ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 2 question 3 discussion

Actual exam question from Microsoft's SC-200
Question #: 3
Topic #: 2
[All SC-200 Questions]

HOTSPOT -
You have an Azure subscription that has Azure Defender enabled for all supported resource types.
You create an Azure logic app named LA1.
You plan to use LA1 to automatically remediate security risks detected in Azure Security Center.
You need to test LA1 in Security Center.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/workflow-automation#create-a-logic-app-and-define-when-it-should-automatically-run
by karlEzio at Oct. 2, 2021, 4:24 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Banzaaai
Highly Voted 2 years, 10 months ago
passed exam 31-Jan-2022, and answer Workflow Automation was not on exam... so.. I have chosen : Security Alerts
upvoted 27 times
Nikki0222
1 month, 2 weeks ago
CORRECT
upvoted 1 times
HAjouz
21 hours, 11 minutes ago
If you review the docs - where it says Manually trigger a logic app -> you see trigger logic is under security alerts
upvoted 1 times
...
...
emartiy
6 months, 1 week ago
Since Workflow was newly added... There was also Security Alerts option in your exam. Newly added opttion is worng. So recommendations option is strongly true if it was an option in your exam :=) I got copilot to answer this and shared result in my comment for first select first option for second select first option.
upvoted 2 times
...
Tracebuster
2 years, 10 months ago
This is why I would go with Recommendation as the 2nd answer option https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/securitynestedrecommendation
upvoted 11 times
Ramye
10 months, 1 week ago
How do you decipher/conclude the answer is recommendation from this link?
upvoted 2 times
...
...
AnonymousJhb
2 years, 8 months ago
Automate responses to Microsoft Defender for Cloud triggers using workflow automation - the trigger conditions selected is “Security alert” https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
upvoted 3 times
Lion007
2 years, 5 months ago
Agreeing with this answer, and add to it that you can actually find the "Trigger logic app" when you open both "Security alerts" and "Recommendations". This is mentioned in the docs page "To manually run a Logic App, open an alert or a recommendation and click Trigger Logic App:" https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation#manually-trigger-a-logic-app
upvoted 1 times
amsioso
2 years, 3 months ago
"security risks detected" not alerts, incidents... go with recommendations.
upvoted 3 times
...
...
...
...
Whatsamattr81
Highly Voted 2 years, 4 months ago
"automatically remediate security risks detected" - risks is the key word, that (to me) assumes the recommendations - and not alerts (which would be incidents). And it would be triggered on recommendations.
upvoted 12 times
...
cdgdhj
Most Recent 1 month, 3 weeks ago
what's the final answer?
upvoted 1 times
...
talosDevbot
2 months ago
"When an Azure Security Center Recommendation is created or triggered" "Recommendations" Important part of the question: "You need to test LA1 in Security Center" To test a Logic app, you want to manually trigger the app. To do this, you go to Recommendations > open a recommendation > select "Trigger a logic app" https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation#manually-trigger-a-logic-app
upvoted 1 times
...
dyavlito
3 months, 2 weeks ago
The given anwser is correct: To test the Azure Logic App (LA1) in Security Center, you should configure the following options: Set the LA1 trigger to: When an Azure Security Center alert is created or triggered Trigger the execution of LA1 from: Workflow automation This setup will allow LA1 to be automatically triggered when a security alert is created or triggered in Azure Security Center, and you can test its functionality through the workflow automation feature.
upvoted 1 times
...
g_man_rap
3 months, 2 weeks ago
Second. Second. Why Not "Recommendations"? If you select "When an Azure Security Center Recommendation is created or triggered," the Logic App would run whenever a recommendation is generated. However, since recommendations are not active threats but rather suggestions, this would not align with the objective of remediating actual security risks.
upvoted 1 times
...
ostralo
9 months ago
1. security risks - Security recommendations IMO, security threats are for Security Alert 2. Manually trigger a logic app You can also run logic apps manually when viewing any security alert or recommendation. To manually run a logic app, open an alert, or a recommendation and select Trigger logic app. We set the LA to be triggered by Security Recommendation that means we can manually trigger it via the Security Recommendation.
upvoted 3 times
...
smanzana
1 year ago
1. When an Azure Security Centre Recommendation is created or triggered 2. Security Alerts
upvoted 2 times
...
blacksheep_29
1 year, 1 month ago
My opinion is for LA1 to trigger should be based on the Alert and Proof is below - logicAppResourceId": { "type": "String", "metadata": { "displayName": "Logic App", "description": "The Logic App that is triggered.", "strongType": "Microsoft.Logic/workflows", "assignPermissions": true } }, "logicAppTrigger": { "type": "String", "metadata": { "displayName": "Logic app trigger", "description": "The trigger connector of the logic app that is triggered. Possible values: 'Manual (Incoming HTTP request)', 'When an Azure Security Center Alert is created or triggered'." The above mentioned is the code for Logic App config which is set to trigger when an Azure Security alert is created or triggered. Correct me If I'm wrong
upvoted 1 times
...
chepeerick
1 year, 1 month ago
check answer
upvoted 1 times
...
cris_exam
1 year, 3 months ago
Based on this below article about a similar lab this lad did, I think the answer is: 1. When an Azure Security Centre Recommendation is created or triggered 2. Security Alerts https://security.packt.com/setting-up-automated-threat-response-in-microsoft-defender-for-cloud-azure-security-center/ Open for debate though...
upvoted 3 times
...
donathon
1 year, 3 months ago
https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation#create-a-logic-app-and-define-when-it-should-automatically-run trigger based on alerts and workspace automation
upvoted 1 times
...
billo79152718
1 year, 4 months ago
First one is correct. Second is: Security Alerts
upvoted 1 times
...
mimguy
1 year, 5 months ago
On the exam July 7 2023
upvoted 4 times
...
AK4U_111
1 year, 6 months ago
be careful not to mistake with Question #39
upvoted 1 times
...
tatendazw
1 year, 6 months ago
Trigger is Security alert because of security risk. Workflow automation used to response to a security risk/incident https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation#create-a-logic-app-and-define-when-it-should-automatically-run
upvoted 1 times
...
AJ2021
1 year, 10 months ago
Question in Exam today
upvoted 8 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago