Crucial Exams

Microsoft Azure Solutions Architect Expert AZ-305 Practice Question

You manage 40 Azure subscriptions that belong to a single tenant. The security team uses an on-premises Splunk installation and must receive all Azure Activity log events from every subscription and all Azure AD sign-in log entries within minutes. They also require that a raw, immutable copy of the same logs be retained in Azure for at least two years at the lowest possible cost. Which logging architecture should you recommend?

  • Enable Azure Sentinel in each subscription and install a Splunk Universal Forwarder on the Sentinel VMs to pull data from the workspaces.

  • Create a diagnostic setting in each subscription to send the Azure Activity log to a central Event Hub namespace and to a storage account in a dedicated logging subscription, and configure a single Azure AD diagnostic setting to send sign-in logs to the same destinations.

  • Stream Activity logs from each subscription to individual storage accounts, then use Azure Data Factory pipelines to copy log files both to Splunk and to a long-term archive account.

  • Deploy a Log Analytics workspace in each subscription, collect both log types into the workspace, and use Continuous Export from every workspace to separate Event Hubs that Splunk will poll.

Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot