MS-900 · Question #432
MS-900 Question #432: Real Exam Question with Answer & Explanation
Microsoft Sentinel is Microsoft's cloud-native SIEM+SOAR solution. As a SIEM, it collects and analyzes data from multiple sources and generates alerts, while as a SOAR platform, it automates responses to those alerts through playbooks and orchestration workflows. The first statem
Question
Hotspot Question A company is evaluating security capabilities of Microsoft Sentinel. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer:
Explanation
Microsoft Sentinel is Microsoft's cloud-native SIEM+SOAR solution. As a SIEM, it collects and analyzes data from multiple sources and generates alerts, while as a SOAR platform, it automates responses to those alerts through playbooks and orchestration workflows. The first statement is correct because Sentinel (as a SOAR) does trigger automated security response tasks (playbooks via Logic Apps) in response to alerts from various sources. The second statement is also marked Yes, though it slightly blurs the lines - in the context of this question, Sentinel's SOAR capability works in conjunction with its SIEM capability to collect, analyze, and respond, making the combined description acceptable. The third statement appears truncated but is also marked Yes, likely referring to Sentinel providing built-in threat intelligence, AI-driven analytics, or incident management capabilities that distinguish it as a unified security operations platform.
Topics
Community Discussion
No community discussion yet for this question.