ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 1 question 21 discussion

Actual exam question from Microsoft's AZ-204
Question #: 21
Topic #: 1
[All AZ-204 Questions]

Your company's Azure subscription includes an Azure Log Analytics workspace.
Your company has a hundred on-premises servers that run either Windows Server 2012 R2 or Windows Server 2016, and is linked to the Azure Log Analytics workspace. The Azure Log Analytics workspace is set up to gather performance counters associated with security from these linked servers.
You must configure alerts based on the information gathered by the Azure Log Analytics workspace.
You have to make sure that alert rules allow for dimensions, and that alert creation time should be kept to a minimum. Furthermore, a single alert notification must be created when the alert is created and when the alert is resolved.
You need to make use of the necessary signal type when creating the alert rules.
Which of the following is the option you should use?

  • A. The Activity log signal type.
  • B. The Application Log signal type.
  • C. The Metric signal type.
  • D. The Audit Log signal type.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Pirgos at July 13, 2021, 7:44 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MiraA
Highly Voted 2 years, 10 months ago
Signal types: * Activity Log ... includes service health records along with records on any configuration changes made to the resources (and is available to all Azure resources) * Audit Log ... contains the history of sign-in activity and audit trail of changes made within a particular tenant * Metric ... numerical values that are collected at regular intervals and describe some aspect of a system at a particular time * Application Log ... ? The Metrics feature can only store numeric data in a particular structure, whereas the Logs feature can store a variety of datatypes (each with its own structure). https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-overview https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/data-platform-metrics https://docs.microsoft.com/en-us/azure/azure-monitor/logs/data-platform-logs
upvoted 20 times
...
Pirgos
Highly Voted 3 years, 1 month ago
C, https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-metric-logs#configuring-metric-alert-for-logs
upvoted 18 times
MiraA
2 years, 10 months ago
From that page: "Metric Alerts for Log provide multiple dimensions, allowing filtering to specific values like Computers, OS Type, etc. simpler; without the need for defining a complex query in Log Analytics."
upvoted 8 times
...
MiraA
2 years, 10 months ago
From that page: "Metric Alerts are stateful - only notifying once when alert is fired and once when alert is resolved; as opposed to Log alerts, which are stateless and keep firing at every interval if the alert condition is met."
upvoted 15 times
...
...
DheerajPatyal
Most Recent 3 weeks, 6 days ago
Selected Answer: C
Metric alerts are evaluated and triggered quickly because metrics are pre-aggregated and stored in Azure Monitor and also support notifications for both when an alert is triggered (fired) and when it is resolved (returned to normal)
upvoted 1 times
...
harbox
5 months, 3 weeks ago
Selected Answer: C
Metric alerts in Azure Monitor provide a way to get notified when one of your metrics cross a threshold. Metric alerts work on a range of multi-dimensional platform metrics, custom metrics, Application Insights standard and custom metrics. Note: Signals are emitted by the target resource and can be of several types. Metric, Activity log, Application Insights, and Log. https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-metric
upvoted 1 times
...
forgetfulalligator
1 year, 6 months ago
Selected Answer: C
The Metric signal type is the correct option for creating alert rules based on performance counters associated with security gathered by the Azure Log Analytics workspace. The Metric signal type allows you to create alerts based on metrics collected by Azure Monitor. This includes metrics collected by Log Analytics from your servers, such as performance counters associated with security. The Metric signal type allows you to set dimensions, which can be used to filter the metrics and reduce the noise of alerts. You can also configure the alert to be fired on multiple criteria and the alert creation time is kept to a minimum. Furthermore, a single alert notification is created when the alert is created and when the alert is resolved.
upvoted 3 times
...
wrak
1 year, 6 months ago
There are two main requirements: (1) allow for dimensions, and (2) alert creation time should be kept to a minimum. Only Metric alert and Log alert supports split by dimensions, not Activity Log alerts. Additionally, we have to use KQL for Log alerts - this doesn't support 2nd requirement.
upvoted 2 times
...
uffuchsi
1 year, 6 months ago
B. Metric
upvoted 1 times
uffuchsi
1 year, 6 months ago
Correctio: C. Metric
upvoted 1 times
...
...
alexein74
1 year, 7 months ago
Selected Answer: C
C. The Metric signal type In order to configure alerts based on the information gathered by the Azure Log Analytics workspace, you should use the Metric signal type when creating the alert rules. This signal type allows you to create alerts based on the performance counters associated with security that are collected by the Azure Log Analytics workspace. Furthermore, Metric signals allow you to define alert rules using dimensions, which allows you to create more targeted alerts, and minimize the time spent creating alerts.
upvoted 2 times
...
nhannn
1 year, 11 months ago
Selected Answer: C
C is correct. "Metric Alerts are stateful - only notifying once when alert is fired and once when alert is resolved; as opposed to Log alerts, which are stateless and keep firing at every interval if the alert condition is met."
upvoted 7 times
...
Anitay
1 year, 11 months ago
C is correct answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago