ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 107 discussion

Actual exam question from Microsoft's SC-200
Question #: 107
Topic #: 3
[All SC-200 Questions]

HOTSPOT -

You have an Azure subscription that contains a Log Analytics workspace named Workspace1.

You configure Azure activity logs and Microsoft Entra ID logs to be forwarded to Workspace1.

You need to query Workspace1 to identify all the requests that failed due to insufficient authorization.

How should you complete the KQL query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by chirva at Nov. 8, 2024, 9:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Mobollz
Highly Voted 7 months, 1 week ago
AzureActivity and 401 https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/www-administration-management/http-status-code
upvoted 7 times
...
Optimizor_IT
Most Recent 2 months, 2 weeks ago
Both of the answers are wrong: 403 OR 403 makes no sense. It should be 401 - Unauthorized. The first field is AzureActivity.
upvoted 1 times
...
BtwIdonno
3 months, 4 weeks ago
MicrosoftGraphActivityLogs 401 https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/microsoftgraphactivitylogs - microsoftgraphactivitylogs has the field "ResponseStatusCode" 401- unauthorized
upvoted 2 times
...
LinearB
4 months, 3 weeks ago
401... What is the difference between ResponseStatusCodes 401, 402, and 403? Here's a brief overview of the differences between HTTP status codes 401, 402, and 403: 401 Unauthorized: This status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. It means the client needs to authenticate itself to get the requested response. 402 Payment Required: This status code is reserved for future use and is not currently used in practice. It was intended to indicate that the requested resource is only available for a fee. 403 Forbidden: This status code indicates that the server understood the client's request, but is refusing to fulfill it. Unlike 401, this status code does not imply that the client can make the request again with proper authentication; it means access is forbidden for the client.
upvoted 3 times
...
sapphire
7 months, 1 week ago
explain in - https://learn.microsoft.com/en-us/graph/microsoft-graph-activity-logs-overview Microsoft Graph activity logs and 403
upvoted 4 times
sapphire
7 months, 1 week ago
sorry Microsoft Graph activity logs and 401 are correct answers
upvoted 7 times
Tuitor01
6 months, 3 weeks ago
403 makes absolutely no sense here, 401 must be the correct choice sine http respond code 401 means basically wrong password and 403 means forbidden. 402 is not even used (reserved ) example query = MicrosoftGraphActivityLogs | where TimeGenerated >= ago(3d) | where ResponseStatusCode == 401 or ResponseStatusCode == 403 | where RequestUri contains "/groups" | summarize UniqueRequests=count_distinct(RequestId) by AppId, ServicePrincipalId, UserId | sort by UniqueRequests desc | limit 20 From https://learn.microsoft.com/en-us/graph/microsoft-graph-activity-logs-overview
upvoted 3 times
xRiot007
5 months, 1 week ago
403 does make sense - https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#client_error_responses (401 actually means not authenticated and thus restricted by default)
upvoted 1 times
...
...
...
...
0854338
7 months, 1 week ago
I wonder what is the logic of this query answer: Why would one use a redundant condition of where xxx = 403 OR xxx = 403 ? This comment is posted on 10/11/2024 when the shown greenbox for answer 1 is AuditLogs and answer 2 is 403.
upvoted 3 times
...
Sparkletoss
7 months, 1 week ago
I will take activity log and 403 due to insufficient permission. I may be wrong though will be glad if this question can get more discussions on time
upvoted 1 times
Sparkletoss
7 months, 1 week ago
I will take Azureactivity and 403 due to insufficient permission. I may be wrong though will be glad if this question can get more discussions on time
upvoted 1 times
...
...
chirva
7 months, 1 week ago
GPT4: AzureActivity | where ResponseStatusCode == "401" or ResponseStatusCode == "403" 401 Unauthorized: This status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. 403 Forbidden: This status code indicates that the server understood the request but refuses to authorize it. This is typically the status code that indicates insufficient permissions.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel