Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You need to collect Windows Firewall security events from 200 Azure virtual machines that are spread across four subscriptions. All VMs run the Azure Monitor Agent (AMA) and belong to the same Azure region. You want the events to be written to a single Log Analytics workspace and you want to simplify future maintenance. Which action should you perform first?

  • Edit the data collection configuration directly on each VM by using the Change Tracking solution.

  • Deploy a separate data collection rule in every subscription so that the rule and its target VMs always reside in the same subscription.

  • Create one data collection rule in any of the subscriptions and configure it to collect the Microsoft-Windows-Security-Auditing firewall log channel.

  • Create a dedicated Log Analytics workspace in each subscription and point each VM to its local workspace.

Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot