Microsoft AZ-305 Exam (page: 8)
Microsoft Designing Azure Infrastructure Solutions
Updated on: 12-Jan-2026

Explanation:

Application Insights provides other features including, but not limited to:
* Availability: Also known as synthetic transaction monitoring. Probe the external endpoints of your applications to test the overall availability and responsiveness over time.
* Etc.
Note: Synthetic monitoring is the use of software to simulate user interactions with a system. The data generated from the simulated transactions is then analyzed to evaluate how the system behaves.

Reference:

Explanation:

Box 1: Workspace1
Resource

Box 2: Change to a commitment pricing tier
Modification

Commitment tiers
In addition to the pay-as-you-go model, Log Analytics has commitment tiers, which can save you as much as 30 percent compared to the pay-as-you-go price. With commitment tier pricing, you can commit to buy data ingestion for a workspace, starting at 100 GB per day, at a lower price than pay-as-you-go pricing. Any usage above the commitment level (overage) is billed at that same price per GB as provided by the current commitment tier.

Incorrect:
*Change to the Basic Logs data plan.
Would not support alerts.

Note: Azure Monitor Logs offers two log data plans that let you reduce log ingestion and retention costs and take advantage of Azure Monitor’s advanced features and analytics capabilities based on your needs:

The default Analytics log data plan provides full analysis capabilities and makes log data available for queries, Azure Monitor features, such as alerts, and use by other services. The Basic log data plan lets you save on the cost of ingesting and storing high-volume verbose logs in your Log Analytics workspace for debugging, troubleshooting, and auditing, but not for analytics and alerts.

* Set a daily cap
A daily cap would not guarantee that all log files are ingested.

Set daily cap on Log Analytics workspace
A daily cap on a Log Analytics workspace allows you to avoid unexpected increases in charges for data ingestion by stopping collection of billable data for the rest of the day whenever a specified threshold is reached.

Reference:

https://learn.microsoft.com/en-us/azure/azure-monitor/logs/cost-logs#commitment-tiers https://learn.microsoft.com/en-us/azure/azure-monitor/logs/daily-cap https://learn.microsoft.com/en-us/azure/azure-monitor/logs/basic-logs-configure

Reference:

Explanation:

Box 1: Azure Command-Line Interface (CLI)
Trigger on-demand Azure Policy compliance scans.

On-demand evaluation scan
An evaluation scan for a subscription or a resource group can be started with Azure CLI, Azure PowerShell, a call to the REST API, or by using the Azure Policy Compliance Scan GitHub Action. This scan is an asynchronous process.

Box 2: Azure Activity logs
Raise Azure Monitor non-compliance alerts by querying logs collected by Log Analytics.

Azure Monitor logs
If you have a Log Analytics workspace with AzureActivity from the Activity Log Analytics solution tied to your subscription, you can also view non-compliance results from the evaluation of new and updated resources using simple Kusto queries and the AzureActivity table. With details in Azure Monitor logs, alerts can be configured to watch for non-compliance.

Reference:

https://learn.microsoft.com/en-us/azure/governance/policy/how-to/get-compliance-data

Explanation:

Box 1: A shared access signature (SAS) and a stored access policy Blobs

See note below.

User delegation SAS
A user delegation SAS is secured with Microsoft Entra credentials and also by the permissions specified for the SAS. A user delegation SAS applies to Blob storage only.

A shared access signature can take one of the following two forms:

Ad hoc SAS.
When you create an ad hoc SAS, the start time, expiry time, and permissions are specified in the SAS URI. Any type of SAS can be an ad hoc SAS.

Service SAS with stored access policy. A stored access policy is defined on a resource container, which can be a blob container, table, queue, or file share. The stored access policy can be used to manage constraints for one or more service shared access signatures.
When you associate a service SAS with a stored access policy, the SAS inherits the constraints–the start time, expiry time, and permissions–defined for the stored access policy.

Note
A user delegation SAS or an account SAS must be an ad hoc SAS. Stored access policies are not supported for the user delegation SAS or the account SAS.

Box 2: Microsoft Entra credentials
File shares

User delegation SAS
A user delegation SAS is secured with Microsoft Entra credentials and also by the permissions specified for the SAS. A user delegation SAS applies to Blob storage only.

Note: A shared access signature (SAS) provides secure delegated access to resources in your storage account. With a SAS, you have granular control over how a client can access your data. For example:

What resources the client may access.

What permissions they have to those resources.

How long the SAS is valid.

Types of shared access signatures
Azure Storage supports three types of shared access signatures:

User delegation SAS

Service SAS

Account SAS

Reference:

https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview

Explanation:

Box 1: An Azure Monitor data collection endpoint
Forwards JSON-formatted logs from the virtual machines to a Log Analytics workspace

Data collection endpoints (DCEs) provide a connection for certain data sources of Azure Monitor.

Data sources that use DCEs
The following data sources currently use DCEs:

Azure Monitor Agent when network isolation is required
Logs ingestion API

Logs Ingestion API in Azure Monitor
The Logs Ingestion API in Azure Monitor lets you send data to a Log Analytics workspace using either a REST API call or client libraries. By using this API, you can send data to supported Azure tables or to custom tables that you create. You can even extend the schema of Azure tables with custom columns to accept additional data.

Basic operation
Your application sends data to a data collection endpoint (DCE), which is a unique connection point for your subscription. The payload of your API call includes the source data formatted in JSON. The call:

Specifies a data collection rule (DCR) that understands the format of the source data. Potentially filters and transforms the data for the target table. Directs the data to a specific table in a specific workspace. You can modify the target table and workspace by modifying the DCR without any change to the API call or source data.



Incorrect:
* A linked storage account for the Log Analytics workspace

Box 2: A KQL query
Transforms the logs and stores the data in a table in the Log Analytics workspace

Transformations in Azure Monitor allow you to filter or modify incoming data before it’s stored in a Log Analytics workspace. They are implemented as a Kusto Query Language (KQL) statement in a data collection rule (DCR).

Transformation structure
The KQL statement is applied individually to each entry in the data source. It must understand the format of the incoming data and create output in the structure of the target table. The input stream is represented by a virtual table named source with columns matching the input data stream definition. Following is a typical example of a transformation. This example includes the following functionality:

Filters the incoming data with a where statement
Adds a new column using the extend operator
Formats the output to match the columns of the target table using the project operator

Kusto

| where severity == “Critical”
| extend Properties = parse_json(properties)
| project
TimeGenerated = todatetime([“time”]),
Category = category,
StatusDescription = StatusDescription,
EventName = name,
EventId = tostring(Properties.EventId)

Reference:

https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-endpoint-overview https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-ingestion-api-overview https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-transformations-structure

Explanation:

Box 1: Azure Event Grid

To collect the event logs:

Incorrect:
* Azure Lighthouse
Azure Lighthouse helps service providers efficiently build and deliver managed services.

Box 2: The Azure Monitor Agent
To support the DCRs:

You collect events and performance counters from virtual machines with Azure Monitor Agent.

You can define a data collection rule to send data from multiple machines to multiple Log Analytics workspaces, including workspaces in a different region or tenant. Create the data collection rule in the same region as your Log Analytics workspace.

How can I collect Windows security events by using Azure Monitor Agent? There are two ways you can collect Security events using the new agent, when sending to a Log Analytics workspace:

You can use Azure Monitor Agent to natively collect Security Events, same as other Windows Events. These flow to the ‘Event’ table in your Log Analytics workspace.
If you have Microsoft Sentinel enabled on the workspace, the security events flow via Azure Monitor Agent into the SecurityEvent table instead (the same as using the Log Analytics agent). This scenario always requires the solution to be enabled first.

Reference:

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent https://learn.microsoft.com/en-us/azure/event-grid/enable-diagnostic-logs-topic

Explanation:

Box 1: No
No – PA1 will only evaluate the resources in Sub2.

PA1 is assigned to the MG1 management group.
Sub2 and Sub4 is in MG1.
PA1 will evaluated resources in Sub4 as well (though no further information is available on resources in Sub4).

Box 2: Yes
Yes – PA2 will evaluate all the virtual machines deployed to the East US region.

Modify PA2 and configure the resource selector to include only Microsoft.Compute/virtualMachines in the East US Azure region.

Box 3: No
No – PA3 will evaluate VM3.

Modify PA3 and add an exclusion for Sub1.
Sub1 includes VM3.