ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 1 question 25 discussion

Actual exam question from Microsoft's SC-200
Question #: 25
Topic #: 1
[All SC-200 Questions]

You have a third-party security information and event management (SIEM) solution.
You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time.
What should you do to route events to the SIEM solution?

  • A. Create an Azure Sentinel workspace that has a Security Events connector.
  • B. Configure the Diagnostics settings in Azure AD to stream to an event hub.
  • C. Create an Azure Sentinel workspace that has an Azure Active Directory connector.
  • D. Configure the Diagnostics settings in Azure AD to archive to a storage account.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by rdy4u at April 27, 2022, 6:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rdy4u
Highly Voted 3 years ago
Routing logs to an Azure event hub allows you to integrate with third-party SIEM tools like Sumologic and Splunk. https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub
upvoted 16 times
...
sdbol
Most Recent 2 weeks ago
Selected Answer: B
To enable a third-party SIEM to receive Azure AD sign-in events in near real time, the best approach is to: Configure diagnostic settings in Azure AD Stream the logs to an Azure Event Hub Connect your SIEM to the Event Hub This setup allows your SIEM to ingest logs as they are generated, enabling near real-time alerting and analysis.
upvoted 1 times
...
Nikki0222
7 months ago
B correct
upvoted 1 times
...
chepeerick
1 year, 7 months ago
Selected Answer: B
Correct is B
upvoted 1 times
...
Apocalypse03
2 years, 5 months ago
Selected Answer: B
B is correct
upvoted 3 times
...
Jadeitalia365
2 years, 7 months ago
Selected Answer: B
B is correct
upvoted 2 times
...
Whatsamattr81
2 years, 9 months ago
Can do with B or D depending on the SIEM... But B would likely work with all.
upvoted 1 times
Holii
2 years, 1 month ago
Question explicitly states third-party SIEM. This needs to be streamed to an Event Hub -> SIEM. B.
upvoted 4 times
...
...
CatoFong
2 years, 10 months ago
Selected Answer: B
B is correct
upvoted 2 times
...
giver
2 years, 10 months ago
answer is correct B
upvoted 2 times
...
Hami3191
2 years, 10 months ago
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-monitoring#:~:text=Stream%20logs%20to,event%20hub.
upvoted 3 times
...
feye2020
2 years, 11 months ago
Thanks
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel