Exam AZ-304 topic 2 question 47 discussion

Answer is correct, we should query against Logs not 'Activity Log’. 'Activity Log' is for recording changes of Azure Resources such as create or modify Azure resource. We are asked to generate alert based on Sign in event, which should be 'Logs'.

the second should be "Activity Log"

answer is correct: https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule?tabs=metric

Log Analitics workspace to keep data longer then month and be able to use queries and alerts. Sign-in logs to look for events related to authentication.

Log alert: an alert created from a query in Log Analytics Activity log alert: an alert created using the activity log as the source, nothing to do with log analytics https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-types

The first one is Azure Event, you can check the link https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log#:~:text=CategoryValue%20%3D%3D%20%22Administrative%22-,Send%20to%20Azure%20Event%20Hubs,the%20records%20in%20each%20payload.

Answer is correct Choose the same cleared with 900 on 17th October 2021

Answer is correct - Monitor sign-in and audit logs Organizations should monitor sign-in and audit log activity from the emergency accounts and trigger notifications to other administrators. When you monitor the activity on break glass accounts, you can verify these accounts are only used for testing or actual emergencies. You can use Azure Log Analytics to monitor the sign-in logs and trigger email and SMS alerts to your admins whenever break glass accounts sign in. https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa

https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics In the Diagnostic settings menu, select the Send to Log Analytics workspace check box, and then select Configure. https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-log Given answer is correct; Log Analytics Workspace and Log

correct

Given answer is correct. Kindly refer https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-log

on exam (7-19-2021). passed 304

I believe answer is correct. This scenario is described here: https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access#create-an-alert-rule We have to use Custom log search that is assigned to Log signal type

The answer is correct: I noticed that are some question on the second box if it is Activity Log or Log and even though you would find sign-in information in both, you can only do query based on KUSTO with LOG, and as the admin wants to me notified "based on specific user sign-in events.", so LOG here is the right one, as he will be able to create a query to define this specific event. That is the reason LOG is chosen here. So answer is correct.

Answers are correct for second box you can use log for alerting https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-unified-log

User Sign-in is 'Activity Log' and 'Activity Log' is available signal. Therefore the second should be 'Activity Log'.

Monitor generate alerts on Metric and ACTIVITY LOG only!!