AZ-500 · Question #644
AZ-500 Question #644: Real Exam Question with Answer & Explanation
The correct answer is B: a Microsoft Sentinel playbook. Automate incident synchronization between Microsoft Sentinel and a third-party IT service management (ITSM) application by using Azure Logic Apps and automation rules to trigger playbooks. A playbook can then use the Microsoft Sentinel API or Microsoft Graph API to create or upda
Question
You have an Azure subscription that contains a Microsoft Sentinel workspace. You need to automate incident synchronization between Microsoft Sentinel and a third-party IT service management application. What should you use?
Options
- Aa Microsoft Sentinel watchlist
- Ba Microsoft Sentinel playbook
- Can Azure Automation runbook
- Dan Azure function
Explanation
Automate incident synchronization between Microsoft Sentinel and a third-party IT service management (ITSM) application by using Azure Logic Apps and automation rules to trigger playbooks. A playbook can then use the Microsoft Sentinel API or Microsoft Graph API to create or update tickets in the ITSM tool (like Jira or ServiceNow), and the ITSM tool can use its own integration or APIs to send updates back to Sentinel. 1. Set up the ITSM integration 2. Create an Azure Logic App playbook 3. Configure automation rules 4. Enable two-way synchronization Playbooks: Azure Logic Apps that can be run manually or automatically in response to Sentinel alerts or incidents. Automation rules: Rules that automate responses to incidents by running playbooks based on specific conditions. Microsoft Graph API: A RESTful web API that provides a unified programming model to access data in Microsoft 365 and other Microsoft cloud services. https://learn.microsoft.com/en-us/azure/sentinel/automate-incident-handling-with-automation-
Community Discussion
No community discussion yet for this question.