Microsoft Exam SC-200 Topic 3 Question 28 Discussion

Actual exam question for Microsoft's SC-200 exam

Question #: 28
Topic #: 3

You have a third-party security information and event management (SIEM) solution.

You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time.

What should you do to route events to the SIEM solution?

ACreate an Azure Sentinel workspace that has a Security Events connector.

BConfigure the Diagnostics settings in Azure AD to stream to an event hub.

CCreate an Azure Sentinel workspace that has an Azure Active Directory connector.

DConfigure the Diagnostics settings in Azure AD to archive to a storage account.

Show Suggested Answer

Suggested Answer: B

by Lashaunda at May 09, 2022, 08:36 PM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!