- 5 переглядів
Exam
Answer needs confirmation
Question
You have an on-premises server named Server1 that runs Windows Server 2022 Standard.
You have an Azure subscription that contains the virtual machines shown in the following table.
The subscription contains a Microsoft Sentinel instance named Sentinel1 in the Central US Azure region.
You need to implement the Windows Firewall connector.
Which servers can send Windows Firewall logs to Sentinel1?
Proposed answer
- A. VM1 only
- B. VM2 only
- C. VM1 and Server1 only
- D. VM1, VM2, and VM3 only
- E. VM1, VM2, and Server1 only
- F. VM1, VM2, VM3, and Server1
Suggested answer
- E. VM1, VM2, and Server1 only
kenda1535
1 week, 1 day ago
Selected Answer: E
Azure Virtual Machines: VM1 (Windows Server 2022 Datacenter: Azure Edition) is fully compatible with the Windows Firewall connector due to its Azure-specific capabilities and integration with Azure services. VM2 (Windows Server 2019 Datacenter) is also compatible with the Windows Firewall connector, as it's a recent Windows Server version. On-premises Server: Server1 (Windows Server 2022 Standard) can also send Windows Firewall logs to Sentinel1 using the Windows Firewall Connector. This requires an agent to be installed on the on-premises server. VM3 Incompatibility: VM3 (Windows Server 2016 Datacenter) is not directly compatible with the Windows Firewall connector. While it's possible to use third-party solutions or custom scripts to extract and send firewall logs to Sentinel1, it's not a straightforward and officially supported method. Therefore, the correct answer is E. VM1, VM2, and Server1 only.
upvoted 1 times
NicolaF
1 month ago
based on https://learn.microsoft.com/en-us/azure/sentinel/connect-services-windows-based#log-analytics-agent-legacy and https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-supported-operating-systems the connector is supported even on 2012R2
upvoted 3 times