Question 1

Your company uses Microsoft Sentinel integrated with a Log Analytics workspace. The workspace ingests 500 GB of data daily.

You are tasked with optimizing costs. You notice that 300 GB of the daily ingestion consists of network firewall flow logs. These logs are rarely queried for active threat hunting but must be retained for 3 years for compliance audits. When they are needed for audits, a query response time of up to 24 hours is acceptable.

Which cost optimization strategy should you recommend for the firewall logs?

Accepted Answer

Look for the Azure Monitor feature designed for high-volume, rarely queried logs that still need to be accessible within the workspace.

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Choosing Storage Account export. While cheaper, Microsoft's Well-Architected Framework recommends Basic Logs for this exact scenario to keep data within the Sentinel/Monitor ecosystem.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 5

More questions from this exam