Microsoft Security Operations Analyst Associate SC-200 Practice Question
Your organization has several Windows Server 2019 file servers that run in an on-premises datacenter behind a strict firewall. You need to build a Microsoft Sentinel playbook that automatically executes a PowerShell remediation script on those servers each time an incident with the tag "High-severity ransomware" is generated. The solution must avoid opening any inbound ports on the firewall while still allowing the script to run locally on every affected server. Which playbook action should you use to meet these requirements?
Add an Azure Function "HTTP trigger" action that calls a REST API exposed by each on-premises server.
Add an Azure Automation "Create job" action that starts a PowerShell runbook configured to run on a Hybrid Runbook Worker installed on the file servers.
Add an Azure Arc "Run command" action that executes the PowerShell script on each server.
Add an On-premises data gateway "Execute script" action to run the script on the servers.
Azure Automation runbooks can be executed on Hybrid Runbook Workers that you install on on-premises machines. The workers initiate an outbound TLS connection to the Azure Automation service, so no inbound firewall ports are required. In a Sentinel playbook (Azure Logic Apps), you can add the Azure Automation - Create job action to start a PowerShell runbook. When that runbook is configured to target a Hybrid Runbook Worker group that contains the on-premises file servers, the script runs locally on each server.
Azure Arc Run Command and On-premises data gateway actions cannot directly execute local PowerShell in response to Sentinel incidents, and exposing an HTTP-triggered Azure Function on each server would require inbound connectivity, violating the requirement. Therefore, invoking an Azure Automation runbook that runs on a Hybrid Runbook Worker is the only option that satisfies all constraints.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Hybrid Runbook Worker?
Open an interactive chat with Bash
How does Azure Automation ensure secure communication with Hybrid Runbook Workers?
Open an interactive chat with Bash
What is the purpose of an Azure Automation runbook?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage incident response
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .