ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 2 question 37 discussion

Actual exam question from Microsoft's SC-100
Question #: 37
Topic #: 2
[All SC-100 Questions]

HOTSPOT
-

You have a Microsoft 365 subscription that is protected by using Microsoft 365 Defender.

You are designing a security operations strategy that will use Microsoft Sentinel to monitor events from Microsoft 365 and Microsoft 365 Defender.

You need to recommend a solution to meet the following requirements:

• Integrate Microsoft Sentinel with a third-party security vendor to access information about known malware.
• Automatically generate incidents when the IP address of a command-and-control server is detected in the events.

What should you configure in Microsoft Sentinel to meet each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Mblott77 at Aug. 2, 2023, 4:33 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Victory007
Highly Voted 1 year, 10 months ago
1. Threat Intelligence connector - Allow you to integrate Microsoft Sentinel with third-party security vendors to access information about known threats, such as malware and command-and-control servers. 2. Threat detection rule- Allow you to define conditions that, when met, will automatically generate an incident in Microsoft Sentinel. https://learn.microsoft.com/en-us/azure/sentinel/partner-integrations https://learn.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts
upvoted 26 times
...
Murtuza
Highly Voted 1 year, 5 months ago
Playbooks are used to automatically remediate the incidents after the rule has been created so playbook is not an answer here
upvoted 7 times
...
dc864d4
Most Recent 7 months, 1 week ago
data connector and automation rules
upvoted 2 times
...
ayadmawla
1 year, 4 months ago
Given answers are correct
upvoted 2 times
ayadmawla
1 year, 4 months ago
Automation rules help you triage incidents in Microsoft Sentinel. You can use them to automatically assign incidents to the right personnel, close noisy incidents or known false positives, change their severity, and add tags. They are also the mechanism by which you can run playbooks in response to incidents or alerts. Playbooks are collections of procedures that can be run from Microsoft Sentinel in response to an entire incident, to an individual alert, or to a specific entity. A playbook can help automate and orchestrate your response, and can be set to run automatically when specific alerts are generated or when incidents are created or updated, by being attached to an automation rule. It can also be run manually on-demand on specific incidents, alerts, or entities. https://learn.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC%2Cincidents
upvoted 1 times
...
...
Mblott77
1 year, 10 months ago
1. Playbook used to send data to 3rd party SIEM. https://learn.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks 2. Microsoft Threat Intelligence Analytics rule. https://learn.microsoft.com/en-us/azure/sentinel/detect-threats-built-in
upvoted 3 times
Ramye
1 year, 4 months ago
Playbook is NOT used to send data to 3rd party SIEM. Playbook is used for automatically remediate identified issues - SOAR
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel