ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-900 All Questions

View all questions & answers for the AZ-900 exam
Go to Exam

Exam AZ-900 topic 1 question 247 discussion

Actual exam question from Microsoft's AZ-900
Question #: 247
Topic #: 1
[All AZ-900 Questions]

HOTSPOT -
Select the answer that correctly completes the sentence.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box: automatically respond to threats
Playbooks are collections of procedures that can be run from Microsoft Sentinel in response to an alert or incident. A playbook can help automate and orchestrate your response, and can be set to run automatically when specific alerts or incidents are generated, by being attached to an analytics rule or an automation rule, respectively.
Note: Automation rules help you triage incidents in Microsoft Sentinel. You can use them to automatically assign incidents to the right personnel, close noisy incidents or known false positives, change their severity, and add tags. They are also the mechanism by which you can run playbooks in response to incidents.
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook
by QBB at Nov. 11, 2022, 4:31 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SAFM
8 months, 1 week ago
Honestly, I cannot find any material on Sentinel on the learning syllabus, anybody seen it recently in the AZ-900 exams?
upvoted 3 times
Net_IT
7 months, 4 weeks ago
I haven't seen anything about it too...
upvoted 2 times
...
...
zellck
1 year, 4 months ago
"automatically respond to threats" is the answer. https://learn.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks#what-is-a-playbook A playbook is a collection of these remediation actions that can be run from Microsoft Sentinel as a routine. A playbook can help automate and orchestrate your threat response; it can be run manually on-demand on entities (in preview - see below) and alerts, or set to run automatically in response to specific alerts or incidents, when triggered by an automation rule. For example, if an account and machine are compromised, a playbook can isolate the machine from the network and block the account by the time the SOC team is notified of the incident.
upvoted 2 times
...
azirila
1 year, 5 months ago
same question if earlier so answer is correct
upvoted 2 times
Appuhami
7 months, 1 week ago
repeated Question 230
upvoted 2 times
...
...
QBB
1 year, 6 months ago
automatically respond to threats
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel