Explanation:
Option B is correct because, by default, logs ingested into Microsoft Sentinel are stored in Azure Monitor Log Analytics. Option C is also correct as there is a cost associated with exporting logs from the Log Analytics workspace to storage accounts or Event Hubs after 90 days. Option A is incorrect because Azure Sentinel does not inherently store logs in the Log Analytics workspace specifically after 90 days; it uses the Log Analytics workspace from the start. Option D is incorrect as there are other options besides storage accounts, such as Event Hubs, for transferring logs without incurring additional costs for keeping them in the Log Analytics workspace.
Ultimate access to all questions.
No comments yet.
Assess the accuracy of the following statements regarding the storage and management of logs in Azure Sentinel and Log Analytics workspace.
A
Azure Sentinel utilizes Log Analytics workspace to store logs after 90 days if Sentinel is enabled.
B
By default, logs ingested into Microsoft Sentinel are stored in Azure Monitor Log Analytics.
C
There is a cost associated with exporting logs from Log Analytics workspace to storage accounts or Event Hubs after 90 days.
D
A storage account is the sole option for transferring logs without incurring costs to maintain them in Log Analytics workspace.