ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-102 All Questions

View all questions & answers for the MD-102 exam
Go to Exam

Exam MD-102 topic 1 question 18 discussion

Actual exam question from Microsoft's MD-102
Question #: 18
Topic #: 1
[All MD-102 Questions]

You have computers that run Windows 10 and connect to an Azure Log Analytics workspace. The workspace is configured to collect all available events from the Windows event logs.
The computers have the logged events shown in the following table.

Which events are collected in the Log Analytics workspace?

  • A. 1 only
  • B. 2 and 3 only
  • C. 1 and 3 only
  • D. 1, 2, and 4 only
  • E. 1, 2, 3, and 4
Show Suggested Answer Hide Answer
Suggested Answer: E 🗳️
by Joe9011 at Aug. 16, 2023, 8:54 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
letters1234
Highly Voted 1 year, 3 months ago
Selected Answer: D
Need to be careful of the wording as well. "Success" is not an event log type. Critical. Warning, Error, Information and Verbose are the event log types. There is Audit Success and Audit Failure in Security event logs (which cant be collected). But in the scenario, there is no 2 & 4 option, so D.
upvoted 14 times
...
mhmyz
Highly Voted 1 year, 1 month ago
Selected Answer: E
I think answer is E. Security events can be collected by Azure Monitor Agent and Data Collection rules. https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent?tabs=portal
upvoted 14 times
NoursBear
1 year ago
yes that's true but how do we know the Azure Monitor Agent is in use, it could be just the log analytics agent which is being deprecated 2024.
upvoted 1 times
NSA_Poker
8 months, 3 weeks ago
We know the Azure Monitor is in use by definition of the Log Analytics workspace. https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-workspace-overview#:~:text=A%20Log%20Analytics%20workspace%20is%20a%20unique%20environment%20for%20log%20data%20from%20Azure%20Monitor%20and%20other%20Azure%20services%2C%20such%20as%20Microsoft%20Sentinel%20and%20Microsoft%20Defender%20for%20Cloud.
upvoted 1 times
SajjH
4 months ago
Should be the key be the statement in the question, " The workspace is configured to collect all available events from the Windows event logs". The E is the correct answer.
upvoted 1 times
SajjH
4 months ago
My bad, there is no Audit log in Windows Events, so D is correct.
upvoted 1 times
SajjH
4 months ago
I mean Azure agent doesn't collect that
upvoted 1 times
...
...
...
...
...
...
TedEx2
Most Recent 1 day, 1 hour ago
Selected Answer: D
The Log Analytics agent is deprecated, but the question requires that. And based on the documentation, it is clear that the Log Analytics agent does not support the collection of security events directly https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events#configure-windows-event-logs. If the next update talk about Azure Monitor Agent, in this case it is possible.
upvoted 1 times
...
Alboo007_rs007
3 days, 6 hours ago
Selected Answer: D
1. 2 .4 Only
upvoted 1 times
...
AleFCI1908
1 month, 1 week ago
Selected Answer: E
E can't log sec logs
upvoted 2 times
AleFCI1908
1 month ago
sorry, I mean D
upvoted 1 times
...
...
AleFCI1908
1 month, 1 week ago
Selected Answer: D
cannot see security log in log analytics
upvoted 1 times
...
Nav90
1 month, 1 week ago
Selected Answer: E
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-windows-events#configure-windows-event-data-source
upvoted 1 times
...
Nav90
1 month, 2 weeks ago
Answer is E, you can configure Data Collection Rule for Azure monitor to collect all events. https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-windows-events
upvoted 1 times
...
TiagoFurtado
1 month, 3 weeks ago
Selected Answer: E
check link https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-windows-events
upvoted 2 times
...
Alboo007_rs007
1 month, 4 weeks ago
Needs to be updated its: E
upvoted 2 times
...
martinods
2 months, 2 weeks ago
APP, SEC and SYS log can be configured https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-windows-events#configure-windows-event-data-source
upvoted 1 times
...
RomanV
2 months, 3 weeks ago
Shit is deprecated. It's now Azure Monitor Agent.
upvoted 1 times
RomanV
2 months, 3 weeks ago
Answer is D! Azure Monitor Agent (AMA) does not directly collect Audit Success and Audit Failure events from Windows Security event logs. Instead, it focuses on collecting broader event log types such as: Critical Warning Error Information Verbose To collect Audit Success and Audit Failure events, you would typically need to use other methods, such as: Azure Sentinel: For advanced security event collection and analysis, where you can configure data connectors to collect specific security events including audit logs.
upvoted 2 times
...
...
LionelDerBoven
3 months ago
Selected Answer: E
E, Audit logs can be collected. All logs are selected.
upvoted 1 times
...
Daniel_G
3 months, 1 week ago
Selected Answer: E
The workspace is configured to collect "all" available events.
upvoted 1 times
...
JayHall
3 months, 2 weeks ago
Selected Answer: D
1, 2, and 4 only You can't configure collection of security events from the workspace by using the Log Analytics agent. You must use Microsoft Defender for Cloud or Microsoft Sentinel to collect security events. The Azure Monitor agent can also be used to collect security events. Collect Windows event log data sources with Log Analytics agent in Azure Monitor - Azure Monitor | Microsoft Learn
upvoted 2 times
...
Pollosor
4 months, 1 week ago
Azure Log Analytics logs all of these types of events except audit events.
upvoted 1 times
...
veliyath
5 months, 1 week ago
Selected Answer: E
Since the Azure Log Analytics workspace is configured to collect all available events from the Windows event logs, it will collect events from the Application, System, and Security logs, including all types of events (Success, Information, Audit Success, Error). Therefore, all the listed events will be collected in the Log Analytics workspace. The correct answer is: E. 1, 2, 3, and 4
upvoted 7 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago