Microsoft Exam MS-500 Topic 9 Question 10 Discussion

Actual exam question for Microsoft's MS-500 exam

Question #: 10
Topic #: 9

You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) connector and an Office 365 connector.

From the workspace, you plan to create a scheduled query rule that will use a custom query. The rule will be used to generate alerts when inbound access to Office 365 from specific user accounts is detected.

You need to ensure that when multiple alerts are generated by the rule, the alerts are consolidated as a single incident per user account.

What should you do?

AFrom Set rule logic, map the entities.

BFrom Analytic rule details, configure Severity.

CFrom Set rule logic, set Suppression to Off.

DFrom Analytic rule details, configure Tactics.

Show Suggested Answer

Suggested Answer: A

https://docs.microsoft.com/en-us/azure/sentinel/map-data-fields-to-entities

by Lizette at May 04, 2022, 03:04 AM

Limited Time Offer

25%

Off

Get Premium MS-500 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!