Test Your Knowledge
5 questions pulled from the live ReadRoost AZ-305 pack. Answer each one to see where you stand before the exam.
Knowledge Check (5 questions)
Question 1 · Design identity, governance, and monitoring solutions
Your organization needs to centralize logs from multiple Azure services to identify security threats across 50+ subscriptions. Which solution should you recommend?
- Azure Monitor with Log Analytics workspace
- Application Insights only
- Azure Storage account with blob analytics
- Azure Event Hub for real-time streaming only
Correct answer: Azure Monitor with Log Analytics workspace
Azure Monitor with Log Analytics workspace provides centralized log collection, analysis, and threat detection across multiple subscriptions using Kusto Query Language (KQL). While Event Hub and Storage account can be routing destinations, Log Analytics is the primary solution for this scenario. Application Insights focuses on application performance monitoring.
Question 2 · Design identity, governance, and monitoring solutions
Your company requires diagnostic logs from Azure SQL Database to be archived for 7 years for compliance purposes, while keeping recent logs queryable. Which routing solution is most cost-effective?
- Send every diagnostic log only to a Log Analytics workspace and rely on its default 30-day retention
- Persist all logs indefinitely inside the SQL Database built-in audit table and query them with T-SQL
- Stream logs to Azure Storage for archival and also to Log Analytics for short-term querying
- Route all logs through Event Hubs and replay the stream whenever historical compliance queries are needed
Correct answer: Stream logs to Azure Storage for archival and also to Log Analytics for short-term querying
Using tiered routing with Storage for long-term archival (cost-effective) and Log Analytics for queryable recent data provides optimal cost and functionality. Event Hubs is for streaming scenarios, not archival. SQL audit tables have retention limits and are not suitable for 7-year compliance storage.
Question 3 · Design identity, governance, and monitoring solutions
You need to monitor the performance and health of applications running on Azure VMs in real-time, including CPU, memory, and network metrics. Which monitoring solution should you implement?
- Azure Monitor with VM Insights
- Application Insights with custom collectors
- Azure Policy compliance scanning
- Log Analytics without metrics collection
Correct answer: Azure Monitor with VM Insights
VM Insights is the Azure Monitor feature specifically designed for comprehensive monitoring of Azure VMs, including performance metrics, dependency mapping, and health status. Application Insights is for application performance, not VM-level metrics. Azure Policy is for compliance, not monitoring.
Question 4 · Design identity, governance, and monitoring solutions
Your organization has hybrid environments with on-premises Active Directory and needs to enable users to authenticate to cloud resources without password sync. Which solution should you recommend?
- Microsoft Entra ID with pass-through authentication
- Implement password hash synchronization
- Use Azure AD B2B for all identities
- Configure Azure VPN for on-premises authentication
Correct answer: Microsoft Entra ID with pass-through authentication
Pass-through authentication validates credentials against on-premises Active Directory without syncing password hashes, meeting security requirements for hybrid environments. Password hash sync sends hashes to cloud, which contradicts the requirement. B2B is for external identities, and VPN doesn't address authentication.
Question 5 · Design identity, governance, and monitoring solutions
Your company needs to manage identities for contractors, partners, and employees across multiple Azure subscriptions. Which identity management solution should you use?
- Microsoft Entra ID as the central identity provider
- Individual Azure subscriptions with separate user accounts
- Azure Local accounts on each VM
- Azure SQL Database authentication for all identities
Correct answer: Microsoft Entra ID as the central identity provider
Microsoft Entra ID (Azure AD) is the cloud-based identity management solution that provides centralized user and device management across Azure subscriptions, supporting employees, contractors, and B2B identities. Other options lack centralized management, scalability, or security controls needed for enterprise scenarios.