Microsoft Cybersecurity Architect Expert SC-100
Get started today
Ultimate access to all questions.
Your company leverages Microsoft Defender for Cloud and Microsoft Sentinel for its cybersecurity framework. Currently, the company is in the process of designing a new application, and the architecture for this application is depicted in the following exhibit. As part of the application development, you are tasked with designing a comprehensive logging and auditing solution. This solution must fulfill the following criteria:
- Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel.
- Utilize Defender for Cloud to monitor and review alerts generated by the virtual machines.
What components and configurations should be included in the proposed solution? To respond, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Exam-Like
A
Data connectors: Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel. Use the Log Analytics agent to integrate with Microsoft Defender for cloud.
B
Use Azure Monitoring agent to integrate with Microsoft Defender for Cloud.
C
Use Azure Diagnostics extension to integrate with Microsoft Defender for Cloud.
D
Integrate Azure Bastion logs with Microsoft Sentinel.
Explanation:
The correct answer includes the following steps:
- For integrating Azure Web Application Firewall (WAF) logs with Microsoft Sentinel, you need to use Data connectors. Specifically, you need to enable the Azure Web Application Firewall (WAF) connector in Microsoft Sentinel to stream the log data.
- For reviewing alerts from the virtual machines using Defender for Cloud, you use the Log Analytics agent. This agent collects telemetry from Windows and Linux virtual machines in the cloud or on-premises and sends the collected data to your Log Analytics workspace in Azure Monitor. The Azure Diagnostics extension does not integrate with Microsoft Defender for Cloud, hence it is not a correct option.
Comments
Loading comments...