Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-200 Exam - Topic 6 Question 71 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 71
Topic #: 6
[All SC-200 Questions]

You have a Microsoft Sentinel workspace that has user and Entity Behavior Analytics (UEBA) enabled for Signin Logs.

You need to ensure that failed interactive sign-ins are detected.

The solution must minimize administrative effort.

What should you use?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Verlene at May 12, 2024, 11:26 PM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Berry
6 months ago
Wait, can a hunting query really detect failed sign-ins? That seems off.
upvoted 0 times
...
Ruth
6 months ago
I agree, B seems to minimize effort while catching those sign-ins.
upvoted 0 times
...
Reuben
6 months ago
I’m not sure about C, isn’t that more for general logging?
upvoted 0 times
...
Sheldon
7 months ago
A scheduled alert query sounds like a solid plan too.
upvoted 0 times
...
Charlesetta
7 months ago
I think option B is the best choice for UEBA.
upvoted 0 times
...
Vincent
7 months ago
A hunting query sounds familiar, but I’m not convinced it’s the best choice for this scenario since it usually requires more manual effort.
upvoted 0 times
...
Alex
7 months ago
I feel like the Activity Log data connector could be relevant, but it seems more focused on general logging rather than specific sign-in failures.
upvoted 0 times
...
Chantell
7 months ago
I’m not entirely sure, but I remember something about scheduled alert queries being useful for monitoring specific events.
upvoted 0 times
...
Malcolm
8 months ago
I think we might need to use a UEBA activity template since it’s designed to detect anomalies like failed sign-ins.
upvoted 0 times
...
Aliza
8 months ago
The Activity Log data connector might be an option, but I'm not sure if that would be the most efficient approach. I'll need to look into the capabilities and limitations of that solution.
upvoted 0 times
...
Rochell
8 months ago
Hmm, I'm not sure if a UEBA activity template is the right choice. I'll need to double-check the details on how that works to be sure it can detect failed interactive sign-ins.
upvoted 0 times
...
Rutha
8 months ago
I think a scheduled alert query would be the way to go here. It seems like the most straightforward solution that meets the requirements.
upvoted 0 times
...
Ellen
8 months ago
A hunting query could be an interesting approach, but it might require more administrative effort than the other options. I'll need to weigh the pros and cons of that approach.
upvoted 0 times
...
Sheron
8 months ago
Option A seems like the most logical choice to me. Reducing the number of snapshots should help resolve the issue, as the task is having trouble fetching a large number of them.
upvoted 0 times
...
Kara
8 months ago
I'm a bit confused on the differences between the options here. I'll have to review my notes on quality function deployment to make sure I understand it properly.
upvoted 0 times
...
Jospeh
8 months ago
Hmm, I remember a practice question about gaining system access, but that doesn't seem like direct user interaction.
upvoted 0 times
...
Emerson
8 months ago
Okay, I've got this. Based on the IIA guidance, the most important steps are determining if previous incidents have been reported and managed, and assessing the level of transparency in reporting. I'll make sure to focus on those key areas in my response.
upvoted 0 times
...
Rashad
8 months ago
Okay, I've got a strategy here. I'll carefully read through the options and think about how each one relates to the benefits of external spam quarantine.
upvoted 0 times
...

Save Cancel