🔥 3-day streak
Microsoft Cybersecurity Architect Expert96 / 158
Question 96 of 158
A financial services organization must retain all Microsoft 365 audit records for seven years to satisfy a regulator, while its SOC needs near-real-time access to the same activity data in Microsoft Sentinel for detection and hunting. The compliance team owns retention policy; the SOC owns detection engineering. The architect must design centralized logging that meets long-term retention requirements without forcing the SOC to run costly full-fidelity queries in Sentinel just to satisfy compliance retention. Which design best separates these concerns while keeping both requirements met?
Reviewed for accuracy · Report an issueNext question