ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 44 discussion

Actual exam question from Microsoft's SC-200
Question #: 44
Topic #: 3
[All SC-200 Questions]

You have an Azure subscription that contains an Azure logic app named app1 and a Microsoft Sentinel workspace that has an Azure Active Directory (Azure AD) connector.
You need to ensure that app1 launches when Microsoft Sentinel detects an Azure AD-generated alert.
What should you create first?

  • A. a repository connection
  • B. a watchlist
  • C. an analytics rule
  • D. an automation rule
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Fukacz at Sept. 14, 2022, 10:48 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Fukacz
Highly Voted 2 years, 6 months ago
Selected Answer: D
D is correct
upvoted 9 times
...
talosDevbot
Highly Voted 4 months, 4 weeks ago
Selected Answer: D
Based on the wording of the question, I think we can assume that there are already Azure AD alerts being generated in Sentinel. So you don't need an Analytic rule. You can just go create an automation rule for those specific alerts
upvoted 5 times
Onimole
5 days, 11 hours ago
Its an exam. Never assume lol
upvoted 1 times
...
...
Onimole
Most Recent 5 days, 11 hours ago
Selected Answer: C
Rule first, automation next C is the correct answer
upvoted 1 times
...
HAjouz
3 months ago
Selected Answer: C
D. an automation rule: You can't create an automation rule without first having an analytics rule to trigger it.
upvoted 2 times
CDR
2 months, 4 weeks ago
ou must first create an analytics rule to detect the condition you're looking for and generate an alert. Then, you can create an automation rule to link that alert to your logic app (playbook). Therefore, option C is the correct first step.
upvoted 2 times
...
...
06b7993
6 months ago
Selected Answer: D
The correct answer is Automation Rules. Since the alert has already been generated by Microsoft Sentinel, the next step is to set up automation that triggers the Logic App in response to this alert. Analytics Rules are designed to detect threats and anomalies in the data collected by Sentinel and are responsible for generating alerts. The key part of the question is, "when Microsoft Sentinel detects an Azure AD-generated alert," which means the alert is already in place. Therefore, the task at hand is to use an automation rule to trigger the Logic App based on that alert.
upvoted 4 times
...
Hawklx
8 months, 3 weeks ago
Selected Answer: C
I think C is the correct answer
upvoted 4 times
...
conu
10 months, 3 weeks ago
Selected Answer: C
Automation rules are not used to run logic apps, logic apps are run by playbooks. Perform basic automation tasks for incident handling: https://learn.microsoft.com/en-us/azure/sentinel/automate-incident-handling-with-automation-rules?tabs=onboarded#what-are-automation-rules
upvoted 3 times
...
meg4321
11 months, 2 weeks ago
wouldn't we have to create an analytic rule that triggers the alert and the automation? it only says that the connector is enabled...
upvoted 2 times
...
chepeerick
1 year, 4 months ago
Option Correct
upvoted 1 times
...
chepeerick
1 year, 4 months ago
Selected Answer: D
D is correct
upvoted 1 times
...
Apocalypse03
2 years, 2 months ago
Selected Answer: D
To ensure that app1 launches when Microsoft Sentinel detects an Azure AD-generated alert, you should create an automation rule first.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago