nerdexam
ExamsSC-200Questions#143
MicrosoftMicrosoft

SC-200 · Question #143

SC-200 Question #143: Real Exam Question with Answer & Explanation

The correct answer is C: a Common Evert Format (CEF) connector. Minimize the parsing required to read fog data. CEF connector sends Common Event Format data which means easy to read. As for administrative effort. You only need to configure the CEF server to listen for syslog from all the linux vms and then send the CEF data to Sentinel.

Submitted by chen.hong· Apr 18, 2026Manage log connection to Microsoft Sentinel

Question

You have an Azure subscription that uses Microsoft Sentinel and contains 100 Linux virtual machines. You need to monitor the virtual machines by using Microsoft Sentinel. The solution must meet the following requirements: - Minimize administrative effort. - Minimize the parsing required to read fog data. What should you configure?

Options

  • Aa Log Analytics Data Collector API
  • BREST API integration
  • Ca Common Evert Format (CEF) connector
  • Da Syslog connector

Explanation

Minimize the parsing required to read fog data. CEF connector sends Common Event Format data which means easy to read. As for administrative effort. You only need to configure the CEF server to listen for syslog from all the linux vms and then send the CEF data to Sentinel.

Topics

#Microsoft Sentinel#Data Connectors#Linux Monitoring#CEF

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SC-200 PracticeBrowse All SC-200 Questions