Microsoft Security Operations Analyst Associate SC-200 Practice Question
Your SOC ingests high-volume Syslog data into an Azure Log Analytics workspace that is connected to Microsoft Sentinel. Analysts must be able to run interactive KQL queries on the data for 180 days. Compliance rules also require keeping the same data for a total of 13 months at the lowest possible cost, but the data does not have to remain immediately searchable after the first 180 days. Which configuration should you implement in the workspace to meet both requirements at minimal cost?
Enable continuous data export to an Event Hub and delete the data from the workspace after 180 days to reduce cost.
Create a diagnostic setting that exports the Syslog data to an Azure Storage account configured with a 13-month lifecycle policy.
Set a per-table policy that retains the Syslog table in the analytics tier for 180 days and then archives it for an additional 215 days.
Move the Syslog table to Basic Logs and rely on its 30-day interactive retention while keeping data for 13 months.
Configure a table-level data retention policy that keeps Syslog records in the analytics (hot) tier for 180 days, then automatically moves them to the archive tier for an additional 215 days. This fulfills the 180-day interactive-query requirement while storing the remaining data in the lower-cost archive tier, where it can still be accessed later through a restore operation or a search job as needed. Basic Logs cannot meet the 180-day interactive requirement because they provide only 30 days of interactive querying (with up to 7-year access via search jobs). Exporting or deleting the data after 180 days would remove the ability to query it natively in Microsoft Sentinel. Therefore, combining 180 days of analytics-tier retention with an extra 215 days of archive retention is the most cost-effective compliant solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the archive tier in Microsoft Sentinel?
Open an interactive chat with Bash
How does a per-table retention policy work in Azure Log Analytics?
Open an interactive chat with Bash
What is the difference between Basic Logs and Analytics tier in Microsoft Sentinel?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage a security operations environment
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .