Which two actions should you perform?


Your company stores the data for every project in a different Azure subscription. All the subscriptions use the same Azure Active Directory (Azure AD) tenant.

Every project consists of multiple Azure virtual machines that run Windows Server. The Windows events of the virtual machines are stored in a Log Analytics workspace in each machine’s respective subscription.

You deploy Azure Sentinel to a new Azure subscription.

You need to perform hunting queries in Azure Sentinel to search across all the Log Analytics workspaces of all the subscriptions.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A . Add the Security Events connector to the Azure Sentinel workspace.
B . Create a query that uses the workspace expression and the union operator.
C . Use the alias statement.
D . Create a query that uses the resource expression and the alias operator.
E . Add the Azure Sentinel solution to each workspace.

Answer: B,E

Leave a Reply

Your email address will not be published.