ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 4 question 15 discussion

Actual exam question from Microsoft's SC-300
Question #: 15
Topic #: 4
[All SC-300 Questions]

You have an Azure Active Directory (Azure AD) tenant that uses conditional access policies.
You plan to use third-party security information and event management (SIEM) to analyze conditional access usage.
You need to download the Azure AD log by using the administrative portal. The log file must contain changes to conditional access policies.
What should you export from Azure AD?

  • A. audit logs in CSV format
  • B. sign-ins in CSV format
  • C. audit logs in JSON format
  • D. sign-ins in JSON format
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Eltooth at June 3, 2021, 8:35 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
melatocaroca
Highly Voted 3 years ago
You can also choose to download the filtered data, up to 250,000 records, by selecting the Download button. You can download the logs in either CSV or JSON format So this question, can be one of those that you will got Corect if you choose any of both csv or JSON, You can use the JSON transform feature in the Power Query Editor in Excel to split each property in the JSON object in the AuditData column into multiple columns so that each property has its own column. So my vote goes to C, JSON https://docs.microsoft.com/en-us/microsoft-365/compliance/export-view-audit-log-records?view=o365-worldwide
upvoted 12 times
...
hhaywood
Highly Voted 3 years, 1 month ago
C - Answer is correct - Audit Logs show the fact policies were changed (tested in tenant), Sign-ins only show access was granted/denied
upvoted 6 times
sezza_blunt
3 years, 1 month ago
Agree - I confirmed in my tenant too. BUT - why json over csv? Both appear to provide the same information.
upvoted 4 times
xm3000
3 years, 1 month ago
json tend to be the implicit std for sharing files between different sys
upvoted 2 times
...
melatocaroca
3 years ago
You can use the JSON transform feature in the Power Query Editor in Excel to split each property in the JSON object in the AuditData column into multiple columns so that each property has its own column.
upvoted 2 times
...
TooManyExams
2 years, 10 months ago
when I click on download it states I can download up to 250000 records. but csv only takes 50000 records. good reason for json https://docs.microsoft.com/en-us/microsoft-365/compliance/export-view-audit-log-records?view=o365-worldwide
upvoted 3 times
...
...
...
Obi_Wan_Jacoby
Most Recent 3 months ago
Selected Answer: C
Anser: C (JSON) as others mentioned. Based on the information available and considering the potentially true statement, the correct option for exporting logs that contain detailed information about changes to conditional access policies is: Correct Answer: C. Audit logs in JSON format Explanation: Audit Logs: These logs capture detailed information about various activities in Azure AD, including changes to conditional access policies. JSON Format: JSON format provides structured data that is easier to parse and analyze, making it suitable for ingestion by third-party security information and event management (SIEM) systems.
upvoted 1 times
...
haazybanj
8 months, 4 weeks ago
Selected Answer: C
The correct answer is C. audit logs in JSON format. Audit logs contain a record of all administrative actions and changes made within Azure AD, such as user and group management, application assignments, and policy modifications.
upvoted 2 times
...
haazybanj
8 months, 4 weeks ago
Selected Answer: C
The correct answer is C. audit logs in JSON format. Audit logs contain a record of all administrative actions and changes made within Azure AD, such as user and group management, application assignments, and policy modifications.
upvoted 1 times
...
Jzx
10 months, 3 weeks ago
Selected Answer: C
C. Audit logs in JSON format: Audit logs in JSON format contain detailed information about various activities in Azure AD, including changes to conditional access policies. These logs provide comprehensive data that can be ingested by third-party security information and event management (SIEM) systems for analysis. They are typically the preferred format for auditing and monitoring purposes because they contain structured data that is easier to parse and analyze.
upvoted 3 times
...
ServerBrain
11 months ago
Selected Answer: C
We don't know what 3rd part SIEM the logs will be imported to. JSON is more universal than csv..
upvoted 1 times
...
EmnCours
11 months, 3 weeks ago
Selected Answer: C
Correct Answer: C
upvoted 1 times
...
dule27
1 year, 1 month ago
Selected Answer: C
C. audit logs in JSON format
upvoted 1 times
...
Jun143
2 years, 4 months ago
just pass the exam today. This came in the question.
upvoted 2 times
...
zmlapq99
2 years, 6 months ago
On exam few days ago.
upvoted 1 times
...
Pravda
2 years, 6 months ago
On the exam 1/20/2022
upvoted 1 times
...
zizoutn
3 years, 1 month ago
it's "D" and not "C" because in Sign-ins you can see the conditional access usage .
upvoted 4 times
sezza_blunt
3 years, 1 month ago
But the question says: "The log file must contain changes to conditional access policies" That information is only in the audit logs.
upvoted 7 times
...
...
Eltooth
3 years, 1 month ago
Looks correct.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel