoft Security Operations Analyst — Question 58

You have a Microsoft Sentinel workspace.

You are investigating an incident that involves multiple alerts, events, and entities.

You need to create a bookmark for the investigation. The solution must minimize administrative effort.

Which settings should you use?

Answer options

• A. Incidents
• B. Hunting
• C. Content hub
• D. Logs

Correct answer: B

Explanation

The correct answer is B, Hunting, because it allows you to create bookmarks for investigations with minimal administrative overhead. The other options, such as Incidents, Content hub, and Logs, do not specifically focus on facilitating efficient bookmarking for ongoing investigations.