Skip to Content

AZ-500: Configuring Azure Sentinel for Incident Management and Ticket Logging

Learn how to configure Azure Sentinel to automatically create incidents when threats are identified and log tickets in your service management platform. Discover the right components to set up for effective threat management.

Question

You have an Azure subscription that contains an Azure Sentinel workspace.
Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents.
You need to identify which Azure Sentinel components to configure to meet the following requirements:
When Azure Sentinel identifies a threat, an incident must be created.
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel.
Which component should you identify for each requirement?

To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

When Azure Sentinel identifies a threat, an incident must be created:

  • Analytics
  • Data connectors
  • Playbooks
  • Workbooks

A ticket must be logged in the service management platform when an incident is created in Azure Sentinel:

  • Analytics
  • Data connectors
  • Playbooks
  • Workbooks

Answer

When Azure Sentinel identifies a threat, an incident must be created: Analytics
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel: Playbooks

Microsoft Certified Azure Security Engineer Associate AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Certified Azure Security Engineer Associate AZ-500 exam and earn Microsoft Certified Azure Security Engineer Associate AZ-500 certification.