ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 3 question 1 discussion

Actual exam question from Microsoft's SC-100
Question #: 1
Topic #: 3
[All SC-100 Questions]

You have Microsoft Defender for Cloud assigned to Azure management groups.
You have a Microsoft Sentinel deployment.
During the triage of alerts, you require additional information about the security events, including suggestions for remediation.
Which two components can you use to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Microsoft Sentinel threat intelligence workbooks
  • B. Microsoft Sentinel notebooks
  • C. threat intelligence reports in Defender for Cloud
  • D. workload protections in Defender for Cloud
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by Alex_Burlachenko at Aug. 30, 2022, 7:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zts
Highly Voted 2 years, 9 months ago
Selected Answer: AC
answer is correct.
upvoted 12 times
...
Alex_Burlachenko
Highly Voted 2 years, 9 months ago
correct ans
upvoted 6 times
...
SMHcalicut
Most Recent 3 months ago
Selected Answer: CD
A. Microsoft Sentinel threat intelligence workbooks: While workbooks in Microsoft Sentinel are valuable for visualizing and analyzing data, they do not provide direct remediation suggestions or detailed security event information. They're more for interactive investigation rather than detailed threat intelligence or actionable security event context. B. Microsoft Sentinel notebooks: Notebooks in Microsoft Sentinel are useful for custom queries and analysis but do not provide out-of-the-box detailed information or suggestions for remediation of security events. They are primarily a tool for analysts to run custom queries and visualize data in a flexible format.
upvoted 2 times
...
Cyko
4 months, 2 weeks ago
Selected Answer: BD
I think B and D are correct
upvoted 2 times
...
sweetykaur
4 months, 2 weeks ago
Selected Answer: BC
Microsoft Sentinel notebooks: Notebooks allow you to analyze and investigate security events in more detail, providing a flexible environment for data exploration and threat hunting. They can also provide insights and remediation suggestions based on the analyzed data. Threat intelligence reports in Defender for Cloud: These reports offer detailed information about security threats, including context and remediation recommendations. By leveraging threat intelligence reports, you can gain a better understanding of the security events and take appropriate actions to address them.
upvoted 1 times
...
Delatalase
6 months, 1 week ago
Selected Answer: BC
Microsoft Sentinel notebooks: These provide detailed analysis and investigation capabilities, allowing you to explore security events and gain insights into potential threats and remediation steps. Threat intelligence reports in Defender for Cloud: These reports offer valuable information about security threats and vulnerabilities, along with recommendations for mitigating those threats
upvoted 1 times
...
whh13
6 months, 2 weeks ago
Selected Answer: CD
A is not correct. While Microsoft Sentinel provides workbooks for visualizing and analyzing threat intelligence data, these workbooks focus more on providing insights into your organization's threat landscape rather than offering specific remediation suggestions during alert triage. Sentinel workbooks are useful for monitoring and visualizing threat data but are not directly focused on remediation actions.
upvoted 2 times
...
yakinikuman
1 year, 1 month ago
Can't we achieve this with D:Defender for Cloud as well? https://learn.microsoft.com/en-us/azure/defender-for-cloud/workload-protections-dashboard
upvoted 1 times
...
zellck
2 years, 1 month ago
Selected Answer: AC
AC is the answer. https://learn.microsoft.com/en-us/azure/sentinel/understand-threat-intelligence#add-threat-indicators-to-microsoft-sentinel-with-the-microsoft-defender-threat-intelligence-data-connector Bring high fidelity indicators of compromise (IOC) generated by Microsoft Defender Threat Intelligence (MDTI) into your Microsoft Sentinel workspace. The MDTI data connector ingests these IOCs with a simple one-click setup. Then monitor, alert and hunt based on the threat intelligence in the same way you utilize other feeds.
upvoted 5 times
zellck
2 years, 1 month ago
Gotten this in May 2023 exam.
upvoted 4 times
...
zellck
2 years, 1 month ago
https://learn.microsoft.com/en-us/azure/sentinel/understand-threat-intelligence#introduction-to-threat-intelligence For SIEM solutions like Microsoft Sentinel, the most common forms of CTI are threat indicators, also known as Indicators of Compromise (IoC) or Indicators of Attack (IoA). Threat indicators are data that associate observed artifacts such as URLs, file hashes, or IP addresses with known threat activity such as phishing, botnets, or malware. This form of threat intelligence is often called tactical threat intelligence because it's' applied to security products and automation in large scale to detect potential threats to an organization and protect against them. Use threat indicators in Microsoft Sentinel, to detect malicious activity observed in your environment and provide context to security investigators to inform response decisions.
upvoted 1 times
...
zellck
2 years, 1 month ago
https://learn.microsoft.com/en-us/azure/defender-for-cloud/threat-intelligence-reports#what-is-a-threat-intelligence-report When Defender for Cloud identifies a threat, it triggers a security alert, which contains detailed information regarding the event, including suggestions for remediation. To help incident response teams investigate and remediate threats, Defender for Cloud provides threat intelligence reports containing information about detected threats.
upvoted 1 times
...
...
uffman
2 years, 2 months ago
Selected Answer: AC
Correct.
upvoted 1 times
...
tester18128075
2 years, 9 months ago
A and C
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel