🔥 3-day streak
Microsoft Cybersecurity Architect Expert54 / 158
Question 54 of 158

A global retailer runs Microsoft Defender XDR (Defender for Endpoint, Identity, and Office 365) and Microsoft Sentinel. The SOC complains that a single multistage attack—phishing email, credential theft, then lateral movement to a server—generates separate, disconnected alerts across the Defender portals and Sentinel, forcing analysts to manually stitch the story together. The security architect must design a solution that automatically correlates related alerts from both Defender XDR and Sentinel into a single investigation surface while preserving Sentinel's ability to ingest third-party (non-Microsoft firewall) logs. What should the architect recommend?

Reviewed for accuracy · Report an issueNext question