Notify Admins for Event Threshold Exceeded
Question
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains two administrative user accounts named Admin1 and Admin2.
You create two Azure virtual machines named VM1 and VM2.
You need to ensure that Admin1 and Admin2 are notified when more than five events are added to the security log of VM1 or VM2 during a period of 120 seconds.
The solution must minimize administrative tasks.
What should you create?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.B
The correct answer is B. One action group and one alert rule.
To ensure that Admin1 and Admin2 are notified when more than five events are added to the security log of VM1 or VM2 during a period of 120 seconds, we need to create an alert rule in Azure Monitor that triggers an email notification to the specified administrators when the conditions are met.
We also need to create an action group that contains the email addresses of Admin1 and Admin2, which will be used to send the email notification when the alert is triggered.
Option A is incorrect because it suggests creating two action groups, which is unnecessary since both administrators can be included in a single action group. We only need one alert rule to monitor the security logs of VM1 and VM2.
Option C is incorrect because it suggests creating five action groups, which is not necessary for this scenario. We only need one action group to contain the email addresses of the administrators.
Option D is incorrect because it suggests creating two alert rules, which is not necessary. We only need one alert rule to monitor the security logs of both VM1 and VM2.
