Exam AZ-301 topic 17 question 29 discussion

Actual exam question from Microsoft's AZ-301

Question #: 29
Topic #: 17

A company has deployed several applications across Windows and Linux Virtual machines in Azure. Log Analytics are being used to send the required data for alerting purposes for the Virtual Machines.
You need to recommend which tables need to be queried for security related queries.
Which of the following would you query for events from Linux system logging?

A. Azure Activity
B. Azure Diagnostics
C. Event
D. Syslog

Show Suggested Answer

Suggested Answer: D 🗳️
This is also given in the Microsoft documentation, wherein you would use the Syslog Table for the queries on events from Linux Virtual machines
Note: Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a
Syslog collector. When the Log Analytics agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to Azure Monitor where a corresponding record is created.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-syslog

by pandeya442 at May 14, 2020, 8:40 a.m.

Comments

Submit Cancel

satwant

4 years, 11 months ago

how is this correct they have windows machines as well ... "A company has deployed several applications across Windows and Linux Virtual machines in Azure" this looks more and more crap solution

upvoted 1 times

chaudh

4 years, 11 months ago

Did you read whole content? "Which of the following would you query for events from Linux system logging?"

upvoted 14 times

fiol82

4 years, 8 months ago

right!

upvoted 1 times

...