Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
Your company manages several Azure subscriptions. You must collect platform logs from all Azure virtual machines and Azure Firewall resources. Requirements:
Retain every log record for 12 months in low-cost Azure storage.
Simultaneously stream the same logs in near real time to the on-premises Splunk SIEM.
Which solution should you implement to meet these requirements with the least operational overhead?
Configure immutable blob storage for log archival and use an Azure Automation runbook to copy the logs to Splunk on a daily schedule.
Enable Activity Log forwarding to an Azure Service Bus queue and trigger an Azure Function to write each message to Splunk and to blob storage.
Create an Azure Monitor diagnostic setting on each relevant resource that forwards logs to an Azure Storage account configured for the Cool access tier and to an Azure Event Hub namespace integrated with Splunk.
Use the Azure Monitor Data Collector API to push logs to Splunk and configure a Log Analytics workspace with 365-day retention for archival.
Configure Azure Monitor diagnostic settings on each supported resource (or at the subscription level for activity logs) to send the same platform log categories to both an Azure Storage account and an Azure Event Hub namespace. Store the data in a storage account that uses the Cool tier for cost-effective 12-month retention. The Event Hub namespace acts as the streaming endpoint that the Splunk Add-on for Microsoft Cloud Services can subscribe to for near-real-time ingestion. A single diagnostic setting can route the identical logs to multiple destinations (up to five), so no additional automation or intermediate services are required. The alternative options rely on unsupported targets (Service Bus), lack real-time guarantees (Data Collector API), or add unnecessary operational complexity (custom Automation runbooks).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Azure Monitor diagnostic setting?
Open an interactive chat with Bash
What is the Cool access tier in Azure Storage?
Open an interactive chat with Bash
How does Azure Event Hub integrate with Splunk?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .