ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 5 question 68 discussion

Actual exam question from Microsoft's AZ-500
Question #: 68
Topic #: 5
[All AZ-500 Questions]

HOTSPOT
-

You have a Microsoft Sentinel deployment.

You need to connect a third-party security solution to the deployment. The third-party solution will send Common Event Format (CEF)-formatted messages.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by juandmi at Jan. 10, 2023, 10:34 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zellck
Highly Voted 1 year ago
1. Linux server and a Syslog forwarder daemon 2. Azure Monitor agent https://learn.microsoft.com/en-us/azure/sentinel/connect-common-event-format There are two main steps to making this connection, that will be explained below in detail: - Designating a Linux machine or VM as a dedicated log forwarder, installing the Log Analytics agent on it, and configuring the agent to forward the logs to your Microsoft Sentinel workspace. The installation and configuration of the agent are handled by a deployment script. - Configuring your device to send its logs in CEF format to a Syslog server.
upvoted 13 times
zellck
1 year ago
https://learn.microsoft.com/en-us/azure/sentinel/connect-log-forwarder?tabs=rsyslog To ingest Syslog and CEF logs into Microsoft Sentinel, particularly from devices and appliances onto which you can't install the Log Analytics agent directly, you'll need to designate and configure a Linux machine that will collect the logs from your devices and forward them to your Microsoft Sentinel workspace. This machine can be a physical or virtual machine in your on-premises environment, an Azure VM, or a VM in another cloud. This machine has two components that take part in this process: - A syslog daemon, either rsyslog or syslog-ng, that collects the logs. - The Log Analytics Agent (also known as the OMS Agent), that forwards the logs to Microsoft Sentinel.
upvoted 5 times
...
...
ESAJRR
Most Recent 7 months, 2 weeks ago
1. Linux server and a Syslog forwarder daemon 2. Azure Monitor agent
upvoted 1 times
...
Self_Study
9 months, 1 week ago
On an exam on 7/8/23, question was the same, different options provided
upvoted 4 times
...
majstor86
1 year, 2 months ago
Deploy: A Linux server and a syslog forwarder deamon Forward events to Microsoft Sentinel: An Azure log analytics agent
upvoted 4 times
majstor86
1 year, 2 months ago
Deploy: A Linux server and a syslog forwarder deamon Forward events to Microsoft Sentinel: An Azure log analytics(Azure monitor) agent
upvoted 3 times
...
...
AzureJobsTillRetire
1 year, 3 months ago
Phew, the last new question in Jan 2023. Thank you all my fellow examtopicsers. I think I got a few of those new questions wrong initially, but with your help, we've come to the correct answers for most of those new questions in the end. I have exam tomorrow. Good luck to everyone!
upvoted 3 times
AzureJobsTillRetire
1 year, 3 months ago
I passed the exam yesterday with 935+. Got quite a few new questions in my exam. Check the comments and follow the highest voted for those new questions and you should be all good. Good luck folks!
upvoted 9 times
AzureJobsTillRetire
1 year, 3 months ago
I mean new questions in this round (Jan 2023). I think I only got 1 or 2 completely new questions.
upvoted 4 times
...
...
...
Ajdlfasudfo0
1 year, 3 months ago
duplicate, answer correct
upvoted 2 times
...
juandmi
1 year, 4 months ago
answers are correct: https://learn.microsoft.com/en-us/azure/sentinel/connect-common-event-format
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago