I think it is NSG . basic internal load balancer doesn't have Metrics enabled .it need to be standard LB

I think that first answer is "An azure storage account" and second answer is "NSG1" https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal?toc=/azure/virtual-network/toc.json

2nd. NSG for me

Refer this -https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-nsg-manage-log#:~:text=View%20and%20analyze%20logs,-To%20learn%20how&text=Azure%20Monitor%20logs%3A%20You%20can,interface%20in%20a%20virtual%20machine. Basic ILB can not send logs to azure monitor but , NSG can collect all the accepted/denied flow logs to log analytics for interactive queries . so correct answer 1. Log Analytics 2. NSG

2 nd one should be Azure VM's. From ILB the connections will go to background VW's, if we enable diagnostics on background Azure VM's. We can get the dat about the IP addresses connected to it. 1) Log Analytics Workspace (as we can run interactive quarries) 2) VM's in the backend pool

1 option same as answer 2nd option for me NSG1

the second part is NSG https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-nsg-manage-log

Azure virtual networks have NSG flow logs, which provide you information about ingress and egress IP traffic through a Network Security Group associated to individual network interfaces, VMs, or subnets. 2. It might be NSG

Tested in Azure, confirm that Analytics Logs is only available in PUBLIC BASIC LB. INTERNAL BASIC LB could not be configured to send events to Logs Analytic space. Answer should be NSG.

Think 2nds one should be NSG as this can use the MAC addresses of incoming connections to the 3 VMs in this case

Here they gave, in second box, NSG1 as correct answer: https://www.examtopics.com/exams/microsoft/az-102/view/13/

Correct answer should be: 1. Log analytics workspace. 2. NSG1

Box1: An Azure Log Analytics Workspace Box2: NSG1 (as basic internal Load Balancer can’t have diagnostics option)

After check that with internal LB the Diagnostic Settings are not available (just in a external/public one) I would say that the provided solution seems correct.

Log Analytics workspace on NSG1 Log Analytics rather than Storage account for the interactive queries NSG1 because basic Internal load balancers (pubic lb is a different story) do not have logging settings

Azure storage account is needed for archiving.

Guys this should be NSG Flow Logs and stored in a Storage Account. https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview The Basic LB will not provide logging for IP flow which is what the question is asking. The Basic LB can provide logs, but these are administrative and activity logs, not IP/traffic logs. One thing to bear in mind with Flow Logs on an NSG with VMs behind a Basic Load Balancer: VMs that don't have a public IP address assigned via a public IP address associated with the NIC as an instance-level public IP, or that are part of a basic load balancer back-end pool, use default SNAT and have an IP address assigned by Azure to facilitate outbound connectivity. As a result, you might see flow log entries for flows from internet IP addresses, if the flow is destined to a port in the range of ports assigned for SNAT. While Azure won't allow these flows to the VM, the attempt is logged and appears in Network Watcher's NSG flow log by design. We recommend that unwanted inbound internet traffic be explicitly blocked with NSG.