exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam

Exam AZ-104 topic 6 question 40 discussion

Actual exam question from Microsoft's AZ-104
Question #: 40
Topic #: 6
[All AZ-104 Questions]

You have an Azure subscription that contains 10 network security groups (NSGs), 10 virtual machines, and a Log Analytics workspace named Workspace1. Each NSG is connected to a virtual machine.

You need to configure an Azure Monitor Network Insights alert that will be triggered when suspicious network traffic is detected.

What should you do first?

  • A. Deploy Connection Monitor.
  • B. Configure data collection endpoints.
  • C. Configure a private link.
  • D. Configure NSG flow logs.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
khaled_razouk
Highly Voted 1 year, 11 months ago
Selected Answer: D
To configure an Azure Monitor Network Insights alert that will be triggered when suspicious network traffic is detected, you should first configure NSG flow logs. NSG flow logs provide information about traffic that is allowed or denied by an NSG. By configuring NSG flow logs, you will be able to monitor the traffic passing through your NSGs and detect any suspicious activity.
upvoted 19 times
...
Muffay
Highly Voted 1 year, 11 months ago
Selected Answer: D
I think D is correct. https://learn.microsoft.com/en-us/azure/network-watcher/network-insights-overview#traffic The Traffic tab provides access to all NSGs configured for NSG flow logs and Traffic Analytics for the selected set of subscriptions, grouped by location.
upvoted 15 times
moshos
1 year, 10 months ago
Also https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview " Identify unknown or undesired traffic." in Common use cases
upvoted 3 times
...
...
SeMo0o0o0o
Most Recent 1 month, 3 weeks ago
Selected Answer: D
D is correct
upvoted 1 times
...
Amir1909
8 months, 2 weeks ago
D is right
upvoted 1 times
...
MOSES3009
1 year ago
Selected Answer: D
D is the one that can help to identify "wrong" traffic. Connection Monitor is doing what it say - monitor. That means, it monitor a "known" connection - aka from IP1 to IP2 port xx. Will not be aware about any suspicious connection between VMs.
upvoted 3 times
MOSES3009
1 year ago
here is the link for connection monitor -> https://learn.microsoft.com/en-us/azure/network-watcher/monitor-vm-communication
upvoted 1 times
...
...
sardonique
1 year, 1 month ago
Mlantonis where are you!!
upvoted 5 times
...
DeVullers
1 year, 2 months ago
Selected Answer: D
Correct answer: D To configure an Azure Monitor Network Insights alert that will be triggered when suspicious network traffic is detected, you should first configure NSG flow logs. NSG flow logs provide information about traffic that is allowed or denied by an NSG. By configuring NSG flow logs, you will be able to monitor the traffic passing through your NSGs and detect any suspicious activity. You can use them for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions, and more. Reference: https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#why-use-flow-logs
upvoted 1 times
...
marioZuo
1 year, 4 months ago
Connection Monitor is for latency and network issue with IaaS device over a period of time. Data collection rule is only for VM
upvoted 1 times
...
BobbyMc3030
1 year, 5 months ago
Selected Answer: D
My vote is D - NSG Flow logs. The question mentioned suspicious activity and that’s what flow logs are for. Who’s connecting from where and other behaviors. https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview
upvoted 1 times
...
Exilic
1 year, 7 months ago
Selected Answer: D
OpenAI "The correct answer is D. Configure NSG flow logs. To configure an Azure Monitor Network Insights alert that will be triggered when suspicious network traffic is detected, you need to enable NSG flow logs for each NSG that is connected to a virtual machine. NSG flow logs capture information about inbound and outbound traffic flowing through an NSG. Once NSG flow logs are enabled, you can use Azure Monitor to analyze the logs and create alerts for suspicious traffic patterns. Therefore, the first step is to configure NSG flow logs. Option A, B, and C are not directly related to configuring an Azure Monitor Network Insights alert for detecting suspicious network traffic. Connection Monitor is used to monitor connectivity to Azure resources. Configuring data collection endpoints is related to collecting data from various sources, and configuring a private link is used to securely access Azure services over a private connection."
upvoted 1 times
...
djgodzilla
1 year, 8 months ago
Traffic Analytics: Analyzes Network Watcher - NSG flow logs to provide insights into traffic flow in your Azure cloud. Requires >> Network Watcher, (NSG) flow logs enabled, Storage account, to store raw flow logs, Log Analytics workspace, with read and write access.
upvoted 1 times
...
sjb666
1 year, 8 months ago
Reluctantly, I have to agree that Flow Logs looks more correct. The Log Analytics Workspace bit would appear to be a red herring.
upvoted 1 times
...
sjb666
1 year, 8 months ago
Selected Answer: A
Hmmm...not often I disagree with 100% vote but here goes: The question specifically says there is a Log Analytics workspace named Workspace1. A Log Analytics Workspace is used for Connection Monitor, NOT NSG Flow Logs, which use a storage account instead. NSG Flow Logs: https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#read-and-export-flow-logs) Connection Monitor: https://learn.microsoft.com/en-us/azure/network-watcher/connection-monitor-overview#data-collection-analysis-and-alerts) So answer is A
upvoted 4 times
...
CyberKelev
1 year, 9 months ago
Selected Answer: D
the correct answer is D. Configure NSG flow logs
upvoted 1 times
...
zellck
1 year, 9 months ago
Selected Answer: D
D is the answer. https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#why-use-flow-logs It is vital to monitor, manage, and know your own network for uncompromised security, compliance, and performance. Knowing your own environment is of paramount importance to protect and optimize it. You often need to know the current state of the network, who is connecting, where they're connecting from, which ports are open to the internet, expected network behavior, irregular network behavior, and sudden rises in traffic.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...