exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam

Exam AZ-104 topic 6 question 51 discussion

Actual exam question from Microsoft's AZ-104
Question #: 51
Topic #: 6
[All AZ-104 Questions]

You have an Azure subscription. The subscription contains virtual machines that connect to a virtual network named VNet1.

You plan to configure Azure Monitor for VM Insights.

You need to ensure that all the virtual machines only communicate with Azure Monitor through VNet1.

What should you create first?

  • A. a data collection rule (DCR)
  • B. a Log Analytics workspace
  • C. an Azure Monitor Private Link Scope (AMPLS)
  • D. a private endpoint
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Marianeiro
Highly Voted 1 year, 3 months ago
The answer seems correct. With Private Link you can: -Connect privately to Azure Monitor without opening up any public network access. -Ensure your monitoring data is only accessed through authorized private networks. -Prevent data exfiltration from your private networks by defining specific Azure Monitor resources that connect through your private endpoint. -Securely connect your private on-premises network to Azure Monitor by using Azure ExpressRoute and Private Link. -Keep all traffic inside the Azure backbone network. https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-security#advantages
upvoted 16 times
...
OrangeSG
Highly Voted 1 year, 1 month ago
Selected Answer: C
The first thing you need to create is an Azure Monitor Private Link Scope (AMPLS). This will define the scope of the Azure Monitor resources that the virtual machines in VNet1 will be able to communicate with. Once you have created the AMPLS, you can create a private endpoint for VNet1 to connect to Azure Monitor. The private endpoint will allow the virtual machines in VNet1 to communicate with Azure Monitor directly, without having to go through the public internet. Finally, you can create a data collection rule (DCR) to enable VM Insights on the virtual machines in VNet1. The DCR will tell Azure Monitor to collect data from the virtual machines and send it to the Log Analytics workspace.
upvoted 10 times
...
Amir1909
Most Recent 8 months, 2 weeks ago
C is correct
upvoted 1 times
...
BluAlien
11 months ago
Selected Answer: C
With Azure Private Link, you can securely link Azure platform as a service (PaaS) resources to your virtual network by using private endpoints. Azure Monitor is a constellation of different interconnected services that work together to monitor your workloads. An Azure Monitor private link connects a private endpoint to a set of Azure Monitor resources to define the boundaries of your monitoring network. That set is called an Azure Monitor Private Link Scope (AMPLS).
upvoted 1 times
...
Indy429
11 months, 2 weeks ago
I'm confused. I thought the Log Analytics had to be added first, and then the PLS after that?
upvoted 2 times
BluAlien
11 months ago
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-configure
upvoted 2 times
...
...
GoldBear
12 months ago
Selected Answer: C
The PLS can be created without any connections, the Log Analytics can be added later.
upvoted 1 times
...
zren13
1 year ago
Selected Answer: B
To ensure that all the virtual machines only communicate with Azure Monitor through VNet1, you should create a Log Analytics workspace first. This workspace will collect data from the Azure Monitor for VM Insights. After creating the workspace, you can then configure Azure Monitor for VM Insights to analyze the dependencies and network traffic of your VMs2. Please note that you might also need to consider other components such as a data collection rule (DCR), an Azure Monitor Private Link Scope (AMPLS), or a private endpoint depending on your specific requirements and network configuration. So, the correct answer is B. a Log Analytics workspace.
upvoted 1 times
...
ValB
1 year, 1 month ago
Don't you need to create an Log Analytic Workspace BEFORE you can create the AMPLS?
upvoted 1 times
Batiste2023
1 year ago
Yes, you do. Still, I don't want to believe that B would be counted as the right answer, given the way the question is phrased. You never know, but it would be trick question in that case...
upvoted 1 times
GoldBear
12 months ago
I created a Private link scope with no connections. The Log Analytics can be created later and added to the PLS.
upvoted 1 times
...
...
...
kenl1991
1 year, 1 month ago
you don't need to create Private link before connect to AMPLS?
upvoted 1 times
...
ServerBrain
1 year, 2 months ago
Selected Answer: C
https://www.examtopics.com/exams/microsoft/az-104/view/11/#:~:text=Link%20Scope%20(AMPLS).-,https%3A//learn.microsoft.com/en%2Dus/azure/azure%2Dmonitor/logs/private%2Dlink%2Dsecurity,-upvoted%201%20times
upvoted 1 times
...
Kuikz
1 year, 2 months ago
Selected Answer: C
Azure Monitor private links are structured differently from private links to other services you might use. Instead of creating multiple private links, one for each resource the virtual network connects to, Azure Monitor uses a single private link connection, from the virtual network to an AMPLS. AMPLS is the set of all Azure Monitor resources to which a virtual network connects through a private link. https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-security
upvoted 1 times
...
conip
1 year, 3 months ago
Selected Answer: C
An Azure Monitor private link connects a private endpoint to a set of Azure Monitor resources to define the boundaries of your monitoring network. That set is called an Azure Monitor Private Link Scope (AMPLS). https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-security
upvoted 2 times
conip
1 year, 3 months ago
+ https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-configure
upvoted 2 times
...
...
Vokuhila
1 year, 3 months ago
Selected Answer: D
OpenAI: To ensure that all the virtual machines only communicate with Azure Monitor through VNet1, you should create a private endpoint. This private endpoint can be used to securely access Azure Monitor resources over a private connection through VNet1, ensuring that the communication is isolated and doesn't traverse the public internet. So, the correct answer is: D. a private endpoint Once you have the private endpoint set up, you can then configure Azure Monitor for VM Insights to use this private endpoint for communication with your virtual machines in VNet1.
upvoted 1 times
gcertq
1 year, 3 months ago
Azure Monitor uses Log Analytic Workspace, the way to make Log Analytics to communicate privately, is AMPLS.
upvoted 4 times
Vokuhila
1 year, 2 months ago
Thank you!
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...