Microsoft Cybersecurity Architect — Question 69

Your network contains an on-premises Active Directory Domain Services (AD DS) domain named Domain1. Domain1 contains 10 domain controllers.

You have an Azure subscription named Sub1 that contains a Microsoft Sentinel workspace named WS1.

You have a Microsoft 365 subscription that contains 5,000 users. Each user is assigned a Microsoft 365 E3 license.

You need to recommend a solution to ingest security logs from all the domain controllers into WS1. The solution must meet the following requirements:

• The cost of ingesting data into WS1 must be minimized.
• WS1 must ingest all the Windows Security event logs generated by the domain controllers.
• The solution must support the generation of approximately 350 MB of logs per day from each domain controller.

What should you recommend?

Answer options

• A. Upgrade the user licenses to Microsoft 365 E5.
• B. Onboard each domain controller to Microsoft Defender for Servers Plan 2.
• C. Configure Auxiliary logs in WS1.
• D. Configure a volume cap for WS1.
• E. Only ingest data from one domain controller into WS1.

Correct answer: A

Explanation

The correct answer is A because upgrading to Microsoft 365 E5 provides access to advanced security features, including enhanced logging capabilities necessary for ingesting all Windows Security event logs into WS1 cost-effectively. The other options either do not meet the requirements for comprehensive log ingestion or would increase costs rather than minimize them.