Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

You manage a Microsoft Sentinel deployment that ingests 50 GB of SecurityEvent data daily to a Log Analytics workspace in West Europe. Regulatory policy requires that security event logs remain retrievable for 24 months, but analysts typically query only the most recent 90 days. You must minimize storage costs while being able to run investigations on older data when necessary. Which workspace setting should you configure to meet the requirements?

  • Set the workspace retention for the SecurityEvent table to 90 days and configure an archive rule that stores the data for an additional 21 months.

  • Enable continuous export to Azure Storage and delete SecurityEvent data from the workspace after 90 days.

  • Enable Basic Logs for the SecurityEvent table and set its retention to 24 months.

  • Create a daily ingestion cap and configure discard rules to delete SecurityEvent data older than 90 days.

Microsoft Security Operations Analyst Associate SC-200
Manage a security operations environment
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot