A company has deployed several applications across Windows and Linux Virtual machines in Azure. Log Analytics are being used to send the required data for alerting purposes for the Virtual Machines.
You need to recommend which tables need to be queried for security related queries.
Which of the following would you query for events from Windows Event Logs?
A . Azure Activity
B . Azure Diagnostics
C . Event
D . Syslog
Answer: C
Explanation:
This is also given in the Microsoft documentation, wherein you would use the Event Table for the queries on events from Windows Virtual machines
Since this is clearly mentioned, all other options are incorrect
For more information on collecting event data from windows virtual machines, please go ahead and visit the below URL.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events