The answer is to add a diagnostic setting that sends resource logs to the Log Analytics workspace. This is correct because diagnostic settings in Azure act as a pipeline, allowing you to stream specific categories of resource logs—such as StorageRead and StorageWrite—directly from a storage account to a Log Analytics workspace, enabling you to query and analyze read and write failures without deploying extra infrastructure. On the AZ-104 exam, this scenario tests your understanding of monitoring and diagnostics configuration, often appearing as a multiple-choice question where a common trap is selecting “enable storage analytics metrics” instead of the diagnostic setting; remember that metrics track performance, while logs capture detailed operations. A helpful memory tip is to think of the diagnostic setting as a “tap” you install on the storage account to route log data to Log Analytics, so when you need to investigate failures, you always configure that tap first.
AZ-104 Monitor and Maintain Azure Resources Practice Question
This AZ-104 practice question tests your understanding of monitor and maintain azure resources. This is a configuration task: choose the command set that satisfies every stated requirement. Small differences — like 'secret' vs 'password' or 'transport input ssh' vs 'all' — change whether the answer is correct. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Based on the exhibit, you want the resource logs for the storage account to appear in Log Analytics so you can investigate read and write failures. What should you configure?
Create a metric alert rule on the storage account and link it to an action group.
Why wrong: A metric alert can notify operators when a threshold is crossed, but it does not export the underlying resource logs into Log Analytics for investigation.
B
Add a diagnostic setting that sends resource logs to the Log Analytics workspace.
Diagnostic settings are the Azure Monitor feature used to route platform logs and metrics from a resource to destinations such as Log Analytics. Because the exhibit shows logs are disabled and no destination is configured, adding a diagnostic setting with the workspace selected is the correct way to make read and write events available for querying.
C
Enable a resource lock so the storage account cannot be modified.
Why wrong: A lock protects the resource from deletion or changes, but it does not collect or export monitoring data. It would not help with log investigation.
D
Move the storage account to a different subscription that already has Log Analytics enabled.
Why wrong: Log Analytics is not inherited by subscription movement in the way this scenario requires. The missing configuration is the diagnostic setting on the storage account itself.
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
✓
Add a diagnostic setting that sends resource logs to the Log Analytics workspace.
Diagnostic settings in Azure allow you to stream resource logs (such as StorageRead and StorageWrite logs) from a storage account directly to a Log Analytics workspace. By configuring a diagnostic setting with the appropriate log categories enabled, you can query and analyze read and write failures in Log Analytics without additional infrastructure.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
✗
Create a metric alert rule on the storage account and link it to an action group.
Why it's wrong here
A metric alert can notify operators when a threshold is crossed, but it does not export the underlying resource logs into Log Analytics for investigation.
✓
Add a diagnostic setting that sends resource logs to the Log Analytics workspace.
Why this is correct
Diagnostic settings are the Azure Monitor feature used to route platform logs and metrics from a resource to destinations such as Log Analytics. Because the exhibit shows logs are disabled and no destination is configured, adding a diagnostic setting with the workspace selected is the correct way to make read and write events available for querying.
Related concept
Read the scenario before looking for a memorised answer.
✗
Enable a resource lock so the storage account cannot be modified.
Why it's wrong here
A lock protects the resource from deletion or changes, but it does not collect or export monitoring data. It would not help with log investigation.
✗
Move the storage account to a different subscription that already has Log Analytics enabled.
Why it's wrong here
Log Analytics is not inherited by subscription movement in the way this scenario requires. The missing configuration is the diagnostic setting on the storage account itself.
Common exam traps
Common exam trap: answer the scenario, not the keyword
The trap here is that candidates often confuse metric alerts (which monitor performance metrics) with diagnostic settings (which collect detailed resource logs), leading them to choose a metric-based solution when the question explicitly asks for log data to investigate failures.
Trap categories for this question
Scenario analysis trap
Log Analytics is not inherited by subscription movement in the way this scenario requires. The missing configuration is the diagnostic setting on the storage account itself.
Detailed technical explanation
How to think about this question
Diagnostic settings use the Azure Monitor REST API to route platform logs and metrics to destinations like Log Analytics, Event Hubs, or Azure Storage. For storage accounts, the 'StorageRead' and 'StorageWrite' log categories capture detailed information about each request, including status codes and error types, which can be queried using Kusto Query Language (KQL) in Log Analytics to identify failure patterns. This is distinct from metrics, which only provide aggregated counts and averages.
KKey Concepts to Remember
Read the scenario before looking for a memorised answer.
Find the constraint that changes the correct option.
Eliminate answers that are true in general but not in this case.
TExam Day Tips
→Watch for words such as best, first, most likely and least administrative effort.
→Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A media company stores terabytes of video archives that are accessed once a year for audit purposes. Moving these objects to a cold storage tier (Azure Archive, S3 Glacier, or Google Nearline) costs a fraction of hot storage. Questions like this test whether you understand storage tiers, access frequency tradeoffs, and retrieval latency requirements.
Related glossary terms
Concepts from this question explained
These glossary pages explain the core terms tested in this AZ-104 question in full detail.
Monitor and Maintain Azure Resources — This question tests Monitor and Maintain Azure Resources — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: Add a diagnostic setting that sends resource logs to the Log Analytics workspace. — Diagnostic settings in Azure allow you to stream resource logs (such as StorageRead and StorageWrite logs) from a storage account directly to a Log Analytics workspace. By configuring a diagnostic setting with the appropriate log categories enabled, you can query and analyze read and write failures in Log Analytics without additional infrastructure.
What should I do if I get this AZ-104 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.
Variation 1. You want to send a storage account's read, write, and delete events to a Log Analytics workspace for later investigation. Which feature should you configure?
easy
✓ A.Diagnostic settings for the storage account
B.An action group
C.A metric alert rule
D.A Recovery Services vault
Why A: Diagnostic settings on a storage account allow you to stream resource logs, including read, write, and delete operations (stored in the StorageRead, StorageWrite, and StorageDelete log categories), to a Log Analytics workspace. This is the correct feature for capturing and analyzing these events for later investigation.
Variation 2. A storage account's platform logs must be searchable later with KQL in a central workspace. Which two actions should the administrator take? Select two.
easy
✓ A.Create a diagnostic setting on the storage account
B.Configure a NAT gateway on the storage subnet
✓ C.Send the logs to a Log Analytics workspace
D.Assign the Reader role on the subscription
E.Enable a VM backup policy
Why A: Option A is correct because a diagnostic setting on the storage account is required to route platform logs (e.g., storage read/write/delete operations) to a destination. Option C is correct because a Log Analytics workspace is the destination that enables KQL-based searching and analysis of those logs. Without both, the logs cannot be stored in a central, queryable repository.
Variation 3. You want to send a storage account's platform logs to a workspace so they can be queried with KQL later. Which two items are part of the required configuration? Select two.
easy
✓ A.Diagnostic settings on the storage account
✓ B.A Log Analytics workspace
C.A network security group
D.A Recovery Services vault
E.An availability zone assignment
Why A: A is correct because diagnostic settings on the storage account are the mechanism that defines which platform logs (e.g., storage read/write/delete operations) are collected and where they are sent. Without configuring diagnostic settings, the storage account does not emit logs to any destination. B is correct because a Log Analytics workspace is the required destination for storing the logs so they can be queried with KQL; it provides the ingestion and retention infrastructure for log analytics.
Last reviewed: Jun 11, 2026
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
This AZ-104 practice question is part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the AZ-104 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.