Microsoft Security Operations Analyst — Question 31

You have an Azure subscription that uses Microsoft Defender for Cloud and contains 100 virtual machines that run Windows Server.

You need to configure Defender for Cloud to collect event data from the virtual machines. The solution must minimize administrative effort and costs.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Answer options

• A. Configure auto-provisioning by setting the security event storage to Common.
• B. From the Microsoft Endpoint Manager admin center, enable automatic enrollment.
• C. From the Azure portal, create an Azure Event Grid subscription.
• D. Configure auto-provisioning by setting the security event storage to All Events.
• E. From Defender for Cloud in the Azure portal, enable Microsoft Defender for Servers.

Correct answer: A, E

Explanation

The correct actions are A and E. By configuring auto-provisioning with the security event storage set to Common, you reduce costs and administrative effort while collecting essential security events. Enabling Microsoft Defender for Servers ensures that the virtual machines are protected and monitored effectively. The other options do not directly contribute to the efficient collection of event data in this context.