Microsoft Security Operations Analyst — Question 103

You have a Microsoft Sentinel workspace.

You enable User and Entity Behavior Analytics (UEBA) by using Audit Logs and Signin Logs.

The following entities are detected in the Azure AD tenant:

• App name: App1
• IP address: 192.168.1.2
• Computer name: Device1
• Used client app: Microsoft Edge
• Email address:[email protected]
• Sign-in URL: https://www.company.com

Which entities can be investigated by using UEBA?

Answer options

• A. IP address and email address only
• B. app name, computer name, IP address, email address, and used client app only
• C. IP address only
• D. used client app and app name only

Correct answer: B

Explanation

The correct answer is B because UEBA allows for the investigation of multiple entities, including app name, computer name, IP address, email address, and used client app. The other options are incorrect as they limit the entities that can be analyzed, overlooking some relevant information detected by UEBA.