Microsoft Azure Architect Technologies (2020, legacy) — Question 17

Your on-premises network contains 100 virtual machines that run Windows Server 2019.
You have an Azure subscription that contains an Azure Log Analytics workspace named Workspace1.
You need to collect errors from the Windows event logs on the virtual machines.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Answer options

• A. Create an Azure Event Grid domain.
• B. Deploy the Microsoft Monitoring Agent.
• C. Configure Windows Event Forwarding on the virtual machines.
• D. Create an Azure Sentinel workspace.
• E. Configure the Data Collection settings for Workspace1.

Correct answer: B, E

Explanation

The correct answers are B and E because deploying the Microsoft Monitoring Agent (B) is essential for collecting data from the Windows event logs, while configuring the Data Collection settings for Workspace1 (E) is necessary to specify what data to collect. The other options do not directly contribute to collecting event log errors from the virtual machines.