Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-900 Exam - Topic 9 Question 23 Discussion

Actual exam question for Microsoft's SC-900 exam
Question #: 23
Topic #: 9
[All SC-900 Questions]

You have an Azure subscription that contains a Log Analytics workspace.

You need to onboard Microsoft Sentinel.

What should you do first?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Marti at Feb 05, 2023, 07:14 PM

Limited Time Offer

25%

Off

Get Premium SC-900 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tasia
4 months ago
Correlating alerts into incidents sounds important too, but not first!
upvoted 0 times
...
Doyle
5 months ago
Seems like a no-brainer, but I’m not sure about this one.
upvoted 0 times
...
Madalyn
5 months ago
Wait, I thought creating a hunting query was the first step?
upvoted 0 times
...
Micaela
5 months ago
Totally agree, option C is the way to go.
upvoted 0 times
...
Cora
5 months ago
You need to connect to your security sources first!
upvoted 0 times
...
Bambi
5 months ago
I vaguely recall that connecting to security sources is crucial before anything else, but I could be mixing it up with another topic.
upvoted 0 times
...
Ngoc
5 months ago
I’m leaning towards correlating alerts into incidents, but that seems more like something you'd do after setting things up.
upvoted 0 times
...
Hermila
5 months ago
I remember practicing a question about onboarding Sentinel, and I feel like creating a hunting query was mentioned as a later step.
upvoted 0 times
...
Phung
5 months ago
I think the first step might be to connect to security sources, but I'm not entirely sure.
upvoted 0 times
...
Jolene
6 months ago
I'm a bit confused on the right approach here. Should I just ask the developer to revert the change or is there more to it?
upvoted 0 times
...
Arlene
6 months ago
I have a feeling ITD might not be it, but I saw it come up in some practice questions. Wish I had paid more attention!
upvoted 0 times
...
Freeman
6 months ago
I got this! The answer is B, a prima facie case. That's when the evidence presented is sufficient to establish a case, even if it's later rebutted. Nailed it.
upvoted 0 times
...
Weldon
6 months ago
I think providing physicians with coding guidelines is definitely important, but I'm not sure if that alone is enough.
upvoted 0 times
...
Kiley
6 months ago
The key here is understanding what "velocity" means in the context of Big Data. I think A is the correct answer, but I'll double-check my understanding.
upvoted 0 times
...
Rasheeda
10 months ago
E) Summon a mystical Azure genie to onboard Sentinel for me. Abracadabra, Sentinel is now onboarded!
upvoted 0 times
Sharmaine
9 months ago
D) Create a custom detection rule.
upvoted 0 times
...
Pansy
9 months ago
B) Correlate alerts into incidents.
upvoted 0 times
...
Danica
10 months ago
C) Connect to your security sources.
upvoted 0 times
...
...
German
11 months ago
D) Create a custom detection rule? Good luck finding a rule that can detect my lack of study time.
upvoted 0 times
Charisse
9 months ago
D) Create a custom detection rule.
upvoted 0 times
...
Frederick
10 months ago
B) Correlate alerts into incidents.
upvoted 0 times
...
Stevie
10 months ago
C) Connect to your security sources.
upvoted 0 times
...
...
Janessa
11 months ago
A) Create a hunting query? I'm not a bloodhound, I'm just trying to pass this exam!
upvoted 0 times
Ettie
10 months ago
D) Create a custom detection rule.
upvoted 0 times
...
Beckie
10 months ago
B) Correlate alerts into incidents.
upvoted 0 times
...
Lilli
10 months ago
C) Connect to your security sources.
upvoted 0 times
...
...
Ettie
11 months ago
B) Correlate alerts into incidents? What is this, a detective agency?
upvoted 0 times
...
Golda
11 months ago
C) Connect to your security sources. Duh, you gotta get the data in before you can do anything else!
upvoted 0 times
...
Aliza
11 months ago
I believe creating a custom detection rule might be the best option to start with.
upvoted 0 times
...
Lachelle
11 months ago
I agree with Tomoko, connecting to security sources is the first step to onboard Microsoft Sentinel.
upvoted 0 times
...
Tomoko
11 months ago
I think we should connect to our security sources first.
upvoted 0 times
...

Save Cancel