Azure Windows Virtual Machine Manual Configuration
Question
You are a SOC Analyst for company XYZ that is deploying cloud workload protection with Azure Defender.
Your work is to ensure Azure Defender automatically protects the Azure resources.
Your organization has a small number of Azure virtual machines that are not part of the auto provisioning scheme.
You must manually configure protection for these Azure resources.
What feature should you configure on a new Azure Windows Virtual Machine if auto provisioning is not enabled?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C Option C is correct.
You need to install the Log Analytics Agent.
Option A and D is incorrect.
Sysmon is not related to provisioning.
Option B is incorrect.
Windows Firewall is already installed on a Windows VM.
Reference:
As a SOC Analyst responsible for deploying cloud workload protection with Azure Defender, your primary task is to ensure that Azure Defender automatically protects Azure resources. However, in cases where auto provisioning is not enabled for a small number of Azure virtual machines, you must manually configure protection for these Azure resources.
To manually configure protection for these Azure resources, you will need to configure a feature on a new Azure Windows Virtual Machine that is not part of the auto provisioning scheme. Among the given options, the most suitable feature to configure on the new Azure Windows Virtual Machine is the Log Analytics Agent (Option C).
The Log Analytics Agent is an Azure service that provides a way to collect data from various sources, including Azure resources and Windows and Linux virtual machines. The agent collects data and sends it to a Log Analytics workspace, where it can be analyzed and visualized using various tools.
By configuring the Log Analytics Agent on the new Azure Windows Virtual Machine, you can collect data from the machine and send it to the Log Analytics workspace for analysis. This will allow you to monitor the security of the virtual machine and detect any security threats that may arise.
Option A, Sysmon, is a system monitoring tool that can be used to detect and analyze security threats on Windows systems. While it can be useful for monitoring security threats on Azure virtual machines, it does not provide the same level of visibility as the Log Analytics Agent.
Option B, Windows Firewall, is a feature that is used to control incoming and outgoing network traffic on a Windows system. While it can be useful for securing network traffic on an Azure virtual machine, it does not provide the same level of visibility as the Log Analytics Agent.
Option D, Log collection Agent, is not a valid Azure feature or service. Therefore, it cannot be used to manually configure protection for the Azure resources.
