ExpertMinds LogoExpertMinds
Easy1 markMultiple Choice
Domain 1.1: Logging and MonitoringDomain 1Microsoft SentinelLog AnalyticsData Retention

AZ-305 · Question 03 · Domain 1.1: Logging and Monitoring

You are designing a security monitoring solution using Microsoft Sentinel.

The compliance department requires that all security incident data and associated logs be retained for exactly 7 years. The data must be available for interactive querying for the first 90 days, and afterward, it must be retained at the lowest possible cost while still being accessible for compliance audits within 48 hours if requested.

Which data retention strategy should you configure in the Log Analytics workspace?

Answer options:

A.

Set the workspace retention to 7 years.

B.

Set the workspace retention to 90 days and export logs to an Azure Storage account with a lifecycle policy moving data to the Archive tier.

C.

Set the workspace retention to 90 days and configure Archive tier retention for up to 7 years.

D.

Configure a Data Collection Rule to route data older than 90 days to Azure Data Explorer.

How to approach this question

Look for the native feature in Log Analytics designed specifically for long-term, low-cost retention.

Full Answer

C.Set the workspace retention to 90 days and configure Archive tier retention for up to 7 years.✓ Correct
Set the workspace retention to 90 days and configure Archive tier retention for up to 7 years.
Azure Monitor Log Analytics workspaces natively support an Archive tier. You can set the interactive retention (Analytics tier) to 90 days, and then configure the Archive tier to retain the data for up to 7 years. This provides the lowest cost for long-term retention while keeping the data within the workspace for search jobs if an audit occurs.

Common mistakes

Choosing the storage account export option. While valid historically, native Archive tier is the current best practice for Sentinel/Log Analytics.
02All questions04

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 2

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Fabrikam Inc. is a global financial services company with 200 Azure subscriptions managed via a c...HardQ02A healthcare organization has 500 on-premises Windows Server VMs and 300 Azure VMs. They are impl...HardQ04Your company has a microservices application deployed across multiple Azure App Service instances...MediumQ05A defense contractor is migrating to Microsoft 365 and Azure. They have a strict security policy ...HardQ06You are designing an identity governance solution for a large enterprise using Microsoft Entra ID...Medium
View all 55 questions →