ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 1 question 34 discussion

Actual exam question from Microsoft's AZ-500
Question #: 34
Topic #: 1
[All AZ-500 Questions]

Your company's Azure subscription includes an Azure Log Analytics workspace.
Your company has a hundred on-premises servers that run either Windows Server 2012 R2 or Windows Server 2016, and is linked to the Azure Log Analytics workspace. The Azure Log Analytics workspace is set up to gather performance counters associated with security from these linked servers.
You have been tasked with configuring alerts according to the information gathered by the Azure Log Analytics workspace.
You have to make sure that alert rules allow for dimensions, and that alert creation time should be kept to a minimum. Furthermore, a single alert notification must be created when the alert is created and when the alert is sorted out.
You need to make use of the necessary signal type when creating the alert rules.
Which of the following is the option you should use?

  • A. You should make use of the Activity log signal type.
  • B. You should make use of the Application Log signal type.
  • C. You should make use of the Metric signal type.
  • D. You should make use of the Audit Log signal type.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by maylevi at Sept. 19, 2021, 7:39 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
salmantarik
Highly Voted 3 years, 7 months ago
Correct There are four signal type : Metric, Activity log, Application Insights, and Log. Guys always read the question properly and look for the key words. The key word in the question is "gather PERFORMANCE COUNTERS", the performance counter directly linked to the Metric signal type.
upvoted 60 times
...
stonwall12
Most Recent 2 months, 2 weeks ago
Selected Answer: C
Answer: C, You should make use of the Metric signal type. Reason: The Metric signal type is ideal for this scenario because it allows for dimensions, enables quick alert creation, and supports single alert notifications for both alert creation and resolution. Reference: https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-types#metric-alerts
upvoted 1 times
...
Ruffyit
5 months, 4 weeks ago
Correct There are four signal type : Metric, Activity log, Application Insights, and Log. Guys always read the question properly and look for the key words. The key word in the question is "gather PERFORMANCE COUNTERS", the performance counter directly linked to the Metric signal type.
upvoted 1 times
...
trashbox
1 year, 6 months ago
Selected Answer: C
Infrastructure data that can be collected by Performance Counter are called Metrics. Therefore, it is a Metrics Signal Type.
upvoted 1 times
...
ESAJRR
1 year, 9 months ago
Selected Answer: C
C. You should make use of the Metric signal type.
upvoted 1 times
...
Andre369
1 year, 11 months ago
Selected Answer: C
The Metric signal type in Azure Log Analytics allows you to create alert rules based on performance counters and metrics collected from the linked servers. By configuring alerts using the Metric signal type, you can leverage dimensions to define specific conditions and thresholds for generating alerts. This enables you to fine-tune the alert rules based on different attributes or properties associated with the collected metrics.
upvoted 2 times
...
zellck
1 year, 11 months ago
Selected Answer: C
C is the answer. https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-types#metric-alerts Metric alert rules include these features: - You can use multiple conditions on an alert rule for a single resource. - You can add granularity by monitoring multiple metric dimensions. - You can use dynamic thresholds, which are driven by machine learning. - You can configure if metric alerts are stateful or stateless. Metric alerts are stateful by default.
upvoted 1 times
...
majstor86
2 years, 1 month ago
Selected Answer: C
C. You should make use of the Metric signal type.
upvoted 2 times
...
sofieejo
2 years, 2 months ago
In exam 29/01/2023 + many questions about Microsoft Sentinel
upvoted 1 times
...
blazefather
2 years, 5 months ago
In exam 31/10/2022
upvoted 1 times
...
somenick
2 years, 7 months ago
Confusing question. Windows Performance Counters provide a high-level abstraction layer that provides a consistent interface for collecting various kinds of system data such as CPU, memory, and disk usage. Which of those metrics are security???
upvoted 1 times
arseyam
2 years, 6 months ago
Exactly, performance counters are not related to security!
upvoted 1 times
xRiot007
9 months, 2 weeks ago
They are, Microsoft Sentinel uses metrics data and combines them with other security events using correlation.
upvoted 1 times
...
fonte
2 years, 4 months ago
Unusual CPU or Memory usage could be an indicator of something wrong. If you usually have the CPU at 50% and now you see it at 75% or 80% what is causing that spike? Is it a process?! What is that process doing? You see that is sending data to somewhere... boom, you've got yourself a compromised scenario. Now, of course ideally you should have picked up that process long before detecting it by looking at the CPU, but it can happen.
upvoted 2 times
...
...
...
Irishtk
2 years, 12 months ago
Ans is C. "Newer metric alerts support alerting for metrics that use dimensions. You can use dimensions to filter your metric to the right level. All supported metrics along with applicable dimensions can be explored and visualized from Azure Monitor - Metrics Explorer" https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-metric-near-real-time#metrics-and-dimensions-supported
upvoted 4 times
...
AKYK
3 years, 3 months ago
C is the answer
upvoted 1 times
...
EzeQ
3 years, 4 months ago
https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-metric-logs
upvoted 2 times
...
sadako
3 years, 5 months ago
Alerts = Metric
upvoted 1 times
Adonist
3 years, 3 months ago
Performance = metric
upvoted 3 times
...
...
rohitmedi
3 years, 5 months ago
correct answer
upvoted 2 times
...
maylevi
3 years, 7 months ago
Correct. from the given article: "In the Manage rules blade, you can view all your alert rules across subscriptions. You can further filter the rules using Resource group, Resource type, and Resource. If you want to see only metric alerts, select Signal type as Metrics."
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago