ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 85 discussion

Actual exam question from Microsoft's SC-200
Question #: 85
Topic #: 3
[All SC-200 Questions]

You have a Microsoft Sentinel workspace.

You enable User and Entity Behavior Analytics (UEBA) by using Audit Logs and Signin Logs.

The following entities are detected in the Azure AD tenant:

• App name: App1
• IP address: 192.168.1.2
• Computer name: Device1
• Used client app: Microsoft Edge
• Email address: [email protected]
• Sign-in URL: https://www.company.com

Which entities can be investigated by using UEBA?

  • A. IP address and email address only
  • B. app name, computer name, IP address, email address, and used client app only
  • C. IP address only
  • D. used client app and app name only
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Fez786 at Sept. 9, 2023, 7:04 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
donathon
Highly Voted 1 year, 7 months ago
Selected Answer: B
https://learn.microsoft.com/en-us/azure/sentinel/ueba-reference
upvoted 5 times
HAjouz
5 months, 1 week ago
The other entities (app name, computer name, used client app) are more likely to be found in other log sources, such as Azure Activity logs or Microsoft Defender for Endpoint data. Since we're explicitly told that UEBA is using only Audit Logs and Sign-in Logs, those entities wouldn't be included in the UEBA analysis.
upvoted 1 times
...
...
HAjouz
Most Recent 5 months, 1 week ago
Selected Answer: A
Given that we've established that UEBA is enabled only with Audit Logs and Sign-in Logs, the correct answer would be A. IP address and email address only.
upvoted 1 times
...
user636
8 months, 4 weeks ago
Not sure if UEBA also investigates client app. It does investigates "Cloud apps". Ref: https://learn.microsoft.com/en-us/training/modules/use-entity-behavior-analytics-azure-sentinel/3-explore-entities But B seems the best answer.
upvoted 1 times
...
chepeerick
1 year, 7 months ago
correcto
upvoted 1 times
...
mali1969
1 year, 8 months ago
Selected Answer: B
B. app name, computer name, IP address, email address, and used client app only. These are all entities that can be investigated by using UEBA in Microsoft Sentinel.
upvoted 4 times
Anil0512
1 year, 8 months ago
I go with you
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel