ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 6 question 3 discussion

Actual exam question from Microsoft's SC-200
Question #: 3
Topic #: 6
[All SC-200 Questions]

You have an Azure subscription that uses Microsoft Sentinel.

You need to minimize the administrative effort required to respond to the incidents and remediate the security threats detected by Microsoft Sentinel.

Which two features should you use? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A. Microsoft Sentinel workbooks
  • B. Azure Automation runbooks
  • C. Microsoft Sentinel automation rules
  • D. Microsoft Sentinel playbooks
  • E. Azure Functions apps
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by RedZtopics at April 26, 2024, 9:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Krayzr
3 weeks, 6 days ago
Selected Answer: CD
C. Microsoft Sentinel automation rules D. Microsoft Sentinel playbooks Explanation Microsoft Sentinel automation rules allow you to automate common incident handling tasks. You can create rules that automatically run when new incidents are created or updated. These rules can perform actions like changing the incident's status, assigning an owner, adding tags, or, crucially, running a playbook. This significantly reduces manual effort by triaging and managing incidents automatically. Microsoft Sentinel playbooks (which are based on Azure Logic Apps) provide powerful automation capabilities for response and remediation. When an incident triggers an automation rule, that rule can invoke a playbook. Playbooks can then execute a sequence of actions, such as blocking an IP address on a firewall, disabling a user account in Azure AD, isolating a virtual machine, or sending notifications. This automates complex response workflows, minimizing the need for manual intervention and speeding up threat remediation.
upvoted 2 times
...
smanzana
10 months, 4 weeks ago
Correct
upvoted 4 times
...
Hawklx
11 months, 1 week ago
same question as 37 topic 3
upvoted 4 times
...
MadLads
11 months, 2 weeks ago
Selected Answer: CD
By using Microsoft Sentinel automation rules and Microsoft Sentinel playbooks, you can effectively automate the detection, response, and remediation processes, reducing the manual effort required and ensuring quicker and more consistent handling of security incidents.
upvoted 3 times
...
RedZtopics
1 year, 1 month ago
for me B and D
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel