Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You manage a Microsoft Sentinel workspace. Whenever a new incident is generated by the HighCPUUsage analytics rule, you must immediately run an existing Logic App playbook named CPUMitigate and mark the incident with the tag autoMitigated. Analysts must see the updated incident status and tag before they start triage. Which configuration should you implement?

  • Configure an Azure Monitor action group to trigger the CPUMitigate Logic App through a webhook whenever a High CPU metric alert fires.

  • Attach the CPUMitigate playbook to the HighCPUUsage analytics rule by selecting the Alert automation tab, so the playbook runs whenever an alert is generated.

  • Deploy an Azure Automation runbook that polls Sentinel incidents every minute and, when it finds a HighCPUUsage incident, invokes CPUMitigate and adds the tag.

  • Create an automation rule with order set to 1 that triggers when an incident from the HighCPUUsage analytics rule is created, runs the CPUMitigate playbook, and adds the autoMitigated tag.

Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot