ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-103 All Questions

View all questions & answers for the AZ-103 exam
Go to Exam

Exam AZ-103 topic 16 question 61 discussion

Actual exam question from Microsoft's AZ-103
Question #: 61
Topic #: 16
[All AZ-103 Questions]

You have an azure subscription named Subscription1 that has the following providers registered:
✑ Authorization
✑ Automation
✑ Resources
✑ Compute
✑ KeyVault
✑ Network
✑ Storage
✑ Billing
✑ Web
Subscription1 contains an Azure virtual machine named VM1 that has the following configurations:
✑ Private IP address: 10.0.0.4 (dynamic)
✑ Network security group (NSG): NSG1
✑ Public IP address: None
✑ Availability set: AVSet
✑ Subnet: 10.0.0.0/24
✑ Managed disks: No
✑ Location: East US
You need to record all the successful and failed connection attempts to VM1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Create an Azure Storage account.
  • B. Register the Microsoft.Insights resource provider.
  • C. Add an Azure Network Watcher connection monitor.
  • D. Enable Azure Network Watcher in the East US Azure region.
  • E. Enable Azure Network Watcher flow logs.
  • F. Register the Microsoft.LogAnalytics provider.
Show Suggested Answer Hide Answer
Suggested Answer: ABD 🗳️
A: NSG flow log data is written to an Azure Storage account. You need to create an Azure Storage account,
With an Azure Storage account NSG flow logs can be enabled.
D: Enable network watcher in the East US region.
B: NSG flow logging requires the Microsoft.Insights provider.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal
by BitClarke at May 13, 2020, 8:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Cloudyuga
Highly Voted 4 years, 11 months ago
Its wrong answer Answer should be DBE as per Microsoft documentation D - Enable Azure Network Watcher in the East US Azure region. B. Register the Microsoft.Insights resource provider. E. Enable Azure Network Watcher flow logs. Refer :- https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal
upvoted 12 times
Cloudyuga
4 years, 11 months ago
sorry given answer is correct before going for enabling flow logs we need storage a/c in place . The storage account may take around minute to create. Don't continue with remaining steps until the storage account is created. In all cases, the storage account must be in the same region as the NSG. so answer is DBA
upvoted 8 times
...
Tinalwl
4 years, 3 months ago
I think it should be "Enable NSG flow log" not for network watcher flow logs. so the given answer is correct I think
upvoted 1 times
...
...
gerardR
Highly Voted 4 years, 10 months ago
I guess that the correct solution should be 4, ABDE, as it can't be, I guess that we have to choose between understand that the storage has been already there, or that the Insight provider has been already registered. Checking the documentation it takes as the storage it's already there, so which the info that we have I would consider that the good answer is BDE. https://docs.microsoft.com/en-us/learn/modules/secure-aad-users-with-mfa/4-exercise-mfa
upvoted 6 times
...
[Removed]
Most Recent 2 years, 1 month ago
A. Create an Azure Storage account: This is necessary to store the logs generated by Azure Network Watcher. You can use the storage account to store the connection monitor logs as well as flow logs. B. Register the Microsoft.Insights resource provider: This is required for creating Azure Network Watcher connection monitors. C. Add an Azure Network Watcher connection monitor: This will enable you to monitor the connections to VM1 and record successful and failed connection attempts. You can configure the connection monitor to send the logs to the storage account created in step A.
upvoted 1 times
...
maria_saprykina
2 years, 4 months ago
Correct Answer: ABE A network security group (NSG) enables you to filter inbound traffic to, and outbound traffic from, a virtual machine (VM). You can log network traffic that flows through an NSG with Network Watcher's NSG flow log capability. 1. Create a VM with a network security group - Already available 2. Enable Network Watcher - Since 2018, Network Watcher has been enabled by default on any subscription with a Virtual Network 3. Register the Microsoft.Insights provider 4. Configure Azure Storage account. 5. Enable a traffic flow log for an NSG, using Network Watcher's NSG flow log capability 6. Download logged data 7. View logged data To record the successful and failed connection requests, we should use Azure Network Watcher flow logs. The Network Watcher is already enabled in the region, and we can utilize the Network Watcher NSG's flow log functionality. For that, we need to register the microsoft.insights resource provider and create a storage account for storing the flow logs. Reference: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal
upvoted 1 times
...
Harri
3 years, 6 months ago
BAE https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal
upvoted 1 times
...
clouddba
3 years, 10 months ago
Answers: B. Register the Microsoft.Insights resource provider. D. Enable Azure Network Watcher in the East US Azure region. E. Enable Azure Network Watcher flow logs.
upvoted 1 times
...
whynotguru
3 years, 11 months ago
https://docs.microsoft.com/en-us/azure/network-watcher/connection-monitor-overview correct answer is here
upvoted 1 times
...
carlottao
4 years, 5 months ago
it dropped in my exam today 28/10, but I could only choose one alternative, I chose B, and I passed.
upvoted 3 times
BuckLee
4 years, 5 months ago
same as me. There was only one option . I chose B as well and passed.
upvoted 2 times
...
...
bnair
4 years, 8 months ago
when you create a vnet, network watcher is automatically enabled for that region. so answer ABE
upvoted 3 times
...
soi
4 years, 8 months ago
DBE - correct
upvoted 3 times
...
Gizdagyerek
4 years, 8 months ago
why do we need one more storage account?! we already have one.
upvoted 2 times
Gizdagyerek
4 years, 8 months ago
A. Register the Microsoft.Insights resource provider D. Enable Azure Network Watcher in the East US Azure region F. Enable Azure Network Watcher flow logs
upvoted 2 times
...
pfinorbi
4 years, 8 months ago
There is the point. VM has unmanaged disks, so there is already a storage account.
upvoted 1 times
...
...
chand_
4 years, 9 months ago
"ABD" is correct.
upvoted 1 times
...
SumanCert
4 years, 9 months ago
Answer is DBE
upvoted 2 times
...
Manikan18
4 years, 10 months ago
BDE are correct answer . First step is Create a VM not storage account https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal
upvoted 3 times
dbMz
4 years, 10 months ago
VM is already created.
upvoted 1 times
...
...
zakhanz
4 years, 10 months ago
ABD is the correct answer. https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview
upvoted 2 times
...
alpi067
4 years, 10 months ago
Create an Azure Storage account. Register the Microsoft.Insights resource provider. Enable Azure Network Watcher flow logs. Network Watcher automatically enabled in each region hence no need to enable it, but we need to enable flow logs for sure.
upvoted 5 times
Hanuman
4 years, 10 months ago
agreed
upvoted 2 times
...
HazemYousry
4 years, 9 months ago
Network watcher log is not automatically enabled in all regions IMO, we need 4 actions: Create an Azure Storage account. Register the Microsoft.Insights resource provider. Enable Azure Network Watcher in the East US Azure region. Enable Azure Network Watcher NSG flow logs. But if we have to choose only 3, I would go for ABD " will consider nothing called Network Watcher flow log - it should be N/W watcher NSG flow logs"
upvoted 2 times
...
praveen97
4 years, 9 months ago
Agree with alpi067. Below are the steps to view the network traffic to & from a VM. A. Create an Azure Storage account. B. Register the Microsoft.Insights resource provider. D. Enable Azure Network Watcher in the East US Azure region. E. Enable Azure Network Watcher NSG flow logs. https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal Network Watcher will be enabled automatically in a Virtual Network's region. https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-create#network-watcher-is-automatically-enabled When a VM is created, it is mandatory to create a VNet and specify Subnet for that virtual network. So, this means that Network Watcher is enabled once the VM with a VNet is created. https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-manage-vm So, we don't need to manually enable it again since it is already enabled. So, the answer (to choose 3 actions) is : ABE
upvoted 4 times
Fala_Fel
4 years, 8 months ago
I'm agreeing with praveen97, it is a real toss between removing A D or E. Only B is 100% there. But I'm going for that Network Watcher will be auto enabled, either by default or by creating a VNet, so D doesn't need doing. Therefore, if in the exam, we can only choose three answers it's A B E
upvoted 2 times
vince60370
4 years, 3 months ago
A SHOULD NOT be in the balance, and the reason is very simple. There is a "Storage" in the MS providers list. What does it mean ? It means that a Storage account already exists. Why ? Simply because this provider IS NOT AUTOMATICALLY added when you create a subscription. It is only added if you deploy a storage account( or if you add it manually). Check by yourselves -> https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/azure-services-resource-providers#registration Thus leaves us with B, D, and E to complete the rest of all the MS tutorial you provided, which is perfectly ok.
upvoted 1 times
...
...
...
...
zakhanz
4 years, 11 months ago
As per my knowledge answer should B, D , E
upvoted 3 times
zakhanz
4 years, 11 months ago
Should A, D, E. ignore my first response
upvoted 2 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago