AZ-500 · Question #369
AZ-500 Question #369: Real Exam Question with Answer & Explanation
The correct answer is A: an analytics rule. To use a Microsoft Sentinel notebook, especially one leveraging machine learning capabilities like the 'Guided Investigation - Anomaly Lookup' template, you first need an Azure Machine Learning workspace.
Question
You have an Azure subscription that uses Microsoft Sentinel. You need to create a Microsoft Sentinel notebook that will use the Guided Investigation - Anomaly Lookup template. What should you create first?
Options
- Aan analytics rule
- Ba Log Analytics workspace
- Can Azure Machine Learning workspace
- Da hunting query
Explanation
To use a Microsoft Sentinel notebook, especially one leveraging machine learning capabilities like the 'Guided Investigation - Anomaly Lookup' template, you first need an Azure Machine Learning workspace.
Common mistakes.
- A. An analytics rule in Sentinel is used for detecting threats and generating incidents, but it is not a prerequisite for creating or running a Sentinel notebook.
- B. A Log Analytics workspace is fundamental for Sentinel to collect data, but while notebooks consume data from it, creating the Log Analytics workspace isn't the first step specifically for creating and running a notebook template that leverages ML.
- D. A hunting query is used for proactive threat hunting, which can be done within Sentinel or notebooks, but creating a hunting query is not a prerequisite for setting up the environment to run a notebook template.
Concept tested. Microsoft Sentinel notebook prerequisites (Azure ML workspace)
Reference. https://learn.microsoft.com/azure/sentinel/notebooks-deploy-manage#prerequisites
Community Discussion
No community discussion yet for this question.