ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 3 question 1 discussion

Actual exam question from Microsoft's SC-100
Question #: 1
Topic #: 3
[All SC-100 Questions]

You have Microsoft Defender for Cloud assigned to Azure management groups.
You have a Microsoft Sentinel deployment.
During the triage of alerts, you require additional information about the security events, including suggestions for remediation.
Which two components can you use to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Microsoft Sentinel threat intelligence workbooks
  • B. Microsoft Sentinel notebooks
  • C. threat intelligence reports in Defender for Cloud
  • D. workload protections in Defender for Cloud
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by Alex_Burlachenko at Aug. 30, 2022, 7:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zts
Highly Voted 2 years, 3 months ago
Selected Answer: AC
answer is correct.
upvoted 11 times
...
Alex_Burlachenko
Highly Voted 2 years, 3 months ago
correct ans
upvoted 6 times
...
whh13
Most Recent 4 days, 22 hours ago
Selected Answer: CD
A is not correct. While Microsoft Sentinel provides workbooks for visualizing and analyzing threat intelligence data, these workbooks focus more on providing insights into your organization's threat landscape rather than offering specific remediation suggestions during alert triage. Sentinel workbooks are useful for monitoring and visualizing threat data but are not directly focused on remediation actions.
upvoted 1 times
...
yakinikuman
7 months ago
Can't we achieve this with D:Defender for Cloud as well? https://learn.microsoft.com/en-us/azure/defender-for-cloud/workload-protections-dashboard
upvoted 1 times
...
zellck
1 year, 7 months ago
Selected Answer: AC
AC is the answer. https://learn.microsoft.com/en-us/azure/sentinel/understand-threat-intelligence#add-threat-indicators-to-microsoft-sentinel-with-the-microsoft-defender-threat-intelligence-data-connector Bring high fidelity indicators of compromise (IOC) generated by Microsoft Defender Threat Intelligence (MDTI) into your Microsoft Sentinel workspace. The MDTI data connector ingests these IOCs with a simple one-click setup. Then monitor, alert and hunt based on the threat intelligence in the same way you utilize other feeds.
upvoted 5 times
zellck
1 year, 6 months ago
Gotten this in May 2023 exam.
upvoted 4 times
...
zellck
1 year, 7 months ago
https://learn.microsoft.com/en-us/azure/sentinel/understand-threat-intelligence#introduction-to-threat-intelligence For SIEM solutions like Microsoft Sentinel, the most common forms of CTI are threat indicators, also known as Indicators of Compromise (IoC) or Indicators of Attack (IoA). Threat indicators are data that associate observed artifacts such as URLs, file hashes, or IP addresses with known threat activity such as phishing, botnets, or malware. This form of threat intelligence is often called tactical threat intelligence because it's' applied to security products and automation in large scale to detect potential threats to an organization and protect against them. Use threat indicators in Microsoft Sentinel, to detect malicious activity observed in your environment and provide context to security investigators to inform response decisions.
upvoted 1 times
...
zellck
1 year, 7 months ago
https://learn.microsoft.com/en-us/azure/defender-for-cloud/threat-intelligence-reports#what-is-a-threat-intelligence-report When Defender for Cloud identifies a threat, it triggers a security alert, which contains detailed information regarding the event, including suggestions for remediation. To help incident response teams investigate and remediate threats, Defender for Cloud provides threat intelligence reports containing information about detected threats.
upvoted 1 times
...
...
uffman
1 year, 7 months ago
Selected Answer: AC
Correct.
upvoted 1 times
...
tester18128075
2 years, 3 months ago
A and C
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago