Domain 1.1: Logging and Monitoring

Contoso Ltd is a global financial institution with 80 Azure subscriptions spread across 4 management groups. They currently use a decentralized logging approach where each application team deploys their own Log Analytics workspace. The Chief Information Security Officer (CISO) requires a new logging architecture that meets the following requirements: - Security and audit logs must be retained centrally for 2 years to meet compliance. - Application teams must still be able to query their own application performance logs without having access to other teams' data. - The solution must minimize administrative overhead and data duplication. - Costs must be optimized. Which Log Analytics workspace architecture should you recommend?

Fabrikam Inc. operates a hybrid cloud environment with 500 on-premises VMware virtual machines running Windows Server and Linux, and 200 Azure VMs. The company wants to standardize its monitoring and governance strategy. You need to design a solution that meets the following requirements: - Collect guest operating system performance metrics and event logs from ALL virtual machines (both on-premises and in Azure). - Apply Azure Policy guest configuration to the on-premises VMs. - Ensure the solution uses the most current Microsoft monitoring agents. - Minimize the number of outbound firewall ports required for on-premises servers. Which TWO components must you include in your design? (Select TWO)

A startup company has a single Azure subscription with a monthly budget of $5,000. The CFO wants to ensure that the development team is notified immediately if the forecasted spending for the current month exceeds $4,500. The solution must not require writing any custom code and must be implemented with the least administrative effort. Which Azure service should you configure?

You are designing an Azure Sentinel architecture for a Managed Security Service Provider (MSSP). The MSSP manages security for 15 different enterprise customers. Each customer has their own Azure Active Directory (Microsoft Entra ID) tenant and strict data residency requirements (some in the US, some in the EU). The MSSP's Security Operations Center (SOC) team needs to view and correlate incidents across all 15 customers from a single pane of glass. Which TWO technologies should you include in your design to meet these requirements? (Select TWO)

Fabrikam Inc. is a global financial services company with 200 Azure subscriptions managed via a complex Management Group hierarchy. They currently operate in 5 Azure regions. The security team requires that all security logs, performance metrics, and application telemetry from all resources across all subscriptions be collected for threat hunting and compliance reporting. The compliance team mandates that data must be retained for 2 years, and access to logs must be strictly segregated so that regional IT teams can only query logs for resources in their respective regions. Which Log Analytics workspace architecture should you recommend to minimize operational overhead while meeting all security and compliance requirements?

A healthcare organization has 500 on-premises Windows Server VMs and 300 Azure VMs. They are implementing Azure Monitor to collect performance counters and event logs across the entire hybrid environment. The CIO has mandated a strict cost optimization policy. You need to design a monitoring solution that meets the following requirements: - Collect logs from both on-premises and Azure VMs. - Minimize data ingestion costs for non-critical event logs. - Ensure that on-premises VMs can be managed using Azure Policy. Which THREE actions should you include in your recommendation? (Select THREE)

You are designing a security monitoring solution using Microsoft Sentinel. The compliance department requires that all security incident data and associated logs be retained for exactly 7 years. The data must be available for interactive querying for the first 90 days, and afterward, it must be retained at the lowest possible cost while still being accessible for compliance audits within 48 hours if requested. Which data retention strategy should you configure in the Log Analytics workspace?

Your company has a microservices application deployed across multiple Azure App Service instances. Each microservice sends telemetry to its own dedicated Application Insights instance. The operations team needs to create an Azure Monitor Workbook that correlates performance data across all microservices to identify bottlenecks in the end-to-end transaction flow. Which TWO approaches can you use to query data across multiple Application Insights instances? (Select TWO)

Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They currently operate a mix of on-premises infrastructure and Azure (20 subscriptions with 100+ VMs and various PaaS services). The company needs to design a centralized logging and monitoring solution. The security team requires full visibility into all security events across all subscriptions. However, individual application teams must only be able to view logs and metrics for their specific resources. Data sovereignty laws require that logs generated by resources in the European Union (EU) remain in the EU. Which Log Analytics workspace architecture should you recommend to meet ALL requirements while minimizing operational overhead?

Fabrikam Inc. is a Managed Service Provider (MSP) managing Azure environments for 50 different enterprise customers. Each customer has their own Microsoft Entra ID (Azure AD) tenant and multiple Azure subscriptions. Fabrikam needs to implement a centralized security monitoring and incident response solution. The Fabrikam Security Operations Center (SOC) team must be able to view alerts, hunt for threats, and run automated playbooks across all 50 customer tenants from a single pane of glass. Customers must retain ownership of their data, and Fabrikam must not require guest accounts in customer tenants. Which combination of Azure services should you recommend?

A financial institution generates 5 TB of telemetry and audit logs daily across its Azure environment. The company has the following requirements for log data: 1. Security audit logs must be queried frequently for the first 30 days for immediate incident response. 2. Application debug logs are rarely queried but must be retained for 7 years to meet compliance regulations. 3. The overall cost of log ingestion and retention must be minimized. Which TWO actions should you recommend to optimize the architecture? (Select TWO)

A retail company has recently migrated several workloads to Azure. The IT Director wants a centralized dashboard that provides actionable recommendations to optimize their Azure deployments. The recommendations must cover: - Identifying underutilized virtual machines to reduce costs - Highlighting missing high availability configurations - Identifying security vulnerabilities - Recommending performance improvements for SQL databases Which Azure service should you recommend as the primary tool to meet these requirements?

