MS-900 · Question #402
MS-900 Question #402: Real Exam Question with Answer & Explanation
The correct answer is A: security orchestration, automation, and response. Microsoft Sentinel is a cloud-native SIEM and SOAR solution that combines security event management with automated response capabilities. Understanding its core feature set is essential for the SC-900 and related Microsoft security certifications.
Question
A company plans to implement Microsoft Sentinel. You need to describe the capabilities of Microsoft Sentinel. Which two sets of capabilities does it provide? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Options
- Asecurity orchestration, automation, and response
- Bnumeric score to measure an organization's security posture
- Csecurity and management of devices, data, and users for managed service providers
- Dsecurity information and event management
Explanation
Microsoft Sentinel is a cloud-native SIEM and SOAR solution that combines security event management with automated response capabilities. Understanding its core feature set is essential for the SC-900 and related Microsoft security certifications.
Common mistakes.
- B. A numeric score to measure an organization's security posture describes Microsoft Secure Score, a feature within Microsoft Defender for Cloud and Microsoft 365 Defender, not Microsoft Sentinel.
- C. Security and management of devices, data, and users for managed service providers describes Microsoft 365 Lighthouse, a tool designed specifically for MSPs to manage multiple customer tenants, which is unrelated to Sentinel's capabilities.
Concept tested. Microsoft Sentinel SIEM and SOAR core capabilities
Reference. https://learn.microsoft.com/en-us/azure/sentinel/overview
Community Discussion
No community discussion yet for this question.