Exam SC-200 All QuestionsBrowse all questions from this exam
Go to Exam
Question 154

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Azure Sentinel.

You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected.

Solution: You create a livestream from a query.

Does this meet the goal?

    Correct Answer: B

    Creating a livestream from a query in Azure Sentinel is not the appropriate method to generate incidents based on specific conditions or events, such as detecting a sign-in to an Azure virtual machine from a malicious IP address. Livestreams are designed for real-time data monitoring and visualization, but they do not automatically create incidents based on detected threats. To achieve the goal of generating an incident when a sign-in from a malicious IP address is detected, you need to use analytics rules or custom detection rules. These rules can define specific conditions and trigger incidents when those conditions are met.

Discussion
rdy4uOption: B

No, You create a Microsoft incident creation rule for a data connector.

fiksarionOption: B

No, this solution does not meet the goal. Explanation: Creating a livestream from a query is not the appropriate solution for detecting and creating incidents in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected. Livestreams are used to monitor real-time data and visualize it in Azure Sentinel dashboards, but they do not trigger incidents based on specific conditions or events. To achieve the goal of creating an incident in Azure Sentinel when a sign-in from a malicious IP address is detected, you should use analytics rules or custom detection rules. These rules allow you to define conditions based on log data and trigger incidents when those conditions are met. Therefore, the given solution does not meet the goal.

7d801bfOption: B

the Answer is No. it should be a playbook

MurtuzaOption: B

OR a schedule analytics query rule. Bottomline creates rules

chepeerickOption: A

Correct option