ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 2 question 57 discussion

Actual exam question from Microsoft's MS-500
Question #: 57
Topic #: 2
[All MS-500 Questions]

HOTSPOT -
You have a Microsoft Sentinel workspace that has an Azure Active Directory (Azure AD) connector and an Office 365 connector.
From the workspace, you plan to create an analytics rule that will be based on a custom query and will run a security playbook.
You need to ensure that you can add the security playbook and the custom query to the rule.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Scheduled -
Create a custom analytics rule with a scheduled query
1. From the Microsoft Sentinel navigation menu, select Analytics.
2. In the action bar at the top, select +Create and select Scheduled query rule. This opens the Analytics rule wizard.
3. Etc.

Box 2: A trigger -
Use triggers and actions in Microsoft Sentinel playbooks.
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/detect-threats-custom https://docs.microsoft.com/en-us/azure/sentinel/playbook-triggers-actions#microsoft-sentinel-triggers-summary
by Jawad1462 at Nov. 12, 2022, 12:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
EM1234
2 years, 4 months ago
The explanation should not say "etc" unless they are teaching us how to draw an owl. The answer does seem right to me though.
upvoted 1 times
...
Jawad1462
2 years, 7 months ago
Answer is correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel