Exam SC-200 topic 2 question 33 discussion

Typical Microsoft Question.. In order to collect logs and connect to Defender for Cloud you need Azure monitor Agent, but first you also need to connect the machine to Azure so you have to install Azure Arc Agent which is actually called Azure Connected Machine Agent. So answering this question is impossible because the answers provided are as stupid as the question

Azure Arc for servers installed on your EC2 instances https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings

Non-Azure workloads require Arc before any monitoring is added, just like on-prem

First C and then B

I can't find anything called as "Azure Arc Agent" in the documentation. If this is the Azure Connected Machine agent why don't just call it like that?

As of April 2024, the answer to this question is always the Microsoft Monitoring Agent, previously known as the Log Analytics Agent. The Microsoft Practice exams also highlight the agent even when Azure Arc is part of the choices.

To answer these type of ambiguous question its important to pay attention to " what must be installed first " typically in all cases it will be the ARC AGENT as your answer dont over think this

Correct

ARC is a pre-requisite and enable auto-provisioning.

The question says by using Defender for Cloud -> so Azure Monitor Agent is not the correct Answer. C is the correct answer

La respuesta correc es la C: C. the Azure Arc agent Most Voted Ya que la pregunta hace mención que tambien se requiere resolver vulnerabilidades, al desplegar conectarte con la instancia de EC2 solo se instala AMA, pero para las vulnerabilidades necesitas Microsoft Defender for Server que contiene Microsoft Defender for Endpoint (VM) y esa extensión se instala con Azure Arc.

C. The Azure Arc Agent

Option B (the Azure Monitor agent) is incorrect, as it is used for monitoring and collecting performance data, not security-related logs or vulnerability assessments. Option C (the Azure Arc agent) is also incorrect, as it is used for managing servers and other resources across different environments, but not specifically for collecting security-related logs or vulnerability assessments. Option D (the Azure Pipelines agent) is also incorrect, as it is used for building and deploying applications, not for security-related tasks. To collect logs and resolve vulnerabilities for Server1 using Defender for Cloud, you should install the Microsoft Monitoring Agent (MMA) on Server1 first

In the following article, it is clearly indicated that installing Azure Arc is a prerequisite which is the first thing to do https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings

I will go with C as B doesn't state the correct agent name 'Azure Connected Machine agent'. So 'Azure Arc Agent' makes more sense. Further 'Azure Connected Machine agent' and 'Microsoft Monitoring Agent' is not same.

This is from MS documentation - Non-Azure: To install the agent on physical servers and virtual machines hosted outside of Azure (that is, on-premises) or in other clouds, you must install the Azure Arc Connected Machine agent first, at no added cost.

To connect hybrid machines to Azure, you install the Azure Connected Machine agent on each machine. This agent does not replace the Azure Log Analytics agent / Azure Monitor Agent. The Log Analytics agent or Azure Monitor Agent for Windows and Linux is required in order to: Proactively monitor the OS and workloads running on the machine Manage it using Automation runbooks or solutions like Update Management Use other Azure services like Microsoft Defender for Cloud