AZ-305: Microsoft Azure Solutions Architect Expert Exam

420 Questions and Answers

AZ-305: Microsoft Azure Solutions Architect Expert Practice Exam

Are you preparing for the AZ-305 Microsoft Azure Solutions Architect Expert certification? This comprehensive practice exam on ExamSage.com is designed to help you master the skills required to design and implement solutions on Microsoft Azure. Whether you are an experienced IT professional or an aspiring Azure architect, this exam prep tool provides you with the knowledge and confidence to succeed on the official AZ-305 exam.

What is the AZ-305 Exam?

The AZ-305 exam, officially titled Designing Microsoft Azure Infrastructure Solutions, validates your expertise in designing cloud and hybrid solutions on the Azure platform. As a Microsoft Azure Solutions Architect Expert, you will demonstrate your ability to translate business requirements into secure, scalable, and reliable Azure solutions that meet organizational goals.

What Will You Learn?

Through this practice exam, you will deepen your understanding of key Azure architectural concepts and prepare for real-world scenarios by exploring topics such as:

  • Designing Azure infrastructure solutions for compute, storage, and networking

  • Implementing secure and scalable identity and access management

  • Designing data integration, migration, and disaster recovery strategies

  • Creating cost-optimized architectures for high availability and performance

  • Managing governance, compliance, and monitoring of Azure environments

Topics Covered in This Practice Exam:

  • Design a solution for identity and security

  • Design a data storage solution

  • Design infrastructure solutions

  • Design a business continuity strategy

  • Design for deployment, migration, and integration

  • Design for governance and compliance

Each question comes with detailed explanations to help you understand the reasoning behind the correct answers and build your confidence before taking the official Microsoft certification exam.

Why Choose ExamSage for AZ-305 Preparation?

ExamSage.com offers expertly crafted practice exams designed by industry professionals with up-to-date content aligned to the latest AZ-305 exam objectives. Our platform is easy to use and provides:

  • Realistic, scenario-based multiple-choice questions

  • Thorough explanations and references for each answer

  • Regular updates reflecting Microsoft Azure changes

  • A flexible, self-paced study experience

By practicing with ExamSage, you can identify your strengths and weaknesses, track your progress, and reinforce your knowledge to pass the AZ-305 exam on your first attempt.

Sample Questions and Answers

Question 1

You are designing a solution that uses Azure SQL Database. You need to recommend a solution that provides automatic failover in case of a regional outage. What should you recommend?

A. Active geo-replication
B. Read-scale out
C. Azure SQL Elastic Pool
D. Always On availability group

Answer: A. Active geo-replication
Explanation: Active geo-replication enables automatic failover between regions. It provides high availability and disaster recovery by allowing you to configure readable secondaries in different regions.

Question 2

You need to ensure sensitive data is protected in an Azure SQL Database without modifying existing applications. What should you implement?

A. Transparent Data Encryption (TDE)
B. Always Encrypted
C. SQL Server auditing
D. Azure Defender for SQL

Answer: B. Always Encrypted
Explanation: Always Encrypted ensures sensitive data is encrypted both at rest and in transit and cannot be read by the SQL engine, thus not requiring changes to the application logic.

Question 3

A company wants to host a multi-region web application in Azure. What service should you use to provide global load balancing with automatic failover?

A. Azure Application Gateway
B. Azure Load Balancer
C. Azure Traffic Manager
D. Azure Front Door

Answer: D. Azure Front Door
Explanation: Azure Front Door provides global HTTP load balancing, fast failover, and acceleration for web apps hosted in multiple Azure regions.

Question 4

You need to ensure that an Azure Function can access an Azure Key Vault securely without using secrets in code. What should you use?

A. Managed Identity
B. Shared Access Signature
C. Service Principal
D. Access Key

Answer: A. Managed Identity
Explanation: Managed Identity allows services like Azure Functions to access Azure resources securely without managing credentials explicitly.

Question 5

What Azure service should you use for real-time telemetry ingestion and processing of millions of events per second?

A. Azure Data Factory
B. Azure Event Grid
C. Azure Event Hubs
D. Azure Logic Apps

Answer: C. Azure Event Hubs
Explanation: Event Hubs is designed for high-throughput event ingestion and is ideal for real-time analytics and telemetry collection.

Question 6

You are designing a business continuity solution for an Azure web app. You want to ensure minimal downtime. Which deployment strategy should you recommend?

A. Blue-Green Deployment
B. Lift and Shift
C. Canary Deployment
D. In-Place Upgrade

Answer: A. Blue-Green Deployment
Explanation: Blue-Green Deployment minimizes downtime and risk by maintaining two production environments and switching traffic between them.

Question 7

You need to store semi-structured data and run complex queries on it. Which Azure service is the best fit?

A. Azure Blob Storage
B. Azure SQL Database
C. Azure Synapse Analytics
D. Azure Cosmos DB (SQL API)

Answer: D. Azure Cosmos DB (SQL API)
Explanation: Cosmos DB supports semi-structured data and provides SQL-like query capabilities, ideal for scenarios like user profiles, catalogs, etc.

Question 8

Which service provides a platform for managing compliance and policy enforcement across multiple Azure subscriptions?

A. Azure Monitor
B. Azure Policy
C. Azure Blueprints
D. Azure Security Center

Answer: C. Azure Blueprints
Explanation: Azure Blueprints help automate the deployment of governance policies, RBAC, and resources across subscriptions.

Question 9

What Azure service should be used to protect virtual machines from zero-day vulnerabilities and malware?

A. Azure Key Vault
B. Azure Sentinel
C. Microsoft Defender for Cloud
D. Azure Bastion

Answer: C. Microsoft Defender for Cloud
Explanation: Defender for Cloud provides threat protection and vulnerability assessment for VMs and other resources.

Question 10

Which Azure storage service allows for tiered access based on frequency of access?

A. Azure Table Storage
B. Azure Queue Storage
C. Azure Blob Storage
D. Azure Files

Answer: C. Azure Blob Storage
Explanation: Blob Storage supports tiered access levels: Hot, Cool, and Archive, optimizing cost based on data access patterns.

Question 11

You need to design a data solution that supports batch and stream processing with native machine learning integration. Which service should you choose?

A. Azure Databricks
B. Azure SQL Managed Instance
C. Azure Data Factory
D. Azure Machine Learning

Answer: A. Azure Databricks
Explanation: Databricks supports both stream and batch analytics and integrates with ML frameworks, making it ideal for big data analytics and AI.

Question 12

Which of the following is the best option to ensure secure access to Azure VMs without exposing public IP addresses?

A. Azure Firewall
B. Azure Bastion
C. Azure VPN Gateway
D. Azure NAT Gateway

Answer: B. Azure Bastion
Explanation: Azure Bastion allows secure RDP/SSH access to VMs over the Azure portal without public IP exposure.

Question 13

Which Azure service helps to automate the deployment and configuration of resources in a repeatable manner?

A. Azure Resource Manager Templates
B. Azure Logic Apps
C. Azure CLI
D. Azure Monitor

Answer: A. Azure Resource Manager Templates
Explanation: ARM templates provide infrastructure as code for consistent and repeatable deployments of Azure resources.

Question 14

Your company requires that all data stored in Azure is encrypted using customer-managed keys (CMKs). Which service should you use?

A. Azure Storage Service Encryption
B. Azure Key Vault
C. Azure Disk Encryption
D. Azure AD Privileged Identity Management

Answer: B. Azure Key Vault
Explanation: Azure Key Vault allows storage and management of CMKs, supporting integration with various Azure services for encryption.

Question 15

You are designing a solution using Azure Kubernetes Service (AKS). Which component should handle load balancing for incoming internet traffic?

A. Kubernetes Ingress Controller
B. Azure Load Balancer
C. Azure API Management
D. Azure Application Gateway

Answer: A. Kubernetes Ingress Controller
Explanation: The Ingress Controller in AKS provides HTTP routing, SSL termination, and load balancing.

Question 16

You are designing a multi-tenant SaaS application hosted in Azure. You need to isolate each tenant’s data and ensure scalability. Which database strategy should you choose?

A. Shared database, shared schema
B. Shared database, separate schema
C. Separate databases per tenant
D. Single database with partitioning

Answer: C. Separate databases per tenant
Explanation: Using separate databases ensures strong isolation and allows per-tenant scaling, which is ideal for multi-tenant SaaS environments.

Question 17

Which Azure service allows you to perform real-time analytics on data streams?

A. Azure Monitor
B. Azure Stream Analytics
C. Azure Data Factory
D. Azure Synapse Analytics

Answer: B. Azure Stream Analytics
Explanation: Azure Stream Analytics is designed to process real-time data streams using SQL-like queries for time-sensitive insights.

Question 18

You need to deploy an Azure virtual machine and ensure it automatically joins an Active Directory domain. What should you use?

A. Azure Automation Runbooks
B. Azure Custom Script Extension
C. Desired State Configuration (DSC)
D. Azure VM Agent

Answer: C. Desired State Configuration (DSC)
Explanation: DSC can automate VM configuration post-deployment, including domain joins, in a repeatable and declarative way.

Question 19

Your team wants to detect threats and abnormal activities across Azure resources. What service should they use?

A. Azure Firewall
B. Azure Monitor
C. Azure Security Center (Microsoft Defender for Cloud)
D. Azure Policy

Answer: C. Azure Security Center (Microsoft Defender for Cloud)
Explanation: Defender for Cloud offers advanced threat protection and behavioral analytics across your Azure environment.

Question 20

You want to store application secrets securely and allow RBAC-based access. Which Azure service should you use?

A. Azure App Configuration
B. Azure Key Vault
C. Azure Blob Storage
D. Azure AD B2C

Answer: B. Azure Key Vault
Explanation: Azure Key Vault securely stores secrets, keys, and certificates and integrates with Azure RBAC for access control.

Question 21

You want to enable a VM to access an Azure Storage account without using access keys. What should you configure?

A. Shared Access Signature (SAS)
B. Azure AD role assignment
C. Managed Identity
D. Azure Key Vault reference

Answer: C. Managed Identity
Explanation: A managed identity allows the VM to authenticate securely with Azure services like Storage without credentials.

Question 22

A company wants to minimize latency for its global user base accessing a website. What service should they implement?

A. Azure Application Gateway
B. Azure Traffic Manager
C. Azure Load Balancer
D. Azure Front Door

Answer: D. Azure Front Door
Explanation: Azure Front Door provides global load balancing, dynamic site acceleration, and SSL offloading, reducing latency globally.

Question 23

Which of the following best enforces resource consistency, compliance, and organizational standards across multiple Azure subscriptions?

A. Azure Policy
B. Azure Blueprints
C. Azure Management Groups
D. Azure Locks

Answer: B. Azure Blueprints
Explanation: Blueprints combine policies, role assignments, and ARM templates for repeatable, governed deployments across subscriptions.

Question 24

You are designing a microservices solution with internal communication between services. What Azure service helps manage these communications?

A. Azure API Management
B. Azure Load Balancer
C. Azure Service Bus
D. Azure Application Gateway

Answer: C. Azure Service Bus
Explanation: Azure Service Bus enables reliable messaging between decoupled microservices, ensuring message delivery even in failure scenarios.

Question 25

Which type of storage should you use for a VM that requires high IOPS and low latency?

A. Standard HDD
B. Premium SSD
C. Standard SSD
D. Archive Storage

Answer: B. Premium SSD
Explanation: Premium SSDs provide low latency and high throughput, making them ideal for performance-intensive VM workloads.

Question 26

You need to allow an on-premises data center to securely connect to an Azure virtual network. What should you configure?

A. ExpressRoute
B. Azure DNS
C. Azure Application Gateway
D. Azure Front Door

Answer: A. ExpressRoute
Explanation: ExpressRoute provides private, high-bandwidth connectivity between on-premises environments and Azure without going over the public internet.

Question 27

You want to move large amounts of offline data to Azure Blob Storage. What’s the most efficient method?

A. Azure File Sync
B. Azure Import/Export
C. AzCopy
D. Azure Data Box

Answer: D. Azure Data Box
Explanation: Azure Data Box is a physical appliance used to transfer large volumes of data to Azure securely and efficiently when online transfer isn’t feasible.

Question 28

A developer wants to test a new version of a web app with a small percentage of users before full deployment. Which strategy should be used?

A. Rolling update
B. Canary release
C. Blue-Green deployment
D. In-place upgrade

Answer: B. Canary release
Explanation: A canary release gradually rolls out the new version to a subset of users, allowing monitoring before full deployment.

Question 29

Which service allows you to monitor the performance and health of applications hosted in Azure?

A. Azure Monitor
B. Azure Advisor
C. Azure Diagnostics
D. Application Insights

Answer: D. Application Insights
Explanation: Application Insights is part of Azure Monitor and provides performance tracking, error analysis, and diagnostics for apps.

Question 30

Your organization wants to restrict deployment of only specific VM sizes in Azure. What should you implement?

A. Azure Policy
B. Azure Blueprints
C. Management Locks
D. Role-Based Access Control

Answer: A. Azure Policy
Explanation: Azure Policy can restrict VM SKUs, regions, and other properties to enforce organizational standards and compliance.

Question 31

Your company wants to run a containerized workload in Azure without managing any virtual machines. What should you use?

A. Azure Kubernetes Service (AKS)
B. Azure Container Instances (ACI)
C. Azure Virtual Machines
D. Azure App Service

Answer: B. Azure Container Instances (ACI)
Explanation: ACI enables running containers on demand without managing infrastructure, ideal for lightweight workloads.

Question 32

You are designing a solution where you need event-based communication between microservices. Which Azure service should you choose?

A. Azure Event Grid
B. Azure Logic Apps
C. Azure Application Gateway
D. Azure Traffic Manager

Answer: A. Azure Event Grid
Explanation: Azure Event Grid is optimized for event-based architecture and can route events from source to subscribers with low latency.

Question 33

Which service helps ensure application availability by automatically switching to a secondary region in case of a disaster?

A. Azure Backup
B. Azure Site Recovery
C. Azure Availability Zones
D. Azure Load Balancer

Answer: B. Azure Site Recovery
Explanation: Azure Site Recovery offers disaster recovery as a service by replicating VMs and services to a secondary region for failover.

Question 34

You want to automatically apply updates and patches to your Azure VMs without user intervention. Which service should you use?

A. Azure Update Management
B. Azure Automation
C. Azure Policy
D. Azure Blueprints

Answer: A. Azure Update Management
Explanation: Azure Update Management automates patching across Windows and Linux VMs, improving compliance and reducing vulnerabilities.

Question 35

Your solution needs a globally distributed, multi-model NoSQL database with millisecond latency. What should you use?

A. Azure SQL Database
B. Azure Table Storage
C. Azure Database for PostgreSQL
D. Azure Cosmos DB

Answer: D. Azure Cosmos DB
Explanation: Cosmos DB is designed for global distribution with multi-model support and single-digit millisecond response times.

Question 36

Which service allows managing Azure subscriptions and resource access at a management group level?

A. Azure RBAC
B. Azure AD Groups
C. Azure Management Groups
D. Azure Resource Graph

Answer: C. Azure Management Groups
Explanation: Management groups allow governance and policy enforcement across multiple subscriptions in a single hierarchy.

Question 37

You need to implement a solution that allows access to your application based on geographic location. Which service should you use?

A. Azure Load Balancer
B. Azure Front Door
C. Azure Application Gateway
D. Azure Traffic Manager

Answer: D. Azure Traffic Manager
Explanation: Traffic Manager can route users to the nearest endpoint using DNS-based geographic routing policies.

Question 38

What Azure service provides recommendations on cost optimization, security, reliability, and operational excellence?

A. Azure Advisor
B. Azure Policy
C. Azure Cost Management
D. Azure Monitor

Answer: A. Azure Advisor
Explanation: Azure Advisor offers tailored best practices across key pillars like performance, security, and cost.

Question 39

You want to deploy a solution that performs real-time analysis of telemetry data from IoT devices. What should you use?

A. Azure Data Factory
B. Azure Databricks
C. Azure Stream Analytics
D. Azure Synapse Analytics

Answer: C. Azure Stream Analytics
Explanation: Azure Stream Analytics is built for ingesting and analyzing real-time telemetry data streams from devices and apps.

Question 40

Which storage tier in Azure Blob Storage is optimized for data accessed less frequently and stored for at least 30 days?

A. Premium
B. Hot
C. Cool
D. Archive

Answer: C. Cool
Explanation: The Cool tier is cost-effective for infrequently accessed data with minimum 30-day storage duration.

Question 41

What is the main benefit of Azure Availability Zones?

A. Faster performance
B. Cost savings
C. High availability and fault isolation
D. Global distribution

Answer: C. High availability and fault isolation
Explanation: Availability Zones provide high availability by distributing resources across physically separate data centers within a region.

Question 42

You need to encrypt a virtual machine disk in Azure. What feature should you use?

A. Azure Confidential Compute
B. Azure Key Vault
C. Azure Disk Encryption
D. Azure Defender

Answer: C. Azure Disk Encryption
Explanation: Azure Disk Encryption uses BitLocker or DM-Crypt to encrypt Windows and Linux VM disks.

Question 43

You need to provide temporary, limited-access credentials to an application for accessing blob storage. What should you use?

A. Azure AD token
B. Access keys
C. Shared Access Signature (SAS)
D. RBAC role assignment

Answer: C. Shared Access Signature (SAS)
Explanation: SAS tokens provide time-limited access to specific blob resources without exposing account keys.

Question 44

Which Azure feature enables you to manage infrastructure as code using declarative templates?

A. Azure DevTest Labs
B. Azure ARM Templates
C. Azure Logic Apps
D. Azure Automation State Configuration

Answer: B. Azure ARM Templates
Explanation: ARM templates define infrastructure and configurations in a declarative JSON format, enabling repeatable deployments.

Question 45

Your solution must remain operational during a regional outage. Which Azure architecture pattern should you implement?

A. Active-Passive with Availability Sets
B. Multi-region deployment
C. Single-region scale set
D. Availability Zones only

Answer: B. Multi-region deployment
Explanation: A multi-region architecture ensures business continuity during full regional outages by replicating services to another region.

Question 46

Which Azure networking component is used to implement a secure connection between on-premises networks and Azure over the internet?

A. Azure ExpressRoute
B. VPN Gateway
C. Virtual Network Peering
D. Azure Firewall

Answer: B. VPN Gateway
Explanation: A VPN Gateway uses encrypted IPsec tunnels to connect on-premises environments to Azure securely over the internet.

Question 47

You want to assign permissions to Azure resources based on job roles. What should you use?

A. Azure AD Connect
B. Azure AD Privileged Identity Management
C. Azure RBAC
D. Azure Blueprints

Answer: C. Azure RBAC
Explanation: Azure Role-Based Access Control allows you to assign permissions based on predefined or custom roles.

Question 48

You need to implement a hybrid identity solution. Which service helps synchronize on-premises identities to Azure AD?

A. Azure B2C
B. Azure AD Domain Services
C. Azure AD Connect
D. Azure Identity Protection

Answer: C. Azure AD Connect
Explanation: Azure AD Connect synchronizes on-premises Active Directory objects to Azure AD for hybrid identity scenarios.

Question 49

Which service should you use to analyze and query logs and metrics across all Azure resources?

A. Azure Data Explorer
B. Azure Log Analytics
C. Azure Activity Log
D. Azure Monitor Metrics

Answer: B. Azure Log Analytics
Explanation: Log Analytics uses Kusto Query Language (KQL) to analyze large volumes of logs and performance data from Azure Monitor.

Question 50

Which service enables you to create CI/CD pipelines for your infrastructure and application code in Azure?

A. Azure Boards
B. Azure DevOps Repos
C. Azure DevOps Pipelines
D. GitHub Codespaces

Answer: C. Azure DevOps Pipelines
Explanation: Azure Pipelines supports building, testing, and deploying code through automated CI/CD workflows.

Question 51

Your company wants to centrally manage compliance policies for all Azure resources. What should you use?

A. Azure Advisor
B. Azure Monitor
C. Azure Policy
D. Azure Defender

Answer: C. Azure Policy
Explanation: Azure Policy ensures compliance by enforcing rules and auditing resource configurations across your environment.

Question 52

Which Azure compute option allows you to automatically scale out web apps based on traffic?

A. Azure Functions
B. Azure Kubernetes Service
C. Azure Virtual Machine Scale Sets
D. Azure App Service

Answer: D. Azure App Service
Explanation: App Service can automatically scale web applications horizontally based on rules or metrics like CPU or HTTP traffic.

Question 53

Your application needs to load balance TCP traffic at the transport layer. What should you use?

A. Azure Application Gateway
B. Azure Front Door
C. Azure Load Balancer
D. Azure Traffic Manager

Answer: C. Azure Load Balancer
Explanation: Azure Load Balancer operates at Layer 4 (TCP/UDP), ideal for low-level traffic distribution.

Question 54

What is a key benefit of Azure Private Link?

A. Enables high-speed connections between regions
B. Allows internet access for private resources
C. Provides private, secure connectivity to Azure PaaS services
D. Implements regional failover routing

Answer: C. Provides private, secure connectivity to Azure PaaS services
Explanation: Private Link enables access to services over a private IP address within your virtual network.

Question 55

You need to design an API gateway for a microservices-based application. Which Azure service should you use?

A. Azure Load Balancer
B. Azure API Management
C. Azure Front Door
D. Azure Logic Apps

Answer: B. Azure API Management
Explanation: Azure API Management acts as a secure, scalable API gateway, handling throttling, authentication, and transformation.

Question 56

You want to implement key rotation and auditing for secrets used in an application. What service should you use?

A. Azure Security Center
B. Azure Key Vault
C. Azure App Configuration
D. Azure Policy

Answer: B. Azure Key Vault
Explanation: Key Vault supports versioning, automatic key rotation, and logging of access to secrets and keys.

Question 57

Which Azure service provides automatic scaling, high availability, and a serverless model for running functions?

A. Azure Kubernetes Service
B. Azure Functions
C. Azure Logic Apps
D. Azure App Service

Answer: B. Azure Functions
Explanation: Azure Functions supports an event-driven, serverless model that scales automatically based on demand.

Question 58

To improve cost efficiency, your company wants to analyze spending across subscriptions. What tool should they use?

A. Azure Pricing Calculator
B. Azure Resource Graph
C. Azure Cost Management + Billing
D. Azure Advisor

Answer: C. Azure Cost Management + Billing
Explanation: Azure Cost Management + Billing offers tools to monitor, allocate, and forecast Azure spending.

Question 59

You want to protect against DDoS attacks on your Azure web application. What should you implement?

A. Azure Web Application Firewall
B. Azure Security Center
C. Azure DDoS Protection
D. Azure Front Door

Answer: C. Azure DDoS Protection
Explanation: Azure DDoS Protection provides always-on traffic monitoring and automatic mitigation of DDoS attacks.

Question 60

Your team needs to schedule, orchestrate, and monitor data workflows. What service should you use?

A. Azure Logic Apps
B. Azure Data Factory
C. Azure Synapse Analytics
D. Azure Stream Analytics

Answer: B. Azure Data Factory
Explanation: Azure Data Factory is a cloud-based ETL service for data integration, transformation, and orchestration of workflows.

You may also like...