Which TWO are valid incident response actions in Microsoft Sentinel?
Changing incident status is a valid action.
Why this answer
Options A and C are correct. Changing incident status and assigning owner are standard actions. Options B, D, and E are not valid: adding comments is a separate action, running a query is not an incident action, and merging incidents is already done via automation.