Microsoft Security Operations Analyst — Question 33
You have a Microsoft Sentinel workspace that has User and Entity Behavior Analytics (UEBA) enabled for Signin Logs.
You need to ensure that failed interactive sign-ins are detected. The solution must minimize administrative effort.
What should you use?
Answer options
- A. a scheduled alert query
- B. the Activity Log data connector
- C. a UEBA activity template
- D. a hunting query
Correct answer: C
Explanation
The correct answer is C, as a UEBA activity template is specifically designed to identify unusual user behavior, such as failed sign-ins, with minimal management required. Options A and D involve more hands-on monitoring and configuration, while B pertains to a different aspect of data connectivity and does not directly address the detection of sign-in failures.