Microsoft Exam SC-200 Topic 3 Question 67 Discussion

Actual exam question for Microsoft's SC-200 exam

Question #: 67
Topic #: 3

You have an Azure subscription that has Azure Defender enabled for all supported resource types.

You need to configure the continuous export of high-severity alerts to enable their retrieval from a third-party security information and event management (SIEM) solution.

To which service should you export the alerts?

AAzure Cosmos DB

BAzure Event Grid

CAzure Event Hubs

DAzure Data Lake

Show Suggested Answer

Suggested Answer: B

by Gayla at Mar 20, 2024, 08:53 AM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Timmy

11 days ago

Hmm, I was initially leaning towards Option B, Azure Event Grid, but now I'm not so sure. Event Hubs does sound more tailored for this kind of high-volume, real-time data transfer. Guess I'll have to do some more research to be certain.

upvoted 0 times

...

Pura

15 days ago

I think I'll go with Option C. Azure Event Hubs seems like the logical choice for exporting high-severity alerts to a SIEM solution. It's designed for real-time data ingestion, which is perfect for this use case.

upvoted 0 times

Whitney

2 days ago

I agree, Azure Event Hubs is the best option for exporting high-severity alerts.

upvoted 0 times

...

Ilda

19 days ago

I'm not sure about that. I think D) Azure Data Lake could also be a valid option for exporting high-severity alerts.

upvoted 0 times

...

Shonda

28 days ago

I agree with Paulina. Azure Event Hubs can handle large amounts of data and is a good choice for exporting alerts.

upvoted 0 times

...

Paulina

1 months ago

I think the answer is C) Azure Event Hubs because it is designed for big data streaming.

upvoted 0 times

...