ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 1 discussion

Actual exam question from Microsoft's SC-200
Question #: 1
Topic #: 3
[All SC-200 Questions]

DRAG DROP -
You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel.
You need to deploy the log forwarder.
Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-cef-agent?tabs=rsyslog
by somsom at April 4, 2021, 8:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
somsom
Highly Voted 4 years ago
correct
upvoted 31 times
...
Ken88
Highly Voted 3 years, 1 month ago
Answer is correct https://docs.microsoft.com/en-us/azure/sentinel/connect-common-event-format#designate-a-log-forwarder-and-install-the-log-analytics-agent
upvoted 15 times
Lion007
2 years, 9 months ago
Correct answer. From the link Ken88 provided: 1- Installs the Log Analytics agent for Linux (also known as the OMS agent) and configures it for the following purposes: --- listening for CEF messages from the built-in Linux Syslog daemon on TCP port 25226 --- sending the messages securely over TLS to your Microsoft Sentinel workspace, where they are parsed and enriched 2- Configures the built-in Linux Syslog daemon (rsyslog.d/syslog-ng) for the following purposes: --- listening for Syslog messages from your security solutions on TCP port 514 --- forwarding only the messages it identifies as CEF to the Log Analytics agent on localhost using TCP port 25226 The need for restarting the daemon and the agent is to ensure the changes take effect (on Linux this is required)
upvoted 13 times
...
...
VeiN
Most Recent 6 months ago
This is obsolite (maybe worth to learn ? ). Currently when using AMA with non azure machine (I assume since in description "external device") The steps I`ve done on my lab: 1. Install Azure ARC on linux Forwarder (& connect to azure subscription) 2. Install connector: Common Event Format (CEF) via AMA 3. via connector : Create Data Collection Rule, add linux forwarder ARC object + configure log types to collected) 4. execute script on forwarder: sudo wget -O Forwarder_AMA_installer.py
upvoted 6 times
...
Sneekygeek
1 year ago
Correct but log analytics will soon be deprecated. The new guides saw to the Azure Monitoring Agent https://learn.microsoft.com/en-us/azure/sentinel/connect-cef-syslog-ama?tabs=single%2Csyslog%2Cportal
upvoted 2 times
...
Ramye
1 year, 1 month ago
Is this still valid now - now that a lot of changes happened in the last 2 yrs...
upvoted 1 times
stevenr868
9 months ago
No, you now use an AMA agent
upvoted 1 times
...
...
chepeerick
1 year, 6 months ago
Correct
upvoted 1 times
...
rupeshngp
2 years, 2 months ago
was in the exam today! The answer is correct!
upvoted 6 times
...
Anko6116
2 years, 2 months ago
Answer is correct according to below article: https://learn.microsoft.com/en-us/azure/sentinel/connect-log-forwarder?tabs=rsyslog
upvoted 3 times
...
AJ2021
2 years, 2 months ago
Question in Exam today
upvoted 6 times
...
Eltooth
3 years, 6 months ago
Correct.
upvoted 6 times
...
invaderfr
3 years, 7 months ago
agree with answers
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago