30 Free Azure AZ-305 Practice Questions

AZ-305 Practice Questions

1. Question 1.Litware, Inc. is a medium-sized finance company... Which type of storage should you recommend, and how should you recommend configuring the storage?  

   • A.Storage account type: Standard general-purpose v2. Configuration: NFSv3.
   • B.Storage account type: Standard general-purpose v2. Configuration: Hierarchical namespace.(correct answer)
   • C.Storage account type: Premium page blobs. Configuration: Hierarchical namespace.
   • D.Storage account type: Premium file shares. Configuration: NFSv3.
   • E.1.
   • F.2.(correct answer)
   • G.3.
   • H.4.
   • I.1.(correct answer)
   • J.2.
   • K.3.
   • L.4.
   • M.1.
   • N.2.(correct answer)
   • O.3.
   • P.4.
   Show answer & explanationHide answer

   Correct answer: B, F, I, N

   Storage account type: Standard general-purpose v2. Configuration: Hierarchical namespace. / 2. / 1. / 2.

   Explanation

   To meet the requirement of preventing modification of data for three years (immutable storage), you should use a Standard general-purpose v2 storage account with the Hierarchical namespace enabled (Azure Data Lake Storage Gen2). This allows for granular access control and supports the necessary blob-level immutability features.

2. Question 2.The on-premises network contains a single Active Directory domain named contoso.com... What should you implement to meet the identity requirements? 

   • A.Service: Azure Automation. Feature: Access reviews.
   • B.Service: The Azure AD Privileged Identity Management (PIM). Feature: Access reviews.(correct answer)
   • C.Service: The Azure AD Privileged Identity Management (PIM). Feature: Approvals.
   • D.Service: Azure Automation. Feature: Runbooks.
   Show answer & explanationHide answer

   Correct answer: B

   Service: The Azure AD Privileged Identity Management (PIM). Feature: Access reviews.

   Explanation

   To meet the requirement of regularly reviewing user access permissions and removing those who no longer need them (Access Reviews), Azure AD PIM is the appropriate tool. It provides a formal process for reviewing role assignments and access to resources.

3. Question 3.You plan to import data from your on-premises environment to Azure. The data Is shown in the following table. What should you recommend using to migrate the data?  

   • A.From the SQL Server 2012 database: Data Migration Assistant. From the table in the SQL Server 2014 database: AzCopy.
   • B.From the SQL Server 2012 database: Data Management Gateway. From the table in the SQL Server 2014 database: Data Migration Assistant.
   • C.From the SQL Server 2012 database: Azure Cosmos DB Data Migration Tool. From the table in the SQL Server 2014 database: Data Migration Assistant.
   • D.From the SQL Server 2012 database: Data Migration Assistant. From the table in the SQL Server 2014 database: Azure Cosmos DB Data Migration Tool.(correct answer)
   Show answer & explanationHide answer

   Correct answer: D

   From the SQL Server 2012 database: Data Migration Assistant. From the table in the SQL Server 2014 database: Azure Cosmos DB Data Migration Tool.

   Explanation

   Data Migration Assistant (DMA) is the primary tool for migrating on-premises SQL Server databases to Azure SQL offerings. For migrating specific data to Cosmos DB, the Cosmos DB Data Migration Tool is appropriate.

4. Question 4.Your organization has developed and deployed several Azure App Service Web and API applications... You need to recommend the appropriate Azure service for each department request. What should you recommend?  

   • A.Security: Azure AD Privileged Identity Management. Development: Azure AD Connect. Quality Assurance: Azure AD Identity Protection.
   • B.Security: Azure AD Identity Protection. Development: Azure AD Connect. Quality Assurance: Privileged Identity Management.
   • C.Security: Azure AD Privileged Identity Management. Development: Azure Managed Identity. Quality Assurance: Azure AD Privileged Identity Management.(correct answer)
   • D.Security: Azure AD Identity Protection. Development: Azure AD Managed Service Identity. Quality Assurance: Azure AD Connect.
   Show answer & explanationHide answer

   Correct answer: C

   Security: Azure AD Privileged Identity Management. Development: Azure Managed Identity. Quality Assurance: Azure AD Privileged Identity Management.

   Explanation

   PIM is used for just-in-time access for administrative roles (Security/QA). Managed Identities (formerly MSI) are the best way for development teams to grant applications access to Key Vault without storing credentials in code.

5. Question 5.The on-premises network contains a single Active Directory domain named contoso.com... You need to recommend a solution that meets the data requirements for App1. What should you recommend deploying to each availability zone that contains an instance of App1?

   • A.An Azure Cosmos DB that uses multi-region writes.(correct answer)
   • B.An Azure Storage account that uses geo-zone-redundant storage (GZRS).
   • C.An Azure Data Lake store that uses geo-zone-redundant storage (GZRS).
   • D.An Azure SQL database that uses active geo-replication.
   Show answer & explanationHide answer

   Correct answer: A

   An Azure Cosmos DB that uses multi-region writes.

   Explanation

   To meet the active-active requirements and cross-region visibility for App1, Azure Cosmos DB with multi-region writes and multi-master replication is the best choice. It ensures low latency for local writes and consistency across availability zones and regions.

6. Question 6.Fabrikam, Inc. is an engineering company... Database backups must be retained for a minimum of seven years to meet compliance requirements. You need to recommend a solution to meet the database retention requirements. What should you recommend?

   • A.Configure a long-term retention policy for the database.(correct answer)
   • B.Configure Azure Site Recovery.
   • C.Configure geo replication of the database.
   • D.Use automatic Azure SQL Database backups.
   Show answer & explanationHide answer

   Correct answer: A

   Configure a long-term retention policy for the database.

   Explanation

   Azure SQL Database enables you to configure Long-Term Retention (LTR) for backups. This allows you to store full backups for up to 10 years in Azure Blob storage, meeting the 7-year compliance requirement.

7. Question 7.You need to recommend a solution to ensure that App1 can access the third-party credentials and access strings. The solution must meet the What should you include in the recommendation? 

   • A.Authenticate App1 by using: A service principal. Authorize App1 to retrieve Key Vault secrets by using: A role assignment.
   • B.Authenticate App1 by using: A system-assigned managed identity. Authorize App1 to retrieve Key Vault secrets by using: A role assignment.
   • C.Authenticate App1 by using: A system-assigned managed identity. Authorize App1 to retrieve Key Vault secrets by using: A role assignment.(correct answer)
   • D.Authenticate App1 by using: A service principal. Authorize App1 to retrieve Key Vault secrets by using: An access policy.
   Show answer & explanationHide answer

   Correct answer: C

   Authenticate App1 by using: A system-assigned managed identity. Authorize App1 to retrieve Key Vault secrets by using: A role assignment.

   Explanation

   Using a system-assigned managed identity for App1 is the most secure and easiest way to authenticate the app to Azure Key Vault. Authorization should be handled via Azure RBAC role assignments (e.g., Key Vault Secrets User) to grant the necessary permissions without managing credentials.

8. Question 8.You are evaluating whether to use Azure Traffic Manager and Azure Application Gateway to meet the connection requirements for App1. What is the minimum numbers of instances required for each service? 

   • A.Azure Traffic Manager: 1. Azure Application Gateway: 2.(correct answer)
   • B.Azure Traffic Manager: 3. Azure Application Gateway: 1.
   • C.Azure Traffic Manager: 6. Azure Application Gateway: 3.
   • D.Azure Traffic Manager: 1. Azure Application Gateway: 6.
   Show answer & explanationHide answer

   Correct answer: A

   Azure Traffic Manager: 1. Azure Application Gateway: 2.

   Explanation

   Traffic Manager is a DNS-based load balancer, so you only need one instance for global routing. Application Gateway (v1 or v2) requires at least two instances for its SLA to be valid and for high availability within a region.

9. Question 9.Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is deployed and configured for on-premises to Azure connectivity. Several virtual machines exhibit network connectivity issues. You need to analyze the network traffic to identify whether packets are being allowed or denied to the virtual machines. Solution: Use Azure Advisor to analyze the network traffic. Does this meet the goal?

   • A.Yes.(correct answer)
   • B.No.
   Show answer & explanationHide answer

   Correct answer: A

   Yes.

   Explanation

   The correct tool for analyzing packet flow and identifying if packets are allowed or denied is Azure Network Watcher's IP Flow Verify feature. Azure Advisor provides recommendations for best practices but is not a packet-level diagnostic tool.

10. Question 10.You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployment in your subscription. What should you include in the recommendation?

    • A.Azure Log Activity.(correct answer)
    • B.Azure Monitor action groups.
    • C.Azure Advisor.
    • D.Azure Arc.
    Show answer & explanationHide answer

    Correct answer: A

    Azure Log Activity.

    Explanation

    Azure Activity Log (formerly Log Activity) records all write operations (PUT, POST, DELETE) on resources. By querying the Activity Log, you can identify all new deployments within a specific timeframe and generate the required monthly report.

11. Question 11.You need to design a storage solution for an app that will store large amounts of frequently used data... Which Azure Storage account type and storage service should you recommend? 

    • A.Storage account type: BlobStorage. Storage service: File.
    • B.Storage account type: BlockBlobStorage. Storage service: Blob.(correct answer)
    • C.Storage account type: StorageV.2 with Premium performance. Storage service: Table.
    • D.Storage account type: BlockBlobStorage. Storage service: Table.
    Show answer & explanationHide answer

    Correct answer: B

    Storage account type: BlockBlobStorage. Storage service: Blob.

    Explanation

    BlockBlobStorage accounts provide low-latency, high-throughput performance for block blobs. It is the only option listed that supports the immutability requirements (WORM) through blob-level immutability policies while maximizing throughput for large amounts of frequently used data.

12. Question 12.You need to recommend an Azure Storage Account configuration for two applications named Application1 and Applications... What should you recommend? 

    • A.Application1: BlockBlobStorage with Premium performance and Zone-redundant storage (ZRS) replication. Application2: General purpose v2 with Standard performance, Cool access tier,(correct answer)
    • B.Application1: BlobStorage with Standard performance, Hot access tier, and Read-access geo-redundant storage (RA-GRS) replication. Application2: General purpose v1 with Standard performance and Read-access geo-redundant storage (RA-GRS) replication.
    • C.Application1: BlockBlobStorage with Premium performance and Zone-redundant storage (ZRS) replication. Application2: BlobStorage with Standard performance, Cool access tier, and Geo redundant storage (GRS) replicaton.
    • D.Application1: General purpose v2 with Standard performance, Hot access tier, and
    Show answer & explanationHide answer

    Correct answer: A

    Application1: BlockBlobStorage with Premium performance and Zone-redundant storage (ZRS) replication. Application2: General purpose v2 with Standard performance, Cool access tier,

    Explanation

    Application1 requires the highest transaction rates and lowest latency, pointing to BlockBlobStorage with Premium performance. Application2 requires lowest cost per GB, pointing to GPv2 Cool tier. Both needing availability during datacenter failure implies ZRS (Zone Redundant) or better.

13. Question 13.Fabrikam, Inc. is an engineering company... To meet the authentication requirements of Fabrikam, what should you include in the solution? 

    • A.Minimum number of Azure AD tenants: 2. Minimum number of custom domains to add: 4. Minimum number of conditional access policies to create: 1
    • B.Minimum number of Azure AD tenants: 1. Minimum number of custom domains to add: 1 Minimum number of conditional access policies to create: 0.
    • C.Minimum number of Azure AD tenants: 1. Minimum number of custom domains to add: 1. Minimum number of conditional access policies to create: 2.(correct answer)
    • D.Minimum number of Azure AD tenants: 1. Minimum number of custom domains to add: 1. Minimum number of conditional access policies to create: 1.
    Show answer & explanationHide answer

    Correct answer: C

    Minimum number of Azure AD tenants: 1. Minimum number of custom domains to add: 1. Minimum number of conditional access policies to create: 2.

    Explanation

    You only need one Azure AD tenant for the production forest. You need one custom domain corresponding to the corp.fabrikam.com suffix. Two conditional access policies are required: one for MFA and another to restrict testing visibility as per requirements.

14. Question 14.You need to design an architecture to capture the creation of users and the assignment of roles. The captured data must be stored in Azure Cosmos DB... Which Azure services should you include in the design? 

    • A.Box 1: Azure Event Grid. Box 2: Azure Functions.
    • B.Box 1: Azure Event Hubs. Box 2: Azure Functions.(correct answer)
    • C.Box 1: Azure Notification Hubs. Box 2: Azure Log Analytics.
    • D.Box1: Azure Notification Hubs. Box 2: Azure Functions.
    Show answer & explanationHide answer

    Correct answer: B

    Box 1: Azure Event Hubs. Box 2: Azure Functions.

    Explanation

    To capture and process events like user creation and role assignment for storage in Cosmos DB at high scale, Azure Event Hubs is the preferred ingestion service. Azure Functions provides a serverless way to process these events and write them to Cosmos DB.

15. Question 15.Litware, Inc. is a medium-sized finance company... You need to ensure that the Azure database and the service tier meet the resiliency and business requirements. What should you configure?  

    • A.Database: An Azure SQL Database elastic pool. Service tier: Business Critical.(correct answer)
    • B.Database: Azure SQL Managed Instance. Service tier: Business Critical.
    • C.Database: An Azure SQL Database elastic pool. Service tier: Hyperscale.
    • D.Database: Azure SQL Managed Instance. Service tier: Business Critical.
    Show answer & explanationHide answer

    Correct answer: A

    Database: An Azure SQL Database elastic pool. Service tier: Business Critical.

    Explanation

    The Business Critical service tier for Azure SQL Database provides the highest resilience, including local redundancy and optional zone redundancy. Elastic pools allow sharing resources between multiple databases (DB1, DB2) to optimize costs while meeting high availability requirements.

16. Question 16.You need to recommend a strategy for the web tier of WebApp1... What should you recommend?

    • A.Create a runbook that resizes virtual machines automatically to a smaller size outside of business hours.
    • B.Configure the Scale Up settings for a web app.
    • C.Deploy a virtual machine scale set that scales out on a 75 percent CPU threshold.
    • D.Configure the Scale Out settings for a web app.(correct answer)
    Show answer & explanationHide answer

    Correct answer: D

    Configure the Scale Out settings for a web app.

    Explanation

    Scaling out (adding more instances) is the best way to handle unpredictable load while maintaining availability. Since WebApp1 is an App Service web app, you should configure its Auto-scale (Scale Out) settings based on metrics like CPU or memory to optimize performance and costs.

17. Question 17.Litware, Inc. is a medium-sized finance company... You need to recommend a network connectivity solution for the Azure Storage account that will host the App1 data. The solution must meet the security and compliance requirements. What should you include in the recommendation? 

    • A.Azure Instance Metadata Service (IMDS).
    • B.Azure AD.
    • C.Azure Service Management.
    • D.Microsoft identity platform.(correct answer)
    Show answer & explanationHide answer

    Correct answer: D

    Microsoft identity platform.

    Explanation

    To obtain tokens for accessing Azure services (like Storage) from an application using managed identities, the application should interact with the Microsoft identity platform (formerly Azure AD v2.0 endpoint) via the provided SDKs or REST APIs. This ensures modern security standards and support for multiple account types.

18. Question 18.You need to ensure that users managing the production environment are registered for Azure MFA... What should you do? 

    • A.To register the users for Azure MFA, use: Azure AD Identity Protection. To enforce Azure MFA authertication, configure: Sign-in nsk policy in Azure AD Identity Protection for the Litware.com tenant.
    • B.To register the users for Azure MFA, use: Azure AD Identity Protection. To enforce Azure MFA authertication, configure: Grant control in capolicy1.(correct answer)
    • C.To register the users for Azure MFA, use:Secunty defaults in Azure AD. configure: Session control in capolicy1.
    • D.To register the users for Azure MFA, use: Per-user MFA in the MFA management Ul. configure: Grant control in capolicy1.
    Show answer & explanationHide answer

    Correct answer: B

    To register the users for Azure MFA, use: Azure AD Identity Protection. To enforce Azure MFA authertication, configure: Grant control in capolicy1.

    Explanation

    Azure AD Identity Protection can be used to prompt users for MFA registration (Registration Policy). To enforce MFA for specific administrative tasks defined in Litware's requirements, you should configure the 'Grant control' setting in the existing 'capolicy1' conditional access policy to require MFA.

19. Question 19.You need to recommend an App Service architecture that meets the requirements for Appl. The solution must minimize costs. What should few recommend?

    • A.One App Service Environment (ASE) per availability zone.
    • B.One App Service plan per availability zone.
    • C.One App Service plan per region.(correct answer)
    • D.One App Service Environment (ASE) per region.
    Show answer & explanationHide answer

    Correct answer: C

    One App Service plan per region.

    Explanation

    An App Service plan can span across availability zones within a single region (when zone redundancy is enabled). Creating one App Service plan per region (East US and West Europe) is more cost-effective than per-AZ plans or using expensive App Service Environments (ASEs).

20. Question 20.Your company develops a web service that is deployed to an Azure virtual machine named VM1... The API is available to partners over the Internet.  

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanationHide answer

    Correct answer: A

    Yes.

    Explanation

    By deploying Azure API Management (APIM) and configuring it to expose the backend web service on VM1, partners can connect to the API over the Internet via the APIM gateway. The APIM instance acts as a proxy, handling internet-facing traffic and routing it to the internal VM.

21. Question 21.Your company develops a web service that is deployed to an Azure virtual machine named VM1... The APIM instance can access real-time data from VM1.  

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanationHide answer

    Correct answer: A

    Yes.

    Explanation

    Assuming the APIM instance and VM1 are in the same virtual network or have a valid route/connectivity (as shown in typical exam exhibits), the APIM instance can act as a gateway to access the backend data on VM1 and expose it securely.

22. Question 22.Your company develops a web service that is deployed to an Azure virtual machine named VM1... A VPN gateway is required for partner access.  

    • A.Yes.
    • B.No.(correct answer)
    Show answer & explanationHide answer

    Correct answer: B

    No.

    Explanation

    Azure API Management is designed to expose APIs directly to the public internet using its own public endpoints. Therefore, a VPN gateway is not required for partners to access the API; they can connect via the public URL provided by APIM.

23. Question 23.What should you include in the recommendation? [Monitoring Hybrid Identity Health]

    • A.Azure Network Watcher.
    • B.An action group.
    • C.A SendGrid account with advanced reporting.
    • D.Azure AD Connect Health.(correct answer)
    Show answer & explanationHide answer

    Correct answer: D

    Azure AD Connect Health.

    Explanation

    To monitor the health of directory synchronization and receive alerts about issues between on-premises Active Directory and Azure AD, Azure AD Connect Health is the specialized tool. It provides a dashboard and alert notifications for synchronization errors and performance metrics.

24. Question 24.You design a solution for the web tier of WebApp1 as shown in the exhibit. Question 1: The design supports the technical requirements for redundancy. 

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanationHide answer

    Correct answer: A

    Yes.

    Explanation

    The exhibit typically shows a combination of Azure Traffic Manager (for global/multi-region load balancing) and Azure Application Gateway (for regional layer 7 load balancing with WAF). This multi-layered approach provides robust redundancy at both the regional and global levels.

25. Question 25.You have an Azure subscription named Subscription1... You need to recommend a solution to provide LogicApp1 with the ability to access Server1. What should you recommend deploying on-premises and in Azure? 

    • A.On-premises: An On-premises data gateway. Azure: An enterprise application.
    • B.On-premises: An On-premises data gateway. Azure: A connection gateway resource.(correct answer)
    • C.On-premises: A Web Application Proxy for Windows Server. Azure: An Azure Event Grid domain.
    • D.On-premises: An Azure AD Application Proxy connector. Azure: An Azure Application Gateway.
    Show answer & explanationHide answer

    Correct answer: B

    On-premises: An On-premises data gateway. Azure: A connection gateway resource.

    Explanation

    To allow Azure Logic Apps to securely access resources in an on-premises network without a VPN or ExpressRoute, you should use the On-premises data gateway. In Azure, you must also create a 'Connection Gateway' resource that represents the installed gateway and allows the Logic App to connect to it.

26. Question 26.You plan to migrate App1 to Azure... What should you use to estimate the costs, and what should you implement to minimize the costs? 

    • A.To estimate the costs, use: The Azure Cost Management Power Bl app. Implement: Azure Spot Virtual Machine pricing.
    • B.To estimate the costs, use: The Azure Cost Management Power Bl app. Implement: Azure Reservations.
    • C.To estimate the costs, use: The Azure Total Cost of Ownership (TCO) calculator. Implement: Azure Hybrid Benefit.(correct answer)
    • D.To estimate the costs, use: Azure Reservations. Implement: Azure Hybrid Benefit.
    Show answer & explanationHide answer

    Correct answer: C

    To estimate the costs, use: The Azure Total Cost of Ownership (TCO) calculator. Implement: Azure Hybrid Benefit.

    Explanation

    The Total Cost of Ownership (TCO) calculator is used to estimate the cost savings of migrating on-premises workloads to Azure. To minimize costs once in Azure, leveraging Azure Hybrid Benefit (using existing on-premises licenses for Windows Server/SQL Server) is a highly effective strategy.

27. Question 27.Litware, Inc. is a medium-sized finance company... After you migrate App1 to Azure, you need to enforce the data modification requirements to meet the security and compliance requirements. What should you do? 

    • A.Create an access policy for the blob service.(correct answer)
    • B.Modify the access level of the blob service.
    • C.Implement Azure resource locks.
    • D.Create Azure RBAC assignments.
    Show answer & explanationHide answer

    Correct answer: A

    Create an access policy for the blob service.

    Explanation

    To prevent data modification for a specific period (immutability), you should configure an immutability policy (a type of access policy) at the blob container level. This ensures that even users with full access cannot modify or delete the data until the policy expires.

28. Question 28.Does this meet the goal? [Ineffective Monitoring Solution]

    • A.Yes.
    • B.No.(correct answer)
    Show answer & explanationHide answer

    Correct answer: B

    No.

    Explanation

    This is a negative validation question. The 'No' answer indicates that the proposed solution (likely something broad or irrelevant like Azure Advisor for deep packet analysis) does not meet the specific technical requirement mentioned in the case context.

29. Question 29.You plan to migrate App1 to Azure... What should you include in the recommendation? 

    • A.Number of host groups: 2. Number of virtual machine scale sets: 3.
    • B.Number of host groups: 3. Number of virtual machine scale sets: 1.
    • C.Number of host groups: 3. Number of virtual machine scale sets: 3.(correct answer)
    • D.Number of host groups: 1. Number of virtual machine scale sets: 0.
    Show answer & explanationHide answer

    Correct answer: C

    Number of host groups: 3. Number of virtual machine scale sets: 3.

    Explanation

    To maintain availability even if two availability zones fail, you need to distribute the workload across three zones. Using three host groups (one per zone) and three virtual machine scale sets (distributed across zones) ensures that the application remains functional even in a double-zone failure scenario.

30. Question 30.Litware, Inc. is a medium-sized finance company... What is the minimum number of assignments that you must use?

    • A.1.
    • B.2.(correct answer)
    • C.5.
    • D.10.
    • E.15.
    Show answer & explanationHide answer

    Correct answer: B

    2.

    Explanation

    To grant the Network Contributor role to all virtual networks across all 15 subscriptions (10 production + 5 development), the most efficient way to assign this at the 'highest level possible' is to use a Management Group. By placing all subscriptions under a single management group and assigning the role there, only one assignment is required.

Frequently Asked Questions

Keep studying

Full exam

Azure Azure Solutions Architect Expert (AZ-305) details

Free practice

Microsoft AZ-104

Free practice

Microsoft AZ-204

Free practice

Microsoft AZ-500