AZ-500: Why Is Event Hub a Valid Destination for Azure Logs but Event Grid Is Not?

Home » Exam » AZ-500 » AZ-500: Why Is Event Hub a Valid Destination for Azure Logs but Event Grid Is Not?

Table of Contents

What Are the Supported Destinations for Azure Diagnostic Logs?
Question
Answer
Explanation
Valid Diagnostic Log Destinations
Why Event Grid Is Incorrect

What Are the Supported Destinations for Azure Diagnostic Logs?

Pass AZ-500 exam by learning the three valid destinations for Azure diagnostic logs. Understand the specific roles of Log Analytics for analysis, Azure Storage for archival, and Event Hub for streaming, and why Event Grid is not a direct target for log forwarding.

Question

Diagnostic logs for Azure resources can be forwarded to Log Analytics, Azure Storage, or Event Grid.

A. FALSE
B. TRUE

Answer

A. FALSE

Explanation

The correct answer is A. FALSE. Azure diagnostic logs can be forwarded to a Log Analytics workspace, an Azure Storage account, or an Azure Event Hub, but not directly to Event Grid.

Logs may be forwarded to Log Analytics, Azure Storage, or Event Hub.

Valid Diagnostic Log Destinations

Azure Monitor provides three primary destinations, or “sinks,” for diagnostic logs, each serving a different purpose.

Log Analytics Workspace: This is the primary destination for analyzing log data. When logs are sent to a Log Analytics workspace, they can be queried using Kusto Query Language (KQL), visualized in dashboards, and used to create alerts. It is the core component for interactive analysis and integration with services like Microsoft Sentinel.
Azure Storage Account: This option is used for inexpensive, long-term archival of log data. Logs are stored as JSON files within blob containers. This is ideal for compliance and audit requirements where logs must be retained for extended periods but do not need to be actively queried.
Azure Event Hub: This is a big data streaming platform and event ingestion service. Sending logs to an Event Hub allows you to stream them to external systems in near real-time. Common use cases include forwarding logs to a third-party SIEM (Security Information and Event Management) system like Splunk, a real-time analytics solution, or a custom application for processing.

Why Event Grid Is Incorrect

Azure Event Grid is a different type of service. It is an event routing service that enables event-driven, reactive programming. It works by pushing discrete event notifications (e.g., “a resource was created,” “a blob was added”) from a source to a subscriber (like an Azure Function or Logic App).

The key difference is that Event Hubs are designed to ingest a continuous stream of data (like logs), while Event Grid is designed to route discrete events that report a change in state. You cannot configure diagnostic settings to send the voluminous content of log files directly to Event Grid as a destination.

Microsoft Certified Azure Security Engineer Associate AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Certified Azure Security Engineer Associate AZ-500 exam and earn Microsoft Certified Azure Security Engineer Associate AZ-500 certification.