SC-100 Certification Practice Question #130

Question

Your network contains an on-premises Active Directory Domain Services (AD DS) domain named Domain1. Domain1 contains 10 domain controllers.

You have an Azure subscription named Sub1 that contains a Microsoft Sentinel workspace named WS1.

You have a Microsoft 365 subscription that contains 5,000 users. Each user is assigned a Microsoft 365 E3 license.

You need to recommend a solution to ingest security logs from all the domain controllers into WS1. The solution must meet the following requirements:

•	The cost of ingesting data into WS1 must be minimized.
•	WS1 must ingest all the Windows Security event logs generated by the domain controllers.
•	The solution must support the generation of approximately 350 MB of logs per day from each domain controller.

What should you recommend?

Accepted Answer

The workload is 10 DCs × 350 MB = ~3.5 GB/day of Windows Security event logs that must all reach WS1 at minimum cost. The E3 → E5 upgrade activates the documented "Microsoft Sentinel benefit for Microsoft 365 E5, A5, F5, and G5 customers," which grants free Sentinel data-ingestion allowance scaled to the user count (5,000 users), far exceeding 3.5 GB/day — making ingestion of the full Security log free, which is exactly the "minimize cost while ingesting all logs" requirement. Options C/D/E each break a stated requirement (full fidelity, ingest all logs, all DCs). The community leans B (Defender for Servers Plan 2, 500 MB/node/day = 5 GB/day across 10 nodes), which mathematically also covers the volume; this is a genuine split, so confidence is held at 80% — but the official Suggested Answer is A and the E5 Sentinel offer is the canonical cost-minimization mechanism for this scenario.

More SC-100 practice questions