DP-201 Exam QuestionsBrowse all questions from this exam
Go to Exam

DP-201 Exam - Question 124

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure SQL database that has columns. The columns contain sensitive Personally Identifiable Information (PII) data.

You need to design a solution that tracks and stores all the queries executed against the PII data. You must be able to review the data in Azure Monitor, and the data must be available for at least 45 days.

Solution: You add classifications to the columns that contain sensitive data. You turn on Auditing and set the audit log destination to use Azure Blob storage.

Does this meet the goal?

Show Answer
Correct Answer: B

To meet the stated goal, it is necessary to both track and store all queries executed against the PII data and ensure that the data can be reviewed in Azure Monitor. While setting the audit log destination to use Azure Blob storage can store the logs for at least 45 days, it does not inherently provide the capability to review the data directly in Azure Monitor. For this requirement to be met, the audit logs should be sent to a Log Analytics workspace within Azure Monitor, where they can be actively monitored and analyzed. Therefore, the proposed solution does not fully meet the stated goal.

Discussion

5 comments
Sign in to comment
al9887655
Mar 24, 2021

Sending logs to blob meets 45 days storage requirement. But how about, "You must be able to review the data in Azure Monitor"? I think it should be NO.

jms309
Mar 27, 2021

In the Azure Log Analytics, which is part of the Azure Monitor Tool, you can add these logs added manually. Just go to the advanced options and configure the connection

epgd
Mar 9, 2020

But if you need to use Azure Monitor you should audit to Log Analytics destination. https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing

Nehuuu
Mar 17, 2020

Here the storage is needed for 45 days, Log analytics can store default logs till 31 days. Blob would be a convenient storage medium if longer retention is needed from default.

Tombarc
Apr 25, 2020

With free tier is up to 31 days, but you can store it up 730 days for an increased charge, also if you're using Sentinel it's stored for 90 days for free. https://www.shudnow.io/2019/10/14/increasing-azure-log-analytics-retention-per-data-type/ https://blogs.msdn.microsoft.com/canberrapfe/2017/01/25/change-oms-log-analytics-retention-period-in-the-azure-portal/ I believe the answer is Log Analytics, with storage account you wouldn't be able to set up alerts and monitor it from the Azure Monitor service.

Leonido
Apr 30, 2020

But the solution will work

Mathster
May 28, 2020

Yes, it is a valid solution. It can work with log stored in a Blob or Log Analytics.

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

Mathster
May 28, 2020

Yes, it is a valid solution. It can work with log stored in a Blob or Log Analytics.

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

Leonido
Apr 30, 2020

But the solution will work

Mathster
May 28, 2020

Yes, it is a valid solution. It can work with log stored in a Blob or Log Analytics.

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

Mathster
May 28, 2020

Yes, it is a valid solution. It can work with log stored in a Blob or Log Analytics.

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

Tombarc
Apr 25, 2020

With free tier is up to 31 days, but you can store it up 730 days for an increased charge, also if you're using Sentinel it's stored for 90 days for free. https://www.shudnow.io/2019/10/14/increasing-azure-log-analytics-retention-per-data-type/ https://blogs.msdn.microsoft.com/canberrapfe/2017/01/25/change-oms-log-analytics-retention-period-in-the-azure-portal/ I believe the answer is Log Analytics, with storage account you wouldn't be able to set up alerts and monitor it from the Azure Monitor service.

Leonido
Apr 30, 2020

But the solution will work

Mathster
May 28, 2020

Yes, it is a valid solution. It can work with log stored in a Blob or Log Analytics.

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

Mathster
May 28, 2020

Yes, it is a valid solution. It can work with log stored in a Blob or Log Analytics.

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

Leonido
Apr 30, 2020

But the solution will work

Mathster
May 28, 2020

Yes, it is a valid solution. It can work with log stored in a Blob or Log Analytics.

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

Mathster
May 28, 2020

Yes, it is a valid solution. It can work with log stored in a Blob or Log Analytics.

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

AJMorgan591
Sep 18, 2020

I can't find any articles that suggest Azure Monitor can works with log data held in Blob Storage. Can you please confirm why you think this is so?

111222333
May 24, 2021

@AJMorgan591 "Azure Monitor logs can be exported to an Azure Storage Account" https://docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage#send-data-to-azure-storage

syu31svc
Dec 8, 2020

https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview Answer is yes

H_S
Mar 22, 2021

Bro same article the answer IS NO, you can see auditing information is monitor if they are stored in blob storage

kompressor
Jul 9, 2020

on the page 20 in this dump the same question is answed no and here yes ! just wondering if you urself are not sure of ur answer

VijayTeja
Jul 24, 2020

Over there log analytics is used instead of blob.

ZodiaC
Jun 15, 2021

Nothing on page 20

Anonymous
Jun 28, 2021

90 days in log analytics. So Log Aalaytics works(bure previous answer was no to this question which is silly). Now about blob storage we can easily connect to Azure Monitor/log analytics and then it will be available in Monitor(to meet the question). But then where is that extra step of connecting to log analytics? Also if you plan to connect to log analytics, why use storage account? The only extra benefit of doing this (Storage + log analytics) is that auditing information(the user) is only mentioned in the storage logs and is masked in log analytics. But such a scenario is not asked in this question. So the answer to this question is a big NO. Log Anlaytics is the correct answer. Dont even think about replying to this text

Anonymous
Jun 28, 2021

https://stackoverflow.com/questions/66302107/unable-to-get-the-user-id-identity-details-from-log-analytics-workspace-captured Well, I might be wrong: "Log analytics does not capture any PII" but then the storage to log analytics connection is missing in the question

Anonymous
Jun 28, 2021

now if log analytics really masks the PII then how will it work when storage account is connected to Log Analytics for monitor? So the stackoverflow answer is wrong and my answer aboe is correct or the answer to this question is "NO"still

Anonymous
Jun 28, 2021

now if log analytics really masks the PII then how will it work when storage account is connected to Log Analytics for monitor? So the stackoverflow answer is wrong and my answer aboe is correct or the answer to this question is "NO"still