Microsoft Security Operations Analyst — Question 44
You have an Azure subscription.
You need to stream the Microsoft Graph activity logs to a third-party security information and event management (SIEM) tool. The solution must minimize administrative effort.
To where should you stream the logs?
Answer options
- A. an Azure Event Hubs namespace
- B. an Azure Storage account
- C. an Azure Event Grid namespace
- D. a Log Analytics workspace
Correct answer: A
Explanation
The correct answer is A, an Azure Event Hubs namespace, because it is designed for high-throughput event streaming, making it ideal for sending logs to a SIEM tool. The other options, while useful for data storage or processing, do not provide the same level of efficiency for real-time log streaming.