AZ-500 Question #256: Real Exam Question with Answer & Explanation

Question

You are working for a company as an Azure administrator. There are above 100 virtual machines (VMs) and all running on a single tenant. That one tenant has three subscriptions. Security alerts are reported to have increased within Azure Security Center. You must make sure you receive a notification immediately as the alerts are detected in Security Center. Identify the action(s) you must perform. Each correct answer presents part of the solution

Options

• ACreate a new workspace. Connect the VMs to the workspace and gather the Windows security
• BCreate an Azure Automation account. Configure the account to scan for alerts in Security Center.
• CCreate a new playbook. Configure the playbook to send an email whenever Security Center
• DCreate an Azure Automation account. Configure the account to scan for alerts in Security Center.

Explanation

To receive immediate email notifications for Azure Security Center alerts, you must create and configure an Azure Logic Apps playbook that triggers on Security Center alerts and sends an email.

Common mistakes.

• A. Creating a new Log Analytics workspace and collecting Windows security events is a good practice for logging and monitoring, but it doesn't directly configure immediate email notifications for Security Center alerts.
• B. An Azure Automation account can automate various tasks, but it's not the primary or most direct service for real-time alert notification from Security Center; Logic Apps are designed for this event-driven automation.
• D. This choice is identical to B and incorrect for the same reason; Azure Automation is not the most direct or real-time mechanism for Security Center alert notifications.

Concept tested. Automating security alert responses with Azure Logic Apps and Defender for Cloud

Reference. https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation

No community discussion yet for this question.