AZ-500 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-500 Exam - Question 34

Your company's Azure subscription includes an Azure Log Analytics workspace.

Your company has a hundred on-premises servers that run either Windows Server 2012 R2 or Windows Server 2016, and is linked to the Azure Log Analytics workspace. The Azure Log Analytics workspace is set up to gather performance counters associated with security from these linked servers.

You have been tasked with configuring alerts according to the information gathered by the Azure Log Analytics workspace.

You have to make sure that alert rules allow for dimensions, and that alert creation time should be kept to a minimum. Furthermore, a single alert notification must be created when the alert is created and when the alert is sorted out.

You need to make use of the necessary signal type when creating the alert rules.

Which of the following is the option you should use?

Show Answer
Correct Answer: C

To configure alerts in the Azure Log Analytics workspace that utilize dimensions and minimize alert creation time, the Metric signal type should be used. Metric alerts in Azure Monitor provide a way to get notified when a metric crosses a defined threshold. They support alerting for metrics with dimensions, allowing for fine-tuning of alerts based on specific attributes or properties associated with the collected metrics. Additionally, Metric alerts are capable of providing a single notification when an alert is generated and when it is resolved, fitting the requirement for efficient alerting and resolution notifications.

Discussion

15 comments
Sign in to comment
salmantarikOption: C
Sep 29, 2021

Correct There are four signal type : Metric, Activity log, Application Insights, and Log. Guys always read the question properly and look for the key words. The key word in the question is "gather PERFORMANCE COUNTERS", the performance counter directly linked to the Metric signal type.

IrishtkOption: C
Apr 30, 2022

Ans is C. "Newer metric alerts support alerting for metrics that use dimensions. You can use dimensions to filter your metric to the right level. All supported metrics along with applicable dimensions can be explored and visualized from Azure Monitor - Metrics Explorer" https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-metric-near-real-time#metrics-and-dimensions-supported

mayleviOption: C
Sep 19, 2021

Correct. from the given article: "In the Manage rules blade, you can view all your alert rules across subscriptions. You can further filter the rules using Resource group, Resource type, and Resource. If you want to see only metric alerts, select Signal type as Metrics."

rohitmedi
Nov 28, 2021

correct answer

EzeQ
Dec 29, 2021

https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-metric-logs

majstor86Option: C
Mar 2, 2023

C. You should make use of the Metric signal type.

Andre369Option: C
May 18, 2023

The Metric signal type in Azure Log Analytics allows you to create alert rules based on performance counters and metrics collected from the linked servers. By configuring alerts using the Metric signal type, you can leverage dimensions to define specific conditions and thresholds for generating alerts. This enables you to fine-tune the alert rules based on different attributes or properties associated with the collected metrics.

sadakoOption: C
Nov 29, 2021

Alerts = Metric

Adonist
Jan 5, 2022

Performance = metric

AKYKOption: C
Jan 3, 2022

C is the answer

somenick
Sep 27, 2022

Confusing question. Windows Performance Counters provide a high-level abstraction layer that provides a consistent interface for collecting various kinds of system data such as CPU, memory, and disk usage. Which of those metrics are security???

arseyam
Oct 17, 2022

Exactly, performance counters are not related to security!

fonte
Dec 16, 2022

Unusual CPU or Memory usage could be an indicator of something wrong. If you usually have the CPU at 50% and now you see it at 75% or 80% what is causing that spike? Is it a process?! What is that process doing? You see that is sending data to somewhere... boom, you've got yourself a compromised scenario. Now, of course ideally you should have picked up that process long before detecting it by looking at the CPU, but it can happen.

xRiot007
Jul 15, 2024

They are, Microsoft Sentinel uses metrics data and combines them with other security events using correlation.

blazefather
Nov 8, 2022

In exam 31/10/2022

sofieejo
Jan 30, 2023

In exam 29/01/2023 + many questions about Microsoft Sentinel

zellckOption: C
May 7, 2023

C is the answer. https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-types#metric-alerts Metric alert rules include these features: - You can use multiple conditions on an alert rule for a single resource. - You can add granularity by monitoring multiple metric dimensions. - You can use dynamic thresholds, which are driven by machine learning. - You can configure if metric alerts are stateful or stateless. Metric alerts are stateful by default.

ESAJRROption: C
Jul 7, 2023

C. You should make use of the Metric signal type.

trashboxOption: C
Oct 8, 2023

Infrastructure data that can be collected by Performance Counter are called Metrics. Therefore, it is a Metrics Signal Type.