Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-200 Exam - Topic 5 Question 54 Discussion

You have an Azure subscription that contains an Microsoft Sentinel workspace.You need to create a playbook that will run automatically in response to an Microsoft Sentinel alert.What should you create first?
D) an automation rule in Microsoft Sentinel
A) a trigger in Azure Functions
B) an Azure logic app
C) a hunting query in Microsoft Sentinel

Microsoft SC-200 Exam - Topic 5 Question 54 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 54
Topic #: 5
[All SC-200 Questions]

You have an Azure subscription that contains an Microsoft Sentinel workspace.

You need to create a playbook that will run automatically in response to an Microsoft Sentinel alert.

What should you create first?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Delisa at May 24, 2023, 10:25 PM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tijuana
6 months ago
Surprised no one mentioned triggers in Azure Functions!
upvoted 0 times
...
Altha
7 months ago
A hunting query? That doesn't sound right.
upvoted 0 times
...
Holley
7 months ago
Wait, I thought it was an automation rule?
upvoted 0 times
...
Helaine
7 months ago
Totally agree, B is the way to go.
upvoted 0 times
...
Deonna
7 months ago
You need to create an Azure logic app first!
upvoted 0 times
...
Joni
8 months ago
I thought we might need a trigger in Azure Functions, but now I'm questioning if that's necessary before setting up the logic app.
upvoted 0 times
...
Juan
8 months ago
I practiced a similar question, and I feel like the logic app is definitely involved, but I can't recall if it's the very first thing we create.
upvoted 0 times
...
Stephaine
8 months ago
I'm not entirely sure, but I remember something about automation rules being important in Sentinel. Could that be the first step?
upvoted 0 times
...
Cheryll
8 months ago
I think we need to create an Azure logic app first, right? That seems to be the starting point for automating responses.
upvoted 0 times
...
Tamra
8 months ago
The CRL check is a smart move. If the certificate has been revoked, that would explain why the signing is failing even though it works on the website.
upvoted 0 times
...
Martin
8 months ago
Ah, I remember this from the CCNP ENCOR material. The routing protocol that requires a separate process per VRF is BGP. The other options like OSPF and EIGRP can use a single process across multiple VRFs.
upvoted 0 times
...
Devorah
8 months ago
I feel like "Capacity Management" covers the overall process, but does it really focus on monitoring and corrective actions? I could be mixing it up.
upvoted 0 times
...

Save Cancel