ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 4 question 12 discussion

Actual exam question from Microsoft's AZ-500
Question #: 12
Topic #: 4
[All AZ-500 Questions]

SIMULATION -
You need to collect all the audit failure data from the security log of a virtual machine named VM1 to an Azure Storage account.
To complete this task, sign in to the Azure portal.
This task might take several minutes to complete You can perform other tasks while the task completes.

Show Suggested Answer Hide Answer
Suggested Answer: See the explanation below.
Step 1: Create a workspace -
Azure Monitor can collect data directly from your Azure virtual machines into a Log Analytics workspace for detailed analysis and correlation.
1. In the Azure portal, select All services. In the list of resources, type Log Analytics. As you begin typing, the list filters based on your input. Select Log Analytics workspaces.

2. Select Create, and then select choices for the following items:

3. After providing the required information on the Log Analytics workspace pane, select OK.
While the information is verified and the workspace is created, you can track its progress under Notifications from the menu.
Step 2: Enable the Log Analytics VM Extension
Installing the Log Analytics VM extension for Windows and Linux allows Azure Monitor to collect data from your Azure VMs.
1. In the Azure portal, select All services found in the upper left-hand corner. In the list of resources, type Log Analytics. As you begin typing, the list filters based on your input. Select Log Analytics workspaces.
2. In your list of Log Analytics workspaces, select DefaultWorkspace (the name you created in step 1).
3. On the left-hand menu, under Workspace Data Sources, select Virtual machines.
4. In the list of Virtual machines, select a virtual machine you want to install the agent on. Notice that the Log Analytics connection status for the VM indicates that it is Not connected.
5. In the details for your virtual machine, select Connect. The agent is automatically installed and configured for your Log Analytics workspace. This process takes a few minutes, during which time the Status shows Connecting.
After you install and connect the agent, the Log Analytics connection status will be updated with This workspace.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm
by dadageer at March 14, 2021, 1:51 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dadageer
Highly Voted 3 years, 8 months ago
Completely wrong solution. Go to VM > Diagnostic Settings > Enable it > point to storage account Under Logs check (Security > Audit Failure) is ticked
upvoted 98 times
Laxreasoning
3 years, 7 months ago
that's the answer I was thinking off.. then to see Azure monitor, happy to see your answer and 6 upvotes
upvoted 2 times
...
macco455
3 years, 7 months ago
Agree, answer is wrong but dadageer is right.
upvoted 3 times
...
...
sheva370
Highly Voted 3 years, 5 months ago
The given answer is wrong. 1. Open the menu for a virtual machine in the Azure portal. 2. Click on Diagnostic settings in the Monitoring section of the VM menu. 3. Click Enable guest-level monitoring if the diagnostics extension hasn't already been enabled. 4. A new Azure Storage account will be created for the VM with the name will be based on the name of the resource group for the VM, and a default set of guest performance counters and logs will be selected. 5. In the Logs tab, select the Audit Failure log to collect from the virtual machine. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-windows-install#install-with-azure-portal
upvoted 16 times
...
mrt007
Most Recent 7 months, 2 weeks ago
Sign in to the Azure portal. Navigate to the virtual machine named VM1. In the left-hand menu, click on “Diagnostic settings”. Click on “Add diagnostic setting”. In the “Diagnostic setting name” field, enter a name for the setting. Under “Log”, select “AuditEvent”. Under “Destination details”, check the “Send to Log Analytics workspace” option. In the “Log Analytics workspace” dropdown, select the workspace that is linked to your Azure Storage account. Click “Save”.
upvoted 1 times
...
gbx077
1 year, 7 months ago
#Exam question March 24, 2023
upvoted 4 times
...
F117A_Stealth
2 years ago
Given answer is wrong. Follow the steps from here: https://learn.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-windows-install
upvoted 1 times
...
Muaamar_Alsayyad
2 years ago
The Question siad Storage Account and not log analytics Chceck dadageer comment, 100% right I also test it
upvoted 1 times
...
satpan
2 years, 7 months ago
the answer is correct.
upvoted 1 times
...
MarioMK
3 years, 5 months ago
Wrong Solution. You should go to the VM > Diagnostic Settings > Enable it if it hasnt been already enabled > Logs > Check if the desired log is selected >Agent > Select the desired Storage account, Log Level etc
upvoted 1 times
...
DeepCyber
3 years, 7 months ago
Agree with dadageer.. Thanks Tested in lab!
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago