Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
Your organization operates workloads in five Azure subscriptions. Compliance policy requires that all Azure resource diagnostic and activity logs be kept for at least seven years. Operations engineers must be able to run ad-hoc Log Analytics queries against the most recent 90 days of data and create near-real-time alert rules based on those queries. The solution must minimize operational effort and overall cost while satisfying the retention and query requirements.
Which approach should you recommend?
Configure each resource to send diagnostics directly to a central storage account that has immutable blob storage and lifecycle rules to move data to the Archive access tier; deploy Azure Sentinel workspaces in every subscription to query and alert on the stored data.
Stream all diagnostic and activity logs from each subscription to an Azure Event Hubs namespace, process them with an Azure Function that inserts records into an Azure SQL Database configured with long-term backup retention, and build alert rules that query the database.
Enable Azure Monitor metrics exporter on every resource and send the output to an Azure Data Explorer cluster configured for seven-year retention; use scheduled Kusto queries in Data Explorer to generate alerts.
Create a dedicated Log Analytics workspace in a central operations subscription. Configure subscription-level diagnostic settings in each subscription to forward activity logs, and configure resource or resource group diagnostic settings to forward resource logs, all to this workspace. Set the workspace's interactive retention to 90 days, enable the Archive tier with seven-year retention for older data, and define Azure Monitor alert rules on the workspace.
A single Log Analytics workspace can collect diagnostic and activity logs from multiple subscriptions, letting administrators query data across all resources without extra infrastructure. Configuring subscription-level diagnostic settings in each subscription forwards activity logs, while resource- or resource group-level diagnostic settings send resource logs to the same workspace. Setting the workspace's interactive retention to 90 days keeps recent data in hot storage for fast queries, and enabling the Archive tier with seven-year retention stores older data at lower cost. Azure Monitor alert rules can run Kusto queries directly against the workspace for near-real-time alerting. Approaches that rely on Event Hubs with SQL, standalone Azure Data Explorer clusters, or raw blob storage plus Sentinel introduce additional components or lack native, low-cost query and alert capabilities, making them less suitable.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Log Analytics workspace, and why is it central to this solution?
Open an interactive chat with Bash
What is the Archive tier in Log Analytics, and how does it support the seven-year retention requirement?
Open an interactive chat with Bash
How do Azure Monitor alert rules work with Log Analytics, and why are they suitable for near-real-time alerts?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .