Free Preparation Discussions
MENU
Microsoft SC-200 Exam - Topic 3 Question 112 Discussion
Topic #: 3
You have a Microsoft Sentinel workspace.
You enable User and Entity Behavior Analytics (UFBA) by using Audit logs and Signin logs. The following entities are detected in the Azure AD tenant:
* App name: App1
* IP address: 192.168.1.2
* Computer name: Device1
* Used client app: Microsoft Edge
* Email address: user1@company.com
* Sign-in URL: https://www.company.com
Which entities can be investigated by using UEBA?
Microsoft Sentinel UEBA (User and Entity Behavior Analytics) focuses on users and hosts (devices) and enriches data with contextual information. When enabling UEBA with Audit logs and Signin logs, the only entities supported for investigation are:
User accounts (email addresses)
Hosts or devices (including IP addresses)
Other values like App name, Used client app, and Sign-in URL are attributes in log data but not tracked entities in UEBA investigations.
Answe r: B. IP address and email address only
Currently there are no comments in this discussion, be the first to comment!