Question 94

Your Azure Databricks workspace already streams diagnostic logs to a Log Analytics workspace, and platform metrics are available for the Databricks resource. You must configure two Azure Monitor alerts: 1. A **near-real-time** alert that fires when a platform metric (for example, a workspace-level metric value) crosses a static threshold, evaluated at a fixed frequency with a defined aggregation window. 2. An alert based on a saved **Kusto (KQL) query** over the Databricks diagnostic logs in the Log Analytics workspace, run on a schedule, that fires when the number of returned results exceeds 0 (for example, repeated job-failure rows). You also need every fired alert to send email and SMS notifications to the on-call rotation. Which **three** statements correctly describe how to build this in Azure Monitor? (Choose THREE.)

• ARequirement 1 is a **metric alert rule** — it evaluates a metric value against a threshold using an evaluation frequency and an aggregation window (for example, `az monitor metrics alert create --condition "avg <metric> > <threshold>"`).
• BRequirement 2 is a **log search alert rule** (scheduled query rule) — it runs the KQL query on a schedule and fires based on the result/row count (for example, `az monitor scheduled-query create`).
• CBoth alerts use an **action group** to define what happens when the alert fires, such as sending email and SMS notifications.
• DRequirement 1 must be implemented as a log alert because Azure Databricks platform metrics cannot be used by metric alert rules.
• ERequirement 2 must be implemented as a metric alert because KQL queries can only run inside metric alert rules.
• FNotifications are configured directly on each alert rule's threshold and do not use action groups.