Learn how to configure Azure Sentinel to automatically create incidents when threats are identified and log tickets in your service management platform. Discover the right components to set up for effective threat management.
Question
You have an Azure subscription that contains an Azure Sentinel workspace.
Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents.
You need to identify which Azure Sentinel components to configure to meet the following requirements:
When Azure Sentinel identifies a threat, an incident must be created.
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel.
Which component should you identify for each requirement?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
When Azure Sentinel identifies a threat, an incident must be created:
- Analytics
- Data connectors
- Playbooks
- Workbooks
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel:
- Analytics
- Data connectors
- Playbooks
- Workbooks
Answer
When Azure Sentinel identifies a threat, an incident must be created: Analytics
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel: Playbooks
Microsoft Certified Azure Security Engineer Associate AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Certified Azure Security Engineer Associate AZ-500 exam and earn Microsoft Certified Azure Security Engineer Associate AZ-500 certification.