About This Flashcard Deck
This flashcard deck contains 5 cards covering key Security Operations concepts for the AZ-500 exam. Practice Sentinel, Defender, and incident response for AZ-500. Use active recall by attempting to answer each question before revealing the answer. Research shows that flashcard-based active recall is one of the most effective study techniques for certification exams.
Question
What is the difference between SIEM and SOAR?
Click to reveal answer
Answer
SIEM (Sentinel) collects and analyzes security data to detect threats. SOAR (Sentinel playbooks) automates incident response with Logic Apps workflows.
Click to flip back
All Security Operations Flashcards
Q: What is the difference between SIEM and SOAR?
A: SIEM (Sentinel) collects and analyzes security data to detect threats. SOAR (Sentinel playbooks) automates incident response with Logic Apps workflows.
Q: What is a Sentinel analytic rule?
A: A scheduled or real-time KQL query that detects suspicious activity and generates security alerts/incidents for investigation.
Q: What does Defender for Cloud secure score measure?
A: A percentage representing your security posture. Higher score = more recommendations implemented. Recommendations are prioritized by potential impact.
Q: What are the types of Sentinel data connectors?
A: Service-to-service (Azure, M365), Syslog/CEF (Linux agents), REST API (custom), and Agent-based (Windows Security Events via Log Analytics agent).
Q: What is KQL used for in security?
A: Kusto Query Language queries Log Analytics and Sentinel data for threat hunting, creating analytic rules, building workbooks, and investigating incidents.
Effective Azure Flashcard Study Method
For Azure certifications, we recommend the spaced repetition approach: review these flashcards daily for the first week, then every other day for two weeks, then weekly until your exam date. Focus extra time on cards related to Azure service comparisons — understanding when to choose between similar services (e.g., App Service vs. AKS vs. Container Instances) is a common exam pattern.