ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 37 discussion

Actual exam question from Microsoft's SC-200
Question #: 37
Topic #: 3
[All SC-200 Questions]

You have an Azure subscription that uses Microsoft Sentinel.
You need to minimize the administrative effort required to respond to the incidents and remediate the security threats detected by Microsoft Sentinel.
Which two features should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Microsoft Sentinel bookmarks
  • B. Azure Automation runbooks
  • C. Microsoft Sentinel automation rules
  • D. Microsoft Sentinel playbooks
  • E. Azure Functions apps
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by PatWafy at Oct. 18, 2022, 4:08 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ACSC
Highly Voted 2 years, 5 months ago
Selected Answer: CD
Use playbooks together with automation rules to automate your incident response and remediate security threats detected by Microsoft Sentinel
upvoted 6 times
...
talosDevbot
Most Recent 7 months ago
Selected Answer: CD
When you want to add automation for an analytic rule in Sentinel, you configure the rule's Automation rules to define a playbook to execute. Azure Automation runbooks is mainly for automating the provisioning, management, and maintaining
upvoted 1 times
...
g_man_rap
8 months, 3 weeks ago
Selected Answer: CD
B. Azure Automation runbooks: While runbooks in Azure Automation can automate tasks in the broader Azure environment, they are not directly integrated with Microsoft Sentinel. Playbooks, which are integrated with Sentinel, would be a better choice here.
upvoted 1 times
...
chepeerick
1 year, 6 months ago
Correct
upvoted 1 times
...
billo79152718
1 year, 9 months ago
Selected Answer: CD
Is correct
upvoted 2 times
...
itsadel
1 year, 9 months ago
Selected Answer: BD
D. Microsoft Sentinel playbooks: Playbooks are a set of automated tasks that can be triggered by an alert or incident. They can be used to minimize the administrative effort required to respond to incidents and remediate security threats. B. Azure Automation runbooks: Runbooks are a set of PowerShell scripts that can be run on demand or automatically. They can be used to automate tasks such as collecting data, running queries, and sending notifications.
upvoted 2 times
billo79152718
1 year, 9 months ago
Look here on the advantages: https://learn.microsoft.com/en-us/azure/automation/automation-runbook-types?tabs=lps51%2Cpy27 I choose C and D
upvoted 1 times
...
...
WRITER00347
2 years, 3 months ago
C. Microsoft Sentinel automation rules D. Microsoft Sentinel playbooks Microsoft Sentinel's Automation rules can be used to automatically trigger actions or playbooks in response to detected security incidents. This reduces the need for manual intervention and minimizes administrative effort. Playbooks in Microsoft Sentinel can be used to automate incident response tasks and remediation steps, such as quarantining an affected machine or disabling a compromised account. This allows you to quickly and consistently take action on security incidents, further reducing administrative effort.
upvoted 4 times
...
coringlax
2 years, 6 months ago
Correct! Automation rules help you triage incidents in Microsoft Sentinel. You can use them to automatically assign incidents to the right personnel, close noisy incidents or known false positives, change their severity, and add tags. They are also the mechanism by which you can run playbooks in response to incidents.
upvoted 3 times
...
PatWafy
2 years, 6 months ago
réponse : CD
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago