Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
Your company has five Azure subscriptions for production and non-production workloads. Compliance standards require that all diagnostic and activity logs be retained for at least two years and that production engineers must not be able to view non-production logs, and vice-versa. You need a scalable, cost-effective logging architecture that minimizes operational overhead while allowing RBAC-based segregation of log data. Which approach should you recommend?
Provision a separate Log Analytics workspace in each subscription and grant engineers Reader permissions only on their own subscription's workspace.
Create one Log Analytics workspace in a dedicated management subscription, enable diagnostic settings on all resources to stream logs to it, and use workspace-based RBAC to control access for production and non-production teams.
Enable Azure Monitor metrics for all resources and rely on Azure Advisor to capture compliance-related log data for two-year retention.
Stream activity logs and diagnostic logs from every resource to a single Azure Storage account with a two-year lifecycle policy, and use Application Insights to query log data.
Storing all Azure platform and resource diagnostic logs in a single, centrally managed Log Analytics workspace located in a dedicated management subscription simplifies governance and cost management. By enabling diagnostic settings on each resource to send logs to that workspace and turning on workspace-centric RBAC (resource-based access control), access can be scoped at the workspace table level or via separate resource groups, ensuring that production and non-production teams can be granted only the permissions they need. Creating separate workspaces per subscription would meet the segregation requirement but increases management overhead and hinders cross-environment queries. Relying solely on Azure Monitor metrics or activity logs stored in a storage account does not satisfy the two-year retention and analytics requirements. Application Insights is focused on application telemetry, not comprehensive platform and resource logs, and would not cover all Azure resources.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the benefit of using a single, centrally managed Log Analytics workspace?
Open an interactive chat with Bash
How does workspace-based RBAC control access to log data?
Open an interactive chat with Bash
Why is using a dedicated management subscription important for centralized logging?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .