Crucial Exams

Microsoft Azure Solutions Architect Expert AZ-305 Practice Question

You manage 50 Azure subscriptions for a global company. The security team operates a third-party SIEM that ingests data from Azure Event Hubs. All Azure Activity logs and resource diagnostic logs must be streamed to the SIEM in near-real time and retained in Azure for at least 365 days for audit purposes. Operational effort must be kept to a minimum. Which solution should you recommend?

  • Assign an Azure Policy that configures diagnostic settings on all subscriptions to send logs to a centralized Log Analytics workspace (with 365-day retention) and to a shared Event Hub namespace used by the SIEM.

  • Create an Automation Account in each subscription that regularly exports logs to an Azure Storage account and then forwards the files to the SIEM over REST.

  • Deploy Azure Sentinel in every subscription and use Sentinel data connectors and playbooks to push collected logs to the SIEM.

  • Enable Continuous Export from Azure Monitor to an Azure Storage account and configure the SIEM to pull log files from the storage account.

Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot