Technical Lab: Configure and interpret monitoring of virtual machines, storage accounts, and networks by using Azure Monitor Insights
Questionsβ
Question 1 β Multiple Choiceβ
An operations team needs to automatically identify performance degradations in virtual machines without creating individual alerts for each metric. The environment has dozens of VMs distributed across multiple regions.
Which Azure Monitor functionality best meets this requirement?
A) Create metric-based alert rules for each VM individually, with fixed thresholds defined by the team.
B) Enable VM Insights and use dependency maps and aggregated performance analytics by resource group.
C) Configure a Log Analytics Workspace with scheduled KQL queries that send emails when a threshold is exceeded.
D) Use Azure Advisor to receive consolidated performance recommendations per subscription.
Question 2 β Technical Scenarioβ
An administrator enabled VM Insights on a Linux VM, but after 30 minutes the Map tab remains empty and no process dependencies are displayed. The Performance tab already shows data normally.
VM: prod-linux-01
OS: Ubuntu 22.04
VM Insights: enabled
Workspace: linked
Dependency Agent: status = not running
Azure Monitor Agent: status = running
What is the most likely cause of the problem?
A) The Log Analytics Workspace is not in the same region as the VM, preventing map data collection.
B) The Azure Monitor Agent does not have the necessary managed identity permissions to send data to the workspace.
C) The Dependency Agent is not running, and it is the component responsible for collecting process and network connection data used in the map.
D) The Map tab requires the resource to be associated with a separate Application Insights, in addition to the default workspace.
Question 3 β True or Falseβ
Network Insights in Azure Monitor can display the network topology of a subscription and, within the same interface, present traffic flow metrics from a specific Network Security Group, provided that NSG Flow Log is enabled and directed to a Log Analytics workspace with Traffic Analytics activated.
True or False?
Question 4 β Technical Scenarioβ
A company stores financial transaction logs in a Storage Account of type General Purpose v2. The security team needs to monitor unauthorized access attempts to specific blob containers. The administrator enabled Storage Account metrics in Azure Monitor, but denied access attempts do not appear in dashboards.
Diagnostics enabled: aggregated metrics (Transactions, Availability)
Log Analytics Workspace: linked
Diagnostic Settings: no resource logs configured
What is missing in the current configuration?
A) Enable Azure Defender for Storage so that access denied events are automatically routed to the workspace.
B) Configure the Diagnostic Settings of the Storage Account to send resource log categories, such as StorageRead, StorageWrite, and StorageDelete, to the workspace.
C) Create a metric alert rule using the Transactions metric filtered by the ResponseType = AuthorizationError dimension.
D) Enable Blob Versioning in the Storage Account so that access control logs are generated automatically.
Question 5 β Multiple Choiceβ
An administrator is interpreting the Network Insights dashboard and observes that a connection between two resources appears with Reachable status in Connection Monitor, but with latency consistently above 150 ms, well above the environment's historical baseline.
Which conclusion is technically valid based on this observation?
A) The Reachable status confirms that the connection is healthy and elevated latency should be ignored, as it is expected behavior for passive monitoring.
B) Connection Monitor validates only layer 3 reachability; persistently elevated latency may indicate congestion, suboptimal routing, or bandwidth saturation, requiring additional investigation.
C) The problem is necessarily in a Network Security Group partially blocking traffic, since NSG rules can increase latency without completely blocking the connection.
D) Connection Monitor is not capable of measuring latency; the displayed values are estimates based on logs and should not be used for performance diagnosis.
Answer Key and Explanationsβ
Answer Key β Question 1β
Answer: B
VM Insights is the native Azure Monitor solution designed exactly for this scenario: monitoring VMs at scale without manual configuration per metric. It provides aggregated performance visualizations (CPU, memory, disk, network) and automatic dependency maps, with the ability to filter by resource group, subscription, or tag.
The main misconception in the distractors is confusing complementary tools with the appropriate solution for the requirement. Metric alert rules (A) require individual and reactive configuration, not automatic aggregation. Scheduled KQL queries (C) are powerful but require query expertise and do not replace the integrated Insights experience. Azure Advisor (D) focuses on cost and compliance recommendations, not continuous performance monitoring.
Answer Key β Question 2β
Answer: C
VM Insights uses two agents with distinct responsibilities: the Azure Monitor Agent collects metrics and operating system logs (which is why the Performance tab works normally), while the Dependency Agent is the component that intercepts network calls and running process information to feed the Map tab. If the Dependency Agent is not running, the map simply does not receive data.
Alternative A is a common misconception: workspace location does not prevent collection, it may only increase ingestion latency. Alternative B describes a real configuration problem, but the symptom would be absence of data in both tabs, not only the map. Alternative D is incorrect: VM Insights does not depend on Application Insights to display the dependency map.
Answer Key β Question 3β
Answer: True
Network Insights integrates topology visualization and traffic analysis in a single experience. For NSG flow data to appear, two prerequisites must be satisfied: NSG Flow Log enabled in Network Watcher and Traffic Analytics activated pointing to a Log Analytics workspace. Without both, the topology is displayed but without associated traffic flow data.
The statement is technically accurate and represents non-obvious behavior: many administrators enable NSG Flow Log but forget to activate Traffic Analytics, resulting in visible topology without flow analysis.
Answer Key β Question 4β
Answer: B
The aggregated metrics of a Storage Account (such as Transactions and Availability) show volumes and availability but do not contain information about individual access operations. To audit denied access attempts, it is necessary to enable resource logs in Diagnostic Settings, specifically the StorageRead, StorageWrite, and StorageDelete categories, which record individual operations including the result of each request (success, authorization denied, etc.).
Alternative A describes a real capability of Microsoft Defender for Storage, but it serves for threat detection and security alerts, not for detailed operation auditing. Alternative C is partially valid as a complement (reactive alerts by metric dimension), but does not replace logs for forensic investigation. Alternative D is incorrect: Blob Versioning controls object versions, unrelated to access control logs.
Answer Key β Question 5β
Answer: B
Connection Monitor operates at layers 3 and 4, validating reachability and measuring end-to-end latency with synthetic probes. The Reachable status confirms that the destination is reachable, but does not indicate that connection quality is acceptable. Persistently elevated latency is a legitimate sign of network performance problems that requires additional investigation, such as route analysis with Next Hop, checking gateway saturation, or reviewing peering configurations.
Alternative A represents the most dangerous error: confusing reachability with connection health. Alternative C attributes the problem directly to NSGs without evidence, being a premature diagnosis. NSGs block or allow traffic but do not introduce latency by themselves. Alternative D is factually incorrect: Connection Monitor actively measures latency and this data is usable for diagnosis.