ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 1 question 10 discussion

Actual exam question from Microsoft's SC-100
Question #: 10
Topic #: 1
[All SC-100 Questions]

HOTSPOT -
Your company uses Microsoft Defender for Cloud and Microsoft Sentinel.
The company is designing an application that will have the architecture shown in the following exhibit.

You are designing a logging and auditing solution for the proposed architecture. The solution must meet the following requirements:
✑ Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel.
✑ Use Defender for Cloud to review alerts from the virtual machines.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Data connectors -
Microsoft Sentinel connector streams security alerts from Microsoft Defender for Cloud into Microsoft Sentinel.
Launch a WAF workbook (see step 7 below)
The WAF workbook works for all Azure Front Door, Application Gateway, and CDN WAFs. Before connecting the data from these resources, log analytics must be enabled on your resource.
To enable log analytics for each resource, go to your individual Azure Front Door, Application Gateway, or CDN resource:
1. Select Diagnostic settings.
2. Select + Add diagnostic setting.
3. In the Diagnostic setting page (details skipped)
4. On the Azure home page, type Microsoft Sentinel in the search bar and select the Microsoft Sentinel resource.
5. Select an already active workspace or create a new workspace.
6. On the left side panel under Configuration select Data Connectors.
7. Search for Azure web application firewall and select Azure web application firewall (WAF). Select Open connector page on the bottom right.
8. Follow the instructions under Configuration for each WAF resource that you want to have log analytic data for if you haven't done so previously.
9. Once finished configuring individual WAF resources, select the Next steps tab. Select one of the recommended workbooks. This workbook will use all log analytic data that was enabled previously. A working WAF workbook should now exist for your WAF resources.

Box 2: The Log Analytics agent -
Use the Log Analytics agent to integrate with Microsoft Defender for cloud.

The Log Analytics agent is required for solutions, VM insights, and other services such as Microsoft Defender for Cloud.
Note: The Log Analytics agent in Azure Monitor can also be used to collect monitoring data from the guest operating system of virtual machines. You may choose to use either or both depending on your requirements.

Azure Log Analytics agent -
Use Defender for Cloud to review alerts from the virtual machines.
The Azure Log Analytics agent collects telemetry from Windows and Linux virtual machines in any cloud, on-premises machines, and those monitored by System
Center Operations Manager and sends collected data to your Log Analytics workspace in Azure Monitor.
Incorrect:
The Azure Diagnostics extension does not integrate with Microsoft Defender for Cloud.
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/waf-sentinel https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview
by Alex_Burlachenko at Aug. 30, 2022, 6:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
HardcodedCloud
Highly Voted 2 years, 3 months ago
Correct Answer
upvoted 24 times
...
prabhjot
Highly Voted 2 years, 3 months ago
For WAF - in Sentinel we have Data Conenctor For the VM - we have to install the Log analytics agent in teh VM in the cloud or on premises The ans is correct
upvoted 20 times
...
Abengbeng
Most Recent 4 months, 4 weeks ago
Taken exam Jan 2025 - Log Analytics Agent was not in the options anymore. Only 4 options remaining what could be the ans?
upvoted 2 times
Ali96
4 months ago
Azure Monitor Agent
upvoted 2 times
...
...
Strive_for_greatness_kc
9 months, 2 weeks ago
Now we can also use data connectors on VM which automatically install Azure Monitor Agent
upvoted 5 times
Henk1982
8 months, 2 weeks ago
Correct, LAA is being deprecated
upvoted 2 times
...
...
JG56
1 year, 1 month ago
in Exam Nov 2023 1. Data Connectors 2. Log analytics agent
upvoted 4 times
...
smanzana
1 year, 2 months ago
1. Data connectors 2. Log Analytics agent
upvoted 2 times
...
Ario
1 year, 5 months ago
correct answer
upvoted 2 times
...
Holii
1 year, 5 months ago
I hate it when questions mention Azure Diagnostics extension... (As an example) Setup the Diagnostic Settings in Azure AD to stream data to a Log Analytics workspace that hosts Sentinel, you will notice that the Azure AD connector becomes enabled. I know this would make more sense to just say 'enable the connector', but it's technically correct as well if you stream it to LA; it works the same as if it was a data connector to Sentinel.
upvoted 3 times
...
zellck
1 year, 7 months ago
1. Data connectors 2. Log Analytics agent (but should use Azure Monitor Agent now) https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/azure-web-application-firewall-waf https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate
upvoted 5 times
zellck
1 year, 7 months ago
https://learn.microsoft.com/en-us/azure/defender-for-cloud/working-with-log-analytics-agent https://learn.microsoft.com/en-us/azure/defender-for-cloud/auto-deploy-azure-monitoring-agent
upvoted 1 times
...
...
fchahin
1 year, 8 months ago
I agree with the answers
upvoted 1 times
...
TJ001
1 year, 12 months ago
Correct Answers New name for Log Analytics Agent - Azure Monitoring Agent
upvoted 8 times
EM1234
1 year, 8 months ago
No. It is not just a new name. Those are two completely different monitoring agents that in some cases can and need to both be installed. They can do similar things though.
upvoted 2 times
...
...
panoz
2 years ago
Nobody will comment that the azure firewall (premium) should be BEFORE the application gateway?
upvoted 1 times
erjosito
3 months, 2 weeks ago
Incorrect (although not relevant for the question): if you put AzFW premium before AppGW, you will not be able to inspect TLS traffic, unless you find a way to install your own private CA in every one of your app client devices so that they trust the self-signed certificates that AzFW generates on the fly to decrypt TLS.
upvoted 1 times
...
TJ001
1 year, 12 months ago
It depends (premium SKU has application level filtering properties but not WAF).Both pattern works it depends where the public exposure is agreed in the APP GW or FW. Have seen more patterns to keep the APP GW behind FW; in which case only the private listener of APP GW is activated and public one even if reachable will just drop any connection requests.
upvoted 2 times
...
acert976
2 years ago
it depends on the requirement, please refer here for reference https://learn.microsoft.com/en-us/azure/architecture/example-scenario/gateway/firewall-application-gateway#application-gateway-before-firewall
upvoted 1 times
...
...
tester18128075
2 years, 3 months ago
waf - Data connector VM - LA Agent
upvoted 7 times
...
Alex_Burlachenko
2 years, 3 months ago
both are correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel