Exam AZ-104 topic 4 question 30 discussion

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview When you create or update a virtual network in your subscription, Network Watcher will be enabled automatically in your Virtual Network's region. There is no impact to your resources or associated charge for automatically enabling Network Watcher. For more information, see Network Watcher create. https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal Create a VM with a network security group Enable Network Watcher (done by default with the vnet/subnet creation) -- and register the Microsoft.Insights provider ---------todo Enable a traffic flow log for an NSG, using Network Watcher's NSG flow log capability --todo BUT ! NSG flow log data is written to an Azure Storage account. Complete the following steps to create a storage account for the log data. So you need to create a storage account before enable the NSG flow Download logged data View logged data

Answer is correct so AEF. 1.Create a VM with a network security group 2.Enable Network Watcher and register the Microsoft.Insights provider 3.Enable a traffic flow log for an NSG, using Network Watcher's NSG flow log capability 4.Download logged data 5.View logged data https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal

Although I agree that Network Watcher is enabled automatically when the VM/VNet is created, it is still a requirement, and MS is most likely testing us that we know this. Unless we use a Log Analytics Workspace for advanced querying and visualizing of the NSG Flow logs, we really do not need to register Microsoft.Insights Provider. The simple solution is to store in a storage account. So, Enable NSG Flow Logs is the critical. We need to save the logs somewhere. The options would be a storage account or Log Analytics Workspace (for advanced queries). Only storage account is an available option. Finally, if we just use storage accounts, registering Microsoft.Insights is not necessary. In that case, I would go for Enable Azure Network Watcher as the final choice.

Correct

An Azure account with an active subscription. Create an account for free. Insights provider. For more information, see Register Insights provider. A network security group. If you need to create a network security group, see Create, change, or delete a network security group. An Azure storage account. If you need to create a storage account, see Create a storage account using the Azure portal. https://learn.microsoft.com/en-us/azure/network-watcher/nsg-flow-logs-portal

https://learn.microsoft.com/en-us/azure/network-watcher/nsg-flow-logs-overview

To record all successful and failed connection attempts to VM1, you would need to utilize Azure Network Watcher, specifically enabling flow logs, which provide detailed information about the traffic to and from your virtual machines. Here’s what you should do: A. Enable Azure Network Watcher in the East US Azure region. This is necessary to use the features of Azure Network Watcher, including flow logs. F. Enable Azure Network Watcher flow logs. Flow logs will capture the connection attempts to and from the VM, providing the information you need about successful and failed connections. E. Register the Microsoft.Insights resource provider. This provider needs to be registered to enable diagnostics and monitoring features, which includes the functionality for flow logs. Correct answers: A. Enable Azure Network Watcher in the East US Azure region. F. Enable Azure Network Watcher flow logs. E. Register the Microsoft.Insights resource provider.

DEF are correct

AEF is correct

Correct Answer D, E,F. A is not correct because it is automatically enabled. Option E will include Azure monitor and Log Analytucs. Option D will ensure the logs are stored. Option F for capture traffic.

Correct answer: A E F

A, E and F is correct

https://learn.microsoft.com/en-us/azure/network-watcher/nsg-flow-logs-tutorial

the answer for this ABF not AEF and not DEF cuz option E: is used for the monitoring the subscription i mean option E is a step to enable Azure Monitor, which is a comprehensive solution for collecting, analyzing, and acting on telemetry from Azure resources. in our case is the network connection flow. Already tested

You have an Azure subscription named Subscription1 that has the following providers registered: STORAGE Why D?

Answer = EDF (in this order) Full list of steps: 1. Create a virtual network = already exist (can't create VM without it) 2. Create a virtual machine with a network security group associated to its network interface (already exist) 3. Register Microsoft.insights provider 5. Create a storage account 6. Enable flow logging for a network security group using Network Watcher flow logs 7. Download logged data 8. View logged data https://learn.microsoft.com/en-us/azure/network-watcher/nsg-flow-logs-tutorial

"By default, Network Watcher is automatically enabled." The only reason you would have to enable it is if you had disabled it. So A is not the answer. The question states you need to record the data and since there are no disks on the VM you must create storage. Network security group flow logging is a feature of Azure Network Watcher that allows you to log information about IP traffic flowing through a network security group. First step of flow logging is registering insights. Register-AzResourceProvider -ProviderNamespace 'Microsoft.Insights'