Question 1

Contoso Ltd is a global financial institution with 80 Azure subscriptions spread across 4 management groups. They currently use a decentralized logging approach where each application team deploys their own Log Analytics workspace.

The Chief Information Security Officer (CISO) requires a new logging architecture that meets the following requirements:
- Security and audit logs must be retained centrally for 2 years to meet compliance.
- Application teams must still be able to query their own application performance logs without having access to other teams' data.
- The solution must minimize administrative overhead and data duplication.
- Costs must be optimized.

Which Log Analytics workspace architecture should you recommend?

Accepted Answer

Evaluate the RBAC models for Log Analytics. Resource-context RBAC is designed exactly for this scenario: centralized storage with distributed, least-privilege access.

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Many candidates choose a multi-workspace design (Option B) thinking it's the only way to isolate data, but resource-context RBAC solves this in a single workspace.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 1

More questions from this exam