Exam AZ-304 topic 1 question 14 discussion

Sentinel: Detect previously undetected threats and Respond to incidents rapidly

https://docs.microsoft.com/en-us/azure/sentinel/overview Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Azure Sentinel is your birds-eye view across the enterprise alleviating the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution time frames. Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds. Detect previously undetected threats, and minimize false positives using Microsoft's analytics and unparalleled threat intelligence. Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft. Respond to incidents rapidly with built-in orchestration and automation of common tasks.

Azure Sentinel can be integrated into Azure Monitor which already automatically responds to known events. Check out the video in the description of the given answer. C is correc

Monitor - it's going to exist whether or not you choose to use Sentinel.

Sentinel should be the correct answer ....option A

Azure Sentinel can be integrated into Azure Monitor which already automatically responds to known events. Check out the video in the description of the given answer. C is correct.

Sentinel pulls data from Log Analytics workspace, with in turn pulls data from Monitor. Data collected from Azure monitor can be sent to 3rd party SIEMS, such as Azure Sentinel which can then be used for threat intelligence, ITSM tool, APM providers, etc. The answer here is not that simple but with Azure Monitor, you can achieve everything that is required here. The need to clarify this question as obviously, it is umbiguous with all the opinion devise here. Both Monitor & Sentinel are required here but if I have to pick, it has to be Azure Monitor Contrary to the majority, the answer has to be C.

Correct Answer: A

I was completely on-board with others that it was Sentinal. But something was pulling at me and telling me that wasn't right. Go to the provided URL. There is a 5 minute video on this and now I believe that the given answer is correct. Sentinel won't meet all the requirements by itself. But it can pull the data from AZ Monitor and do what it needs to. So yes, the answer is C.

Correct Answer: A https://docs.microsoft.com/en-us/azure/sentinel/overview Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

Answer should be Sentinel. Monitor is just one of the tools Sentinel uses . Whenever , we hear the words intelligence , threat analysis etc. the answer should be sentinel. Offcourse it would require Monitor collect the logs and create alerting etc.

A. Azure Sentinel

Sentinel can collect log from any sources and detect threats

Azure Sentinel

On Exam 19th Feb 2022

Now re-branded to Microsoft Sentinel, it is used for SIEM and 3rd party connectivity.

A sentinel