ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.1: Logging and MonitoringDomain 1Logging and MonitoringLog AnalyticsRBAC

AZ-305 · Question 01 · Domain 1.1: Logging and Monitoring

Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They currently operate a mix of on-premises infrastructure and Azure (20 subscriptions with 100+ VMs and various PaaS services).

The company needs to design a centralized logging and monitoring solution. The security team requires full visibility into all security events across all subscriptions. However, individual application teams must only be able to view logs and metrics for their specific resources. Data sovereignty laws require that logs generated by resources in the European Union (EU) remain in the EU.

Which Log Analytics workspace architecture should you recommend to meet ALL requirements while minimizing operational overhead?

Answer options:

A.

Deploy a single centralized Log Analytics workspace in the US. Use resource-context RBAC for application teams.

B.

Deploy two Log Analytics workspaces: one in the US and one in the EU. Use resource-context RBAC for application teams and workspace-context RBAC for the security team.

C.

Deploy one Log Analytics workspace per subscription (20 total). Use Azure Lighthouse for centralized security monitoring.

D.

Deploy two Log Analytics workspaces: one in the US and one in the EU. Use table-level RBAC to restrict application team access.

How to approach this question

Analyze the constraints: Data sovereignty dictates regional boundaries (needs at least 2 workspaces). Access control dictates resource-level granularity (resource-context RBAC).

Full Answer

B.Deploy two Log Analytics workspaces: one in the US and one in the EU. Use resource-context RBAC for application teams and workspace-context RBAC for the security team.✓ Correct
Deploy two Log Analytics workspaces: one in the US and one in the EU. Use resource-context RBAC for application teams and workspace-context RBAC for the security team.
In Azure Monitor, Log Analytics workspaces can use 'resource-context' access mode. This means users can only see logs for resources they have Azure RBAC access to, even if all logs go to the same workspace. This satisfies the app team requirement. Data sovereignty requires EU data to stay in the EU, necessitating a second workspace. The security team can be granted Reader access directly to both workspaces (workspace-context) for full visibility.

Common mistakes

Choosing a single workspace ignores data sovereignty. Choosing one workspace per subscription over-engineers the solution and increases management overhead.
All questions02

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 3

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q02Fabrikam Inc. is a Managed Service Provider (MSP) managing Azure environments for 50 different en...HardQ03A financial institution generates 5 TB of telemetry and audit logs daily across its Azure environ...MediumQ04A retail company has recently migrated several workloads to Azure. The IT Director wants a centra...EasyQ05A healthcare organization with 10,000 employees uses on-premises Active Directory. They are migra...HardQ06An enterprise company is implementing a Zero Trust security model for its Azure environment and M...Medium
View all 55 questions →