SC-200 Question #99: Real Exam Question with Answer & Explanation

Sign in or unlock SC-200 to reveal the answer and full explanation for question #99. The question stem and answer options stay visible for context.

Submitted by haruto_sh· Apr 18, 2026Manage a security operations environment

Question

You have a third-party security information and event management (SIEM) solution. You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time. What should you do to route events to the SIEM solution?

Options

ACreate an Azure Sentinel workspace that has a Security Events connector.
BConfigure the Diagnostics settings in Azure AD to stream to an event hub.
CCreate an Azure Sentinel workspace that has an Azure Active Directory connector.
DConfigure the Diagnostics settings in Azure AD to archive to a storage account.

Unlock SC-200 to see the answer

You've previewed enough free SC-200 questions. Unlock SC-200 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock SC-200 - $49.99 / 30 days Sign in

Topics

#Azure AD Logs#Diagnostics Settings#Event Hubs#SIEM Integration

Full SC-200 Practice Browse All SC-200 Questions