I think the first should be NO. Azure Sentinel use Log Analytics workspace to stored log. After 90 days if Sentinel is enabled. Then you can export of logs from your Log Analytics workspace to destinations such as Azure Storage and Event Hub.

Sentinel Stores your events in a Log Analytics workspace and can retrieve events from a starage location. it doesnt store the events in a storage location.

First answer is incorrect. As pointed out by others, Sentinel doesn't store content in storage account but in Log Analytics. Can say for sure since completed SC-200 few weeks back and SC-900 with 1000/1000 and one of the question was similar

https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/ Microsoft Sentinel provides intelligent security analytics across your enterprise. The data for this analysis is stored in an Azure Monitor Log Analytics workspace. Microsoft Sentinel is billed based on the volume of data ingested for analysis in Microsoft Sentinel and stored in the Azure Monitor Log Analytics workspace. Microsoft Sentinel offers a flexible and predictable pricing model. There are two ways to pay for the Microsoft Sentinel service: Capacity Reservations and Pay-As-You-Go. Q1: NO

YYY : Yes, Azure Sentinel can store collected events in an Azure Storage account. Azure Sentinel is a cloud-native security information and event management (SIEM) solution provided by Microsoft. It enables organizations to collect, analyze, and respond to security events and incidents across their environment. Azure Sentinel can ingest data from various sources, including logs and events from Azure services, on-premises infrastructure, and third-party systems. The collected events can be stored in an Azure Storage account, which provides a scalable and durable storage solution for the data. This allows organizations to retain and analyze security event data over a longer period of time, as required by their compliance or investigative needs.

Microsoft Sentinel security analytics data is stored in an Azure Monitor Log Analytics workspace. Billing is based on the volume of that data in Microsoft Sentinel and the Azure Monitor Log Analytics workspace storage.

Hi guys, please check the below link for clarity, I will go with NYY. As you plan your Microsoft Sentinel deployment, you typically want to understand its pricing and billing models to optimize your costs. Microsoft Sentinel's security analytics data is stored in an Azure Monitor Log Analytics workspace. Billing is based on the volume of data analyzed in Microsoft Sentinel and stored in the Log Analytics workspace. https://learn.microsoft.com/en-us/azure/sentinel/billing?tabs=simplified%2Ccommitment-tiers

No, Azure Sentinel does not store collected events in an Azure Storage account. Azure Sentinel stores events in a centralized Log Analytics workspace. The Log Analytics workspace acts as the data repository for Azure Sentinel and provides a single place for storing, analyzing, and querying security-related data from various sources.

now called Microsoft Sentinel

By default, logs ingested into Microsoft Sentinel are stored in Azure Monitor Log Analytics, So Q1 is NO

No. Azure Sentinel stores collected events in Azure Log Analytics workspaces, not in an Azure Storage account. Yes. Azure Sentinel can remediate incidents automatically using Playbooks, which are collections of procedures that can be run from Azure Sentinel. Yes. Azure Sentinel can collect Windows Defender firewall logs from Azure VMs.

N,Y,Y is corrrect

N,Y,Y is the correct answer

YYY https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/azure-storage-account Azure Storage account is a cloud solution for modern data storage scenarios. It contains all your data objects: blobs, files, queues, tables, and disks. This connector lets you stream Azure Storage accounts diagnostics logs into your Microsoft Sentinel workspace, allowing you to continuously monitor activity in all your instances, and detect malicious activity in your organization. For more information, see the

NYY - Stores events in Log Analytics workspace

what is the ans for Q1?

SO for #1 whats the answer?