Browse Microsoft Certification Guides

Azure AZ-305 Logging and Monitoring Guide

April 13, 2026

Study Azure AZ-305 Logging and Monitoring: key concepts, common traps, and exam decision cues.

On this page

AZ-305 monitoring questions are rarely about one product name in isolation. They are about whether you understand the shape of the telemetry path: what needs to be measured, where it should land, how long it should remain queryable, and whether it must be exported somewhere else.

Diagnostic settings: Azure configuration that routes resource logs and metrics to destinations such as Log Analytics, storage, or Event Hubs.

Start with the telemetry type

Need Strongest first fit Why
platform metrics and alerts Azure Monitor broad metrics coverage and native alerting
centralized queryable logs Log Analytics workspace searchable operational and security logs
app requests, dependencies, and traces Application Insights app-centric telemetry surface
long-term raw retention storage account cheaper archive target than query-first logging
external SIEM or downstream log stream Event Hubs export path for other systems

The common trap is treating all telemetry as one bucket. Metrics, logs, traces, and exported streams solve related but different design needs.

Log-routing pattern

    flowchart LR
	  R["Azure resource"] --> D["Diagnostic settings"]
	  D --> L["Log Analytics workspace"]
	  D --> S["Storage archive"]
	  D --> E["Event Hubs export"]
	  A["Application"] --> I["Application Insights"]
	  L --> M["Azure Monitor alerts and queries"]
	  I --> M

Design questions the exam likes

Scenario clue Strongest first reasoning move
“security team needs centralized searchable logs” use Log Analytics first, then decide export if required
“logs must be kept cheaply for long periods” add storage archive, not only query-first tooling
“app team needs request tracing and dependency visibility” Application Insights is the app telemetry lane
“SIEM already exists outside Azure” design an export path such as Event Hubs instead of forcing all consumers into Azure queries

Common traps

Trap Better rule
using Application Insights as the answer to every monitoring requirement it is app-focused, not the whole monitoring architecture
designing log storage without thinking about routing telemetry architecture begins at diagnostic settings and destination choice
keeping all logs in the most expensive query path forever separate short-term investigation needs from long-term retention needs

What strong answers usually do

  • classify the telemetry as metrics, logs, traces, or exports first
  • route logs intentionally instead of assuming one destination solves every need
  • separate app telemetry from platform monitoring
  • add archive or SIEM export only when the requirement really calls for it

Decision order that usually wins

  1. Decide whether the requirement is metrics, centralized logs, app telemetry, long-term archive, or external export.
  2. Choose the telemetry type before the destination.
  3. Route telemetry intentionally instead of assuming one sink solves every need.
  4. Keep app traces separate from platform monitoring and SIEM export.
  5. Add archive or downstream export only when the requirement actually calls for it.

Quiz

Loading quiz…
Revised on Sunday, May 10, 2026
1.2 Identity