Examice

Exam AZ-500 All QuestionsBrowse all questions from this exam

Question 34

Your company's Azure subscription includes an Azure Log Analytics workspace.

Your company has a hundred on-premises servers that run either Windows Server 2012 R2 or Windows Server 2016, and is linked to the Azure Log Analytics workspace. The Azure Log Analytics workspace is set up to gather performance counters associated with security from these linked servers.

You have been tasked with configuring alerts according to the information gathered by the Azure Log Analytics workspace.

You have to make sure that alert rules allow for dimensions, and that alert creation time should be kept to a minimum. Furthermore, a single alert notification must be created when the alert is created and when the alert is sorted out.

You need to make use of the necessary signal type when creating the alert rules.

Which of the following is the option you should use?

You should make use of the Activity log signal type.

You should make use of the Application Log signal type.

You should make use of the Metric signal type.

You should make use of the Audit Log signal type.

Correct Answer: C

To configure alerts in the Azure Log Analytics workspace that utilize dimensions and minimize alert creation time, the Metric signal type should be used. Metric alerts in Azure Monitor provide a way to get notified when a metric crosses a defined threshold. They support alerting for metrics with dimensions, allowing for fine-tuning of alerts based on specific attributes or properties associated with the collected metrics. Additionally, Metric alerts are capable of providing a single notification when an alert is generated and when it is resolved, fitting the requirement for efficient alerting and resolution notifications.

Discussion

salmantarikOption: C

Correct There are four signal type : Metric, Activity log, Application Insights, and Log. Guys always read the question properly and look for the key words. The key word in the question is "gather PERFORMANCE COUNTERS", the performance counter directly linked to the Metric signal type.

IrishtkOption: C

Ans is C. "Newer metric alerts support alerting for metrics that use dimensions. You can use dimensions to filter your metric to the right level. All supported metrics along with applicable dimensions can be explored and visualized from Azure Monitor - Metrics Explorer" https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-metric-near-real-time#metrics-and-dimensions-supported

mayleviOption: C

Correct. from the given article: "In the Manage rules blade, you can view all your alert rules across subscriptions. You can further filter the rules using Resource group, Resource type, and Resource. If you want to see only metric alerts, select Signal type as Metrics."

Andre369Option: C

The Metric signal type in Azure Log Analytics allows you to create alert rules based on performance counters and metrics collected from the linked servers. By configuring alerts using the Metric signal type, you can leverage dimensions to define specific conditions and thresholds for generating alerts. This enables you to fine-tune the alert rules based on different attributes or properties associated with the collected metrics.

majstor86Option: C

C. You should make use of the Metric signal type.

EzeQ

https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-metric-logs

rohitmedi

correct answer

trashboxOption: C

Infrastructure data that can be collected by Performance Counter are called Metrics. Therefore, it is a Metrics Signal Type.

ESAJRROption: C

C. You should make use of the Metric signal type.

zellckOption: C

C is the answer. https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-types#metric-alerts Metric alert rules include these features: - You can use multiple conditions on an alert rule for a single resource. - You can add granularity by monitoring multiple metric dimensions. - You can use dynamic thresholds, which are driven by machine learning. - You can configure if metric alerts are stateful or stateless. Metric alerts are stateful by default.

sofieejo

In exam 29/01/2023 + many questions about Microsoft Sentinel

blazefather

In exam 31/10/2022

somenick

Confusing question. Windows Performance Counters provide a high-level abstraction layer that provides a consistent interface for collecting various kinds of system data such as CPU, memory, and disk usage. Which of those metrics are security???

arseyam

Exactly, performance counters are not related to security!

fonte

Unusual CPU or Memory usage could be an indicator of something wrong. If you usually have the CPU at 50% and now you see it at 75% or 80% what is causing that spike? Is it a process?! What is that process doing? You see that is sending data to somewhere... boom, you've got yourself a compromised scenario. Now, of course ideally you should have picked up that process long before detecting it by looking at the CPU, but it can happen.

xRiot007

They are, Microsoft Sentinel uses metrics data and combines them with other security events using correlation.

AKYKOption: C

C is the answer

sadakoOption: C

Alerts = Metric

Adonist

Performance = metric