Exam AZ-500 topic 1 question 33 discussion

Question was in 8-Jan-2023 exam.

C. You should create an Azure Log Analytics workspace. Azure Security Center leverages Azure Log Analytics to store and analyze security-related data and generate alerts. By creating an Azure Log Analytics workspace, you provide the necessary storage and analysis capabilities for Security Center to generate and manage custom alert rules. Option A, removing Azure Active Directory (Azure AD) Identity Protection, is unrelated to enabling the creation of custom alert rules in Security Center. Option B, creating a Data Loss Prevention (DLP) policy, is not directly related to enabling custom alert rules in Security Center. DLP policies are used for managing and preventing data loss in various services and applications. Option D, configuring the necessary tier in Security Center, may impact the availability of certain features and capabilities, but it is not specifically required to enable the creation of custom alert rules.

--Questions looks to be outdated-- Azure Security Center has been rebranded as Microsoft Defender for Cloud, and some features and terminology have changed. Answer: D, You should make sure that Microsoft Defender for Cloud has the necessary plan enabled. Reason: To create custom alert rules in Microsoft Defender for Cloud (formerly Azure Security Center), you need to have the appropriate Microsoft Defender plan enabled for the resources you want to monitor. Custom alert rules are part of the advanced threat detection capabilities provided by these plans. Simply creating a storage account or Log Analytics workspace is not sufficient to enable this functionality. Reference: https://learn.microsoft.com/en-us/azure/defender-for-cloud/custom-alert-rules

For today answer is as below: I think this question now looks like an outdated questions, because now we do not have custom Alert rules in Defender for Cloud we can create it from Azure Monitor but those would be metrics, logs, activity logs, resource health or service health. We can create Security Alerts from Defender for Cloud as of today , this will generate alert regarding to Workloads , such as virtual machines ,storage accounts, container registry and other workloads that can be protected by defender for cloud. This question can come exam like this , if they ask what do we need to create Custom Alerts we need log analytics workspace , if it asks what do we need first to create Security Alerts then we need to upgrade the plan of Defender of Cloud.

The correct action you should take to ensure custom alert rules can be created in Azure Security Center is: D. You should make sure that Security Center has the necessary tier configured. Here's why: Free tier limitations: The free tier of Azure Security Center may not support creating custom alert rules. These rules allow for more granular security monitoring based on your specific needs. Paid tiers: Upgrading Security Center to a paid tier (such as Standard or Premium) typically unlocks features like custom alert rule creation.

The correct action you should take to ensure custom alert rules can be created in Azure Security Center is: D. You should make sure that Security Center has the necessary tier configured. Here's why: Free tier limitations: The free tier of Azure Security Center may not support creating custom alert rules. These rules allow for more granular security monitoring based on your specific needs. Paid tiers: Upgrading Security Center to a paid tier (such as Standard or Premium) typically unlocks features like custom alert rule creation.

its D, not C

C. You should create an Azure Log Analytics workspace.

https://learn.microsoft.com/en-us/answers/questions/1085512/azure-security-center-custom-rules?orderby=oldest

The answer is D. Similar questions appeared before

D seems legit to me

C. You should create an Azure Log Analytics workspace. Most Voted

D. You should make sure that Security Center has the necessary tier configured. To create custom alert rules in Azure Security Center, you need to have the appropriate tier of Security Center enabled. The Standard tier and the Free tier of Security Center support creating custom alert rules, while the Basic tier does not. Therefore, after creating a new Azure subscription, you should make sure that Security Center has the necessary tier configured, either Standard or Free, to enable the creation of custom alert rules. Creating an Azure Storage account, creating a DLP policy, or creating an Azure Log Analytics workspace are not directly related to enabling the creation of custom alert rules in Azure Security Center.

Answer should be D. https://woivre.com/blog/2021/12/improve-your-microsoft-defender-for-cloud-with-your-custom-rules

as mentioned in the comment there's a link to thre microsoft press store

Odd question because you can't create custom alert rules in MDfC. But if you want Storage security alerts you want to enable the Storage Plan. However you can create custom alert rules in Log Analytics but those would be metrics, logs, activity logs, resource health or service health and it doesn't seem appropriate.

what is the right answer ?,