ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 4 question 23 discussion

Actual exam question from Microsoft's AZ-500
Question #: 23
Topic #: 4
[All AZ-500 Questions]

HOTSPOT -
You have an Azure Sentinel workspace that contains an Azure Active Directory (Azure AD) connector, an Azure Log Analytics query named Query1, and a playbook named Playbook1.
Query1 returns a subset of security events generated by Azure AD.
You plan to create an Azure Sentinel analytic rule based on Query1 that will trigger Playbook1.
You need to ensure that you can add Playbook1 to the new rule.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-custom https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook
by gcpbrig01 at March 15, 2021, 2:15 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gcpbrig01
Highly Voted 3 years, 10 months ago
Suggested answer is correct. The playbook is essentially a logic app wherein you set the trigger to "When a response to an Azure Sentinel alert is triggered" and follow it up with actions.
upvoted 23 times
...
brooklyn510
Highly Voted 1 year ago
On exam 1/2/24
upvoted 9 times
...
mikey_2
Most Recent 1 year, 1 month ago
In my exam today 12/29/23
upvoted 4 times
...
tweleve
1 year, 3 months ago
in exam 13 Oct
upvoted 3 times
...
majstor86
1 year, 11 months ago
Scheduled A trigger
upvoted 4 times
...
ligu
1 year, 11 months ago
The answer is correct
upvoted 1 times
...
Eltooth
2 years, 10 months ago
Answer is correct. More of a SC-200 question now.
upvoted 3 times
...
Tombarc
3 years ago
The given answer is correct. You can create a custom analytic rule using both 'Schedule' and ''Microsoft incident creation rule", however, to create a rule based on a Query, only using 'Schedule'.
upvoted 5 times
...
Jco
3 years, 4 months ago
#exam ques # 29 Sep
upvoted 2 times
...
kam117
3 years, 4 months ago
## Exam Question - 24 Sept 2021 ##
upvoted 1 times
...
TonytheTiger
3 years, 4 months ago
## Exam Question - 17 Sept 2021 ##
upvoted 2 times
MISCOLO
3 years, 3 months ago
Did you pass
upvoted 1 times
...
...
francis6170
3 years, 4 months ago
Got this in the AZ-500 exam (Sept 2021)! A: Scheduled, trigger
upvoted 2 times
MISCOLO
3 years, 3 months ago
Did you pass
upvoted 1 times
...
...
poplovic
3 years, 4 months ago
Tested, the "scheduled type of rule" and "A tigger" are correct the query must be executed as a scheduled rule. the rule will set an alert and therefore an alert trigger will be used. For Microsoft incident rules, they are based on alerts generated in another Microsoft security service. But here we are using a query. The incident rule will use automation rules. The automation rule will receive the incident as its input, as will any playbooks called by the automation rule. Only playbooks configured with the incident trigger can be called by automation rules.
upvoted 3 times
kevinj319
2 years, 3 months ago
T-I-Double GUH-ER!
upvoted 1 times
...
...
Socgen1
3 years, 5 months ago
For Q1 - why is it not microsoft security incident creation?
upvoted 1 times
...
rsharma007
3 years, 5 months ago
In my opinion, the analytic rule type must be MS security as the alert comes from Azure AD. MS security rule types are for MS security solutions. Trigger can be used to run a playbook.
upvoted 1 times
...
Davidchercm
3 years, 6 months ago
why the first box cannot be : microsoft security incident creation ?
upvoted 2 times
...
kumax
3 years, 7 months ago
On exam, May 2021.
upvoted 5 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel