AZ-500 Question #55: Real Exam Question with Answer & Explanation

Submitted by zhang_li· Mar 6, 2026Monitor and maintain Azure resources - specifically using Azure Monitor components (Activity Log and Log Analytics Logs) to audit resource changes and query VM security telemetry. Relevant to AZ-104 Domain: Monitor and Back Up Azure Resources.

Question

Drag and Drop Question You have an Azure subscription that contains 100 virtual machines. Azure Diagnostics is enabled on all the virtual machines. You are planning the monitoring of Azure services in the subscription. You need to retrieve the following details: - Identify the user who deleted a virtual machine three weeks ago. - Query the security events of a virtual machine that runs Windows Server 2016. What should you use in Azure Monitor? To answer, drag the appropriate configuration settings to the correct details. Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Answer:

Explanation

The Activity Log records subscription-level events such as when a resource was created, modified, or deleted, along with the identity of who performed the action - making it the correct tool to identify who deleted a virtual machine up to 90 days ago. Logs (Log Analytics / Azure Monitor Logs) collects and queries detailed telemetry data including Windows Security Event logs forwarded from virtual machines via the Log Analytics agent or Azure Diagnostics, making it the right choice for querying security events on a Windows Server 2016 VM. These two tools serve distinct but complementary purposes within Azure Monitor.

Topics

#Azure Monitor#Activity Log#Log Analytics#Azure Diagnostics

Community Discussion

No community discussion yet for this question.

Full AZ-500 Practice Browse All AZ-500 Questions