Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-200 Exam - Topic 8 Question 56 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 56
Topic #: 8
[All SC-200 Questions]

You are configuring Azure Sentinel.

You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.

Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer: D

by Lonny at Jul 28, 2023, 11:30 PM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Naomi
4 months ago
Fusion rule? I thought that was for something else!
upvoted 0 times
...
Karan
4 months ago
Not sure about enabling Entity behavior analytics for this.
upvoted 0 times
...
Herminia
4 months ago
Wait, can you really send Teams messages like that? Sounds cool!
upvoted 0 times
...
Geoffrey
5 months ago
I think associating a playbook to an incident is key too.
upvoted 0 times
...
Merlyn
5 months ago
Definitely need to add a playbook for that!
upvoted 0 times
...
Wei
5 months ago
Creating a workbook seems unrelated to sending notifications, but I could see how enabling the Fusion rule might help with identifying threats.
upvoted 0 times
...
Lawana
5 months ago
I’m a bit confused about the options. I thought enabling Entity behavior analytics was important for detecting suspicious activity, but I’m not sure it directly relates to sending messages.
upvoted 0 times
...
Lea
5 months ago
I remember practicing a similar question where we had to set up alerts in Sentinel, and I feel like associating a playbook to an incident was part of that.
upvoted 0 times
...
Rasheeda
6 months ago
I think we definitely need to add a playbook for the Teams notification, but I'm not sure if we also need to associate it to an incident or just have it standalone.
upvoted 0 times
...
Meghan
6 months ago
This seems straightforward - AWS Guard Duty doesn't automatically enforce its findings, so the answer must be False.
upvoted 0 times
...
Weldon
6 months ago
Hmm, I'm a bit unsure about this one. I know Exploratory Testing is more unstructured, but I can't remember the specific term for the testing done without planning. Let me think this through...
upvoted 0 times
...
Ailene
10 months ago
C and D? Sounds like we're building a fancy Azure Sentinel dashboard rather than automating the response. I think I'll stick with A and B for this one.
upvoted 0 times
Yuki
9 months ago
C and D? Sounds like we're building a fancy Azure Sentinel dashboard rather than automating the response. I think I'll stick with A and B for this one.
upvoted 0 times
...
Makeda
9 months ago
B) Associate a playbook to an incident.
upvoted 0 times
...
Verona
10 months ago
A) Add a playbook.
upvoted 0 times
...
...
Yuette
11 months ago
Hmm, I'm not sure about this one. Maybe we should call in the Azure Sentinel support team - they seem to have a good sense of humor and can probably crack this case wide open!
upvoted 0 times
...
Gregoria
11 months ago
I would go with A and E. The Fusion rule can help detect suspicious activity, and a playbook can automate the response.
upvoted 0 times
Glennis
10 months ago
Yes, having a playbook and Fusion rule in place will definitely improve our incident response process.
upvoted 0 times
...
Sage
10 months ago
I think adding a playbook and enabling the Fusion rule will help us automate the response to suspicious activity.
upvoted 0 times
...
Alesia
10 months ago
I agree, setting up a playbook and enabling the Fusion rule is a good idea.
upvoted 0 times
...
...
Evelynn
11 months ago
A and B are the correct answers. You need to create a playbook to send the Teams message, and then associate that playbook with an incident.
upvoted 0 times
Carmelina
9 months ago
Yes, creating a playbook and associating it with an incident will allow you to send a Teams message when a suspicious sign-in is detected.
upvoted 0 times
...
Karma
9 months ago
Great, those are the correct actions to take.
upvoted 0 times
...
Linette
9 months ago
B) Associate a playbook to an incident.
upvoted 0 times
...
Sabina
10 months ago
A) Add a playbook.
upvoted 0 times
...
Gilma
10 months ago
Then associate that playbook with an incident.
upvoted 0 times
...
Venita
11 months ago
You need to create a playbook to send the Teams message.
upvoted 0 times
...
Brett
11 months ago
A and B are the correct answers.
upvoted 0 times
...
...
Tashia
11 months ago
Creating a workbook might be useful for tracking and analyzing the data related to the sign-ins.
upvoted 0 times
...
Anissa
12 months ago
I agree with Alyssa. Enabling the Fusion rule could also help in detecting suspicious IP addresses.
upvoted 0 times
...
Alyssa
12 months ago
I think we should add a playbook and associate it to an incident.
upvoted 0 times
...

Save Cancel