Free Microsoft SC-200 Security Operations Analyst Actual Exam Questions - Question 10 Discussion
incident
You need to review the incident tasks that were performed. What can you use on the Incident page?
I’m thinking it has to be D as well. The alert timeline gives crucial insight into alert progression that you can’t ignore when reviewing incident tasks. Just looking at tasks or activity logs (A, B, or C) isn’t enough to get the full picture of what happened during the incident response.
Makes sense to me that it’s D. The alert timeline adds valuable context you can’t get from just tasks or activity logs alone.
It’s D because you need both the timeline and logs to fully track incident actions.
Actually, I’d rule out A and B since just tasks or tasks plus activity log don’t show the alert timeline, which is key for tracking how alerts evolved during the incident. D is the only option covering all bases.
D, since all three components give the complete incident history at a glance.
It’s D because the Incident page is designed to give a full picture, showing Tasks, Activity log, and Alert timeline all together for thorough investigation. Missing any part would leave gaps.
I’m thinking about how each element plays a role here. The Tasks obviously list what was assigned or done, but the Activity log is crucial because it tracks the user or system interactions, which is exactly what you'd want to see when reviewing an incident’s history. The Alert timeline shows alert evolution, but that’s more about when and how alerts appeared, not tasks completed. So it feels like having both Tasks and Activity log would cover the actual work done without mixing in alert details. Does that mean option B fits better than D?
I don’t think it’s just about having all elements visible, but what’s actually available for review on the Incident page specifically. Tasks are a given, but the Activity log and Alert timeline might be separate views or tabs. So maybe B fits better if the Activity log is part of the incident review and you want to see what was done alongside the tasks, without confusing it with alert details? Could the Alert timeline be more of a separate context rather than part of the task review?
It’s D. You’d want the full picture, not just tasks or timeline alone. Activity log helps track what actions were actually performed along with alerts and tasks, so ignoring that would miss key info.