Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25

- Free Preparation Discussions

Microsoft SC-900 Exam - Topic 9 Question 23 Discussion

Actual exam question for Microsoft's SC-900 exam

Question #: 23
Topic #: 9

[All SC-900 Questions]

You have an Azure subscription that contains a Log Analytics workspace.

You need to onboard Microsoft Sentinel.

What should you do first?

ACreate a hunting query.

BCorrelate alerts into incidents.

CConnect to your security sources.

DCreate a custom detection rule.

Show Suggested Answer

Suggested Answer: D

by Marti at Feb 05, 2023, 07:14 PM

Limited Time Offer

25%

Off

Get Premium SC-900 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Tasia

7 months ago

Correlating alerts into incidents sounds important too, but not first!

upvoted 0 times

...

Doyle

7 months ago

Seems like a no-brainer, but I’m not sure about this one.

upvoted 0 times

...

Madalyn

7 months ago

Wait, I thought creating a hunting query was the first step?

upvoted 0 times

...

Micaela

8 months ago

Totally agree, option C is the way to go.

upvoted 0 times

...

Cora

8 months ago

You need to connect to your security sources first!

upvoted 0 times

...

Bambi

8 months ago

I vaguely recall that connecting to security sources is crucial before anything else, but I could be mixing it up with another topic.

upvoted 0 times

...

Ngoc

8 months ago

I’m leaning towards correlating alerts into incidents, but that seems more like something you'd do after setting things up.

upvoted 0 times

...

Hermila

8 months ago

I remember practicing a question about onboarding Sentinel, and I feel like creating a hunting query was mentioned as a later step.

upvoted 0 times

...

Phung

8 months ago

I think the first step might be to connect to security sources, but I'm not entirely sure.

upvoted 0 times

...

Jolene

8 months ago

I'm a bit confused on the right approach here. Should I just ask the developer to revert the change or is there more to it?

upvoted 0 times

...

Arlene

8 months ago

I have a feeling ITD might not be it, but I saw it come up in some practice questions. Wish I had paid more attention!

upvoted 0 times

...

Freeman

8 months ago

I got this! The answer is B, a prima facie case. That's when the evidence presented is sufficient to establish a case, even if it's later rebutted. Nailed it.

upvoted 0 times

...

Weldon

8 months ago

I think providing physicians with coding guidelines is definitely important, but I'm not sure if that alone is enough.

upvoted 0 times

...

Kiley

8 months ago

The key here is understanding what "velocity" means in the context of Big Data. I think A is the correct answer, but I'll double-check my understanding.

upvoted 0 times

...

Rasheeda

1 year ago

E) Summon a mystical Azure genie to onboard Sentinel for me. Abracadabra, Sentinel is now onboarded!

upvoted 0 times

Sharmaine

12 months ago

D) Create a custom detection rule.

upvoted 0 times

...

Pansy

12 months ago

B) Correlate alerts into incidents.

upvoted 0 times

...

Danica

1 year ago

C) Connect to your security sources.

upvoted 0 times

...

...

German

1 year ago

D) Create a custom detection rule? Good luck finding a rule that can detect my lack of study time.

upvoted 0 times

Charisse

12 months ago

D) Create a custom detection rule.

upvoted 0 times

...

Frederick

1 year ago

B) Correlate alerts into incidents.

upvoted 0 times

...

Stevie

1 year ago

C) Connect to your security sources.

upvoted 0 times

...

...

Janessa

1 year ago

A) Create a hunting query? I'm not a bloodhound, I'm just trying to pass this exam!

upvoted 0 times

Ettie

1 year ago

D) Create a custom detection rule.

upvoted 0 times

...

Beckie

1 year ago

B) Correlate alerts into incidents.

upvoted 0 times

...

Lilli

1 year ago

C) Connect to your security sources.

upvoted 0 times

...

...

Ettie

1 year ago

B) Correlate alerts into incidents? What is this, a detective agency?

upvoted 0 times

...

Golda

1 year ago

C) Connect to your security sources. Duh, you gotta get the data in before you can do anything else!

upvoted 0 times

...

Aliza

1 year ago

I believe creating a custom detection rule might be the best option to start with.

upvoted 0 times

...

Lachelle

1 year ago

I agree with Tomoko, connecting to security sources is the first step to onboard Microsoft Sentinel.

upvoted 0 times

...

Tomoko

1 year ago

I think we should connect to our security sources first.

upvoted 0 times

...