Exam AZ-900 topic 1 question 233 discussion

Either the answer is playbooks (which is not a provided choice) or the question itself is wrong. Workbooks does not provide for automation. It is a visualization / reporting tool. If you still doubt, look up "automate responses to threats detected by Azure Sentinel." in Google and you will find "Playbooks" in the results and nowhere will you find "Workbooks". I really love the spirit and intent of the site and have respect fort the small team behind it. At the same time I have to question where these questions came from. There are far too many discrepancies, errors and omissions to justify the asking price (which I regrettably paid as I thought my membership was for all tests, not just the AZ-900!). Clean up the discrepancies, errors and omissions (and include more than just one test) and it will be worth the asking price.

This answer is correct, see statement from Microsoft site: Once you have connected your data sources to Microsoft Sentinel, you can visualize and monitor the data using the Microsoft Sentinel adoption of Azure Monitor Workbooks, which provides versatility in creating custom dashboards. While the Workbooks are displayed differently in Microsoft Sentinel, it may be useful for you to see how to create interactive reports with Azure Monitor Workbooks. Microsoft Sentinel allows you to create custom workbooks across your data, and also comes with built-in workbook templates to allow you to quickly gain insights across your data as soon as you connect a data source. https://docs.microsoft.com/en-us/azure/sentinel/monitor-your-data

Would be the closest, but only because it's the least wrong.

Is there a moderator that can provide evidence of the correct answer?

https://learn.microsoft.com/en-us/azure/sentinel/automate-incident-handling-with-automation-rules?tabs=onboarded

To automate responses to threats detected by Azure Sentinel, you should use option D: adaptive application controls in Azure Security Center. Azure Security Center provides adaptive application controls, which allow you to automatically respond to threats detected by Azure Sentinel. These controls enable you to define and enforce policies that govern the types of applications allowed to run on your virtual machines (VMs) and servers. By configuring adaptive application controls, you can automatically block or allow applications based on predefined rules and policies, helping to mitigate security risks and protect your environment from potential threats.

This topic is no longer present in the learning syllabus for AZ-900, anybody can confirm?

C is the answer. https://learn.microsoft.com/en-us/azure/sentinel/monitor-your-data Once you have connected your data sources to Microsoft Sentinel, you can visualize and monitor the data using the Microsoft Sentinel adoption of Azure Monitor Workbooks, which provides versatility in creating custom dashboards. While the Workbooks are displayed differently in Microsoft Sentinel, it may be useful for you to see how to create interactive reports with Azure Monitor Workbooks. Microsoft Sentinel allows you to create custom workbooks across your data, and also comes with built-in workbook templates to allow you to quickly gain insights across your data as soon as you connect a data source.

Yup, it says it right here - Azure Monitor Workbooks "The company will also use Azure Monitor Workbooks to automate responses to threats." https://docs.microsoft.com/en-us/learn/modules/protect-against-security-threats-azure/3-detect-respond-threats-sentinel?ns-enrollment-type=learningpath&ns-enrollment-id=learn.az-900- describe-general-security-network-security-features

Got this in exam on 2022.04.18

C for me "The company will also use Azure Monitor Workbooks to automate responses to threats." https://docs.microsoft.com/en-us/learn/modules/protect-against-security-threats-azure/3-detect-respond-threats-sentinel?ns-enrollment-type=learningpath&ns-enrollment-id=learn.az-900-describe-general-security-network-security-features

Odd one out but I would disagree with answer. Workbooks are just dashboard and takes no action themselves. Sentinel uses playbook against known situations but playbook uses two things among others Adaptive network hardening (to reduce attack surface) and Adaptive Application Control (to have a known safe application list & block application on suspicious behavior). Since the Application control needs advance work, I would say surface reduction would be first choice in case of any attack. Hence A

Workbook does not provide automation. So i do not agree with the answer

I think it should be Playbooks, https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

I think answer is correct https://docs.microsoft.com/en-us/azure/sentinel/monitor-your-data

The explanation is missing here! I don't spend money for this!!

I agree - it should be Azure Logic Apps. "Automate your common tasks and simplify security orchestration with playbooks that integrate with Azure services and your existing tools. Built on the foundation of Azure Logic Apps..." https://docs.microsoft.com/en-us/azure/sentinel/overview