ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 2 question 39 discussion

Actual exam question from Microsoft's SC-200
Question #: 39
Topic #: 2
[All SC-200 Questions]

HOTSPOT
-

You have an Azure subscription that has Microsoft Defender for Cloud enabled for all supported resource types.

You create an Azure logic app named LA1.

You plan to use LA1 to automatically remediate security risks detected in Defender for Cloud.

You need to test LA1 in Defender for Cloud.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Holii at April 17, 2023, 7:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Holii
Highly Voted 1 year, 8 months ago
When a Defender for Cloud Recommendation is created or triggered and Security alerts Regulatory Compliance Standards is based on pre-defined compliance standards and, while they can provide remediation to security risks, I think Security alerts better answers the question and offers the ability to customize.
upvoted 20 times
xRiot007
1 week, 3 days ago
You should trigger the execution of the LA from Recommendations.
upvoted 1 times
...
...
tirajvid
Highly Voted 1 year, 5 months ago
Question says " You plan to use LA1 to automatically remediate security risks detected in Defender for Cloud" Security risks are not security alerts nor policy non compliance issues. Based on that, the correct second answer should be "Recommendations" https://azurecloudai.blog/2021/08/10/regulatory-compliance-in-azure-security-center-workflow-automation-reaches-ga/
upvoted 17 times
...
user636
Most Recent 3 months, 3 weeks ago
The answers are: Set Trigger to when a defender for Cloud recommendation is created or triggered Trigger the execution of LA1 from Recommendations. If you set the trigger of a logic app of a particular type, then you can only trigger it from that type. For e.g. if the trigger is alert , then you can tigger the logic app from a alert & if the trigger is recommendation, then you can trigger it from a recommendation. https://learn.microsoft.com/en-us/azure/defender-for-cloud/review-security-recommendations#explore-a-recommendation
upvoted 4 times
HAjouz
3 days, 23 hours ago
100%Set the LA1 trigger to: When a Defender for Cloud Recommendation is created or triggered By triggering LA1 based on recommendations, you can proactively address potential security issues before they escalate into actual alerts. Trigger the execution of LA1 from: Recommendations You can manually trigger LA1 from the Recommendations section in Defender for Cloud to test its remediation capabilities. Remember to configure LA1 to take appropriate actions based on the specific recommendations, such as applying security patches, hardening configurations, or disabling vulnerable services.
upvoted 1 times
...
...
user636
3 months, 3 weeks ago
The answer is: Set trigger to Cloud recommendation is created or triggered & Trigger the execution from Recommendations. You can trigger a logic app from recommendations in MDC. Click a recommendation & then navigate to "Take action" option. Also, why would you use "security alert" as a trigger execution if the logic app is configured with a trigger "when a recommendation is created/triggered". The logic app will be executed via a same trigger that it is configured as.
upvoted 1 times
...
Sneekygeek
8 months, 1 week ago
Seems to be another example of poorly worded question making this about test taking ability and not competence with Microsoft products. I think the phrasing 'security risks' as opposed to 'security incident' means we would be talking about recommendations and not alerts. The recommendations exist for configurations deemed risky (similar to secure score), whereas an alert would be doing something in response to activity which triggered the alert, which I would consider an incident, not a risk. https://learn.microsoft.com/en-us/azure/defender-for-cloud/recommendations-reference
upvoted 1 times
...
Ramye
9 months, 3 weeks ago
Based on the specific ask on the question: "You plan to use LA1 to automatically remediate security risks detected in Defender for Cloud" It clearly says automatically remediate the risk -that means don't have to rely on recommendations, so the 2nd box is clearly Security alerts.
upvoted 1 times
...
Gurulee
11 months, 2 weeks ago
Recommendations trigger. https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation#supported-triggers
upvoted 1 times
...
danlo
1 year, 1 month ago
Remediate security risks = recommendations Alerts would be alerts as is not mentioned https://learn.microsoft.com/en-us/azure/well-architected/security/monitor-remediate
upvoted 1 times
...
chepeerick
1 year, 1 month ago
check this
upvoted 1 times
...
Anil0512
1 year, 2 months ago
Seems nobody is 100% sure?
upvoted 2 times
Fez786
1 year, 2 months ago
its Cloud Recommendation is created or triggered and Security alerts
upvoted 4 times
...
...
donathon
1 year, 3 months ago
My thoughts are this related to risks not actual inccidents. Hence it should be Recommendations for both instead of alerts.
upvoted 2 times
Ramye
10 months, 1 week ago
But, does not recommendations are generated based on alerts/incidents sometimes?
upvoted 1 times
...
...
AK4U_111
1 year, 6 months ago
be careful not to mistake with Topic 2 - Question Set 2 Question#3 You have an Azure subscription that has Azure Defender enabled for all supported resource types. You create an Azure logic app named LA1. You plan to use LA1 to automatically remediate security risks detected in Azure Security Center. You need to test LA1 in Security Center. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
upvoted 2 times
Ramye
10 months, 1 week ago
Azure Defender and Azure Security center together now is Defender for Cloud, so this question is now updated with the updated name.
upvoted 1 times
...
...
MrAce
1 year, 6 months ago
The question can be interpreted in multiple ways, but I think that the answer should be: When a Defender for Cloud Alert is created or triggered Security Alerts https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
upvoted 4 times
JoeP1
1 year, 4 months ago
According to that link: "To manually run a logic app, open an alert, or a recommendation and select Trigger logic app" So the Logic App can be manually triggered in this case from the Recommendation. The answers should be: When a Defender for Cloud Recommendation is created or triggered Recommendations https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
upvoted 7 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago