exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam

Exam AZ-500 topic 4 question 65 discussion

Actual exam question from Microsoft's AZ-500
Question #: 65
Topic #: 4
[All AZ-500 Questions]

HOTSPOT -
You have an Azure Sentinel workspace that has the following data connectors:
✑ Azure Active Directory Identity Protection
✑ Common Event Format (CEF)

Azure Firewall -

You need to ensure that data is being ingested from each connector.
From the Logs query window, which table should you query for each connector? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-ad-identity-protection https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-firewall https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
StaxJaxson
Highly Voted 2 years, 5 months ago
1. Log Analytics table(s) SecurityAlert 2. Log Analytics table(s) AzureDiagnostics 3. CEF, set up the Syslog agent and then configure the CEF data flow. After successful configuration, the data appears in the CommonSecurityLog table.
upvoted 15 times
...
zellck
Highly Voted 1 year, 4 months ago
1. SecurityAlert 2. AzureDiagnostics 3. CommonSecurityLog https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/azure-active-directory-identity-protection Log Analytics table(s) - SecurityAlert (IPC) https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/azure-firewall Log Analytics table(s) - AzureDiagnostics (Azure Firewall) https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/common-event-format-cef Log Analytics table(s) - CommonSecurityLog
upvoted 13 times
...
golitech
Most Recent 1 month, 1 week ago
These questions we just must memories them and there is no logic, there are hundreds of connectors, how can we memories all of them...!!!!
upvoted 1 times
hellboysecret
2 days, 12 hours ago
Good question - now that this is open book exam, I hope we can reach this site to answer these questions. https://learn.microsoft.com/en-us/azure/sentinel/data-connectors-reference#microsoft
upvoted 1 times
...
...
datz
3 months, 2 weeks ago
go through bellow link: No more AZ AD, so - Microsoft Entra ID Protection Answer provided is correct: entraID - Security Alert AZ Firewall - AzDiag CEF - Syslog https://learn.microsoft.com/en-us/azure/sentinel/data-connectors-reference
upvoted 1 times
...
wardy1983
10 months ago
Explanation: 1. Log Analytics table(s) SecurityAlert 2. Log Analytics table(s) AzureDiagnostics 3. CEF, set up the Syslog agent and then configure the CEF data flow. After successful configuration, the data appears in the CommonSecurityLog table. Reference: https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-ad-identity-protection https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-firewall https://docs.microsoft.com/enus/ azure/sentinel/connect-data-sources
upvoted 4 times
...
majstor86
1 year, 6 months ago
1: SecurityAlert 2: AzureDiagnostics 3: CommonSecurityLog
upvoted 3 times
...
OrangeSG
1 year, 7 months ago
Box 1: SecurityAlert Box 2: AzureDiagnostics Box 3: CommonSecurityLog Table target can be found in Sentinel data connector information: Find your Microsoft Sentinel data connector https://learn.microsoft.com/en-us/azure/sentinel/data-connectors-reference
upvoted 2 times
...
dimaste
2 years, 11 months ago
Correct
upvoted 3 times
...
Jco
2 years, 11 months ago
#exam ques # 29 Sep
upvoted 2 times
cfsxtuv33
2 years, 8 months ago
You comment on all questions, stop and move on to another exam or stop lying.
upvoted 28 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago