SC-200 · Question #34
SC-200 Question #34: Real Exam Question with Answer & Explanation
The correct answer is C: notebooks. Notebooks are the correct recommendation for this scenario. Azure Sentinel's Jupyter Notebook integration supports both custom visualizations (graphs, charts, geomaps) to simplify investigation and machine learning libraries (Python, pandas, scikit-learn) to infer and predict thr
Question
Your company uses Azure Sentinel to manage alerts from more than 10,000 IoT devices. A security manager at the company reports that tracking security threats is increasingly difficult due to the large number of incidents. You need to recommend a solution to provide a custom visualization to simplify the investigation of threats and to infer threats by using machine learning. What should you include in the recommendation?
Options
- Abuilt-in queries
- Blivestream
- Cnotebooks
- Dbookmarks
Explanation
Notebooks are the correct recommendation for this scenario. Azure Sentinel's Jupyter Notebook integration supports both custom visualizations (graphs, charts, geomaps) to simplify investigation and machine learning libraries (Python, pandas, scikit-learn) to infer and predict threats. This is especially valuable at scale - with 10,000+ IoT devices - where ML models can surface patterns human analysts would miss. Built-in queries (A) provide pre-written KQL searches but no ML or rich visualization. Livestream (B) is for real-time query monitoring. Bookmarks (D) are for saving specific events during a hunting session, not for ML-driven analysis.
Topics
Community Discussion
No community discussion yet for this question.