You have an Azure subscription that contains multiple virtual machines in the West US Azure region.
You need to use Traffic Analytics in Azure Network Watcher to monitor virtual machine traffic.
Which two resources should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
To use Traffic Analytics in Azure Network Watcher, you need to monitor and analyze network traffic data collected from various sources. A Log Analytics workspace is essential as it stores and analyzes the network traffic data. Additionally, a storage account is necessary for NSG flow logs, which are utilized by Traffic Analytics for deeper insights into traffic flow in the Azure environment. These NSG flow logs require storing in a storage account before being analyzed by Traffic Analytics.
To use Traffic Analytics in Azure Network Watcher to monitor virtual machine traffic, you need to create the following resources: A. A Log Analytics workspace - Traffic Analytics requires a Log Analytics workspace to store and analyze network traffic data. E. A Data Collection Rule (DCR) in Azure Monitor - You need to create a Data Collection Rule within Azure Monitor to specify what data should be collected and sent to the Log Analytics workspace, including the network traffic data for Traffic Analytics. So, options A and E are the correct answers.
To use Traffic Analytics in Azure Network Watcher, you need to create a Log Analytics workspace and a storage account. A Log Analytics workspace is a cloud-based repository that collects and stores data from various sources, such as NSG flow logs. A storage account is a container that provides a unique namespace to store and access your data objects in Azure Storage. You need to enable NSG flow logs and configure them to send data to both the Log Analytics workspace and the storage account. Traffic Analytics analyzes the NSG flow logs and provides insights into traffic flow in your Azure cloud.
I'd argue for AC if only because it says this " Caution Data collection rule and data collection endpoint resources are created and managed by traffic analytics. If you perform any operation on these resources, traffic analytics may not function as expected." https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics#prerequisites And the FAQ mentions flow logs being stored into a storage account: https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq
This is a useful link, thanks! - It does seem to support AE as the correct answer, though. - See how NSGs are linked to Log Analytic workspaces: "Network security groups can be in different regions than your Log Analytics workspace." (https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq#can-i-enable-flow-logs-for-network-security-groups-that-are-in-different-regions-than-my-workspace-region-) - See how Traffic Analytics is linked to Log Analytic workspaces: "All resources must be in the same tenant including Network security groups, flow logs, storage accounts & Log Analytics workspaces (in cases where Traffic Analytics is enabled)." (https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq#can-my-flow-log-resources-and-storage-accounts-be-in-different-tenants-)
The link continues to mention both "storage accounts & Log Analytics workspaces".
Read the questions guys, we are using Network Watcher to log network traffic between VMs, therefore you do not need a DCR in Azure Monitor as the question does not specify which type of data it is looking for. You just need a storage account to store traffic logs and then Log Analytics workplace to analyze the data.
Traffic analytics requires the following prerequisites: - An Azure Log Analytics workspace with read and write access - NSG flow logs enabled for the network security groups you want to monitor or VNet flow logs enabled for the virtual network you want to monitor. To enhttps://www.examtopics.com/exams/microsoft/az-104/view/54/#able one of the flow logs you need a storage account where they can store the logs so Traffic analitycs aggregates them later and pushes them to the workspace https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics#prerequisites
Tested this. Before you can create a Data Collection Rule you need to create an NSG Flow Log. The NSG Flow Log requires you to create a new storage account. It would not let me use the existing one I am using for VMs, files, blobs etc.
As per GPT4 To set up Traffic Analytics in Azure Network Watcher, you need to ensure that flow logs from your Network Security Groups (NSGs) are collected and stored appropriately. Traffic Analytics then processes these logs to provide insights into your network traffic. A. a Log Analytics workspace: Traffic Analytics requires a Log Analytics workspace to analyze and visualize the network traffic data. This workspace is where the logs are sent and processed. C. a storage account: NSG flow logs need a storage account to store raw flow log data. Traffic Analytics reads the flow logs from this storage account and processes them. Thus, the correct answers are: A. a Log Analytics workspace C. a storage account
how do you collect data to store in storage without a collection rule??
i copied your comment and asked a follow up question to chat gpt, and GPT changed its answer to AE lol. Gpt is disappointing.
The NSG flow logs are directly configured to be stored in a storage account, and Traffic Analytics processes these logs without the need for an additional DCR. The process of collecting and storing the NSG flow logs is managed through the Network Watcher settings and the specified storage account
Ok, you need a storage location for the data involved here, ONE storage location, not TWO - AC seems improbable to me. I'd go for AE. See: https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics#key-components
https://www.examtopics.com/discussions/microsoft/view/81260-exam-az-700-topic-4-question-4-discussion/
https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics#prerequisites:~:text=required%20when%20using-,traffic%20analytics,-to%20analyze%20virtual
The two resources you should create are: A. a Log Analytics workspace: Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in the cloud. It analyzes the Network Security Group Flow Logs across Azure regions and populates the insights into a Log Analytics workspace. E. a Data Collection Rule (DCR) in Azure Monitor: A Data Collection Rule defines what data to collect from your Azure and non-Azure resources. It can be used to collect Network Security Group Flow Logs, which are then analyzed by Traffic Analytics. The other options listed are not directly related to the setup of Traffic Analytics in Azure Network Watcher. For example, an Azure Monitor workbook (Option B) is used for data visualization, a storage account (Option C) is used for storing data, and a Microsoft Sentinel workspace (Option D) is used for security information and event management
A and E is right
Caution Data collection rule and data collection endpoint resources are created and managed by traffic analytics. If you perform any operation on these resources, traffic analytics may not function as expected. So, I'm vote AE Ref: https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics#prerequisites
I think it's A and C: https://techgenix.com/network-watcher-traffic-analytics/
correct me if I am wrong, for people that chooses A and C, where is the storage account mentioned in this reference if that is the correct reference for this question? https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics#prerequisites
The flow logs needs it, so its a dependency from them to use the Traffic Analytics: Traffic analytics is a cloud-based solution that provides visibility into user and application activity in your cloud networks. Specifically, traffic analytics analyzes Azure Network Watcher flow logs to provide insights into traffic flow in your Azure cloud. https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics ...Flow data from virtual network flow logs is sent to Azure Storage. From there, you can access the data and export it to any visualization tool, security information and event management (SIEM) solution, or intrusion detection system (IDS). https://learn.microsoft.com/en-us/azure/network-watcher/vnet-flow-logs-overview
A - The Log Analytics workspace is required. E - a Data Collection Rule (DCR) in Azure Monitor - is required. Not C - we can use an existing storage account so there is no requirement to create a new one.
To use Traffic Analytics in Azure Network Watcher, you need to create a Log Analytics workspace and a storage account. A Log Analytics workspace is a cloud-based repository that collects and stores data from various sources, such as NSG flow logs. A storage account is a container that provides a unique namespace to store and access your data objects in Azure Storage. You need to enable NSG flow logs and configure them to send data to both the Log Analytics workspace and the storage account. Traffic Analytics analyzes the NSG flow logs and provides insights into traffic flow in your Azure cloud.
i voted the wrong answers. It had to be AC