Microsoft Security Operations Analyst Associate SC-200 Practice Question
While reviewing an incident in the Microsoft Defender portal, you notice that the file "contoso.exe" appears in the Evidence tab with a suspicious verdict. You must quickly learn how many devices have encountered this file during the last 30 days and whether it is common in your organization. Which action should you take from within the incident to obtain this information with the fewest steps?
Open the primary affected device's page, select Timeline, and filter events for contoso.exe over the last 30 days.
In the incident's Evidence tab, select contoso.exe and choose Open file page to view its prevalence details.
Run an advanced hunting query in Microsoft Sentinel that searches all FileEvent records for contoso.exe across the past month.
Switch to the incident's Graph view, expand the file node, and review the connected entities for device counts.
Choosing Open file page from the Evidence tab opens the dedicated file entity page. This page automatically aggregates telemetry across your tenant, displaying organization prevalence, global prevalence, first-seen and last-seen timestamps, and a list of devices where the file was observed in the selected time range (by default, 30 days). The timeline or graph views, while useful, show relationships only within the current incident and do not summarize prevalence across the tenant. Running an advanced hunting query or switching to Microsoft Sentinel would also require additional manual work and may miss devices if the query scope or data source is incomplete. Therefore, opening the file page directly from the Evidence tab is the quickest built-in method to obtain the required prevalence details.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Evidence tab in the Microsoft Defender portal?
Open an interactive chat with Bash
What is the file page in Microsoft Defender, and what information does it provide?
Open an interactive chat with Bash
What is the difference between organizational prevalence and global prevalence for a file?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage incident response
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .