ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 2 question 47 discussion

Actual exam question from Microsoft's AZ-304
Question #: 47
Topic #: 2
[All AZ-304 Questions]

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant.
You plan to use Azure Monitor to monitor user sign-ins and generate alerts based on specific user sign-in events.
You need to recommend a solution to trigger the alerts based on the events.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: An Azure Log Analytics workspace
To be able to create an alert we send the Azure AD logs to An Azure Log Analytics workspace.
Note: You can forward your AAD logs and events to either an Azure Storage Account, an Azure Event Hub, Log Analytics, or a combination of all of these.

Box 2: Log -
Ensure Resource Type is an analytics source like Log Analytics or Application Insights and signal type as Log.
Reference:
https://4sysops.com/archives/how-to-create-an-azure-ad-admin-login-alert/ https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log
by dadageer at April 30, 2021, 10:44 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
JasonYin
Highly Voted 4 years, 2 months ago
Answer is correct, we should query against Logs not 'Activity Log’. 'Activity Log' is for recording changes of Azure Resources such as create or modify Azure resource. We are asked to generate alert based on Sign in event, which should be 'Logs'.
upvoted 48 times
...
QiangQiang
Highly Voted 4 years, 3 months ago
the second should be "Activity Log"
upvoted 19 times
gssd4scoder
4 years, 2 months ago
no, activity log records other kind of activities: https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log
upvoted 4 times
Kevmeister
4 years, 2 months ago
Agreed, As per https://4sysops.com/archives/how-to-create-an-azure-ad-admin-login-alert/ it specifically states: "In the Log Analytics workspaces > platform - Logs tab, you gain access to the online Kusto Query Language (KQL) query editor. In my environment, the administrator I want to alert has a User Principal Name (UPN) of [email protected]. We can run the following query to find all the login events for this user:"
upvoted 2 times
...
examineezer
3 years, 7 months ago
There's another type of activity log https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-activity-logs-azure-monitor
upvoted 1 times
examineezer
3 years, 7 months ago
Having said that... when we create an "activity log" alert, this is linked to Resource Activity Logs, and not AAD Activity Logs. So QiangQiang is wrong.
upvoted 2 times
...
...
...
JayBee65
3 years, 1 month ago
No, The Azure Activity log provides insight into any subscription-level events that have occurred in Azure, e.g. all create, update, delete, and action operations performed through Resource Manager. All log types can be found here https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log-schema
upvoted 2 times
...
...
Snownoodles
Most Recent 2 years, 10 months ago
answer is correct: https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule?tabs=metric
upvoted 1 times
Snownoodles
2 years, 10 months ago
Sorry, the 2nd should be "Activity log" "Activity log alerts are triggered when a new activity log event occurs that matches the defined conditions" https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-overview#types-of-alerts Log is for "statistics" based on Log analytics. "Activity Log" is for event
upvoted 1 times
...
...
One111
2 years, 11 months ago
Log Analitics workspace to keep data longer then month and be able to use queries and alerts. Sign-in logs to look for events related to authentication.
upvoted 1 times
...
AberdeenAngus
3 years, 2 months ago
Log alert: an alert created from a query in Log Analytics Activity log alert: an alert created using the activity log as the source, nothing to do with log analytics https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-types
upvoted 1 times
...
HananS
3 years, 5 months ago
The first one is Azure Event, you can check the link https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log#:~:text=CategoryValue%20%3D%3D%20%22Administrative%22-,Send%20to%20Azure%20Event%20Hubs,the%20records%20in%20each%20payload.
upvoted 1 times
...
sharepoint_Azure_pp
3 years, 10 months ago
Answer is correct Choose the same cleared with 900 on 17th October 2021
upvoted 7 times
...
sandyman
3 years, 10 months ago
Answer is correct - Monitor sign-in and audit logs Organizations should monitor sign-in and audit log activity from the emergency accounts and trigger notifications to other administrators. When you monitor the activity on break glass accounts, you can verify these accounts are only used for testing or actual emergencies. You can use Azure Log Analytics to monitor the sign-in logs and trigger email and SMS alerts to your admins whenever break glass accounts sign in. https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa
upvoted 2 times
...
syu31svc
3 years, 10 months ago
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics In the Diagnostic settings menu, select the Send to Log Analytics workspace check box, and then select Configure. https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-log Given answer is correct; Log Analytics Workspace and Log
upvoted 2 times
...
Gautam1985
3 years, 11 months ago
correct
upvoted 2 times
...
kumarts
4 years ago
Given answer is correct. Kindly refer https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-log
upvoted 2 times
...
tvs2021
4 years ago
on exam (7-19-2021). passed 304
upvoted 4 times
RickMorais
3 years, 11 months ago
Nice... but the relevant information was your choice in the test.
upvoted 3 times
JayBee65
3 years, 1 month ago
Not unless they scored 100%
upvoted 2 times
...
...
nsvijay04b1
3 years, 11 months ago
congratulations. Would be great if you confirm the right answer.
upvoted 3 times
...
...
norbitek
4 years, 1 month ago
I believe answer is correct. This scenario is described here: https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access#create-an-alert-rule We have to use Custom log search that is assigned to Log signal type
upvoted 7 times
nicksb19
4 years, 1 month ago
Signal type Log and using "Custom log Search" is correct. Activity Log has only 9 options none of which satisfy to get sign-on details. Also the below is most likely the search query you need to include: // All SiginLogs events // All Azure signin events. SigninLogs | project UserDisplayName, Identity,UserPrincipalName, AppDisplayName, AppId, ResourceDisplayName
upvoted 3 times
...
...
GetulioJr
4 years, 2 months ago
The answer is correct: I noticed that are some question on the second box if it is Activity Log or Log and even though you would find sign-in information in both, you can only do query based on KUSTO with LOG, and as the admin wants to me notified "based on specific user sign-in events.", so LOG here is the right one, as he will be able to create a query to define this specific event. That is the reason LOG is chosen here. So answer is correct.
upvoted 3 times
...
neokrieg
4 years, 2 months ago
Answers are correct for second box you can use log for alerting https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-unified-log
upvoted 1 times
...
erickim007
4 years, 2 months ago
User Sign-in is 'Activity Log' and 'Activity Log' is available signal. Therefore the second should be 'Activity Log'.
upvoted 3 times
...
Oracleist
4 years, 3 months ago
Monitor generate alerts on Metric and ACTIVITY LOG only!!
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel