SC-100 · Question #230
SC-100 Question #230: Real Exam Question with Answer & Explanation
The correct answer is B: an on-premises Syslog server. Many networking and security devices and appliances send their system logs over the Syslog protocol in a specialized format known as Common Event Format (CEF). This format includes more information than the standard Syslog format, and it presents the information in a parsed key-v
Question
You have an Azure subscription that contains a Microsoft Sentinel workspace. Your on-premises network contains firewalls that support forwarding event logs in the Common Event Format (CEF). There is no built-in Microsoft Sentinel connector for the firewalls. You need to recommend a solution to ingest events from the firewalls into Microsoft Sentinel. What should you include in the recommendation?
Options
- Aan Azure logic app
- Ban on-premises Syslog server
- Can on-premises data gateway
- DAzure Data Factory
Explanation
Many networking and security devices and appliances send their system logs over the Syslog protocol in a specialized format known as Common Event Format (CEF). This format includes more information than the standard Syslog format, and it presents the information in a parsed key-value arrangement. The Log Analytics Agent accepts CEF logs and formats them especially for use with Microsoft Sentinel, before forwarding them on to your Microsoft Sentinel workspace. https://learn.microsoft.com/en-us/azure/sentinel/connect-common-event-format
Topics
Community Discussion
No community discussion yet for this question.