🔥 3-day streak
Microsoft Cybersecurity Architect Expert127 / 158
Question 127 of 158
A financial services company is designing centralized logging in Microsoft Sentinel. They ingest three data sources: (1) sign-in logs used continuously in scheduled analytics rules and near-real-time detections, (2) high-volume network firewall logs that are rarely queried interactively but must be retained 12 months for occasional threat hunting and incident investigation, and (3) verbose application diagnostic logs that are only needed to satisfy a regulatory 7-year retention mandate and are almost never queried. The SOC wants to minimize ingestion and retention cost while preserving detection capability. Which log tier assignment best meets these requirements?
Reviewed for accuracy · Report an issueNext question