Configuring Windows Server Hybrid Advanced Services — Question 26

You have 20 on-premises virtual machines that run Windows Server.

You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace1.

You need to collect events from the on-premises virtual machines end forward the events to Workspace1. The solution must ensure that you can define filters to minimize the volume of collected events.

Which two components should you install on each virtual machine? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Answer options

• A. the Azure Connected Machine agent
• B. the Azure VM Dependency agent extension for Windows
• C. the Azure Monitor agent
• D. the Log Analytics VM extension for Windows
• E. the Dependency agent

Correct answer: A, C

Explanation

The Azure Connected Machine agent and the Azure Monitor agent are required to collect and forward events to Microsoft Sentinel while allowing for filtering. The other options, while useful for various monitoring purposes, do not provide the necessary functionality for event collection and forwarding in this specific scenario.