SC-200 · Question #24
SC-200 Question #24: Real Exam Question with Answer & Explanation
The correct answer is A: From Security Center, enable data collection. To ensure Azure Security Center (now Microsoft Defender for Cloud) collects and processes security events from Azure virtual machines reporting to a specific Log Analytics workspace, you must enable data collection within Security Center settings. Enabling data collection provisi
Question
You create an Azure subscription named sub1. In sub1, you create a Log Analytics workspace named workspace1. You enable Azure Security Center and configure Security Center to use workspace1. You need to ensure that Security Center processes events from the Azure virtual machines that report to workspace1. What should you do?
Options
- AFrom Security Center, enable data collection
- BIn sub1, register a provider.
- CFrom Security Center, create a Workflow automation.
- DIn workspace1, create a workbook.
Explanation
To ensure Azure Security Center (now Microsoft Defender for Cloud) collects and processes security events from Azure virtual machines reporting to a specific Log Analytics workspace, you must enable data collection within Security Center settings. Enabling data collection provisions the Microsoft Monitoring Agent (MMA) or Azure Monitor Agent on the VMs, configuring them to forward security events to the designated workspace. Option B (registering a provider) is a prerequisite for enabling Azure services but does not configure event collection. Option C (Workflow automation) is used to trigger responses to alerts, not to collect data. Option D (creating a workbook) is a visualization tool and has no effect on data ingestion or Security Center event processing.
Topics
Community Discussion
No community discussion yet for this question.