Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-200 Exam - Topic 1 Question 19 Discussion

You recently deployed Azure Sentinel.You discover that the default Fusion rule does not generate any alerts. You verify that the rule is enabled.You need to ensure that the Fusion rule can generate alerts.What should you do?
B) Add data connectors
A) Disable, and then enable the rule.
C) Create a new machine learning analytics rule.
D) Add a hunting bookmark.

Microsoft SC-200 Exam - Topic 1 Question 19 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 19
Topic #: 1
[All SC-200 Questions]

You recently deployed Azure Sentinel.

You discover that the default Fusion rule does not generate any alerts. You verify that the rule is enabled.

You need to ensure that the Fusion rule can generate alerts.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: B

https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources

by Stephaine at May 06, 2022, 08:38 PM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Wilburn
7 months ago
Seems odd that the default rule doesn't generate alerts by itself!
upvoted 0 times
...
Mica
7 months ago
Wait, does anyone actually use hunting bookmarks for this?
upvoted 0 times
...
Lavonda
8 months ago
I thought disabling and re-enabling might help too.
upvoted 0 times
...
Joanne
8 months ago
Totally agree, B is the way to go!
upvoted 0 times
...
Eliz
8 months ago
You need to add data connectors for Fusion to work.
upvoted 0 times
...
Brynn
8 months ago
Adding a hunting bookmark doesn't sound like it would help with generating alerts for the Fusion rule, but I could be wrong.
upvoted 0 times
...
Noah
8 months ago
I practiced a similar question where we had to ensure alerts were generated, but I can't recall if creating a new machine learning rule was necessary.
upvoted 0 times
...
Tyra
8 months ago
I'm not entirely sure, but I think disabling and re-enabling the rule might reset something. It seems like a common troubleshooting step.
upvoted 0 times
...
Cordelia
8 months ago
I remember reading that Fusion rules rely on data from various sources, so maybe adding data connectors is the right move?
upvoted 0 times
...
Annice
8 months ago
Ah, I think I know this one. It's got to be the /opt/PTA/emailConfiguration.sh script, right?
upvoted 0 times
...
Kandis
8 months ago
Okay, I've got a strategy. I'll start by looking at the method signature and considering whether making it global static instead of public static could be one of the changes. Then I'll look at the argument type and see if changing that could be the other change needed.
upvoted 0 times
...

Save Cancel