After creating a new Azure subscription, you are tasked with making sure that custom alert rules can be created in Azure Security Center. You have created an Azure Storage account. Which of the following is the action you should take?
A.
You should make sure that Azure Active Directory (Azure AD) Identity Protection is removed.
B.
You should create a DLP policy.
C.
You should create an Azure Log Analytics workspace.
D.
You should make sure that Security Center has the necessary tier configured.
C. You should create an Azure Log Analytics workspace.
Azure Security Center leverages Azure Log Analytics to store and analyze security-related data and generate alerts. By creating an Azure Log Analytics workspace, you provide the necessary storage and analysis capabilities for Security Center to generate and manage custom alert rules.
Option A, removing Azure Active Directory (Azure AD) Identity Protection, is unrelated to enabling the creation of custom alert rules in Security Center.
Option B, creating a Data Loss Prevention (DLP) policy, is not directly related to enabling custom alert rules in Security Center. DLP policies are used for managing and preventing data loss in various services and applications.
Option D, configuring the necessary tier in Security Center, may impact the availability of certain features and capabilities, but it is not specifically required to enable the creation of custom alert rules.
To create custom alert rules in Azure Security Center (now Microsoft Defender for Cloud), you need:
An Azure Log Analytics workspace
This is where the security data and logs (such as alerts, assessments, and recommendations) are collected and stored.
Custom alert rules are built using Kusto Query Language (KQL) against this data.
The correct pricing tier for Microsoft Defender for Cloud
You must enable the Microsoft Defender plan (formerly the Standard tier) on the subscription or resource level.
This enables advanced features like:
Custom alert rules
Threat detection
Security recommendations
Azure Security Center relies on Azure Log Analytics to collect and analyze security data. To enable custom alert rules, you need a Log Analytics workspace where Security Center can store and process security events. This allows you to define and configure alerts based on security insights, queries, and threat detection patterns.
Analysis of Other Options:
A (Remove Azure AD Identity Protection) ❌ Incorrect
Azure AD Identity Protection enhances security; removing it has no relevance to enabling custom alerts in Security Center.
B (Create a DLP policy) ❌ Incorrect
Data Loss Prevention (DLP) policies are used in Microsoft Purview and do not directly impact custom alert rules in Security Center.
D (Configure the necessary Security Center tier) ✅ Relevant but secondary
Standard tier of Security Center offers advanced threat protection and custom alert rules, but the first step for alerts is ensuring Log Analytics is set up.
--Questions looks to be outdated--
Azure Security Center has been rebranded as Microsoft Defender for Cloud, and some features and terminology have changed.
Answer: D, You should make sure that Microsoft Defender for Cloud has the necessary plan enabled.
Reason: To create custom alert rules in Microsoft Defender for Cloud (formerly Azure Security Center), you need to have the appropriate Microsoft Defender plan enabled for the resources you want to monitor. Custom alert rules are part of the advanced threat detection capabilities provided by these plans. Simply creating a storage account or Log Analytics workspace is not sufficient to enable this functionality.
Reference: https://learn.microsoft.com/en-us/azure/defender-for-cloud/custom-alert-rules
For today answer is as below:
I think this question now looks like an outdated questions, because now we do not have custom Alert rules in Defender for Cloud we can create it from Azure Monitor but those would be metrics, logs, activity logs, resource health or service health. We can create Security Alerts from Defender for Cloud as of today , this will generate alert regarding to Workloads , such as virtual machines ,storage accounts, container registry and other workloads that can be protected by defender for cloud. This question can come exam like this , if they ask what do we need to create Custom Alerts we need log analytics workspace , if it asks what do we need first to create Security Alerts then we need to upgrade the plan of Defender of Cloud.
The correct action you should take to ensure custom alert rules can be created in Azure Security Center is:
D. You should make sure that Security Center has the necessary tier configured.
Here's why:
Free tier limitations: The free tier of Azure Security Center may not support creating custom alert rules. These rules allow for more granular security monitoring based on your specific needs.
Paid tiers: Upgrading Security Center to a paid tier (such as Standard or Premium) typically unlocks features like custom alert rule creation.
The correct action you should take to ensure custom alert rules can be created in Azure Security Center is:
D. You should make sure that Security Center has the necessary tier configured.
Here's why:
Free tier limitations: The free tier of Azure Security Center may not support creating custom alert rules. These rules allow for more granular security monitoring based on your specific needs.
Paid tiers: Upgrading Security Center to a paid tier (such as Standard or Premium) typically unlocks features like custom alert rule creation.
D. You should make sure that Security Center has the necessary tier configured.
To create custom alert rules in Azure Security Center, you need to have the appropriate tier of Security Center enabled. The Standard tier and the Free tier of Security Center support creating custom alert rules, while the Basic tier does not.
Therefore, after creating a new Azure subscription, you should make sure that Security Center has the necessary tier configured, either Standard or Free, to enable the creation of custom alert rules. Creating an Azure Storage account, creating a DLP policy, or creating an Azure Log Analytics workspace are not directly related to enabling the creation of custom alert rules in Azure Security Center.
This section is not available anymore. Please use the main Exam Page.AZ-500 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
amitdimpy
Highly Voted 2 years, 5 months agoAndre369
Highly Voted 2 years, 1 month agoKnighthell
Most Recent 2 weeks, 4 days agoKnighthell
2 weeks, 4 days agokhamrumunnu
1 month, 1 week agommmyo
1 month, 2 weeks agostonwall12
4 months, 1 week agoJimmy500
11 months agoTognan
1 year, 3 months agoTognan
1 year, 3 months agoJunetGoyal
1 year, 8 months agowardy1983
1 year, 7 months agoESAJRR
1 year, 11 months agoDev1079
2 years agoCock
2 years, 1 month agoAlexPenev95
2 years, 1 month agomajstor86
2 years, 3 months agoDESHAINEMARI
2 years, 4 months agoazlearner001
2 years, 4 months ago