You need to recommend a solution for the collection of security logs for the middle tier of the payment processing system. What should you include in the recommendation?
I believe the answer is "D" because an Azure Diagnostics agent (WAD) can send Event Logs to a storage account where it can be stored indefinitely or, this scenario's requirements, up to 7 years. The reason why "A" (Log Analytics Agent) is wrong is because it can store its Event Log data only to a Log Analytics workspace which has a max retention of 730 days (~2 years) which does not meet the 7 year retention requirement given in this scenario.
The correct answer is "D. the Azure Diagnostics agent". Please watch this: https://azure.microsoft.com/en-us/resources/videos/security-logging-and-audit-log-collection/
Both A and D collect logs and but given the requirement to retain the Data for 7 years, D is more likely to have an advantage over A,
WAD- can be sent to Azure storage and can be retained longer period of time whereas Log analytics sent data to log analytics workspace which can retain data max for 730 days
given answer is correct as requirement is Collect Windows security logs from all the middle-tier servers and retain the logs for a period of seven years.
the Azure Log Analytics agent can only be correct answer if period is less than 730 days but here period is 7 years so only Diagnostics extension (WAD) option not sure why people is preferring Azure Log Analytics agent even if it is not fulfiling the requiremnt..
Diagnostics extension (WAD) Data collected on azure resource only Event Logs ,ETW events, Performance, File based logs ,IIS logs,.NET app logs, Crash dumps, Agent diagnostics logs.
Diagnostics extension (WAD) Data sent to Azure Storage,Azure Monitor Metrics,Event Hub
Log Analytics agent Data collected on azure resource,Other cloud,On-premises are Event Logs,Performance,File based logs ,IIS logs,Insights and solutions,Other services
Log Analytics agent Data sent to Azure Monitor Logs
Diagnostics extension (WAD) Comparison to Log Analytics agent
The Log Analytics agent in Azure Monitor can also be used to collect monitoring data from the guest operating system of virtual machines. You may choose to use either or both depending on your requirements. See Overview of the Azure Monitor agents for a detailed comparison of the Azure Monitor agents.
The key differences to consider are:
Azure Diagnostics Extension can be used only with Azure virtual machines. The Log Analytics agent can be used with virtual machines in Azure, other clouds, and on-premises.
Azure Diagnostics extension sends data to Azure Storage, Azure Monitor Metrics (Windows only) and Event Hubs. The Log Analytics agent collects data to Azure Monitor Logs.
The Log Analytics agent is required for solutions, Azure Monitor for VMs, and other services such as Azure Security Center.
As per the link - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostics-extension-overview#comparison-to-log-analytics-agent
Comparison Diagnostic Agent to Log Analytics Agent
The key differences to consider are:
The Log Analytics agent is required for solutions, Azure Monitor for VMs, and other services such as Azure Security Center.
I'm more incline to select (A) Log Analytics Agent as the answer
7 years is the requirement for data backup retention. it is not applicable for logs. I would select diagnostics agent because it can forward data to Event Hub which is required to meet the requirement to send notification for invalid login attempts.
D is the answer as you can configure it to send the dat to the storage account which you can then keep for however long you want. Whereas Log Analytics you can only keep it for 730 days
Answer seems correct. In some sample questions on other site I saw it is mentioned specifically 2 year and then Log analytical work space is correct answer as it can keep for 730 days.
The answer phrasing is incorrect; there is no such thing as 'the Azure Diagnostics agent'. There is either a Diagnostic Extension or a Log Analytics agent.
The answer is A:
Here the security logs can be sent to a Log Analytics workspace. Hence the Azure Log Analytics agent needs to be installed on the virtual machines hosting the middle tier component.
Host the middle tier of the payment processing system on a virtual machine. So this is a Virtual Machine... Azure Diagnostics agent is the correct one.
Correct answer i A.
https://docs.microsoft.com/pl-pl/azure/azure-monitor/platform/log-analytics-agent
Azure Diagnostic agent can be used only on virtual machines.
A
Azure Diagnostics Extension can be used only with Azure virtual machines. The Log Analytics agent can be used with virtual machines in Azure, other clouds, and on-premises.
This section is not available anymore. Please use the main Exam Page.AZ-301 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
SilentH
Highly Voted 5 years agoAWSAzureGCPArch
Highly Voted 5 years, 3 months agoRajuuu
5 years agoAKumar
Most Recent 4 years, 1 month agoglam
4 years, 1 month agoazurecert2021
4 years, 2 months agoazurecert2021
4 years, 2 months agochanck
4 years, 3 months agorglearner
4 years, 5 months agomacco455
4 years, 7 months agoChanderM
4 years, 8 months agoX_L
4 years, 8 months agozarl
4 years, 8 months agoeug45
4 years, 9 months agoPrash85
4 years, 10 months agoDeveshSolanki
4 years, 10 months agoPrash85
4 years, 10 months agoblitz
4 years, 11 months agoAresius
4 years, 9 months agoPuneetk83
4 years, 11 months ago