Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You manage an Azure subscription that contains hundreds of Azure virtual machines running Windows Server and Ubuntu Linux. You need to collect Windows Firewall events, Linux authpriv Syslog messages, and the Bytes Total/sec network performance counter. The counter must be sampled every 15 seconds on Windows VMs and every 60 seconds on Linux VMs. New virtual machines must be onboarded automatically. Which solution uses the minimum number of data collection rules (DCRs)?

  • Create two DCRs per virtual machine-one for events and one for performance counters-and associate each rule with the VM's resource ID.

  • Create one DCR for Windows VMs and one DCR for Linux VMs, each associated with a dynamic resource group.

  • Create one DCR for all event logs and a second DCR for all performance counters, and assign both to every virtual machine.

  • Create one DCR that includes individual performance-counter definitions with the required sampling frequencies and an Azure Resource Graph-based scope that targets every virtual machine.

Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot