Question 1

Fabrikam Inc. is a global financial services company with 200 Azure subscriptions managed via a complex Management Group hierarchy. They currently operate in 5 Azure regions.

The security team requires that all security logs, performance metrics, and application telemetry from all resources across all subscriptions be collected for threat hunting and compliance reporting. The compliance team mandates that data must be retained for 2 years, and access to logs must be strictly segregated so that regional IT teams can only query logs for resources in their respective regions.

Which Log Analytics workspace architecture should you recommend to minimize operational overhead while meeting all security and compliance requirements?

Accepted Answer

Evaluate the trade-off between centralized management and distributed access control. Resource-context RBAC is the key feature that allows centralized storage with decentralized access.

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Candidates often choose multiple workspaces thinking it's the only way to segregate data, ignoring the capabilities of resource-context RBAC.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 2

More questions from this exam