You create an Azure subscription. You enable Azure Defender for the subscription. You need to use Azure Defender to protect on-premises computers. What should you do on the on-premises computers?
CoPilot answer is: A
The Log Analytics agent enables on-premises computers to communicate with Azure Security Center. This agent collects security data and sends it to Azure Security Center.
While installing the Log Analytics agent (A) directly can onboard machines for some Defender for Cloud capabilities via a Log Analytics workspace, the standard and more integrated modern approach is to use Azure Arc. Installing the Connected Machine agent (D) brings the server under Azure management via Arc, which then facilitates the deployment and management of Defender for Cloud components.
You need to do monitoring and then have Defender react, so A - Log Analytics (or AMA, today) is enough. You don't have to do centralized management in this question.
Changed my mind - it's D - install the connected machine.
Without Arc, we cannot install any extension on-prem, and the agent (LA or AMA) is installed via an extension.
Ref: https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-vm-extensions
You need to install Azure Arc (azure connected Machine).
In short this will create an azure resource representation of onpremise machine that can be partialy managed like azure resources. For instance you can run DfC Regulatory compliance.
The Connected Machine agent (Option D) is used to connect and manage machines that are hosted outside of Azure, such as on-premises or other cloud providers, through Azure Arc12. While it helps in managing these machines, it does not specifically enable the security features provided by Azure Defender.
For Azure Defender to analyze and provide security recommendations, the Log Analytics agent is required. This agent collects data from your on-premises machines and sends it to Azure Monitor, which Azure Defender uses for its security analysis.
So the answer is A
in order to make the Log analytics agent work, you first need the arc agent on an on-prem server (formerly connected machine agent) so D is correct. https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components
Question may be outdated but installing Azure Arc is the first thing to do with an on-prem server. This will ensure you can deploy Azure services like Defender and manage it from the Defender portal. Installing Log Analytics will be to view the Windows logs in a portal like Sentinel so as to be build alerts and rules from those logs. Azure Arc (previously Connected Machine agent) has to be loaded first.
this should be D. For defender to work you need the azure arc agent (or azure connected .... agent) to make it work.
Although, there IS a possibility to deploy it directly without using Arc, but that's not the point of this question.
Think many of these questions are now out of date. Log Analytics Agent is now legacy and is replaced as "Azure Monitor Agent (AMA)" - Examptopics needs to update this whole course I think. Too many things have changed names now so I would expect the exam questions to be different or updated.
Exactly. And Microsoft announced the below
"The English language version of this exam will be updated on March 4, 2024. Review the study guide linked in the “Tip” box for details on upcoming changes. If a localized version of this exam is available, it will be updated approximately eight weeks after this date. While Microsoft makes every effort to update localized versions as noted, there may be times when the localized versions of this exam are not updated on this schedule"
Source: https://learn.microsoft.com/en-us/credentials/certifications/exams/sc-200/
This section is not available anymore. Please use the main Exam Page.SC-200 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Eltooth
Highly Voted 3 years, 8 months agoHaha0010
Highly Voted 2 years, 4 months agoOneplusOne
Most Recent 2 weeks, 3 days agovbcentralsoc
3 weeks, 3 days ago9802f06
1 month, 1 week agoHAjouz
2 months agoxRiot007
5 months, 4 weeks agoxRiot007
4 months, 1 week agoVeiN
7 months, 1 week agoZECO85
9 months agoe072f83
11 months, 2 weeks agoDChilds
1 year, 1 month agoDChilds
1 year, 1 month agoDChilds
1 year, 1 month agoRamye
1 year, 3 months agoRamye
1 year, 3 months agokazaki
1 year, 3 months agokazaki
1 year, 3 months agokabooze
1 year, 7 months agoslurppp
1 year, 7 months agoRamye
1 year, 3 months ago