Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Microsoft Exam SC-100 Topic 2 Question 53 Discussion

Actual exam question for Microsoft's SC-100 exam
Question #: 53
Topic #: 2
[All SC-100 Questions]

You have an Azure subscription that contains a Microsoft Sentinel workspace.

Your on-premises network contains firewalls that support forwarding event logs m the Common Event Format (CEF). There is no built-in Microsoft Sentinel connector for the firewalls

You need to recommend a solution to ingest events from the firewalls into Microsoft Sentinel.

What should you include m the recommendation?

Show Suggested Answer Hide Answer
Suggested Answer: B

by India at Sep 17, 2024, 01:18 AM

Limited Time Offer

25%

Off

Get Premium SC-100 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Rosendo
2 months ago
Ooh, the Syslog server option sounds like a good one. Plus, it's nice to have an on-premises component to handle the initial log collection.
upvoted 0 times
Cristen
24 days ago
User 3: I agree, the Syslog server option seems like the way to go for this scenario.
upvoted 0 times
...
Genevive
29 days ago
User 2: Yeah, having an on-premises component for log collection is a smart move.
upvoted 0 times
...
Quentin
1 months ago
User 1: I think the Syslog server is a good choice for ingesting events from the firewalls.
upvoted 0 times
...
...
Ben
2 months ago
Haha, I bet the correct answer is the one that's the most convoluted and complicated. That's how these exams love to trick you! I'm going with D, Azure Data Factory.
upvoted 0 times
Margery
25 days ago
Yeah, Azure Data Factory might be overkill. Let's go with an Azure logic app.
upvoted 0 times
...
Daren
1 months ago
I agree, an Azure logic app would be a simpler solution.
upvoted 0 times
...
Donette
1 months ago
I think Azure Data Factory is too complex for this scenario.
upvoted 0 times
...
...
Viola
2 months ago
But wouldn't option C) an on-premises data gateway be more secure and efficient?
upvoted 0 times
...
Roselle
2 months ago
I disagree, I believe option B) an on-premises Syslog server would be a better choice.
upvoted 0 times
...
Viola
2 months ago
I think we should go with option A) an Azure logic app.
upvoted 0 times
...
Melissia
2 months ago
I agree with Louis. Using a Syslog server seems like the most straightforward way to get those on-premises firewall logs into Sentinel.
upvoted 0 times
...
Myra
3 months ago
Hmm, I'm not sure. Could an Azure Logic App work too? It might be able to ingest the logs directly from the firewalls.
upvoted 0 times
Jamal
2 months ago
C) an on-premises data gateway
upvoted 0 times
...
Gregg
2 months ago
B) an on-premises Syslog server
upvoted 0 times
...
Maryln
2 months ago
A) an Azure logic app
upvoted 0 times
...
...
Louis
3 months ago
I think the answer is B. An on-premises Syslog server. Since there's no built-in connector, we'll need to forward the CEF logs to a Syslog server first, and then connect that to Microsoft Sentinel.
upvoted 0 times
Angella
1 months ago
Great, let's go with option B for the recommendation.
upvoted 0 times
...
Virgie
1 months ago
That makes sense, we can then easily connect the Syslog server to Microsoft Sentinel.
upvoted 0 times
...
Kathrine
1 months ago
I think setting up an on-premises Syslog server is the way to go.
upvoted 0 times
...
Theresia
2 months ago
I agree with you, option B seems like the best choice.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77