ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.1: Logging and MonitoringDomain 1Logging and MonitoringLog AnalyticsRBAC

AZ-305 · Question 01 · Domain 1.1: Logging and Monitoring

Contoso Ltd is a global financial institution with 80 Azure subscriptions spread across 4 management groups. They currently use a decentralized logging approach where each application team deploys their own Log Analytics workspace.

The Chief Information Security Officer (CISO) requires a new logging architecture that meets the following requirements:

  • Security and audit logs must be retained centrally for 2 years to meet compliance.
  • Application teams must still be able to query their own application performance logs without having access to other teams' data.
  • The solution must minimize administrative overhead and data duplication.
  • Costs must be optimized.

Which Log Analytics workspace architecture should you recommend?

Answer options:

A.

A single centralized Log Analytics workspace utilizing resource-context RBAC.

B.

A centralized workspace for security logs and separate workspaces per subscription for application logs.

C.

A single centralized Log Analytics workspace utilizing workspace-context RBAC.

D.

One Log Analytics workspace per management group with cross-workspace queries.

How to approach this question

Evaluate the RBAC models for Log Analytics. Resource-context RBAC is designed exactly for this scenario: centralized storage with distributed, least-privilege access.

Full Answer

A.A single centralized Log Analytics workspace utilizing resource-context RBAC.✓ Correct
A single centralized Log Analytics workspace utilizing resource-context RBAC.
In Azure Monitor, resource-context access mode allows users to view logs only for the resources they have Azure RBAC access to. This enables a centralized workspace design (which is best practice for security, compliance, and reducing overhead) while maintaining data isolation between different application teams. Workspace-context would grant access to the entire workspace.

Common mistakes

Many candidates choose a multi-workspace design (Option B) thinking it's the only way to isolate data, but resource-context RBAC solves this in a single workspace.
All questions02

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 1

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q02Fabrikam Inc. operates a hybrid cloud environment with 500 on-premises VMware virtual machines ru...HardQ03A startup company has a single Azure subscription with a monthly budget of $5,000. The CFO want...EasyQ04You are designing an Azure Sentinel architecture for a Managed Security Service Provider (MSSP). ...MediumQ05A healthcare enterprise is migrating its infrastructure to Azure. They have strict compliance req...HardQ06Woodgrove Bank is developing two new web applications hosted on Azure App Service: 1. Partner Po...Medium
View all 55 questions →