Home › Azure AZ-500 › cloudcomputing › az500defendersentinel › Which Microsoft Sentinel feature lets a security…
Which Microsoft Sentinel feature lets a security engineer automatically respond to incidents using Logic Apps playbooks (e.g. 'on phishing incident → isolate user + notify SOC')?
ASentinel automation rules + Logic Apps playbooks
BManual incident response only
CAzure Cache for Redis
DAzure DNS
Answer & Solution
Correct answer: A. Sentinel automation rules + Logic Apps playbooks
Sentinel automation + playbooks is the SOAR layer (per AZ-500 §4 Sentinel automation). The other options aren't automation.
Related questions
Which Azure feature should a security engineer use to BACK UP Key Vault keys + secrets + cWhich Azure Key Vault network setting should a security engineer enable to restrict accessWhich Azure governance service should a security engineer use to define and assign policieWhich Microsoft Sentinel feature lets a security engineer define KQL queries that automatiWhich Microsoft Sentinel feature lets a security engineer ingest data from Azure / MicrosoWhich Microsoft service is Azure's cloud-native SIEM + SOAR — ingesting logs from many souWhich Microsoft Defender for Cloud feature lets a security engineer connect AWS / GCP enviWhich Microsoft Defender for Cloud plan should a security engineer enable to detect SQL in