- 1 view
Exam
Answer needs confirmation
Question
You have 20 on-premises virtual machines that run Windows Server.
You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace1.
You need to collect events from the on-premises virtual machines end forward the events to Workspace1. The solution must ensure that you can define filters to minimize the volume of collected events.
Which two components should you install on each virtual machine? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Proposed answer
- A. the Azure Connected Machine agent
- B. the Azure VM Dependency agent extension for Windows
- C. the Azure Monitor agent
- D. the Log Analytics VM extension for Windows
- E. the Dependency agent
Suggested answer
- A. the Azure Connected Machine agent
- C. the Azure Monitor agent