Exam SC-500 Topic 1 Question 17 Discussion

Actual exam question for Microsoft's SC-500 exam
Question #: 17
Topic #: 1
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft Sentinel workspace.
You have a multi-tier Security Operations Center (SOC) team.
You need to ensure that all new security incidents are assigned immediately to the Tier 1 analysts group and flagged for triage.
Solution: You create a hunting query.
Does this meet the goal?

Suggested Answer: B Vote an answer

A hunting query is used to investigate threats and identify suspicious activity; it does not automatically assign newly created incidents or flag them for triage. An automation rule triggered when an incident is created is required to assign incidents to the Tier 1 analysts group and apply a triage tag or task automatically.
Reference:
https://learn.microsoft.com/en-us/azure/sentinel/create-manage-use-automation-rules?tabs=defender-portal%2Conboarded

by Atwood at Jun 20, 2026, 09:01 AM

Limited Time Offer

15%

Off

Get Premium SC-500 Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10