ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-801 All Questions

View all questions & answers for the AZ-801 exam
Go to Exam

Exam AZ-801 topic 5 question 31 discussion

Actual exam question from Microsoft's AZ-801
Question #: 31
Topic #: 5
[All AZ-801 Questions]

You have 20 on-premises virtual machines that run Windows Server.

You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace1.

You need to collect events from the on-premises virtual machines end forward the events to Workspace1. The solution must ensure that you can define filters to minimize the volume of collected events.

Which two components should you install on each virtual machine? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A. the Azure Connected Machine agent
  • B. the Azure VM Dependency agent extension for Windows
  • C. the Azure Monitor agent
  • D. the Log Analytics VM extension for Windows
  • E. the Dependency agent
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by NicolaF at Nov. 12, 2024, 6:34 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mrpoopybuthole
6 days, 2 hours ago
Selected Answer: CD
A is not needed, as Azure Arc is not needed for log collection. D is correct since we are connecting the VM to the Log Analytics workspace.
upvoted 1 times
...
Krayzr
2 weeks, 5 days ago
Selected Answer: AC
Azure Connected Machine agent: This agent is installed on each on-premises VM to onboard it to Azure Arc. For non-Azure machines, such as on-premises VMs, the Azure Monitor agent requires Azure Arc connectivity to function, making this a necessary first step. Azure Monitor agent: Once the VMs are connected via Azure Arc, this agent is deployed as an extension to collect events. It supports advanced filtering through DCRs, meeting the requirement to minimize event volume, and sends the filtered data to Workspace1.
upvoted 1 times
...
ducklaorange
3 weeks ago
Selected Answer: AC
As they are on premise resource and we have no other information it's A&C. Source: have >10k endpoints in Azure Arc :)
upvoted 1 times
...
BlackCat9588
1 month ago
Selected Answer: CD
I think it should be C & D. please let me know if I am wrong
upvoted 1 times
...
NicolaF
4 months ago
for me i C and D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago