What does Azure Sentinel provide for security operations?

  1. Cloud-native SIEM and SOAR capabilities for threat detection, investigation, and response ✓
  2. Database performance monitoring
  3. Virtual machine backup services
  4. Container registry management

Correct answer: Cloud-native SIEM and SOAR capabilities for threat detection, investigation, and response

Option A is correct because Microsoft Sentinel is a cloud-native SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) solution that ingests data at cloud scale, applies machine learning analytics to detect threats, enables investigation with AI-assisted hunting, and automates response through playbooks built on Azure Logic Apps. Option B is incorrect because database performance monitoring is the domain of tools like Azure Monitor and Query Performance Insight, not Microsoft Sentinel. Option C is incorrect because virtual machine backup is handled by Azure Backup and Azure Site Recovery, which are distinct services unrelated to security event management. Option D is incorrect because container registry management is the responsibility of Azure Container Registry, not a security operations platform.

Topic: · azure sentinel, siem, soar, threat detection

Practice Microsoft Azure Security Engineer (AZ-500) Questions Free