ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 105 discussion

Actual exam question from Microsoft's SC-200
Question #: 105
Topic #: 3
[All SC-200 Questions]

You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace1.

From Content Hub, you deploy the Microsoft Entra solution for Microsoft Sentinel and configure a connector.

You need to analyze actions performed by users that have administrative privileges to the subscription.

Which workbook should you use?

  • A. Azure Activity
  • B. Microsoft Entra Audit logs
  • C. Microsoft Entra Sign-ins logs
  • D. Identity & Access
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Kristiannn at Nov. 7, 2024, 6:54 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Aam9303
3 days, 5 hours ago
Selected Answer: D
Chatgpt says D
upvoted 1 times
...
limpan
2 months ago
Selected Answer: B
Explanation: Microsoft Entra Audit logs: These logs provide detailed information about administrative actions performed in the Azure AD tenant, including actions by users with administrative privileges. This is the most appropriate workbook for analyzing administrative activities.
upvoted 1 times
...
LinearB
3 months ago
Selected Answer: A
To analyze actions performed by users with administrative privileges in your Microsoft Sentinel workspace, you should use the "Azure Activity" workbook. This workbook provides extensive insight into your organization's Azure activity by analyzing and correlating all user operations and events, including those performed by users with administrative privileges1.
upvoted 2 times
...
chirva
5 months, 1 week ago
Selected Answer: B
GPT4: To analyze actions performed by users that have administrative privileges to the subscription, you should use the workbook that focuses on audit logs related to administrative activities. The most appropriate workbook for this purpose is: B. Microsoft Entra Audit logs This workbook will provide you with detailed information about the actions performed by users with administrative privileges, allowing you to monitor and analyze their activities effectively.
upvoted 2 times
...
sapphire
5 months, 2 weeks ago
Selected Answer: A
The Azure Monitor Activity Log is a platform log that provides insight into subscription-level events. https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log-insights
upvoted 4 times
Tuitor01
5 months ago
The Azure Activity log provides insight into any subscription-level events that occurred in Azure. This article describes Activity log categories and the schema for each.https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log-schema Administrative category This category contains the record of all create, update, delete, and action operations performed through Resource Manager. Examples of the types of events you would see in this category include "create virtual machine" and "delete network security group". Every action taken by a user or application using Resource Manager is modeled as an operation on a particular resource type. If the operation type is Write, Delete, or Action, the records of both the start and success or fail of that operation are recorded in the Administrative category. The Administrative category also includes any changes to Azure role-based access control in a subscription.
upvoted 1 times
Tuitor01
5 months ago
A for me
upvoted 2 times
Tuitor01
5 months ago
Activity log insights are a curated Log Analytics workbook with dashboards that visualize the data in the AzureActivity table. For example, data might include which administrators deleted, updated, or created resources and whether the activities failed or succeeded. https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log-insights
upvoted 1 times
...
...
...
...
Kristiannn
5 months, 2 weeks ago
Selected Answer: B
I'll go with B
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago