ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 2 question 31 discussion

Actual exam question from Microsoft's SC-200
Question #: 31
Topic #: 2
[All SC-200 Questions]

DRAG DROP -
You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud.
You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Step 1: From Logic App Designer, create a logic app.
Create a logic app and define when it should automatically run
1. From Defender for Cloud's sidebar, select Workflow automation.
2. To define a new workflow, click Add workflow automation. The options pane for your new automation opens.

Here you can enter:
A name and description for the automation.
The triggers that will initiate this automatic workflow. For example, you might want your Logic App to run when a security alert that contains "SQL" is generated.
The Logic App that will run when your trigger conditions are met.
3. From the Actions section, select visit the Logic Apps page to begin the Logic App creation process.
4. Etc.
Step 2: From Logic App Designer, run a trigger.

Manually trigger a Logic App -
You can also run Logic Apps manually when viewing any security alert or recommendation.
Step 3: From Workflow automation in Defender for cloud, add a workflow automation.
Configure workflow automation at scale using the supplied policies
Automating your organization's monitoring and incident response processes can greatly improve the time it takes to investigate and mitigate security incidents.

Reference:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
by amsioso at Sept. 10, 2022, 5:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Metasploit
Highly Voted 2 years, 1 month ago
This solution does not meet the sequence specified in the question. The solution must generate a test email. Correct answer is: 1) Create logic app 2) Add workflow automation (specifies action - send email) 3) Trigger logic app (creates alert->workflow automation activates -> sends email)
upvoted 17 times
Tuitor01
1 week, 2 days ago
https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-suppression-rules 1) First automation workflow 2) Crate your logicapp 3) Inside your logicapp designer pager nothing prevents you from testing the trigger
upvoted 1 times
...
BieLey
2 years, 1 month ago
But don't you need to run a trigger before you should to the workflow automation?
upvoted 7 times
HAjouz
4 days, 1 hour ago
These steps align with the process described in the Microsoft documentation: Create a sample alert: This helps you test the workflow automation. Create a Logic App: This app will define the actions to take when an alert is triggered. Add a workflow automation: This links the Logic App to the specific alert, ensuring that the defined actions are executed when the alert is triggered.
upvoted 1 times
...
...
...
Marchiano
Highly Voted 1 year, 4 months ago
https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation Create a logic app and define when it should automatically run 1. From Defender for Cloud's sidebar, select Workflow automation. 2. To define a new workflow, select Add workflow automation. 3. From the Actions section, select visit the Logic Apps page to begin the logic app creation process. 4. Select (+) Add. 5. Fill out all required fields and select Review + Create. 6. Review the information you entered and select Create. 7. After you've defined your logic app, return to the workflow automation definition pane ("Add workflow automation"). Select Refresh to ensure your new logic app is available for selection. 8. Select your logic app and save the automation. The logic app dropdown only shows those with supporting Defender for Cloud connectors mentioned above. Given the above, the answer should be: 1. From Workflow automation in Defender for Cloud, add a workflow automation 2. From Logic App Designer, create a logic app 3. From Logic App Designer, run a trigger
upvoted 13 times
davidli
1 year, 1 month ago
This is very valid to me.
upvoted 2 times
...
kabooze
1 year, 1 month ago
yes, but nothing stops you from creating the logic app before creating the workflow automation. So technically it's -> create logic app -> create workflow automation -> run trigger
upvoted 2 times
...
...
user636
Most Recent 3 months, 3 weeks ago
The correct answer is: - Step1: Create a Logic app (this will a part of process of creating a workflow automation), the logic app will use "Defender for cloud alert is triggered" as a trigger. The logic app will have a an action item to send email notifications. When the workflow automation in step2 will run, it will automatically run this logic app. - Step2: Create a workflow automation & use "Security alert" as the cloud data type. This will make sure that this workflow automation will run whenever there is a security alert generated. In the action option "select the logic app" created in Step1. If you do not create the logic app in step1, then it will NOT be shown in the workflow automation page. - Step3: From the Security alerts in MDC, create a sample alert. There is a sample alert for "digital currency mining". Once the sample security alert is created, it will trigger the workflow automation & the workflow automation will trigger the logic app. The logic app will send the email. This is how you do it in real world.
upvoted 1 times
user636
3 months, 2 weeks ago
The answer is: Add workflow automation Create a logic app Create a sample alert. as explained in my other comment. The process in both comments will get the results in the real world. However as per Microsoft docs, start with workflow automation and then logic creation...
upvoted 1 times
...
...
user636
3 months, 3 weeks ago
Keep it simple & don't overthink: You will first start with creating a workflow automation, during the process you will create a logic app as one of the step. In workflow automation you will define the Trigger conditions. You can use "alert name contains" to define digital currency mining as a trigger. During the logic app creation you will use send email as an action. Once the logic app is created, you will generate a sample alert, this will ensure/test that the workflow automation & logic app in use are both working fine. The answer is: Add workflow automation Create a logic app Create a sample alert. There is a sample alert for digital currency mining (ref: https://learn.microsoft.com/en-us/azure/defender-for-cloud/alert-validation)
upvoted 1 times
...
Ramye
10 months ago
See, you must have a Logic app available to be used for creating workflow automation steps, and you need to have an alert by a trigger for setting up the automation, therefore, the ans should be: - create the logic app - trigger the logic app to test - and finally, add the workflow automation
upvoted 4 times
...
chepeerick
1 year, 1 month ago
Correct
upvoted 1 times
...
NICKTON81
1 year, 3 months ago
The answer is correct! https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
upvoted 2 times
...
vdabhi123
1 year, 4 months ago
https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation Create a logic app and define when it should automatically run Manually trigger a logic app Configure workflow automation at scale using the supplied policies
upvoted 4 times
...
XLR8T2
1 year, 5 months ago
Estas son las respuestas correctas: 1. From Logic App Designer, create a logic App. -> Correcto: Primero necesitas que exista un LogicApp. 2. From Workflow automation in Defender for Cloud, add workflow automation. -> Correcto: agregar el Logic App antes creado. 3. From Security alerts in Defender for Cloud, create a sample alerta -> Correcto: Para realizar y probar que tu Logic App funciona.
upvoted 3 times
...
imhere4you
1 year, 6 months ago
On exam - 19 June 2023
upvoted 8 times
...
teouba
1 year, 8 months ago
If you trigger the app, before you create the workflow, then what's the point? The provided answer doesnt make any sense, first you need to create the workflow and then trigger the alert
upvoted 5 times
JoeP1
1 year, 4 months ago
Running the trigger tests that the logic app sends the email properly, but does not test the workflow that runs the logic app.
upvoted 2 times
...
...
ACSC
2 years ago
Answer is correct. You should: create the logic app trigger the logic app to test and finally add the workflow automation,
upvoted 7 times
...
Fukacz
2 years, 3 months ago
Correct. 1. Create Logic App 2. trigger (test) 3. apply
upvoted 3 times
...
amsioso
2 years, 3 months ago
And what happend with "create a sample alert"??
upvoted 3 times
Frankie21
1 year, 2 months ago
indeed that is the one you need to test it
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago