ExpertMinds LogoExpertMinds
Easy1 markMultiple Choice
Domain 1.1: Logging and MonitoringDomain 1MonitoringLog AnalyticsArchitecture

AZ-305 · Question 01 · Domain 1.1: Logging and Monitoring

Contoso Ltd has 50 subscriptions across 3 business units. Each business unit manages its own IT operations. You are designing a logging and monitoring solution using Azure Monitor and Log Analytics.

The company requires that each business unit has full control over its own logs, but the central security team must be able to query security logs across all business units simultaneously. You need to minimize administrative overhead and cost.

Which Log Analytics workspace architecture should you recommend?

Answer options:

A.

Create a single centralized Log Analytics workspace for the entire company. Use workspace-level RBAC to restrict access.

B.

Create one Log Analytics workspace per business unit. Grant the central security team Reader access to all workspaces and use cross-workspace queries.

C.

Create one Log Analytics workspace per subscription (50 total). Use Azure Lighthouse for central management.

D.

Create one Log Analytics workspace per business unit. Configure continuous export to a central Azure Data Lake Storage Gen2 account for the security team.

How to approach this question

Analyze the organizational boundaries. When business units need autonomy but central teams need visibility, a distributed workspace model with cross-workspace queries is the standard Azure Monitor pattern.

Full Answer

B.Create one Log Analytics workspace per business unit. Grant the central security team Reader access to all workspaces and use cross-workspace queries.✓ Correct
Create one Log Analytics workspace per business unit. Grant the central security team Reader access to all workspaces and use cross-workspace queries.
In enterprise scenarios where data sovereignty or strict administrative boundaries exist between business units, a distributed Log Analytics workspace design is recommended. To satisfy central visibility requirements (like a SOC team), Azure Monitor supports cross-workspace queries, allowing you to query up to 100 workspaces simultaneously without duplicating data.

Common mistakes

Choosing a single centralized workspace is a common mistake when ignoring the 'business unit control' requirement.
All questions02

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 5

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q02You are designing a monitoring solution for a hybrid environment. The environment consists of 200...MediumQ03Your company uses Microsoft Sentinel integrated with a Log Analytics workspace. The workspace ing...HardQ04You are designing an application monitoring strategy using Application Insights. The application ...MediumQ05A highly regulated financial institution is migrating to Microsoft 365 and Azure. They currently ...HardQ06Your organization uses Microsoft Entra ID Premium P2. You are designing a Conditional Access stra...Medium
View all 55 questions →