Managing Modern Desktops (legacy) — Question 80

You have a Microsoft Azure Log Analytics workplace that collects all the event logs from the computers at your company.
You have a computer named Computer1 than runs Windows 10. You need to view the events collected from Computer1.
Which query should you run in Log Analytics?

Answer options

• A. Event | where Computer = = "Computer1"
• B. ETWEvent | where SourceSystem = = "Computer1"
• C. ETWEvent | where Computer = = "Computer1"
• D. Event | where SourceSystem = = "Computer1"

Correct answer: A

Explanation

The correct query is A because it directly filters events based on the computer name, which is the intended target. Options B and C use the ETWEvent table, which is not applicable for standard event logs, while option D filters by SourceSystem rather than Computer, making it incorrect for this particular query.