Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 105 discussion

Actual exam question from Microsoft's SC-200
Question #: 105
Topic #: 3
[All SC-200 Questions]

You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace1.

From Content Hub, you deploy the Microsoft Entra solution for Microsoft Sentinel and configure a connector.

You need to analyze actions performed by users that have administrative privileges to the subscription.

Which workbook should you use?

  • A. Azure Activity
  • B. Microsoft Entra Audit logs
  • C. Microsoft Entra Sign-ins logs
  • D. Identity & Access
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Kristiannn at Nov. 7, 2024, 6:54 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
chirva
1 week, 5 days ago
Selected Answer: B
GPT4: To analyze actions performed by users that have administrative privileges to the subscription, you should use the workbook that focuses on audit logs related to administrative activities. The most appropriate workbook for this purpose is: B. Microsoft Entra Audit logs This workbook will provide you with detailed information about the actions performed by users with administrative privileges, allowing you to monitor and analyze their activities effectively.
upvoted 1 times
...
sapphire
2 weeks ago
Selected Answer: A
The Azure Monitor Activity Log is a platform log that provides insight into subscription-level events. https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log-insights
upvoted 1 times
Tuitor01
4 days, 17 hours ago
The Azure Activity log provides insight into any subscription-level events that occurred in Azure. This article describes Activity log categories and the schema for each.https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log-schema Administrative category This category contains the record of all create, update, delete, and action operations performed through Resource Manager. Examples of the types of events you would see in this category include "create virtual machine" and "delete network security group". Every action taken by a user or application using Resource Manager is modeled as an operation on a particular resource type. If the operation type is Write, Delete, or Action, the records of both the start and success or fail of that operation are recorded in the Administrative category. The Administrative category also includes any changes to Azure role-based access control in a subscription.
upvoted 1 times
Tuitor01
4 days, 17 hours ago
A for me
upvoted 1 times
...
...
...
Kristiannn
2 weeks, 4 days ago
Selected Answer: B
I'll go with B
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel