ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 4 question 22 discussion

Actual exam question from Microsoft's SC-200
Question #: 22
Topic #: 4
[All SC-200 Questions]

HOTSPOT
-

You have an on-premises Linux server that runs a background process named App1 and has the Azure Connected Machine agent installed.

You have a Microsoft Sentinel workspace named WS1.

You need to configure a data collection rule (DCR) named DCR1 that will use the Syslog via AMA connector to collect messages related to App1. The solution must meet the following requirements:

• Only collect messages that have a priority level of critical.
• Minimize the volume of data collected.

Which facility and log level should you configure for DCR1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Blasty at Feb. 20, 2025, 1:30 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Krayzr
1 week, 6 days ago
LOG_DEAMON LOG_ERR The requirement to "collect only messages that have a priority level of critical" suggests an exact match for severity 2, but Syslog typically doesn’t support filtering to a single severity level—it collects a specified level and above (more severe). Given the options, none allow isolating only critical messages: LOG_EMERG misses critical entirely. LOG_ERR includes critical but also emergency, alert, and error. LOG_WARN and LOG_DEBUG include critical plus even more levels, increasing data volume. However, the second requirement, "minimize the volume of data collected," suggests selecting the option that reduces unnecessary messages while still capturing critical ones. Since LOG_CRIT isn’t available, LOG_ERR is the closest option that includes critical (severity 2) as part of its range (0–3). While it collects extra levels (emergency, alert, error), it excludes less severe levels (warning, notice, info, debug) compared to LOG_WARN or LOG_DEBUG, thus reducing data volume relative to those options.
upvoted 1 times
Krayzr
1 week, 6 days ago
0: Emergency (LOG_EMERG) 1: Alert 2: Critical (LOG_CRIT) 3: Error (LOG_ERR) 4: Warning (LOG_WARN) 5: Notice 6: Info 7: Debug (LOG_DEBUG)
upvoted 1 times
...
...
Peta_San
2 months, 1 week ago
DAEMON and EMERG are correct per GPT4
upvoted 2 times
...
Blasty
3 months, 2 weeks ago
I would say LOG_DAEMON & LOG_EMERG. The question is stating that App1 runs as a background process. Therefore LOG_DAEMON would make sense.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel