ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 34 discussion

Actual exam question from Microsoft's SC-200
Question #: 34
Topic #: 3
[All SC-200 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Azure Sentinel.
You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected.
Solution: You create a livestream from a query.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-security-center
by rdy4u at April 28, 2022, 4:55 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rdy4u
Highly Voted 3 years ago
No, You create a Microsoft incident creation rule for a data connector.
upvoted 24 times
...
fiksarion
Highly Voted 1 year, 3 months ago
No, this solution does not meet the goal. Explanation: Creating a livestream from a query is not the appropriate solution for detecting and creating incidents in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected. Livestreams are used to monitor real-time data and visualize it in Azure Sentinel dashboards, but they do not trigger incidents based on specific conditions or events. To achieve the goal of creating an incident in Azure Sentinel when a sign-in from a malicious IP address is detected, you should use analytics rules or custom detection rules. These rules allow you to define conditions based on log data and trigger incidents when those conditions are met. Therefore, the given solution does not meet the goal.
upvoted 6 times
...
Edindude
Most Recent 2 months, 2 weeks ago
Selected Answer: B
Correct answer is no
upvoted 1 times
...
7d801bf
10 months ago
the Answer is No. it should be a playbook
upvoted 1 times
...
Murtuza
1 year, 4 months ago
OR a schedule analytics query rule. Bottomline creates rules
upvoted 1 times
...
chepeerick
1 year, 6 months ago
Correct option
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago