Question 323 of 1,170
Monitor and Maintain Azure ResourcesmediumMultiple ChoiceObjective-mapped

Quick Answer

The answer is to add a diagnostic setting that sends resource logs to the Log Analytics workspace. This is correct because diagnostic settings in Azure act as a pipeline, allowing you to stream specific categories of resource logs—such as StorageRead and StorageWrite—directly from a storage account to a Log Analytics workspace, enabling you to query and analyze read and write failures without deploying extra infrastructure. On the AZ-104 exam, this scenario tests your understanding of monitoring and diagnostics configuration, often appearing as a multiple-choice question where a common trap is selecting “enable storage analytics metrics” instead of the diagnostic setting; remember that metrics track performance, while logs capture detailed operations. A helpful memory tip is to think of the diagnostic setting as a “tap” you install on the storage account to route log data to Log Analytics, so when you need to investigate failures, you always configure that tap first.

AZ-104 Monitor and Maintain Azure Resources Practice Question

This AZ-104 practice question tests your understanding of monitor and maintain azure resources. This is a configuration task: choose the command set that satisfies every stated requirement. Small differences — like 'secret' vs 'password' or 'transport input ssh' vs 'all' — change whether the answer is correct. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

Storage account: stprod01
Monitoring > Diagnostic settings
Existing settings: none
Metrics: Enabled
Logs: Disabled
Destination: not configured
Requirement: retain operational logs in Log Analytics workspace law-prod

Based on the exhibit, you want the resource logs for the storage account to appear in Log Analytics so you can investigate read and write failures. What should you configure?

Question 1mediummultiple choice
Full question →

Exhibit

Storage account: stprod01
Monitoring > Diagnostic settings
Existing settings: none
Metrics: Enabled
Logs: Disabled
Destination: not configured
Requirement: retain operational logs in Log Analytics workspace law-prod

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Add a diagnostic setting that sends resource logs to the Log Analytics workspace.

Diagnostic settings in Azure allow you to stream resource logs (such as StorageRead and StorageWrite logs) from a storage account directly to a Log Analytics workspace. By configuring a diagnostic setting with the appropriate log categories enabled, you can query and analyze read and write failures in Log Analytics without additional infrastructure.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Create a metric alert rule on the storage account and link it to an action group.

    Why it's wrong here

    A metric alert can notify operators when a threshold is crossed, but it does not export the underlying resource logs into Log Analytics for investigation.

  • Add a diagnostic setting that sends resource logs to the Log Analytics workspace.

    Why this is correct

    Diagnostic settings are the Azure Monitor feature used to route platform logs and metrics from a resource to destinations such as Log Analytics. Because the exhibit shows logs are disabled and no destination is configured, adding a diagnostic setting with the workspace selected is the correct way to make read and write events available for querying.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Enable a resource lock so the storage account cannot be modified.

    Why it's wrong here

    A lock protects the resource from deletion or changes, but it does not collect or export monitoring data. It would not help with log investigation.

  • Move the storage account to a different subscription that already has Log Analytics enabled.

    Why it's wrong here

    Log Analytics is not inherited by subscription movement in the way this scenario requires. The missing configuration is the diagnostic setting on the storage account itself.

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is that candidates often confuse metric alerts (which monitor performance metrics) with diagnostic settings (which collect detailed resource logs), leading them to choose a metric-based solution when the question explicitly asks for log data to investigate failures.

Trap categories for this question

  • Scenario analysis trap

    Log Analytics is not inherited by subscription movement in the way this scenario requires. The missing configuration is the diagnostic setting on the storage account itself.

Detailed technical explanation

How to think about this question

Diagnostic settings use the Azure Monitor REST API to route platform logs and metrics to destinations like Log Analytics, Event Hubs, or Azure Storage. For storage accounts, the 'StorageRead' and 'StorageWrite' log categories capture detailed information about each request, including status codes and error types, which can be queried using Kusto Query Language (KQL) in Log Analytics to identify failure patterns. This is distinct from metrics, which only provide aggregated counts and averages.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A media company stores terabytes of video archives that are accessed once a year for audit purposes. Moving these objects to a cold storage tier (Azure Archive, S3 Glacier, or Google Nearline) costs a fraction of hot storage. Questions like this test whether you understand storage tiers, access frequency tradeoffs, and retrieval latency requirements.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related AZ-104 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free AZ-104 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this AZ-104 question test?

Monitor and Maintain Azure Resources — This question tests Monitor and Maintain Azure Resources — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Add a diagnostic setting that sends resource logs to the Log Analytics workspace. — Diagnostic settings in Azure allow you to stream resource logs (such as StorageRead and StorageWrite logs) from a storage account directly to a Log Analytics workspace. By configuring a diagnostic setting with the appropriate log categories enabled, you can query and analyze read and write failures in Log Analytics without additional infrastructure.

What should I do if I get this AZ-104 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

3 more ways this is tested on AZ-104

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. You want to send a storage account's read, write, and delete events to a Log Analytics workspace for later investigation. Which feature should you configure?

easy
  • A.Diagnostic settings for the storage account
  • B.An action group
  • C.A metric alert rule
  • D.A Recovery Services vault

Why A: Diagnostic settings on a storage account allow you to stream resource logs, including read, write, and delete operations (stored in the StorageRead, StorageWrite, and StorageDelete log categories), to a Log Analytics workspace. This is the correct feature for capturing and analyzing these events for later investigation.

Variation 2. A storage account's platform logs must be searchable later with KQL in a central workspace. Which two actions should the administrator take? Select two.

easy
  • A.Create a diagnostic setting on the storage account
  • B.Configure a NAT gateway on the storage subnet
  • C.Send the logs to a Log Analytics workspace
  • D.Assign the Reader role on the subscription
  • E.Enable a VM backup policy

Why A: Option A is correct because a diagnostic setting on the storage account is required to route platform logs (e.g., storage read/write/delete operations) to a destination. Option C is correct because a Log Analytics workspace is the destination that enables KQL-based searching and analysis of those logs. Without both, the logs cannot be stored in a central, queryable repository.

Variation 3. You want to send a storage account's platform logs to a workspace so they can be queried with KQL later. Which two items are part of the required configuration? Select two.

easy
  • A.Diagnostic settings on the storage account
  • B.A Log Analytics workspace
  • C.A network security group
  • D.A Recovery Services vault
  • E.An availability zone assignment

Why A: A is correct because diagnostic settings on the storage account are the mechanism that defines which platform logs (e.g., storage read/write/delete operations) are collected and where they are sent. Without configuring diagnostic settings, the storage account does not emit logs to any destination. B is correct because a Log Analytics workspace is the required destination for storing the logs so they can be queried with KQL; it provides the ingestion and retention infrastructure for log analytics.

Last reviewed: Jun 11, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This AZ-104 practice question is part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the AZ-104 exam.