ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 3 question 36 discussion

Actual exam question from Microsoft's SC-100
Question #: 36
Topic #: 3
[All SC-100 Questions]

You have an Azure subscription that contains a Microsoft Sentinel workspace.

Your on-premises network contains firewalls that support forwarding event logs in the Common Event Format (CEF). There is no built-in Microsoft Sentinel connector for the firewalls.

You need to recommend a solution to ingest events from the firewalls into Microsoft Sentinel.

What should you include in the recommendation?

  • A. an Azure logic app
  • B. an on-premises Syslog server
  • C. an on-premises data gateway
  • D. Azure Data Factory
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Victory007 at Aug. 6, 2023, 11:44 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sherifhamed
Highly Voted 10 months, 2 weeks ago
Selected Answer: B
To ingest events from the firewalls into Microsoft Sentinel, you should include the following recommendation: B. An on-premises Syslog server Setting up an on-premises Syslog server is a common approach for collecting and forwarding logs from various devices, including firewalls, to a central location for further processing and analysis. You can configure the Syslog server to receive logs in the Common Event Format (CEF) from your firewalls and then forward those logs to your Microsoft Sentinel workspace. Microsoft Sentinel has built-in support for Syslog, making it a suitable choice for this scenario.
upvoted 9 times
...
ConanBarb
Highly Voted 10 months, 1 week ago
Selected Answer: B
https://learn.microsoft.com/en-us/azure/sentinel/connect-cef-syslog-options https://learn.microsoft.com/en-us/azure/sentinel/connect-common-event-format
upvoted 6 times
...
panda0107
Most Recent 11 months ago
https://learn.microsoft.com/en-us/azure/sentinel/connect-syslog
upvoted 1 times
...
ca777
12 months ago
Correct answer
upvoted 1 times
...
Victory007
12 months ago
Selected Answer: B
This server can receive the CEF logs from the firewalls and forward them to Microsoft Sentinel using the Syslog connector. This solution allows you to collect and analyze firewall logs in Microsoft Sentinel, even if there is no built-in connector for the firewalls. https://www.microsoft.com/insidetrack/blog/moving-to-next-generation-siem-at-microsoft-with-microsoft-azure-sentinel/
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel