nerdexam
ExamsSC-100Questions#339
MicrosoftMicrosoft

SC-100 · Question #339

SC-100 Question #339: Real Exam Question with Answer & Explanation

The correct answer is A: Upgrade the user licenses to Microsoft 365 E5.. {"question_number": 2, "correct_answers": ["A"], "explanation": "Upgrading to Microsoft 365 E5 is the cost-optimal solution because E5 includes Microsoft Defender for Identity (MDI), which automatically monitors domain controllers and forwards Windows Security events to Microsoft

Design security operations, identity, and compliance capabilities

Question

Your network contains an on-premises Active Directory Domain Services (AD DS) domain named Domain1. Domain1 contains 10 domain controllers. You have an Azure subscription named Sub1 that contains a Microsoft Sentinel workspace named WS1. You have a Microsoft 365 subscription that contains 5,000 users. Each user is assigned a Microsoft 365 E3 license. You need to recommend a solution to ingest security logs from all the domain controllers into WS1. The solution must meet the following requirements: - The cost of ingesting data into WS1 must be minimized. - WS1 must ingest all the Windows Security event logs generated by the domain controllers. - The solution must support the generation of approximately 350 MB of logs per day from each domain controller. What should you recommend?

Options

  • AUpgrade the user licenses to Microsoft 365 E5.
  • BOnboard each domain controller to Microsoft Defender for Servers Plan 2.
  • CConfigure Auxiliary logs in WS1.
  • DConfigure a volume cap for WS1.
  • EOnly ingest data from one domain controller into WS1.

Explanation

{"question_number": 2, "correct_answers": ["A"], "explanation": "Upgrading to Microsoft 365 E5 is the cost-optimal solution because E5 includes Microsoft Defender for Identity (MDI), which automatically monitors domain controllers and forwards Windows Security events to Microsoft Sentinel. Critically, Microsoft 365 E5 unlocks a Microsoft Sentinel data ingestion benefit of 5 MB per licensed user per day at no additional charge. With 5,000 E5 users, that equals 25 GB/day of free ingestion - far exceeding the 3.5 GB/day needed (350 MB × 10 DCs). This satisfies all three requirements: minimized cost (ingestion covered by the benefit), all Windows Security events from all DCs, and capacity for the stated log volume. B (Defender for Servers Plan 2) would also provide free data ingestion per server, but licensing 10 servers at Plan 2 pricing is more expensive than the E5 upgrade when the organization already has 5,000 users. C (Auxiliary logs) are cheaper per GB but have limited interactive query support and do not satisfy the requirement to ingest 'all' security events in a fully queryable form. D (volume cap) would throttle and drop logs, violating the 'all events' requirement. E violates the requirement to ingest from all domain controllers.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

Topics

#Microsoft Sentinel#Data Ingestion#Cost Optimization#Active Directory#Microsoft 365 E5 Licensing

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SC-100 PracticeBrowse All SC-100 Questions