Exam SC-500 Topic 1 Question 54 Discussion
Actual exam question for Microsoft's SC-500 exam
Question #: 54
Topic #: 1
Question #: 54
Topic #: 1
You have an Azure subscription that contains the following resources:
*An Azure SQL Database logical server named Server1 that contains a database named DB1
*An Azure SQL Managed Instance named Instance1 that contains a database named DB2 You need to configure database auditing. The solution must meet the following requirements:
*Ensure that audit data is centrally available in a location that supports for KQL queries.
*Minimize ongoing administrative effort as additional databases are added.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

*An Azure SQL Database logical server named Server1 that contains a database named DB1
*An Azure SQL Managed Instance named Instance1 that contains a database named DB2 You need to configure database auditing. The solution must meet the following requirements:
*Ensure that audit data is centrally available in a location that supports for KQL queries.
*Minimize ongoing administrative effort as additional databases are added.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Suggested Answer:

Explanation:
Auditing scope: Enable on each server or instance; Auditing destination: A Log Analytics workspace

Server-level or instance-level auditing minimizes administration because new databases under the same logical server or managed instance inherit the auditing configuration. The destination must support KQL queries, which points to a Log Analytics workspace, not local database-level files or ad-hoc storage-only output. This design gives the security team a central query plane for audit events while avoiding repeated manual configuration each time another Azure SQL database is added. For this domain, least privilege means granting only the required data operation or allowing only the required network flow. The correct response avoids shared keys, broad peering, general contributor roles, or log-only controls when the scenario demands prevention, routing, event triggering, or account-specific configuration. The result is a direct exam-style implementation choice: it changes the required security behavior without relying on unrelated monitoring, manual cleanup, or excessive privilege. Official Microsoft source/topic: SC-500 Study Guide > Configure database auditing; Microsoft Learn > Azure SQL auditing destinations and Log Analytics.
by Georgia at Jul 03, 2026, 08:50 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).