SC-100 · Question #57
SC-100 Question #57: Real Exam Question with Answer & Explanation
The correct answer is B: playbooks. {"question_number": 6, "correct_answer": "B", "explanation": "Playbooks in Microsoft Sentinel are the SOAR automation mechanism. They are built on Azure Logic Apps and can be triggered automatically by analytics rules when alerts fire. A playbook can call the Microsoft Teams conn
Question
Your company is moving all on-premises workloads to Azure and Microsoft 365. Vou need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements: - Minimizes manual intervention by security operation analysts - Supports Waging alerts within Microsoft Teams channels What should you include in the strategy?
Options
- Adata connectors
- Bplaybooks
- Cworkbooks
- DKQL
Explanation
{"question_number": 6, "correct_answer": "B", "explanation": "Playbooks in Microsoft Sentinel are the SOAR automation mechanism. They are built on Azure Logic Apps and can be triggered automatically by analytics rules when alerts fire. A playbook can call the Microsoft Teams connector to post alert details into a specific Teams channel-directly satisfying the Teams logging requirement-while minimizing manual analyst intervention by automating the notification workflow. Data connectors (A) ingest log data into Sentinel but perform no automation. Workbooks (C) provide dashboards and visualizations, not automated responses. KQL (D) is the query language used to write detection rules and search logs; it does not automate actions or send notifications.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.