ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 5 question 54 discussion

Actual exam question from Microsoft's AZ-500
Question #: 54
Topic #: 5
[All AZ-500 Questions]

HOTSPOT
-

You have a Microsoft Sentinel deployment.

You need to connect a third-party security solution to the deployment. The third-party solution will send Common Event Format (CEF)-formatted messages.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by AzureJobsTillRetire at Jan. 16, 2023, 7:54 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zellck
Highly Voted 2 years, 1 month ago
1. Linux server and a Syslog forwarder daemon 2. Azure Log Analytics agent https://learn.microsoft.com/en-us/azure/sentinel/connect-log-forwarder?tabs=rsyslog To ingest Syslog and CEF logs into Microsoft Sentinel, particularly from devices and appliances onto which you can't install the Log Analytics agent directly, you'll need to designate and configure a Linux machine that will collect the logs from your devices and forward them to your Microsoft Sentinel workspace. This machine can be a physical or virtual machine in your on-premises environment, an Azure VM, or a VM in another cloud. This machine has two components that take part in this process: - A syslog daemon, either rsyslog or syslog-ng, that collects the logs. - The Log Analytics Agent (also known as the OMS Agent), that forwards the logs to Microsoft Sentinel.
upvoted 11 times
...
NeoTactics
Most Recent 8 months, 2 weeks ago
Is this question probably outdated? Nowadays Azure Monitor Agent is used instead of Log Analytics Agent and deployed by first onboarding a machine to Azure Arc using connected Machine Agent/Azure Arc Agent. Then AMA is installed as a VM extension to the machine.
upvoted 2 times
...
zellck
2 years, 1 month ago
Same as Question 68. https://www.examtopics.com/discussions/microsoft/view/94659-exam-az-500-topic-5-question-68-discussion
upvoted 4 times
...
Johnvic
2 years, 1 month ago
Exam.6 case studies. 3 true/false questions. 47 multiple questions and no simulations. Alot of new questions thats not up here. Second box is Microsoft monitor agent
upvoted 1 times
...
majstor86
2 years, 3 months ago
Deploy: A Linux server and a syslog forwarder deamon Forward events to Microsoft Sentinel: An Azure log analytics agent
upvoted 4 times
...
AzureJobsTillRetire
2 years, 4 months ago
It seems to be correct. https://docs.microsoft.com/en-us/azure/sentinel/connect-common-event-format
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel