Question 20:
Microsoft 365 Defender gives a purpose based UI to manage and examine security incidents and alerts across Microsoft 365 services. You are a SOC Analyst working at a company XYZ that has configured Microsoft 365 Defender solutions, including Defender for Endpoint, Defender for Identity, Defender for Office 365, and Cloud App Security. You are required to monitor related alerts across all the solutions as single incident to observe the incident`s full impact and do a RCA (root cause investigation). The Microsoft Security centre portal has a fused view of incidents and actions taken on them. Which of the following can be classified as an Incident?
Answer options:
A.Test alert B.True alert C.High alert D.Positive alert