200-201 Question #66: Real Exam Question with Answer & Explanation

The correct answer is D: facility. The 'facility' identifier is used in logging, particularly in syslog, to categorize the application or process that submitted a log message.

Submitted by yuriko_h· Mar 6, 2026Security Monitoring

Question

Which identifier is used to describe the application or process that submitted a log message?

Options

Aaction
Bselector
Cpriority
Dfacility

Explanation

The 'facility' identifier is used in logging, particularly in syslog, to categorize the application or process that submitted a log message.

Common mistakes.

A. The 'action' describes what occurred in the log event, not the source application itself.
B. A 'selector' is a combination of facility and priority used in syslog configuration for filtering, not an identifier for the source application itself.
C. The 'priority' (or severity) describes the importance or criticality of the log message, not the application that sent it.

Concept tested. Syslog message components (Facility)

Reference. https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-sources-syslog#syslog-data-collection

Topics

#syslog#logging#log analysis#facility

Community Discussion

No community discussion yet for this question.

Full 200-201 Practice Browse All 200-201 Questions