Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-100 Exam - Topic 2 Question 53 Discussion

You have an Azure subscription that contains a Microsoft Sentinel workspace.Your on-premises network contains firewalls that support forwarding event logs m the Common Event Format (CEF). There is no built-in Microsoft Sentinel connector for the firewallsYou need to recommend a solution to ingest events from the firewalls into Microsoft Sentinel.What should you include m the recommendation?
B) an on-premises Syslog server
A) an Azure logic app
C) an on-premises data gateway
D) Azure Data Factory

Microsoft SC-100 Exam - Topic 2 Question 53 Discussion

Actual exam question for Microsoft's SC-100 exam
Question #: 53
Topic #: 2
[All SC-100 Questions]

You have an Azure subscription that contains a Microsoft Sentinel workspace.

Your on-premises network contains firewalls that support forwarding event logs m the Common Event Format (CEF). There is no built-in Microsoft Sentinel connector for the firewalls

You need to recommend a solution to ingest events from the firewalls into Microsoft Sentinel.

What should you include m the recommendation?

Show Suggested Answer Hide Answer
Suggested Answer: B

by India at Sep 17, 2024, 01:18 AM

Limited Time Offer

25%

Off

Get Premium SC-100 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Roxanne
6 months ago
Azure Data Factory seems like overkill for just logs!
upvoted 0 times
...
Felix
6 months ago
Not sure about that, can we really trust the data flow?
upvoted 0 times
...
Vinnie
7 months ago
Wait, isn't Azure Logic Apps a better fit?
upvoted 0 times
...
Vinnie
7 months ago
I agree, Syslog is the way to go here.
upvoted 0 times
...
Annmarie
7 months ago
Definitely need an on-premises Syslog server for this!
upvoted 0 times
...
Colene
7 months ago
I’m leaning towards the on-premises Syslog server since it seems to fit the CEF format, but I hope I’m not mixing it up with another question we practiced.
upvoted 0 times
...
Winfred
8 months ago
I feel like Azure Logic Apps might be too complex for just forwarding logs, but it could be a solution if we need to process the data first.
upvoted 0 times
...
Adell
8 months ago
I think an on-premises data gateway could work, but I recall it being more for data sources rather than log ingestion.
upvoted 0 times
...
Becky
8 months ago
I remember we discussed using a Syslog server for similar scenarios, but I'm not entirely sure if it's the best option here.
upvoted 0 times
...
Stanford
8 months ago
I'm feeling pretty confident about this one. The question is asking for a solution to ingest the firewall logs into Microsoft Sentinel, and an Azure Logic App seems like the most logical choice since there's no built-in connector.
upvoted 0 times
...
Dorothy
8 months ago
Based on the question, I believe the best solution would be to use an Azure Logic App. It can connect to the on-premises firewalls, ingest the CEF logs, and then send them to Microsoft Sentinel. Seems like the most straightforward approach.
upvoted 0 times
...
Reyes
8 months ago
I'm a bit confused on this one. Do we need to set up an on-premises Syslog server or an on-premises data gateway? I'm not sure which option would be the most appropriate.
upvoted 0 times
...
Verlene
8 months ago
Okay, I think I've got this. The key is to find a way to ingest the CEF logs from the on-premises firewalls into Microsoft Sentinel. Let's see, an Azure Logic App could work for that.
upvoted 0 times
...
Lorrie
8 months ago
Hmm, this looks like a tricky one. I'll need to think through the options carefully to determine the best solution.
upvoted 0 times
...
Rosendo
2 years ago
Ooh, the Syslog server option sounds like a good one. Plus, it's nice to have an on-premises component to handle the initial log collection.
upvoted 0 times
Cristen
2 years ago
User 3: I agree, the Syslog server option seems like the way to go for this scenario.
upvoted 0 times
...
Genevive
2 years ago
User 2: Yeah, having an on-premises component for log collection is a smart move.
upvoted 0 times
...
Quentin
2 years ago
User 1: I think the Syslog server is a good choice for ingesting events from the firewalls.
upvoted 0 times
...
...
Ben
2 years ago
Haha, I bet the correct answer is the one that's the most convoluted and complicated. That's how these exams love to trick you! I'm going with D, Azure Data Factory.
upvoted 0 times
Margery
2 years ago
Yeah, Azure Data Factory might be overkill. Let's go with an Azure logic app.
upvoted 0 times
...
Daren
2 years ago
I agree, an Azure logic app would be a simpler solution.
upvoted 0 times
...
Donette
2 years ago
I think Azure Data Factory is too complex for this scenario.
upvoted 0 times
...
...
Viola
2 years ago
But wouldn't option C) an on-premises data gateway be more secure and efficient?
upvoted 0 times
...
Roselle
2 years ago
I disagree, I believe option B) an on-premises Syslog server would be a better choice.
upvoted 0 times
...
Viola
2 years ago
I think we should go with option A) an Azure logic app.
upvoted 0 times
...
Melissia
2 years ago
I agree with Louis. Using a Syslog server seems like the most straightforward way to get those on-premises firewall logs into Sentinel.
upvoted 0 times
...
Myra
2 years ago
Hmm, I'm not sure. Could an Azure Logic App work too? It might be able to ingest the logs directly from the firewalls.
upvoted 0 times
Jamal
2 years ago
C) an on-premises data gateway
upvoted 0 times
...
Gregg
2 years ago
B) an on-premises Syslog server
upvoted 0 times
...
Maryln
2 years ago
A) an Azure logic app
upvoted 0 times
...
...
Louis
2 years ago
I think the answer is B. An on-premises Syslog server. Since there's no built-in connector, we'll need to forward the CEF logs to a Syslog server first, and then connect that to Microsoft Sentinel.
upvoted 0 times
Angella
2 years ago
Great, let's go with option B for the recommendation.
upvoted 0 times
...
Virgie
2 years ago
That makes sense, we can then easily connect the Syslog server to Microsoft Sentinel.
upvoted 0 times
...
Kathrine
2 years ago
I think setting up an on-premises Syslog server is the way to go.
upvoted 0 times
...
Theresia
2 years ago
I agree with you, option B seems like the best choice.
upvoted 0 times
...
...

Save Cancel