Microsoft Security Operations Analyst — Question 15

You have a Microsoft Sentinel workspace named Workspace1 and 200 custom Advanced Security Information Model (ASIM) parsers based on the DNS schema.

You need to make the 200 parses available in Workspace1. The solution must minimize administrative effort.

What should you do first?

Answer options

• A. Copy the parsers to the Azure Monitor Logs page.
• B. Create a JSON file based on the DNS template.
• C. Create an XML file based on the DNS template.
• D. Create a YAML file based on the DNS template.

Correct answer: D

Explanation

The correct answer is D because creating a YAML file is the required format for deploying ASIM parsers in Microsoft Sentinel. Options A, B, and C are incorrect as they either suggest the wrong approach or file format that does not align with the requirements for making ASIM parsers available in this context.