ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 48 discussion

Actual exam question from Microsoft's SC-200
Question #: 48
Topic #: 3
[All SC-200 Questions]

DRAG DROP -
You have an Azure subscription that contains 100 Linux virtual machines.
You need to configure Microsoft Sentinel to collect event logs from the virtual machines.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
by RafaAbel at Sept. 2, 2022, 4:53 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
herta
Highly Voted 1 year, 10 months ago
based on this https://learn.microsoft.com/en-us/azure/sentinel/connect-syslog i will go for add sentinel to a workspace add a syslog connector install the log Analytics agent
upvoted 39 times
Tuitor01
2 weeks ago
This method is now deprecated: Log collection from many appliances and devices is now supported by the Common Event Format (CEF) via AMA, Syslog via AMA, or Custom Logs via AMA data connector in Microsoft Sentinel. For more information, see Find your Microsoft Sentinel data connector. So today it's done via the Analytic rules process, in the connector configuration you have the DCR config where you choose the logs you desire by default all in DEBUG level, then you. choose your azure machines (arc enabled or not) then it pushes the AMA agents on these machines (when supported). So logically: 1)Add Sentinel to the workspace 2) Add an Analytics rule 3) Install the Log Analytics Agents (AMA or Azure Monitoring Agent today)) https://learn.microsoft.com/en-us/previous-versions/azure/sentinel/connect-syslog
upvoted 2 times
Tuitor01
2 weeks ago
OK, I must be real tired... Replace Analytics Rules with Log Connector it's where you configure your DCR which will push the AMA agents onto your azure managed devices.
upvoted 1 times
Tuitor01
2 weeks ago
And it's DATA connector not Log Connect
upvoted 1 times
...
...
...
...
RafaAbel
Highly Voted 2 years, 3 months ago
Last step is wrong. For Linux, must configure SysLog data connector. https://docs.microsoft.com/en-us/azure/sentinel/connect-syslog
upvoted 23 times
Fukacz
2 years, 3 months ago
Echo, Linux = Syslog
upvoted 3 times
amsioso
2 years, 3 months ago
Echo https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources
upvoted 1 times
...
...
...
smanzana
Most Recent 4 months, 3 weeks ago
1-Add Microsoft Sentinel to a workspace 2-Add a Syslog connector to the workspace 3- Install the Log Analytics agent
upvoted 1 times
...
chepeerick
1 year, 1 month ago
- Add Microsoft Sentinel to a workspace - Add a Syslog connector to the workspace - Install the Log Analytics agent
upvoted 7 times
...
donathon
1 year, 3 months ago
https://learn.microsoft.com/en-us/azure/sentinel/connect-syslog#configure-your-linux-machine-or-appliance Add Microsoft Sentinel workbook Add a syslog connector to the workspace Install Log Analytics agent for Linus on the virtual machines Security Events > For windows only. You also need a workspace rather then a workbook.
upvoted 1 times
danb67
1 year, 2 months ago
Surely we need to add Sentinel to the workspace? Why would we use a Workbook?
upvoted 3 times
...
...
wsrudmen
1 year, 9 months ago
Here is the good order: - Add Microsoft Sentinel to a workspace - Add a Syslog connector to the workspace - Install the Log Analytics agent Everything is explained using this order in this doc: https://learn.microsoft.com/en-us/azure/sentinel/connect-syslog
upvoted 7 times
...
AMZ
2 years, 1 month ago
Not sure about the options - You wouldn't add a syslog connector to the workspace, as it is on by default. - I'm wondering if they want you to enable the workbook? Defo not security events as that is for Windows hosts. gonna say add workbook for the last step.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago