SC-200 Question #123: Real Exam Question with Answer & Explanation

Sign in or unlock SC-200 to reveal the answer and full explanation for question #123. The question stem and answer options stay visible for context.

Submitted by andreas_gr· Apr 18, 2026Manage incident response

Question

You have a Microsoft Sentinel workspace that contains the following incident. Brute force attack against Azure Portal analytics rule has been triggered. You need to identify the geolocation information that corresponds to the incident. What should you do?

Options

AFrom Overview, review the Potential malicious events map.
BFrom Incidents, review the details of the iPCustomEntity entity associated with the incident.
CFrom Incidents, review the details of the AccouncCuscomEntity entity associated with the incident.
DFrom Investigation, review insights on the incident entity.

Unlock SC-200 to see the answer

You've previewed enough free SC-200 questions. Unlock SC-200 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock SC-200 - $49.99 / 30 days Sign in

Topics

#Microsoft Sentinel#Incident Management#Entity Geolocation#Incident Analysis

Full SC-200 Practice Browse All SC-200 Questions