SC-200 Respond to security incidents • Set 4
SC-200 Respond to security incidents Practice Test 4 — 15 questions with explanations. Free, no signup.
Refer to the exhibit. You are reviewing an automation rule in Microsoft Sentinel. What will happen when a new incident with severity Medium is created?
Refer to the exhibit.
```
{
"properties": {
"displayName": "Block malicious IP",
"triggers": [
{
"type": "IncidentCreated",
"conditions": [
{
"condition": "IncidentSeverity",
"operator": "Equals",
"value": "High"
}
]
}
],
"actions": [
{
"type": "RunPlaybook",
"playbookId": "/subscriptions/.../block-ip"
}
]
}
}
```