Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 91 discussion

Actual exam question from Microsoft's SC-200
Question #: 91
Topic #: 3
[All SC-200 Questions]

You have a Microsoft Sentinel workspace that has User and Entity Behavior Analytics (UEBA) enabled for Signin Logs.

You need to ensure that failed interactive sign-ins are detected. The solution must minimize administrative effort.

What should you use?

  • A. a scheduled alert query
  • B. the Activity Log data connector
  • C. a UEBA activity template
  • D. a hunting query
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by danb67 at Oct. 23, 2023, 1:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Alizade
Highly Voted 1 year ago
Selected Answer: C
The correct answer is C. a UEBA activity template.
upvoted 6 times
...
talosDevbot
Most Recent 1 month, 2 weeks ago
Selected Answer: A
Answer is A) scheduled alert query You perform a query that looks for this activity in the BehaviorAnalytics and IdentityInfo tables It's not UEBA activity template because once you create a user-defined activity using the template, UEBA will stop using all the other out-of-the box activities it's already running. This means that if you use a template for one specific activity, you would have to recreate all the other activites/detections you want for UEBA.
upvoted 1 times
talosDevbot
1 month, 1 week ago
https://learn.microsoft.com/en-us/azure/sentinel/customize-entity-activities?tabs=azure
upvoted 1 times
...
...
user636
3 months ago
Selected Answer: A
I'll go for Answer A. You can create a scheduled query rule & use the BehaviorAnalytics table to detect the failed sign-ins. Ref: https://learn.microsoft.com/en-us/azure/sentinel/anomalies-reference#anomalous-failed-sign-in I've never heard of "UEBA activity template" in Sentinel. There are indeed "Rule templates", that can be used to create analytics rule. The users who votes for "UEBA activity template", can please provide any reference to Sentinel official documentation?
upvoted 1 times
Tuitor01
6 days, 13 hours ago
Home>Microsoft SentinelEntityBehavior>Customize Sentinel Activity, select tab named 'Activity templates' next to 'My activities'
upvoted 1 times
...
...
li_ballesteros
4 months ago
Selected Answer: C
The question says "minimize effort" so I go for a template
upvoted 1 times
...
smosmo
6 months ago
Selected Answer: C
Answer ist C, UEBA
upvoted 1 times
...
albatros06
7 months ago
Selected Answer: C
UEBA activity templates in Microsoft Sentinel offer pre-built detection logic specifically designed for security scenarios like failed sign-ins.
upvoted 2 times
...
wheeldj
7 months ago
Selected Answer: A
Scheduled alert query
upvoted 1 times
...
Orel123
9 months, 1 week ago
Tested in the portal. If you go to Microsoft Sentinel | content hub and search for UEBA you will find it. there are built-in queries inside it
upvoted 3 times
user636
3 months ago
The content hub solution do not work unless you install them. The analytics rules in the content hub solution needs to be installed in order for them to work.
upvoted 1 times
...
Ramye
9 months ago
When you search it shows UEBA Essential and User And Entity Behavior Analytics but these are not a UEBA activity template.
upvoted 2 times
...
...
luisM14
9 months, 4 weeks ago
Selected Answer: A
correct
upvoted 1 times
...
DCT
10 months, 3 weeks ago
Selected Answer: A
a scheduled alert query
upvoted 2 times
...
Murtuza
11 months ago
The given answer A is correct because the word DETECT implies using queries.
upvoted 2 times
...
shadowdark83
1 year ago
Selected Answer: C
I think it is C, there is a template called "User Accounts - Sign in Failure due to CA Spikes" with the description: "Identifies spike in failed sign-ins from user accounts due to conditional access policied. Spike is determined based on Time series anomaly which will look at historical baseline values. Ref : https://docs.microsoft.com/azure/active-directory/fundamentals/security-operations-user-accounts#monitoring-for-failed-unusual-sign-ins This query has also been updated to include UEBA logs IdentityInfo and BehaviorAnalytics for contextual information around the results."
upvoted 4 times
...
Fez786
1 year ago
Selected Answer: A
scheduled query alert
upvoted 1 times
Fez786
1 year ago
A scheduled alert query*
upvoted 1 times
...
...
chepeerick
1 year ago
Correct option
upvoted 1 times
...
danb67
1 year, 1 month ago
Going for A. B: Data connector for subscription log activties. Doesn't seem relevant. C: Not a thing?? D: Would work I guess but we would have to run manually and not meeting the ask to minmise admin effort.
upvoted 4 times
meg4321
8 months ago
c: UEBA Activity template exists
upvoted 2 times
...
Anil0512
1 year, 1 month ago
I second this.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel