Microsoft Security Operations Analyst Associate SC-200 Practice Question
You need to run a KQL query against 14 months of AzureActivity logs that have already been moved to the archive tier in Microsoft Sentinel. You decide to launch a search job from the Hunting > Search experience in the Microsoft Sentinel portal. Which action is required during job creation to ensure that the query includes the archived logs without first restoring them to hot storage?
Select the Search in archived logs option before you submit the job.
Specify a result output table other than the default SearchJobResults table.
Set the job's retention period to more than 30 days.
Change the workspace's default data retention setting to 400 days.
When you create a search job in Microsoft Sentinel, the wizard lets you specify whether the job should read data that resides in the log archive tier. Selecting the Search in archived logs checkbox signals the job engine to automatically fetch and process archived data for the specified time range. If you omit this setting, the job executes only against data in the analytics (hot) workspace and will not scan logs that were moved to the archive tier. Specifying longer time ranges, increasing result retention, or adding output tables does not on its own enable archived-log access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the 'Search in archived logs' option in Microsoft Sentinel?
Open an interactive chat with Bash
What is the archive tier in Microsoft Sentinel and how does it differ from hot storage?
Open an interactive chat with Bash
What happens if the 'Search in archived logs' checkbox is omitted in a search job?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage security threats
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .