ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 49 discussion

Actual exam question from Microsoft's SC-200
Question #: 49
Topic #: 3
[All SC-200 Questions]

You have an Azure subscription that uses Microsoft Sentinel.

You detect a new threat by using a hunting query.

You need to ensure that Microsoft Sentinel automatically detects the threat. The solution must minimize administrative effort.

What should you do?

  • A. Create an analytics rule.
  • B. Add the query to a workbook.
  • C. Create a watchlist.
  • D. Create a playbook.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ACSC at Jan. 22, 2023, 7:13 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RodrigoLima
Highly Voted 2 years, 3 months ago
Selected Answer: A
The fact that I'm paying contributor access to have these easy questions with a wrong answer really triggers me... This being said, the answer is clearly A.
upvoted 66 times
Studytime2023
8 months, 3 weeks ago
Agreed. Feels pretty rude.
upvoted 1 times
...
...
Nailik_Ms
Highly Voted 2 years, 2 months ago
Selected Answer: A
Please somebody fixes the answer.
upvoted 14 times
...
user636
Most Recent 8 months, 1 week ago
Selected Answer: A
Answer is A. Use the KQL code from the Hunting query & create an analytics rule. The analytics rule will run & scan the logs to detect threats. Workbook is a sort of reporting dashboards. Watchlist is for adding data/entites (IP, account names etc.) by uploading a CSV file to Sentinel. Later you can use the watchlist in your KQL. Playbook is used in the automation rules for automated response. It uses azure logic apps.
upvoted 3 times
...
xxjanixxasd
1 year, 5 months ago
Could you please change this question to the right answer or at least give a statment? Its obviously wrong
upvoted 4 times
...
chepeerick
1 year, 6 months ago
Opton A
upvoted 1 times
...
chepeerick
1 year, 6 months ago
Selected Answer: A
Option A
upvoted 2 times
...
a311
1 year, 7 months ago
Selected Answer: A
https://learn.microsoft.com/en-us/azure/sentinel/detect-threats-custom
upvoted 2 times
...
theplaceholder
1 year, 9 months ago
Selected Answer: A
frustratingly and obviously wrong
upvoted 5 times
...
ProvasSC
2 years, 1 month ago
We have sent a message to [email protected] asking for the change.
upvoted 2 times
tirajvid
1 year, 10 months ago
And it’s been 3 months now… still not fixed. On the plus side this site allow comments so that we can get to know the right answer from others. Other sites don’t have comments enabled.
upvoted 6 times
YorWarBar96
1 year, 4 months ago
9 months :(
upvoted 2 times
...
...
...
[Removed]
2 years, 2 months ago
Selected Answer: A
A. Create an analytics rule. Creating an analytics rule in Microsoft Sentinel is the best way to ensure that the system automatically detects the threat with minimal administrative effort. Analytics rules allow you to create custom detections based on specific events or patterns that you want to monitor.
upvoted 4 times
...
ACSC
2 years, 3 months ago
Selected Answer: A
https://learn.microsoft.com/en-us/azure/sentinel/detect-threats-built-in
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago