Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

You are designing a Microsoft Sentinel deployment. Your organization must keep Azure Firewall logs for 24 months to satisfy regulatory requirements and wants to minimize storage costs. Analysts need to run interactive Kusto queries against the most recent 30 days of firewall data; older data will be accessed only occasionally. Which configuration should you apply to the Azure Monitor Logs workspace that stores the Sentinel data?

  • Change the table to use the Basic Logs plan and configure a 730-day retention period.

  • Configure the table to retain 30 days in the Analytics tier and add a data archive rule that stores the next 720 days in the archive tier.

  • Set a per-table retention period of 730 days in the Analytics tier and leave the archive tier disabled.

  • Export the Azure Firewall logs to an Azure Storage account through diagnostic settings and delete them from Microsoft Sentinel.

Microsoft Security Operations Analyst Associate SC-200
Manage a security operations environment
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot