ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 22 discussion

Actual exam question from Microsoft's SC-200
Question #: 22
Topic #: 3
[All SC-200 Questions]

You are configuring Azure Sentinel.
You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.
Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Add a playbook.
  • B. Associate a playbook to an incident.
  • C. Enable Entity behavior analytics.
  • D. Create a workbook.
  • E. Enable the Fusion rule.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by Task at May 30, 2021, 10:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
werbinich
Highly Voted 3 years, 1 month ago
Playbooks are collections of procedures that can be run from Azure Sentinel in response to an alert or incident. A playbook can help automate and orchestrate your response, and can be set to run automatically when specific alerts or incidents are generated, by being attached to an analytics rule or an automation rule, respectively. It can also be run manually on-demand. Playbooks in Azure Sentinel are based on workflows built in Azure Logic Apps, which means that you get all the power, customizability, and built-in templates of Logic Apps. Thus correct answer
upvoted 25 times
aman1782
2 years, 4 months ago
Correct A&B
upvoted 1 times
...
AlaReAla
3 years, 1 month ago
keep up the good stuff @werbinich. Hope you crack the certification soon. All the best.
upvoted 7 times
...
...
chepeerick
Most Recent 12 months ago
Correct
upvoted 1 times
...
kevin23699
1 year ago
It should be B,C
upvoted 1 times
Ramye
8 months ago
Please explain why..
upvoted 1 times
...
...
JoeP1
1 year, 3 months ago
Selected Answer: AB
It is worded poorly to say you need to associate the playbook with the incident instead of setting the incident as a trigger, but options C, D and E make even less sense.
upvoted 2 times
...
eddz25
1 year, 9 months ago
Selected Answer: AB
A. Add a playbook B. Associate a playbook to an incident To send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected in Azure Sentinel, you will need to perform two actions: Add a playbook: A playbook is a set of actions that can be triggered in response to an incident, such as sending a message to a channel in Microsoft Teams. To add a playbook, you will need to navigate to the Playbooks tab in Azure Sentinel and create a new playbook that includes an action to send a message to a Microsoft Teams channel. Associate a playbook to an incident: After creating the playbook, you will need to associate it with an incident in Azure Sentinel. This can be done by navigating to the Incidents tab in Azure Sentinel and selecting the incident that you want to associate the playbook with. Then, select the "Associate Playbook" button and select the playbook that you created.
upvoted 2 times
...
subhuman
2 years, 7 months ago
Selected Answer: AB
Correct answer A&B
upvoted 1 times
...
stromnessian
2 years, 8 months ago
Selected Answer: AB
AB IMHO.
upvoted 2 times
...
liberty123
2 years, 8 months ago
Selected Answer: AB
A & B is correct
upvoted 1 times
...
kakakayayaya
2 years, 10 months ago
For me B is a wrong choice. We can NOT associate a playbook to an incident! We can: - trigger playbook when incident happens - associate playbook to an ANALYTIC RULE Fusion rule is important to catch Multistage attacks not suspicious sign-in. So A - ok B - weird.
upvoted 3 times
...
Eltooth
3 years ago
Correct - A & B
upvoted 3 times
...
tk3
3 years, 2 months ago
i agree with the answer
upvoted 1 times
...
Task
3 years, 4 months ago
Correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago