Home › Azure AZ-500 › cloudcomputing › az500defendersentinel › Which Microsoft Sentinel feature lets a security…
Which Microsoft Sentinel feature lets a security engineer define KQL queries that automatically generate incidents when matching events are detected?
AAzure Cache for Redis
BAzure DNS
CDisabling logging entirely
DAnalytics rules (Sentinel scheduled or near-real-time queries that create incidents)
Answer & Solution
Correct answer: D. Analytics rules (Sentinel scheduled or near-real-time queries that create incidents)
Sentinel analytics rules are the alert-generation primitive (per AZ-500 §4 Sentinel analytics). The other options aren't detection rules.
Related questions
Which Azure feature should a security engineer use to BACK UP Key Vault keys + secrets + cWhich Azure Key Vault network setting should a security engineer enable to restrict accessWhich Azure governance service should a security engineer use to define and assign policieWhich Microsoft Sentinel feature lets a security engineer automatically respond to incidenWhich Microsoft Sentinel feature lets a security engineer ingest data from Azure / MicrosoWhich Microsoft service is Azure's cloud-native SIEM + SOAR — ingesting logs from many souWhich Microsoft Defender for Cloud feature lets a security engineer connect AWS / GCP enviWhich Microsoft Defender for Cloud plan should a security engineer enable to detect SQL in