ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 4 question 1 discussion

Actual exam question from Microsoft's SC-200
Question #: 1
Topic #: 4
[All SC-200 Questions]

You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1 and 100 virtual machines that run Windows Server.

You need to configure the collection of Windows Security event logs for ingestion to WS1. The solution must meet the following requirements:

• Capture a full user audit trail including user sign-in and user sign-out events.
• Minimize the volume of events.
• Minimize administrative effort.

Which event set should you select?

  • A. Minimal
  • B. Common
  • C. All events
  • D. Custom
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by mayu01 at March 31, 2024, 7:06 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sapphire
5 months, 3 weeks ago
Selected Answer: B
Common - A standard set of events for auditing purposes. A full user audit trail is included in this set. For example, it contains both user sign-in and user sign-out events (event IDs 4624, 4634).
upvoted 3 times
...
rsanx42
11 months, 1 week ago
Selected Answer: B
B is correct. https://learn.microsoft.com/en-us/azure/sentinel/windows-security-event-id-reference
upvoted 2 times
...
ostralo
1 year, 1 month ago
Selected Answer: B
https://learn.microsoft.com/en-us/azure/sentinel/windows-security-event-id-reference
upvoted 3 times
...
mayu01
1 year, 1 month ago
A by chat gpt
upvoted 1 times
Tuitor01
5 months, 1 week ago
There is a big disclaimer when you use chatGPT.
upvoted 3 times
...
rsanx42
11 months, 1 week ago
Minimal does not cover a full audit trail as the question ask for so answer is B. https://learn.microsoft.com/en-us/azure/sentinel/windows-security-event-id-reference
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago