Exam SC-100 topic 1 question 7 discussion

sentinel soar= playbook (logic app), so correct ans

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC

To design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that minimizes manual intervention by security operation analysts and supports triaging alerts within Microsoft Teams channels, you should include: B. playbooks Playbooks in Microsoft Sentinel allow you to automate responses to alerts and incidents, significantly reducing the need for manual intervention by security analysts. Additionally, playbooks can be configured to send alerts and notifications to Microsoft Teams channels, facilitating effective communication and triaging among team members. While KQL (A) is essential for querying data, data connectors (C) are used for integrating various data sources, and workbooks (D) provide visualizations and reporting, none of these options specifically address automation and alert triaging in the context of your requirements as effectively as playbooks do.

https://learn.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC%2Cincidents Playbooks are collections of procedures that can be run from Microsoft Sentinel in response to an alert or incident. A playbook can help automate and orchestrate your response, and can be set to run automatically when specific alerts or incidents are generated, by being attached to an analytics rule or an automation rule, respectively. It can also be run manually on-demand. Playbooks in Microsoft Sentinel are based on workflows built in Azure Logic Apps, which means that you get all the power, customizability, and built-in templates of Logic Apps. Each playbook is created for the specific subscription to which it belongs, but the Playbooks display shows you all the playbooks available across any selected subscriptions.

B is the answer. https://learn.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC%2Cincidents#what-are-automation-rules-and-playbooks Playbooks are collections of procedures that can be run from Microsoft Sentinel in response to an alert or incident. A playbook can help automate and orchestrate your response, and can be set to run automatically when specific alerts or incidents are generated, by being attached to an analytics rule or an automation rule, respectively. It can also be run manually on-demand.

Selected answer: B,

"Minimizes manual intervention", this requires Playbooks

Answer is B

Data connecter

Correct

correct

correct answer