SC-200 · Question #37
SC-200 Question #37: Real Exam Question with Answer & Explanation
Sign in or unlock SC-200 to reveal the answer and full explanation for question #37. The question stem and answer options stay visible for context.
Question
Your company stores the data for every project in a different Azure subscription. All the subscriptions use the same Azure Active Directory (Azure AD) tenant. Every project consists of multiple Azure virtual machines that run Windows Server. The Windows events of the virtual machines are stored in a Log Analytics workspace in each machine's respective subscription. You deploy Azure Sentinel to a new Azure subscription. You need to perform hunting queries in Azure Sentinel to search across all the Log Analytics workspaces of all the subscriptions. Which two actions should you perform?Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Options
- AAdd the Security Events connector to the Azure Sentinel workspace.
- BCreate a query that uses the workspace expression and the union operator.
- CUse the alias statement.
- DCreate a query that uses the resource expression and the alias operator.
- EAdd the Azure Sentinel solution to each workspace.
Unlock SC-200 to see the answer
You've previewed enough free SC-200 questions. Unlock SC-200 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.