Microsoft Azure Architect Design (AZ-304) Practice Test

What should be created to notify admins when more than five events are added to the security log of a virtual machine in a short time?

• A. two action groups and two alert rules
• B. one action group and one alert rule
• C. five action groups and one alert rule
• D. two action groups and one alert rule

The correct answer is: one action group and one alert rule

Creating one action group and one alert rule is an effective approach to manage notifications for events in the security log of a virtual machine. An alert rule is essential to define the conditions under which notifications should be sent; in this case, it would be set to trigger when more than five events are logged within a specified timeframe. The alert rule monitors the metrics or logs and assesses when they meet the pre-defined criteria, enabling the system to track specific thresholds or spikes in activity related to security events. The action group serves as a resource that specifies how to respond when the alert rule is triggered. By having one action group, you simplify the notification process, ensuring that when the alert is activated, a single set of actions—such as sending emails, SMS, or triggering webhooks—is initiated. This setup is efficient because it centralizes your actions while keeping the system manageable. In summary, having one alert rule allows you to efficiently monitor the conditions for notification, whereas one action group provides a clear and organized way to handle the notifications once an alert is triggered. This approach avoids unnecessary complexity and maintains clarity in alert management.