Contoso Ltd has 50 Azure subscriptions managed via a complex Management Group hierarchy. They are designing a centralized monitoring solution using Azure Monitor and Log Analytics. The security team requires strict isolation of security logs, accessible only by the SOC team. The application teams require access to their own performance and application logs. You need to design the Log Analytics workspace architecture to minimize administrative overhead while meeting these access requirements. Which architecture should you recommend?

You are designing a monitoring solution for a hybrid environment consisting of 200 Azure VMs and 300 on-premises VMware VMs. You need to collect guest operating system metrics, application logs, and security events from all 500 VMs into a single Azure Log Analytics workspace. The solution must support Azure Policy for automated deployment and ensure that on-premises VMs are treated as first-class Azure resources for governance. Which combination of services should you recommend?

Your enterprise has a monthly Azure spend of $200,000 across 40 subscriptions. The finance department requires strict cost allocation back to 5 different business units. You need to design a cost management strategy that ensures all deployed resources are properly categorized for chargeback, and that business unit owners are notified if their specific spending exceeds predefined monthly limits. Which TWO actions should you include in your design? (Select TWO)

You are designing the monitoring architecture for a globally distributed microservices application hosted on Azure Kubernetes Service (AKS) across three regions. The development team needs to trace requests end-to-end as they flow through the microservices, identify performance bottlenecks, and view application dependency maps. The solution must minimize custom coding. Which Azure service should you recommend?

Contoso Ltd has 50 subscriptions across 3 business units. Each business unit manages its own IT operations. You are designing a logging and monitoring solution using Azure Monitor and Log Analytics. The company requires that each business unit has full control over its own logs, but the central security team must be able to query security logs across all business units simultaneously. You need to minimize administrative overhead and cost. Which Log Analytics workspace architecture should you recommend?

You are designing a monitoring solution for a hybrid environment. The environment consists of 200 Azure VMs and 300 on-premises VMware VMs running Windows Server 2022 and Linux. You need to collect guest OS metrics, event logs, and syslog data from all VMs into a central Log Analytics workspace. The solution must support Azure Policy for deployment at scale and use the latest Microsoft monitoring agents. Which TWO components should you include in your design? (Select TWO)

Your company uses Microsoft Sentinel integrated with a Log Analytics workspace. The workspace ingests 500 GB of data daily. You are tasked with optimizing costs. You notice that 300 GB of the daily ingestion consists of network firewall flow logs. These logs are rarely queried for active threat hunting but must be retained for 3 years for compliance audits. When they are needed for audits, a query response time of up to 24 hours is acceptable. Which cost optimization strategy should you recommend for the firewall logs?

You are designing an application monitoring strategy using Application Insights. The application consists of a frontend web app, a backend API, and a background worker process, all hosted on Azure App Service. The development team wants to trace requests end-to-end across all three components. They also need to ensure that telemetry data is not lost if the application experiences a sudden spike in traffic, but they want to control ingestion costs. Which TWO features should you configure? (Select TWO)

Contoso Ltd is a global manufacturing company with 50,000 employees. They operate a mix of on-premises infrastructure and Azure across 50 subscriptions. The company needs to improve security posture to meet ISO 27001 compliance. You need to design a centralized logging solution. The solution must support querying across all subscriptions, retain security logs for 2 years for compliance, support custom alerts, and minimize administrative overhead. Which architecture should you recommend?

A financial institution has 500 Windows Server VMs on-premises and 200 VMs in Azure. They need to implement a unified monitoring solution that provides VM insights, tracks missing updates, and monitors security events across both environments. The solution must use native Azure tools and minimize the deployment of custom agents. Which combination of services should you recommend?

An enterprise uses Azure Sentinel and Log Analytics. They ingest 500 GB of logs daily. The IT budget is constrained, and they need to optimize costs. Security logs must be searchable for 90 days, and compliance logs must be retained for 3 years but are rarely queried after 30 days. Which THREE actions should you recommend to optimize costs? (Select THREE)

You are designing a monitoring strategy for a new Azure deployment consisting of App Service, Azure SQL Database, and Key Vault. You need to ensure that all resource-level diagnostic logs are automatically collected and sent to a central Log Analytics workspace without manual intervention when new resources are created. What should you use?

An enterprise requires strict data isolation for logs between 5 departments. However, the central security team needs to query all logs simultaneously. What is the most cost-effective Log Analytics architecture?

You need to monitor 1,000 on-premises Linux VMs using Azure Monitor. The solution must support custom Data Collection Rules (DCRs) and centralized management. Which TWO components are required? (Select TWO)

You need to implement a cost management strategy for an Enterprise Agreement (EA) with 50 subscriptions. You must ensure that each business unit cannot exceed their allocated monthly spend. What should you configure?

A Managed Service Provider (MSP) uses Azure Sentinel to monitor 10 different customer tenants. They need to view incidents across all tenants from a single pane of glass without switching directories. What should they use?