Microsoft Security Operations Analyst Associate SC-200 Practice Question
Your organization is adopting Microsoft Security Copilot to streamline incident investigations. You are asked to ingest threat intelligence files that reside in a secured Azure Storage blob and make them available to Security Copilot prompts. You must meet the following requirements:
The integration must not require developers to write any custom code.
The ingestion process must support scheduled, incremental imports as new files are dropped in the blob.
Which action should you perform first to satisfy the requirements?
Create an Azure Event Grid subscription on the storage account that triggers the Logic Apps Security Copilot data connector when a new blob is created.
Grant Security Copilot the Storage Blob Data Reader role on the container that holds the threat intelligence files.
Enable the Generic Threat Intelligence IMPORT data connector in Microsoft Sentinel and point it to the storage account.
Upload the threat intelligence files to the built-in Files workspace in Security Copilot.
Security Copilot can ingest external data by using the Azure Logic Apps-based data connector that is exposed through Azure Event Grid subscriptions. Creating an Event Grid subscription on the storage account automatically sends notifications when new blobs are added. These events can trigger the no-code Logic Apps connector template for Security Copilot, enabling scheduled or event-driven incremental ingestion of threat intelligence files without custom code. Simply uploading files or giving RBAC permissions does not create the ingestion pipeline, and configuring a Microsoft Sentinel data connector only on the workspace does not make the files available to Security Copilot prompts unless the storage account events are first captured.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Azure Event Grid and how does it work?
Open an interactive chat with Bash
How does Azure Logic Apps integrate with Security Copilot?
Open an interactive chat with Bash
Why can't the Generic Threat Intelligence IMPORT data connector in Microsoft Sentinel be used directly for Security Copilot?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage incident response
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .