New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-500 Exam - Topic 3 Question 81 Discussion

Actual exam question for Microsoft's AZ-500 exam
Question #: 81
Topic #: 3
[All AZ-500 Questions]

You have an Azure subscription that contains a SQL Server on Azure Virtual Machines instance named SQt1 and a Microsoft Sentinel workspace named Sentinel1.

You need to monitor security incidents on SQL1 by using Sentinel1.

What should you do first?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Magnolia at Mar 07, 2025, 12:18 PM

Limited Time Offer

25%

Off

Get Premium AZ-500 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Mitzie
3 months ago
Wait, can you really monitor SQL with Sentinel like that? Sounds too easy!
upvoted 0 times
...
Junita
3 months ago
Not sure about that, enabling VM insights seems more relevant.
upvoted 0 times
...
Jillian
3 months ago
Definitely need that Log Analytics workspace set up!
upvoted 0 times
...
Johanna
4 months ago
I think installing the Connected Machine agent is the way to go.
upvoted 0 times
...
Carmela
4 months ago
Gotta enable SQL Server audit first!
upvoted 0 times
...
Lelia
4 months ago
I feel like enabling VM insights from Sentinel1 could be important, but I’m not confident if that’s the initial action we need to take.
upvoted 0 times
...
Breana
4 months ago
Creating a Log Analytics workspace seems like a common step in monitoring, but I can't recall if it's the very first thing we should do in this scenario.
upvoted 0 times
...
Allene
5 months ago
I remember a practice question where we had to install the Connected Machine agent for Azure Arc. That could be relevant here, right?
upvoted 0 times
...
Leoma
5 months ago
I think enabling SQL Server audit on SQL1 might be the first step, but I'm not entirely sure if that's enough for Sentinel integration.
upvoted 0 times
...
Bernardine
5 months ago
I'm pretty confident that the right answer here is option A - enabling SQL Server audit on the SQL1 instance. That will ensure the necessary security events get captured and can then be ingested into Sentinel1 for monitoring. The other options don't seem directly relevant to the question.
upvoted 0 times
...
Broderick
5 months ago
Okay, let me think this through. I believe the first step is to enable SQL Server audit on the SQL1 instance so that the security events get logged. Then we can connect that data source to the Sentinel1 workspace to start monitoring. The other options seem less relevant for this specific task.
upvoted 0 times
...
Lillian
5 months ago
Hmm, I'm a bit confused here. Do we need to create a new Log Analytics workspace, or can we use the existing Sentinel1 workspace? And what's the difference between enabling SQL Server audit and installing the Connected Machine agent?
upvoted 0 times
...
Kristal
5 months ago
This looks like a straightforward question about setting up monitoring for a SQL Server instance using Azure Sentinel. I think the key is to determine what needs to be done first to get the data from SQL1 into Sentinel1.
upvoted 0 times
...
Ngoc
11 months ago
Wait, is option B really about connecting SQL1 to Azure Arc? I thought that was just a way to get robots to do our server maintenance. Gotta love automation!
upvoted 0 times
...
Domitila
11 months ago
I'm feeling option D, 'cause who doesn't love enabling VM insights? It's like unleashing a horde of security-hungry unicorns on SQL1.
upvoted 0 times
...
Tamesha
11 months ago
I see your point, Elvera. Let's go with creating a Log Analytics workspace first.
upvoted 0 times
...
Leatha
11 months ago
Hold up, what about option A? Enabling SQL1 Server audit is crucial for Sentinel1 to get its hands on that juicy security data. Gotta do that first.
upvoted 0 times
Jacqueline
10 months ago
B) On SQL1. install the Connected Machine agent for Azure Arc-enabled servers.
upvoted 0 times
...
Elena
10 months ago
C) From the Azure portal, create a Log Analytics workspace.
upvoted 0 times
...
Annice
11 months ago
A) On SQL1, enable SQL1 Server audit.
upvoted 0 times
...
...
Elvera
11 months ago
That's a good point, but I think creating a Log Analytics workspace is still the best initial step.
upvoted 0 times
...
Vannessa
11 months ago
But wouldn't enabling VM insights from Sentinel1 be more beneficial for monitoring security incidents?
upvoted 0 times
...
Tamesha
11 months ago
I agree with Elvera, creating a Log Analytics workspace seems like the right first step.
upvoted 0 times
...
Elvera
11 months ago
I think we should create a Log Analytics workspace first.
upvoted 0 times
...
Lea
11 months ago
Hmm, I'd say C is the right choice. Creating a Log Analytics workspace is the first step to get Sentinel1 monitoring those SQL1 security incidents.
upvoted 0 times
Thaddeus
11 months ago
User3: Agreed, that's the way to go to monitor those security incidents.
upvoted 0 times
...
Brandon
11 months ago
User2: Yeah, creating a Log Analytics workspace is the first step.
upvoted 0 times
...
Junita
11 months ago
User1: I think C is the best option.
upvoted 0 times
...
...
Antonio
12 months ago
Option B seems the way to go. Gotta get that Connected Machine agent installed on SQL1 to connect it to Azure Arc, then Sentinel1 can work its magic.
upvoted 0 times
Patria
11 months ago
That's right! Enabling VM insights on Sentinel1 will help us monitor security incidents on SQL1.
upvoted 0 times
...
Latia
11 months ago
D) From Sentinel1, enable VM insights.
upvoted 0 times
...
Keneth
11 months ago
Great idea! Once that's done, we can connect SQL1 to Azure Arc and start monitoring with Sentinel1.
upvoted 0 times
...
Wilson
11 months ago
B) On SQL1, install the Connected Machine agent for Azure Arc-enabled servers.
upvoted 0 times
...
...

Save Cancel