- (Exam Topic 1)
You need to remediate active attacks to meet the technical requirements. What should you include in the solution?

1. A. Azure Automation runbooks
2. B. Azure Logic Apps
3. C. Azure FunctionsD Azure Sentinel livestreams

Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks

- (Exam Topic 3)
You use Azure Sentinel.
You need to use a built-in role to provide a security analyst with the ability to edit the queries of custom Azure Sentinel workbooks. The solution must use the principle of least privilege.
Which role should you assign to the analyst?

1. A. Azure Sentinel Contributor
2. B. Security Administrator
3. C. Azure Sentinel Responder
4. D. Logic App Contributor

Correct Answer: A
Azure Sentinel Contributor can create and edit workbooks, analytics rules, and other Azure Sentinel resources. Reference:
https://docs.microsoft.com/en-us/azure/sentinel/roles