Which of the following best describes the primary role of data connectors in Azure Sentinel?
Think about how Azure Sentinel gathers information to analyze security events.
Data connectors are used to bring security data from different sources into Azure Sentinel for analysis and detection.
You want to deploy Azure Sentinel to monitor multiple subscriptions in your organization. What is the recommended architecture for the Azure Sentinel workspace?
Consider how centralized monitoring simplifies management and analysis.
Using a single workspace for multiple subscriptions centralizes data collection and simplifies security management.
Which Azure role should you assign to a user who needs to create and manage analytics rules but should not have permission to delete the Azure Sentinel workspace?
Think about the role that allows management of Sentinel features without full control over the resource.
The Azure Sentinel Contributor role allows managing analytics rules and other Sentinel features but does not grant permission to delete the workspace.
What happens when an Azure Sentinel playbook is triggered by an alert?
Consider how automation helps respond to security incidents.
Playbooks use Azure Logic Apps to automate responses such as notifications, blocking IPs, or creating tickets when alerts occur.
You want to optimize Azure Sentinel costs while maintaining effective threat detection. Which practice is the best approach?
Think about balancing data volume and detection capability.
Filtering data and setting retention policies reduce storage and processing costs while focusing on important security events.