Microsoft Azure Architect Design (AZ-304) Practice Test

To ensure that alerts are generated based on the security log events of virtual machines, the correct approach is to create one action group and one alert rule.

An action group allows you to define a set of notifications and actions that are triggered when an alert is activated. By consolidating the actions into one action group, it simplifies the management and configuration. You can configure this single action group to send notifications via email, SMS, or even trigger automated responses through Azure functions or Logic Apps.

The alert rule is essential because it defines the specific conditions under which the alert will be triggered. This typically involves setting criteria for monitoring the security logs, such as the occurrence of specific events or thresholds that need to be reached based on the log data collected from the virtual machines.

Combining one alert rule with one action group provides a streamlined and efficient way to monitor security log events and respond to them accordingly. This configuration minimizes complexity while ensuring that alerts are effectively generated and managed.