You need to build enhanced security around your IoT infrastructure by using Azure Security Center's Defender for IoT.
You want to set up a security agent to collect and report high priority events every 5 minutes and you set the event PriorityConnectionCreate parameter to “High”
After configuring the agents, you deploy the module and you notice that the events are not collected as expected because the agent isn't running.
What can be the probable cause for the problem?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
Option A is incorrect because the agent configuration object must be created within the twin of the azureiotsecurity module.
Option B is CORRECT because if the configuration object does not match the IoT security schema, the agent will not launch.
Make sure to check your agent configuration against the schema.
Option C is incorrect because eventPriorityConnectionCreate is a valid and supported security event.
It monitors TCP connections created to and from the device.
Option D is incorrect because properties related to Defender for IoT security agent must actually be located in the desired properties section of the module twin.
Diagram:
<pre class="brush:java;"># valid configuration schema for the Defender for IoT security agent.
...
"desired": {
"ms_iotn:urn_azureiot_Security_SecurityAgentConfiguration": {
"eventPriorityConnectionCreate": {
"value": "High"
}
}
}
#
</pre>
References:
The probable cause for the problem is likely to be option A, "You added the agent configuration object to the twin of the azureiotsecurity module."
In this scenario, the security agent has been configured to collect and report high priority events every 5 minutes with the event PriorityConnectionCreate parameter set to "High." After configuring the agents, the module has been deployed, but the events are not being collected as expected because the agent isn't running.
In Azure IoT, twin properties represent the desired and reported state of a device or module. The properties.desired section of the twin contains the desired state of a device or module, and it is the section where configuration information should be added.
Option A suggests that the agent configuration object was added to the twin of the azureiotsecurity module, which is not the correct location for this information. Instead, the configuration information should have been added to the properties.desired section of the module twin. This may have prevented the security agent from running and collecting the events as expected.
Option B suggests that the configuration object does not match the IoT security schema, which may also be a potential issue. If the configuration object does not conform to the schema, it may prevent the agent from running correctly.
Option C suggests that eventPriorityConnectionCreate is not a supported security event. However, this does not seem to be a likely cause of the problem, as it was stated that the event parameter was set to "High" and not that it was an unsupported event.
Therefore, option A, where the agent configuration object was added to the wrong location in the twin, is the most probable cause for the problem. Moving the configuration object to the correct location, properties.desired, should resolve the issue and allow the security agent to collect and report high priority events every 5 minutes as intended.