Microsoft Exam SC-200 Topic 4 Question 64 Discussion

Actual exam question for Microsoft's SC-200 exam

Question #: 64
Topic #: 4

[All SC-200 Questions]

You have a Microsoft Sentinel playbook that is triggered by using the Azure Activity connector.

You need to create a new near-real-time (NRT) analytics rule that will use the playbook.

What should you configure for the rule?

Athe Incident automation settings

Bentity mapping

Cthe query rule

Dthe Alert automation settings

Show Suggested Answer

Suggested Answer: B

by Gertude at Jan 22, 2024, 04:12 AM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Anastacia

8 months ago

That's a good point, Glory. But I think the question is asking specifically about what we need to configure for the rule itself, not the playbook. So I still think C) the query rule is the best answer.

upvoted 0 times

...

Glory

8 months ago

Hmm, I'm not so sure. What about the Incident automation settings? Couldn't that be a valid option since the playbook is being triggered by the Azure Activity connector?

upvoted 0 times

...

Honey

8 months ago

I agree with Candida. The question specifically states that we need to create a new NRT analytics rule, so the query rule is the logical choice here.

upvoted 0 times

...

8 months ago

A: the query rule

upvoted 0 times

...