ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 2 question 42 discussion

Actual exam question from Microsoft's MS-500
Question #: 42
Topic #: 2
[All MS-500 Questions]

HOTSPOT -
You have an Azure Sentinel workspace.
You configure a rule to generate Azure Sentinel alerts when Azure Active Directory (Azure AD) Identity Protection detects risky sign-ins. You develop an Azure
Logic Apps solution to contact users and verify whether reported risky sign-ins are legitimate.
You need to configure the workspace to meet the following requirements:
✑ Call the Azure logic app when an alert is triggered for a risky sign-in.
✑ To the Azure Sentinel portal, add a custom dashboard that displays statistics for risky sign-ins that are detected and resolved.
What should you configure in Azure Sentinel to meet each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook
by fred99 at May 7, 2021, 1:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
fred99
Highly Voted 4 years ago
to display stats, should not it be Workbook instead of playbook?
upvoted 47 times
arunjana
3 years, 11 months ago
Absolutely right. Answers should be 1) Playbook, 2) Workbook
upvoted 29 times
...
prabhjot
3 years, 9 months ago
playbook ( logic app ) is for integration only so therefor to display reports and sats- Workbook shines
upvoted 4 times
...
...
M1crsoftPro
Highly Voted 3 years, 11 months ago
call the logic app is indeed the playbook display the risky sing in logs is workbook https://docs.microsoft.com/en-gb/azure/azure-monitor/visualize/workbooks-overview
upvoted 14 times
...
kmk_01
Most Recent 2 years, 1 month ago
Playbooks are basically Logic Apps with a trigger that activates the Log App/Playbook when an Azure Sentinel query rule is matched). Workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal. https://www.bettercoder.io/job-interview-questions/2192/what-is-a-difference-between-a-playbook-and-a-workbook-in-azure
upvoted 1 times
...
ChachaChatra
2 years, 3 months ago
Valid on28/01/23
upvoted 2 times
...
yoton
2 years, 7 months ago
I dont think the second answer displayed is correct. A workbook, NOT a playbook, will display stats.
upvoted 2 times
...
cluocal
3 years, 1 month ago
Playbook --> Actions Workbook --> Monitoring
upvoted 12 times
...
mkoprivnj
3 years, 5 months ago
1) Playbook, 2) Workbook
upvoted 6 times
...
Fearless90
3 years, 5 months ago
Call the Azure logic app when an alert is triggered for a risky sign-in > a playbook https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks displays statistics for risky sign-ins that are detected and resolved > a workbook https://docs.microsoft.com/en-gb/azure/azure-monitor/visualize/workbooks-overview
upvoted 3 times
...
Fcnet
3 years, 7 months ago
i agree with M1crsoftPro the answer should be call the logic app : playbook display the risky sing in logs : workbook
upvoted 3 times
...
MimeTalk
3 years, 7 months ago
Calling the logic app is playbook https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks The second one is workbook https://docs.microsoft.com/en-gb/azure/azure-monitor/visualize/workbooks-overview
upvoted 1 times
...
saregi
3 years, 11 months ago
Please review the correct response because I highly doubt a playbook can display statistics in a custom dashboard as others have noticed already. A workbook is the right tool for that job.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago