Microsoft Security Operations Analyst — Question 62
You have a Microsoft 365 subscription that uses Microsoft Defender XDR.
You are investigating an incident.
You need to review the incident tasks that were performed. The solution must include a query that will display the incidents in a workbook, and then display the tasks of each incident in another grid.
Which table should you target in the query?
Answer options
- A. SecurityIncident
- B. SecurityEvent
- C. SentinelAudit
- D. SecurityAlert
Correct answer: A
Explanation
The correct answer is A, SecurityIncident, because this table contains the necessary data regarding the incidents and their associated tasks. The other options, such as SecurityEvent, SentinelAudit, and SecurityAlert, do not provide the specific incident task information needed for this query.