ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 2 question 53 discussion

Actual exam question from Microsoft's MS-500
Question #: 53
Topic #: 2
[All MS-500 Questions]

You create an Azure Sentinel workspace.
You configure Azure Sentinel to ingest data from Azure Active Directory (Azure AD).
In the Azure Active Directory admin center, you discover Azure AD Identity Protection alerts. The Azure Sentinel workspace shows the status as shown in the following exhibit.

In Azure Log Analytics, you can see Azure AD data in the Azure Sentinel workspace.
What should you configure in Azure Sentinel to ensure that incidents are created for detected threats?

  • A. data connectors
  • B. rules
  • C. workbooks
  • D. hunting queries
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by heshmat2022 at Sept. 21, 2022, 6:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
heshmat2022
Highly Voted 2 years, 9 months ago
SOrry, the answer is B : create custom analytics rules to help discover threats and anomalous behaviors in your environment.
upvoted 9 times
...
King_Khong
Most Recent 2 years, 3 months ago
B is correct, in my exam 01/03/23
upvoted 2 times
...
shouro88
2 years, 5 months ago
Selected Answer: B
Instance is already up and running, no point in choosing a "data connector" After connecting your data sources to Microsoft Sentinel, create custom analytics RULES to help discover threats and anomalous behaviors in your environment.
upvoted 2 times
...
Wedge34
2 years, 8 months ago
Selected Answer: A
To get Identity Protection Alerts, you must have Identity Protection Connectors (defender for identity soon) and Azure AD premium P2 licence
upvoted 1 times
Acbrownit
2 years, 5 months ago
The question states that the alerts are already showing in Sentinel, so the connectors are there. Just needs a rule to parse the events
upvoted 2 times
...
...
RVR
2 years, 9 months ago
Selected Answer: B
Rules Step 3: https://learn.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts
upvoted 3 times
...
heshmat2022
2 years, 9 months ago
Selected Answer: A
create custom analytics rules to help discover threats and anomalous behaviors in your environment.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel