Microsoft Cybersecurity Architect — Question 4

Your company is moving all on-premises workloads to Azure and Microsoft 365.
You need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements:
✑ Minimizes manual intervention by security operation analysts
✑ Supports triaging alerts within Microsoft Teams channels
What should you include in the strategy?

Answer options

• A. KQL
• B. playbooks
• C. data connectors
• D. workbooks

Correct answer: B

Explanation

The correct answer is B, playbooks, as they automate responses to alerts and can minimize manual efforts by security analysts. Options A, C, and D do not provide the automation capabilities necessary for reducing manual intervention or integrating alert triaging directly into Microsoft Teams.