Free Microsoft Cybersecurity SC-100 Actual Exam Questions - Question 9 Discussion
security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets
the following requirements:
• Minimizes manual intervention by security operation analysts
• Supports Waging alerts within Microsoft Teams channels
What should you include in the strategy?
It’s B for sure. Playbooks handle automation and can send alerts straight to Teams, which cuts down manual work. Data connectors and KQL don’t automate or push notifications by themselves.
B/D? Playbooks (B) are the obvious choice for automation and Teams integration, but KQL (D) is essential for querying and defining the alerts that trigger these playbooks. Without well-crafted queries, the automation won’t know what to act on. So you kinda need both to build a solid SOAR strategy that cuts down manual work and supports Teams notifications effectively. Data connectors just bring in data, and workbooks only help visualize, so they don’t really address the automation or Teams alerting parts directly.
B/C? Playbooks definitely handle automation and Teams notifications, but workbooks could help visualize alerts too. Still, automation means playbooks are the main fit here.
Option B, playbooks automate and send alerts directly to Teams channels.
B for sure, playbooks automate tasks and integrate with Teams.