SC-200 Exam QuestionsBrowse all questions from this exam
Go to Exam

SC-200 Exam - Question 258

HOTSPOT

-

Your on-premises network contains a Hyper-V cluster. The cluster contains the virtual machines shown in the following table.

Exam SC-200 Question 258

You have a Microsoft Sentinel workspace named SW1.

You have a data collection rule (DCR) that has the following configurations:

• Name: DCR1

• Destination: SW1

• Platform type: All

• Data collection endpoint: None

• Data source: Windows event logs, Linux syslog

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Exam SC-200 Question 258
Show Answer
Correct Answer:
Exam SC-200 Question 258

Discussion

3 comments
Sign in to comment
Blasty
Feb 24, 2025

I am not entirely sure this is correct. You need the Azure Monitor Agent to add your VMs as a Data Source in Azure for Data Collection Rules. However, when installing the Azure Connected Machine Agent (ACMA) the Azure Monitor Windows Agent is installed as one of the extension within the ACMA package. Therefore I would assume that all VMs listed would be able to be send their Windows Events & Linux Syslog via DCR to the respective Log Analytics Workspace. Log Analytics Workspaces > yourUniqueWorkspace | Agents > Data collection rules > yourUniqueDCR https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-overview

HAjouz
Feb 26, 2025

Answer is correct - to protect you need Machine agent - to Monitor you need AMA previously known as Log analytics agent.

ErikGrabben
Apr 19, 2025

ARC is a requisite for AMA agent when it comes to on-prem