This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Check your knowledge of custom log tables, data retention tiers, and Microsoft Purview Audit integration in Microsoft Sentinel.
A security engineer creates a custom table named TradingEvents in the Microsoft Sentinel workspace to store events from a proprietary trading system using the Logs Ingestion API. What is the full table name that appears in the workspace?
TradingEvents
TradingEvents_CL
TradingEvents_LOG
TradingEvents_RAW
Contoso Financial Services must retain security logs for seven years for SOX compliance while keeping the last 90 days immediately queryable for active investigations. Which table retention configuration achieves both requirements at the lowest cost?
Set Analytics tier interactive retention to 90 days and total retention to 2,555 days (approximately seven years) using the Archive tier
Set the Log Analytics workspace default retention to seven years for all tables
Export logs to Azure Blob Storage after 90 days and delete from Microsoft Sentinel
Configure a Basic tier table with 90-day retention
Which permission is required to search Microsoft Purview Audit logs in the Microsoft Defender XDR portal?
View-Only Audit Logs role in Microsoft Purview or Exchange Online
Microsoft Sentinel Contributor role on the Microsoft Sentinel workspace
Security Reader role in Microsoft Entra ID
Log Analytics Contributor role on the Log Analytics workspace
You must answer all questions before checking your work.
Was this page helpful?
Need help with this topic?
Want to try using Ask Learn to clarify or guide you through this topic?