An enterprise uses Azure Sentinel and Log Analytics. They ingest 500 GB of logs daily. The IT budget is constrained, and they need to optimize costs. Security logs must be searchable for 90 days, and compliance logs must be retained for 3 years but are rarely queried after 30 days. Which THREE actions should you recommend to optimize costs? (Select THREE)

Answer options:

Configure a Commitment Tier pricing model for the Log Analytics workspace.

Change the pricing tier to Pay-As-You-Go.

Configure basic logs for high-volume, low-security-value data.

Export all logs to an external SIEM immediately.

Configure Log Analytics workspace data export to an Azure Storage account with an archive tier for the 3-year retention.

Set the Log Analytics workspace retention to 3 years.

How to approach this question

Select the three options that directly reduce ingestion or retention costs in Azure Monitor.

Full Answer

A,C,E

Cost optimization for Log Analytics involves using Commitment Tiers for high volume, Basic Logs for verbose data, and Storage Archive for long-term compliance retention.

Common mistakes

Selecting Pay-As-You-Go or extending native workspace retention, which increases costs.

Question 02 All questions Question 04

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 6

55 questions · hints · full answers · grading

More questions from this exam

Q01Contoso Ltd is a global manufacturing company with 50,000 employees. They operate a mix of on-pre...Medium Q02A financial institution has 500 Windows Server VMs on-premises and 200 VMs in Azure. They need to...Hard Q04You are designing a monitoring strategy for a new Azure deployment consisting of App Service, Azu...Easy Q05A healthcare company uses Microsoft Entra ID (Azure AD). They need to implement a security policy...Medium Q06Your organization collaborates with 50 external partner companies. You need to grant partner empl...Hard

View all 55 questions →