ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam
Go to Exam

Exam AZ-305 topic 1 question 68 discussion

Actual exam question from Microsoft's AZ-305
Question #: 68
Topic #: 1
[All AZ-305 Questions]

HOTSPOT
-

You have five Azure subscriptions. Each subscription is linked to a separate Azure AD tenant and contains virtual machines that run Windows Server 2022.

You plan to collect Windows security events from the virtual machines and send them to a single Log Analytics workspace.

You need to recommend a solution that meets the following requirements:

• Collects event logs from multiple subscriptions
• Supports the use of data collection rules (DCRs) to define which events to collect

What should you recommend for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by [deleted] at Jan. 7, 2024, 8:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
varinder82
Highly Voted 11 months, 2 weeks ago
Final Answer: 1: Azure Lighthouse 2.Azure Monitor Agent
upvoted 23 times
...
AmineD
Highly Voted 1 year, 1 month ago
Box 1: Azure Lighthouse To send data across tenants, you must first enable Azure Lighthouse. Box 2: Azure Log Analytics agent https://learn.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview#install-the-agent-and-configure-data-collection
upvoted 10 times
JimmyYop
1 year, 1 month ago
answer to box 2 should be the 'Azure Monitor Agent' as Log Analytics Agent is on the path to be deprecated. https://learn.microsoft.com/en-us/azure/azure-monitor/agents/log-analytics-agent
upvoted 14 times
...
MiniLa92
1 year, 1 month ago
As per the link you provided, the second ans should be Azure Monitor agent. In doc it says "Azure Monitor Agent uses data collection rules, where you define which data you want each agent to collect. Data collection rules let you manage data collection settings at scale and define unique, scoped configurations for subsets of machines. You can define a rule to send data from multiple machines to multiple destinations across regions and tenants."
upvoted 8 times
MiniLa92
1 year, 1 month ago
It also mentions that "If you have machines already deployed with legacy Log Analytics agents, we recommend you migrate to Azure Monitor Agent as soon as possible. The legacy Log Analytics agent will not be supported after August 2024."
upvoted 4 times
...
...
...
[Removed]
Most Recent 3 months, 3 weeks ago
WRONG 1. Azure Lighthouse 2. Azure Monitor Agent
upvoted 1 times
...
Thanveer
3 months, 4 weeks ago
Final Answer: 1: Azure Lighthouse 2.Azure Monitor Agent
upvoted 1 times
...
Teerawee
5 months, 3 weeks ago
• To collect the event logs: Azure Lighthouse • To support the DCRs: The Azure Monitor agent
upvoted 1 times
...
Lazylinux
10 months, 1 week ago
I would go for Box 1: Azure Lighthouse => multi-tenant so needs be created first Box 2: Azure Monitor Agent and works with DCR as Azure Log Analytics agent is depreciated
upvoted 6 times
...
SDiwan
1 year ago
This seems a bit confusing question. Azure light house is needed for multitenant management. As per documentation, it says log analytics workspace should be created at each tenant, and then "You can run log queries to retrieve data across Log Analytics workspaces in different customer tenants by creating a union that includes multiple workspaces. " . But in the question it says all logs need to be ingested to a single workspace. I would go for "Azure lighthouse" for the first one since eventgrid and purview are not related to the topic. Azure monitoring agent cannot natively send logs to event grid. 2nd answer is Azure monitoring agent.
upvoted 2 times
...
TonySuccess
1 year, 1 month ago
Yes this is a funny one because Lighthouse is needed to connect to multiple tenants, but Event Grid is needed to collect the logs. Since they are asking for a solution it's hard to assume lighthouse is already in place and select Event Grid... Anybody able to add to this?
upvoted 1 times
TJ001
1 year, 1 month ago
I will vote for Light house. Event logs need to be sourced to a Log Analytics workspace of MSP subscription set up by Lighthouse
upvoted 4 times
...
...
[Removed]
1 year, 1 month ago
Shouldn't box1 be Azure Lighthouse?
upvoted 4 times
[Removed]
1 year, 1 month ago
Had a second look at this and I think it should be Azure Lighthouse. https://learn.microsoft.com/en-us/azure/lighthouse/how-to/monitor-at-scale But I think the second box is correct - AMA agent. The LA agent is gonna be deprecated in August 2024 and customers are already migrating away from it.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago