ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 1 question 13 discussion

Actual exam question from Microsoft's SC-100
Question #: 13
Topic #: 1
[All SC-100 Questions]

HOTSPOT -
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender,
Defender for Cloud, and Azure.
You plan to deploy Azure virtual machines that will run Windows Server.
You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel.
How should you recommend enabling each capability? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Onboard the servers to Defender for Cloud.
Extended detection and response (XDR) is a new approach defined by industry analysts that are designed to deliver intelligent, automated, and integrated security across domains to help defenders connect seemingly disparate alerts and get ahead of attackers.
As part of this announcement, we are unifying all XDR technologies under the Microsoft Defender brand. The new Microsoft Defender is the most comprehensive
XDR in the market today and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms.
Box 2: Configure Microsoft Sentinel playbooks.
As a SOAR platform, its primary purposes are to automate any recurring and predictable enrichment, response and remediation tasks that are the responsibility of
Security Operations Centers (SOC/SecOps). Leveraging SOAR frees up time and resources for more in-depth investigation of and hunting for advanced threats.
Automation takes a few different forms in Microsoft Sentinel, from automation rules that centrally manage the automation of incident handling and response to playbooks that run predetermined sequences of actions to provide robust and flexible advanced automation to your threat response tasks.
Reference:
https://www.microsoft.com/security/blog/2020/09/22/microsoft-unified-siem-xdr-modernize-security-operations/ https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-automation-ninja/ba-p/3563377
by Alex_Burlachenko at Aug. 30, 2022, 6:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PlumpyTumbler
Highly Voted 2 years, 2 months ago
I agree with the answer but the explanation and links are not very good. For SOAR read this https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks Endpoint detection and response (EDR) and eXtended detection and response (XDR) are both part of Microsoft Defender. https://docs.microsoft.com/en-us/microsoft-365/security/defender/eval-overview?view=o365-worldwide
upvoted 27 times
...
JG56
Highly Voted 11 months, 1 week ago
Given answer is correct, in exam Nov 23
upvoted 5 times
...
kazaki
Most Recent 7 months, 4 weeks ago
Vms will use agent less to onboard to defender the connector needed for sentinel before automation
upvoted 2 times
...
Ario
1 year, 4 months ago
Given answer is correct
upvoted 4 times
...
Itu2022
1 year, 4 months ago
was on exam 15/06/23
upvoted 2 times
...
zellck
1 year, 5 months ago
1. Onboard the servers to Defender for Cloud 2. Configure Microsoft Sentinel playbooks https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers https://learn.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks A playbook is a collection of these remediation actions that can be run from Microsoft Sentinel as a routine. A playbook can help automate and orchestrate your threat response; it can be run manually on-demand on entities (in preview - see below) and alerts, or set to run automatically in response to specific alerts or incidents, when triggered by an automation rule.
upvoted 3 times
zellck
1 year, 5 months ago
Gotten this in May 2023 exam.
upvoted 4 times
...
...
AJ2021
1 year, 7 months ago
Correct Answers
upvoted 2 times
...
crypticdeed
1 year, 9 months ago
correct answers provided
upvoted 2 times
...
omarrob
1 year, 11 months ago
answer is correct: https://learn.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC https://learn.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows
upvoted 1 times
...
Akintade
2 years ago
Agree to the answer provided.
upvoted 4 times
...
SAMSH
2 years, 1 month ago
was in 20Sep2020 exam
upvoted 4 times
...
tester18128075
2 years, 1 month ago
correct
upvoted 1 times
...
HardcodedCloud
2 years, 1 month ago
Correct. But the acronym for extended detection and response is (XDR) not (EDR) which refers to Endpoint detection and response.
upvoted 3 times
...
prabhjot
2 years, 2 months ago
yes seems to be correct
upvoted 2 times
...
Alex_Burlachenko
2 years, 2 months ago
correct from my side
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago