Practice questions · IT & Cloud
Azure Solutions Architect Expert (AZ-305): Practice Questions
Original concept-check questions for the AZ-305 (Azure Solutions Architect Expert). They test the design judgement the exam rewards - infrastructure, identity and governance, data storage and business continuity - with every answer explained, including why the others are wrong. Filter by design area or difficulty. These are concept checks, not real exam questions.
Answered 0 · Correct 0
-
AZ-305 is best described as an exam about:
Correct answer: A. AZ-305 tests architectural design judgement, not configuration steps or coding. The other options describe AZ-104, AZ-204 and unrelated work. -
A hub-and-spoke network topology is typically chosen to:
Correct answer: B. Hub-and-spoke centralizes shared services (like firewalls or gateways) in a hub VNet and isolates workloads in separate spoke VNets. It does not eliminate the need for a firewall, does not avoid using regions, and has nothing to do with replacing Cosmos DB. -
A private endpoint is used to:
Correct answer: A. A private endpoint connects privately to an Azure service over the Microsoft backbone, keeping traffic off the public internet. It does not encrypt a Cosmos container, does not expose a service to the public internet (the opposite of its purpose), and does not define an RBAC role. -
For a lift-and-shift migration of on-premises VMs with minimal redesign, the most appropriate approach is:
Correct answer: C. Lift-and-shift means rehosting VMs with minimal change (often via Azure Migrate), modernizing later. Rewriting everything as Functions first is a full re-architecture, storing VMs in Blob storage does not run them, and deleting the workloads defeats the migration. -
You must design compute for a containerised microservices platform needing orchestration and fine control. The strongest fit is:
Correct answer: C. AKS provides managed Kubernetes orchestration for microservices at scale. A single VM lacks orchestration; the others are not compute platforms. -
To distribute incoming web traffic across multiple backend instances for scale and availability, design with:
Correct answer: D. Load balancing (Azure Load Balancer or Application Gateway) spreads incoming traffic across backend instances for scale and availability. A management group applies governance, Key Vault stores secrets, and a single static IP points to one target with no distribution. -
Azure Migrate is primarily a tool for:
Correct answer: D. Azure Migrate assesses and migrates on-premises servers, databases and apps to Azure. Defining Cosmos partition keys is a database design task, writing Functions is development, and issuing access tokens is an identity function - none assess or move workloads. -
When a design must satisfy a strict 'lowest cost' requirement, the best architecture is the one that:
Correct answer: A. In AZ-305 the right answer satisfies the stated constraint - here, lowest cost - not the most feature-rich design. The other options add unneeded cost. -
A management group is used to:
Correct answer: C. A management group sits above subscriptions to apply governance and policy across many of them at once. Running containers is AKS/ACI, streaming telemetry is Event Hubs, and storing application secrets is Key Vault - none govern multiple subscriptions. -
Role-Based Access Control (RBAC) grants permissions by:
Correct answer: D. RBAC grants permissions by assigning roles (sets of permissions) to identities at a defined scope. Sharing the account key with everyone is over-permissive, disabling authentication removes security, and encrypting blobs is a storage feature - none implement scoped role-based access. -
Azure Policy is designed to:
Correct answer: B. Azure Policy enforces compliance rules on resources. The other options describe Redis, data and hosting. -
Conditional access in Microsoft Entra lets you:
Correct answer: A. Conditional access grants or blocks access based on signals like user, device, location and risk. Setting Blob access tiers controls storage cost, defining Cosmos consistency is a database setting, and creating a deployment slot is an App Service feature - none make access decisions. -
Hybrid identity in an AZ-305 design refers to:
Correct answer: A. Hybrid identity connects on-premises Active Directory with Microsoft Entra so users have one identity across both. Two separate unrelated logins is the opposite of that, a load balancer distributes traffic, and storing identities in Blob storage is not how identity works. -
To enforce that resources are only deployed to approved regions across an organisation, the best tool is:
Correct answer: B. Azure Policy can restrict resources to approved regions org-wide by enforcing allowed locations. A SAS token grants storage access, Azure Cache for Redis is an in-memory cache, and Application Insights monitors apps - none enforce deployment governance. -
For centralised observability across many subscriptions, an AZ-305 design would use:
Correct answer: D. Azure Monitor with Log Analytics centralizes logs and metrics for observability across many subscriptions. A single VM's local logs cover only that VM, the Blob archive tier is cold storage, and manual screenshots are not a monitoring solution. -
Granting a team the least privilege needed to manage one resource group is best achieved by:
Correct answer: B. Scoping an RBAC role to the resource group follows least privilege. The other options over-grant access or are insecure. -
For a cloud-native app needing a managed relational database, the natural AZ-305 choice is:
Correct answer: C. Azure SQL Database is the managed relational option for cloud-native apps. The others are object storage, streaming and governance. -
SQL Managed Instance is most appropriate when you need:
Correct answer: D. SQL Managed Instance offers near-full SQL Server compatibility, easing lift-and-shift migrations. A NoSQL document store is Cosmos DB, an in-memory cache is Azure Cache for Redis, and a CDN delivers content - none provide SQL Server compatibility. -
A globally distributed app needing low-latency reads worldwide and flexible schema points to:
Correct answer: C. Cosmos DB provides global distribution, low-latency reads worldwide and a flexible (NoSQL) schema. Azure SQL Database has a fixed relational schema, Azure Files is for file shares, and Queue Storage is for messaging - none meet all three needs together. -
Choosing the Blob storage access tier is fundamentally a trade-off between:
Correct answer: C. Blob access tiers (hot/cool/archive) trade lower storage cost against higher access cost and slower retrieval. Security and identity, region and language, and CPU and memory are different dimensions entirely - none describe the tier trade-off. -
Azure Files is best suited to:
Correct answer: A. Azure Files offers managed file shares. The other options describe Event Grid, identity and AKS. -
When a design requires analytics over large volumes of structured and semi-structured data, the most fitting direction is:
Correct answer: C. Large-scale analytics over structured and semi-structured data calls for a purpose-built analytics/data service. Storing everything in Key Vault (a secrets store) does not fit, a message queue is not a database, and disabling storage entirely removes the data - none support analytics. -
RTO (Recovery Time Objective) measures:
Correct answer: B. RTO is the maximum acceptable downtime before a system must be restored after an outage. The amount of acceptable data loss is RPO (a different metric); the number of subscriptions and the exam pass mark have nothing to do with recovery. -
RPO (Recovery Point Objective) measures:
Correct answer: C. RPO is the maximum acceptable data loss, expressed as the age of the last recoverable copy. The time to restore service is RTO (a different metric); the cost of a VM and the size of a blob are unrelated to recovery objectives. -
Availability zones are used in a design to protect against:
Correct answer: B. Availability zones are physically separate locations within a region, guarding against datacenter-level failure. They have nothing to do with exam fees, slow application code, or a forgotten password - none of which are infrastructure failures a zone addresses. -
Azure Site Recovery primarily provides:
Correct answer: D. Azure Site Recovery provides disaster recovery by replicating workloads to another region and orchestrating failover. An in-memory cache is Azure Cache for Redis, API throttling is done by API Management, and identity federation is a Microsoft Entra feature - none provide DR. -
To meet a near-zero RPO for a critical database, a design would favour:
Correct answer: B. A near-zero RPO needs continuous or synchronous replication so almost no data is lost. The other options increase data loss risk. -
Azure Backup is used to:
Correct answer: C. Azure Backup handles backup and restore. The other options describe Event Grid, RBAC and CDN. -
A multi-region active-active design is most justified when the requirement is:
Correct answer: B. Active-active across regions maximises availability and survives a regional outage, at higher cost. It is not the cheapest, so it must be requirement-driven. -
The Azure Well-Architected Framework helps a designer by providing:
Correct answer: A. The Well-Architected Framework offers design pillars to assess trade-offs. It is not exam answers or a one-size-fits-all template.
Practice questions FAQ
- Are these real AZ-305 exam questions?
- No. These are original study questions written to test understanding. They are not real exam questions, exam dumps, or copied from any provider.
- How should I use these practice questions?
- Answer each one, read the explanation (including why the wrong options are wrong), and use the per-domain score below to focus your revision on weak areas. Revisit before exam day.
- How many questions should I do before the exam?
- Enough to score consistently across every domain, alongside full-length practice from official or reputable providers. Understanding why each answer is right matters more than raw volume.
- What score means I am ready?
- A good signal is consistently scoring around 80% or higher across all domains on questions you have not seen before, and being able to explain why the wrong options are wrong.
- Should I use exam dumps?
- No. Dumps (real or leaked questions) breach provider policy, can void your certification, and do not build the understanding the exam actually tests.