ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 4 question 40 discussion

Actual exam question from Microsoft's AZ-500
Question #: 40
Topic #: 4
[All AZ-500 Questions]

HOTSPOT -
You have an Azure subscription that contains an Azure Sentinel workspace.
Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents.
You need to identify which Azure Sentinel components to configure to meet the following requirements:
✑ When Azure Sentinel identifies a threat, an incident must be created.
✑ A ticket must be logged in the service management platform when an incident is created in Azure Sentinel.
Which component should you identify for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook
by gcpbrig01 at March 15, 2021, 3:51 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gcpbrig01
Highly Voted 3 years, 7 months ago
Answer is correct. Analytics rule allows grouping of alerts into an incident and playbook can be configured to log a ticket in third party system as a response to the incident
upvoted 31 times
stepman
1 year, 6 months ago
I chose this and this was On exam 4/27 with the new exam experience. No Sim or lab.
upvoted 4 times
...
...
kimalto452
Highly Voted 3 years, 4 months ago
playbook, workbook, notebook, mambook, daybook, microbook, winbook...
upvoted 26 times
rsharma007
3 years, 2 months ago
workbook - used to create interactive dashboards by using widgets using queries playbook- used to create a play or a series of steps which are in turn created using Logic Apps. notebooks - based on Jupyter uses the Azure ML platform to provide custom capabilities not available in Azure.
upvoted 18 times
...
62Juan
3 months, 3 weeks ago
You sir, have made my day haha
upvoted 1 times
...
...
Ivan80
Most Recent 9 months ago
In exam 1/28/24
upvoted 2 times
...
wardy1983
11 months, 2 weeks ago
Explanation: Analytics rule allows grouping of alerts into an incident and playbook can be configured to log a ticket in third party system as a response to the incident Reference: https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts https://docs.microsoft.com/enus/ azure/sentinel/tutorial-respond-threats-playbook
upvoted 3 times
...
zellck
1 year, 5 months ago
1. Analytics 2. Playbooks https://learn.microsoft.com/en-us/azure/sentinel/overview#automate-and-orchestrate-common-tasks-by-using-playbooks Automate your common tasks and simplify security orchestration with playbooks that integrate with Azure services and your existing tools.
upvoted 4 times
zellck
1 year, 5 months ago
Gotten this in May 2023 exam.
upvoted 2 times
...
...
majstor86
1 year, 7 months ago
Incident must be created - Analytics Incident is created in Azure Sentinet - Playbooks
upvoted 3 times
...
ligu
1 year, 8 months ago
Incident must be created - Analytics Incident is created in Azure Sentinet - playbooks
upvoted 1 times
...
MoFami
2 years, 3 months ago
In Exam - 01/07/2022 - 1 Case study, lab task 10 . Total 54 q. Done :)
upvoted 2 times
...
acexyz
2 years, 3 months ago
# IN EXAM - 30/6/2022
upvoted 3 times
...
Exams_Prep_2021
2 years, 4 months ago
In Exam - 20/6/2022 - 1 Case Study ( 6 ) - Lab ( 10 Tasks )
upvoted 3 times
...
Eltooth
2 years, 7 months ago
Analytics and playbooks. Remember playbooks = logic apps that are triggered to perform a task.
upvoted 4 times
...
WhalerTom
2 years, 10 months ago
In exam Dec 21. 40 questions, 1 case study, no labs.
upvoted 2 times
...
Jco
3 years, 1 month ago
#exam ques # 29 Sep
upvoted 1 times
...
kam117
3 years, 1 month ago
## Exam Question - 24 Sept 2021 ##
upvoted 1 times
...
SecurityAnalyst
3 years, 2 months ago
# IN EXAM - 31/8/2021
upvoted 2 times
...
Socgen1
3 years, 2 months ago
In exam on 31/08/2021 -
upvoted 1 times
...
Sandomj55
3 years, 2 months ago
In Exam 8/4/2021
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago