SC-200 · Question #238
SC-200 Question #238: Real Exam Question with Answer & Explanation
The correct answer is B: app name, computer name, IP address, email address, and used client app only. UEBA in Microsoft Sentinel uses various types of entities for analysis, including users, hosts, IP addresses, applications, and devices.
Question
You have a Microsoft Sentinel workspace. You enable User and Entity Behavior Analytics (UEBA) by using Audit Logs and Signin Logs. The following entities are detected in the Azure AD tenant: - App name: App1 - IP address: 192.168.1.2 - Computer name: Device1 - Used client app: Microsoft Edge - Email address: [email protected] Which entities can be investigated by using UEBA?
Options
- AIP address and email address only
- Bapp name, computer name, IP address, email address, and used client app only
- CIP address only
- Dused client app and app name only
Explanation
UEBA in Microsoft Sentinel uses various types of entities for analysis, including users, hosts, IP addresses, applications, and devices.
Common mistakes.
- A. This choice is too restrictive; UEBA supports more entity types than just IP addresses and email addresses.
- C. This choice is too restrictive; UEBA supports many more entity types than just IP addresses.
- D. This choice is too restrictive; UEBA supports more entity types, including users, hosts, and IP addresses.
Concept tested. Microsoft Sentinel UEBA entity types
Reference. https://learn.microsoft.com/en-us/azure/sentinel/ueba-reference
Topics
Community Discussion
No community discussion yet for this question.