SC-100 Question #70: Real Exam Question with Answer & Explanation

The correct answer is B. Azure Logics Apps. Microsoft Defender for Cloud's Workflow Automation feature has native, built-in integration with Azure Logic Apps. Logic Apps provides a low-code/no-code environment with pre-built connectors and triggers that respond directly to Defender for Cloud alerts, minimizing development

Design security operations, identity, and compliance capabilities

Question

You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard. You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?

Options

AAzure Monitor webhooks
BAzure Logics Apps
CAzure Event Hubs
DAzure Functions apps

Explanation

Microsoft Defender for Cloud's Workflow Automation feature has native, built-in integration with Azure Logic Apps. Logic Apps provides a low-code/no-code environment with pre-built connectors and triggers that respond directly to Defender for Cloud alerts, minimizing development effort. Azure Functions (D) would require writing custom code. Azure Event Hubs (C) is a data ingestion service - it can receive events but doesn't orchestrate remediation workflows on its own. Azure Monitor webhooks (A) can send notifications but cannot orchestrate multi-step remediation logic natively.

Topics

#Security Automation#Workflow Automation#Microsoft Defender for Cloud#Azure Logic Apps

Community Discussion

No community discussion yet for this question.

Full SC-100 Practice