Microsoft Exam SC-200 Topic 4 Question 64 Discussion

Actual exam question for Microsoft's SC-200 exam

Question #: 64
Topic #: 4

[All SC-200 Questions]

You have a Microsoft Sentinel playbook that is triggered by using the Azure Activity connector.

You need to create a new near-real-time (NRT) analytics rule that will use the playbook.

What should you configure for the rule?

Athe Incident automation settings

Bentity mapping

Cthe query rule

Dthe Alert automation settings

Show Suggested Answer

Suggested Answer: B

by Gertude at Jan 22, 2024, 04:12 AM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Anastacia

2 days ago

That's a good point, Glory. But I think the question is asking specifically about what we need to configure for the rule itself, not the playbook. So I still think C) the query rule is the best answer.

upvoted 0 times

...

Glory

3 days ago

Hmm, I'm not so sure. What about the Incident automation settings? Couldn't that be a valid option since the playbook is being triggered by the Azure Activity connector?

upvoted 0 times

...

Honey

4 days ago

I agree with Candida. The question specifically states that we need to create a new NRT analytics rule, so the query rule is the logical choice here.

upvoted 0 times

...

Candida

5 days ago

Hmm, that's an interesting thought, David. But I still think the query rule is the most important thing to configure for a new NRT analytics rule. The other settings are more about what happens after the rule is triggered.

upvoted 0 times

...