SC-200 Question #243: Real Exam Question with Answer & Explanation

Sign in or unlock SC-200 to reveal the answer and full explanation for question #243. The question stem and answer options stay visible for context.

Submitted by rohit_dlh· Apr 18, 2026Manage incident response

Question

You have a Microsoft Sentinel workspace. You investigate an incident that has the following entities: - A user account named User1 - An IP address of 192.168.10.200 - An Azure virtual machine named VM1 - An on-premises server named Server1 You need to label an entity as an indicator of compromise (IoC) directly by using the incidents page. Which entity can you label?

Options

A192.168.10.200
BVM1
CServer1
DUser1

Unlock SC-200 to see the answer

You've previewed enough free SC-200 questions. Unlock SC-200 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock SC-200 - $49.99 / 30 days Sign in

Topics

#Incident response#Indicators of Compromise (IoC)#Microsoft Sentinel#Entity management

Full SC-200 Practice Browse All SC-200 Questions