ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 4 question 36 discussion

Actual exam question from Microsoft's AZ-500
Question #: 36
Topic #: 4
[All AZ-500 Questions]

HOTSPOT -
You suspect that users are attempting to sign in to resources to which they have no access.
You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The results must only show users who had more than five failed sign-in attempts.
How should you configure the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
The following example identifies user accounts that failed to log in more than five times in the last day, and when they last attempted to log in. let timeframe = 1d;

SecurityEvent -
| where TimeGenerated > ago(1d)
| where AccountType == 'User' and EventID == 4625 // 4625 - failed log in
| summarize failed_login_attempts=count(), latest_failed_login=arg_max(TimeGenerated, Account) by Account
| where failed_login_attempts > 5
| project-away Account1
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/examples
by Davidq3 at June 19, 2020, 3:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gboyega
Highly Voted 3 years, 7 months ago
Answer is Correct
upvoted 32 times
...
Davidq3
Highly Voted 3 years, 7 months ago
Correct
upvoted 7 times
...
majstor86
Most Recent 11 months ago
1. EventID 2. Count()
upvoted 4 times
...
ligu
11 months, 2 weeks ago
The answer is correct. EventID and Count()
upvoted 2 times
...
F117A_Stealth
1 year, 2 months ago
100% correct. I have done this many times in my Org. EventID and count()
upvoted 3 times
...
Exams_Prep_2021
1 year, 7 months ago
In Exam - 20/6/2022 - 1 Case Study ( 6 ) - Lab ( 10 Tasks )
upvoted 3 times
...
Eltooth
1 year, 10 months ago
Answer is correct - EventID and count()
upvoted 3 times
...
Jco
2 years, 4 months ago
#exam ques # 29 Sep
upvoted 2 times
...
kam117
2 years, 4 months ago
## Exam Question - 24 Sept 2021 ##
upvoted 1 times
...
PM2
2 years, 11 months ago
in the exam
upvoted 7 times
...
zic04
3 years ago
correct
upvoted 1 times
...
tuta
3 years, 1 month ago
simple logic = correct
upvoted 6 times
...
maj79
3 years, 7 months ago
agree with answer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel