Exam SC-200 topic 3 question 60 discussion

https://learn.microsoft.com/en-us/azure/sentinel/normalization-manage-parsers https://learn.microsoft.com/en-us/azure/sentinel/normalization-manage-parsers#prevent-an-automated-update-of-a-built-in-parser

B and E are correct based on the SC-200 Practice Assessment from Microsoft B. Build a custom unifying parser and include the built-in parser version E. Create an analytics rule and include the built-in parser https://learn.microsoft.com/en-us/credentials/certifications/practice-assessments-for-microsoft-certifications https://learn.microsoft.com/en-us/credentials/certifications/exams/sc-200/practice/assessment?assessment-type=practice&assessmentId=59

the question is in the MS assessment test and it was b and c

Exam practice says so, doc confirms. Logic ties it all up.

B and C are correct.

B. Build a custom unifying parser and include the built-in parser version. Explanation: By building a custom unifying parser and explicitly specifying the version of the built-in parser, you can prevent automatic updates from affecting your custom logic. This ensures that even if the built-in parser is updated in the background, your custom parser will continue to use the specified version. D. Redeploy the built-in parser and specify a CallerContext parameter of Built-in. Explanation: By redeploying the built-in parser with the CallerContext parameter set to Built-in, you can effectively lock it to a specific version and prevent automatic updates from overriding your changes. This method allows for more control over when and how updates are applied.

B and E are correct

like MS_KoolaidMan said

Correct based on the SC-200 Practice Assessment from Microsoft.

On the Microsoft Practice assessments, the answers to the same question are B and E.

Confirmed by Microsoft SC-200 Practice Assessment as @MS_KoolaidMan mentioned below https://learn.microsoft.com/en-us/credentials/certifications/exams/sc-200/practice/assessment?assessment-type=practice&assessmentId=59

Why do i pay money for that services when the answer is wrong? I made the test exam from Microsoft. Correct Answers are: - Redeploy the built-in parser and specify a CallerContext value of Any and a SourceSpecificParser value of Any. - Create an analytics rule and include the built-in parser.

BE is correct as per Microsoft Learn Practice Assessment

Correct Option

B and C is correct

The correct answers are B and D. Option B: Building a custom unifying parser and including the built-in parser version will prevent the built-in parser from being updated automatically. This is because the custom unifying parser will use the built-in parser version that you specify, and not the latest version that is available in the Microsoft Sentinel repository. Option D: Redeploying the built-in parser and specifying a CallerContext parameter of Built-in will also prevent the built-in parser from being updated automatically. This is because the CallerContext parameter specifies that the parser should only be used for built-in sources. If the parser is updated, it will no longer be considered a built-in source, and the CallerContext parameter will prevent it from being used.