SC-200 Question #289: Real Exam Question with Answer & Explanation

The correct answer is A: an Azure Event Hubs namespace. Azure Event Hubs is the standard and recommended destination for streaming Azure and Microsoft Graph logs to third-party SIEM tools (such as Splunk, IBM QRadar, or ArcSight). Most major SIEM vendors provide native connectors for Event Hubs, making integration straightforward and

Submitted by andres_qro· Apr 18, 2026Manage a security operations environment

Question

You have an Azure subscription. You need to stream the Microsoft Graph activity logs to a third-party security information and event management (SIEM) tool. The solution must minimize administrative effort. To where should you stream the logs?

Options

Aan Azure Event Hubs namespace
Ban Azure Storage account
Can Azure Event Grid namespace
Da Log Analytics workspace

Explanation

Azure Event Hubs is the standard and recommended destination for streaming Azure and Microsoft Graph logs to third-party SIEM tools (such as Splunk, IBM QRadar, or ArcSight). Most major SIEM vendors provide native connectors for Event Hubs, making integration straightforward and minimizing administrative effort. A Storage account (B) would require the SIEM to pull data on a schedule, adding complexity. Event Grid (C) is an event routing service for triggering reactions to events, not a streaming pipeline for SIEMs. A Log Analytics workspace (D) is Microsoft's own analysis platform and lacks native connectors to third-party SIEMs.

Topics

#Log Streaming#Azure Event Hubs#SIEM Integration#Microsoft Graph Logs

Community Discussion

No community discussion yet for this question.

Full SC-200 Practice Browse All SC-200 Questions