Free Microsoft AZ-305 Practice Test & Real Exam Questions
You have an Azure subscription that contains the resources shown in the following table.

You create peering between VNet1 and VNet2 and between VNet1 and VNet3.
The virtual machines host an HTTPS-based client/server application and are accessible only via the private IP address of each virtual machine.
You need to implement a load balancing solution for VM2 and VM3. The solution must ensure that if VM2 fails, requests will be routed automatically to VM3, and if VM3 fails, requests will be routed automatically to VM2.
What should you include in the solution?

You create peering between VNet1 and VNet2 and between VNet1 and VNet3.
The virtual machines host an HTTPS-based client/server application and are accessible only via the private IP address of each virtual machine.
You need to implement a load balancing solution for VM2 and VM3. The solution must ensure that if VM2 fails, requests will be routed automatically to VM3, and if VM3 fails, requests will be routed automatically to VM2.
What should you include in the solution?
Correct Answer: A
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Hotspot Question
You have an Azure subscription that contains a virtual network named VNET1 and 10 virtual machines. The virtual machines are connected to VNET1. You need to design a solution to manage the virtual machines from the internet. The solution must meet the following requirements:
- Incoming connections to the virtual machines must be authenticated by using Azure Multi-Factor Authentication (MFA) before network connectivity is allowed.
- Incoming connections must use TLS and connect to TCP port 443.
- The solution must support RDP and SSH.
What should you Include In the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains a virtual network named VNET1 and 10 virtual machines. The virtual machines are connected to VNET1. You need to design a solution to manage the virtual machines from the internet. The solution must meet the following requirements:
- Incoming connections to the virtual machines must be authenticated by using Azure Multi-Factor Authentication (MFA) before network connectivity is allowed.
- Incoming connections must use TLS and connect to TCP port 443.
- The solution must support RDP and SSH.
What should you Include In the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
Box 1: Azure Bastion
Azure bastion client access is authorized and authenticated when trying to log into the Azure portal. You can enable MFA on the Azure portal access by using the Conditional access policy for Microsoft Azure Management.
Box 2: A conditional Access policy that has Cloud Apps assignment set to Azure Windows VM Sign-In You can enforce Conditional Access policies such as multi-factor authentication or user sign-in risk check before authorizing access to Windows VMs in Azure that are enabled with Azure AD sign in. To apply Conditional Access policy, you must select the "Azure Windows VM Sign-In" app from the cloud apps or actions assignment option and then use Sign-in risk as a condition and/or require multi-factor authentication as a grant access control.
Reference:
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows
Your company has 50 business units across the globe. The business units operate from 08:00 AM to 06:00 PM from Monday to Friday in their local time zone. Transactions are only processed during business hours.
You have an Azure subscription.
You plan to deploy an app named App1 that will manage the transactions for the business units.
App1 will use a separate Azure SQL database for each business unit.
You need to recommend an Azure SQL Database configuration for App1. The solution must meet the following requirements:
- Support Azure Hybrid Benefit licensing.
- Minimize costs.
What should you recommend?
You have an Azure subscription.
You plan to deploy an app named App1 that will manage the transactions for the business units.
App1 will use a separate Azure SQL database for each business unit.
You need to recommend an Azure SQL Database configuration for App1. The solution must meet the following requirements:
- Support Azure Hybrid Benefit licensing.
- Minimize costs.
What should you recommend?
Correct Answer: C
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company currently has an application that is hosted on their on-premises environment. The application currently connects to two databases in the on-premises environment. The databases are named whizlabdb1 and whizlabdb2.
You have to move the databases onto Azure. The databases have to support server-side transactions across both of the databases.
Solution: You decide to deploy the databases to an Azure SQL database-managed instance.
Would this fulfill the requirement?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company currently has an application that is hosted on their on-premises environment. The application currently connects to two databases in the on-premises environment. The databases are named whizlabdb1 and whizlabdb2.
You have to move the databases onto Azure. The databases have to support server-side transactions across both of the databases.
Solution: You decide to deploy the databases to an Azure SQL database-managed instance.
Would this fulfill the requirement?
Correct Answer: B
Vote an answer
Hotspot Question
You have an Azure subscription.
You plan to deploy two 100-virtual machine deployments as shown in the following table.

You need to recommend a virtual machine grouping solution for the deployments.
What should you include in the recommendation for each deployment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription.
You plan to deploy two 100-virtual machine deployments as shown in the following table.

You need to recommend a virtual machine grouping solution for the deployments.
What should you include in the recommendation for each deployment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
Box 1: A virtual machine scale set in Flexible orchestration mode
Flexible orchestration mode supports Ultra disks.
Flexible orchestration mode supports a mix of Windows and Linux Servers.
Note: The following list contains Ultra Disk's limitations:
* Currently, Ultra Disks only support Single VM and Availability zone infrastructure options.
* Ultra Disks don't support availability sets.
* Etc.
Box 2: An availability set.
Orchestration modes for Virtual Machine Scale Sets in Azure
When you want to deploy Virtual Machines that are close together along with its disks to ensure the lowest latency possible, you can assign Azure Virtual Machines to a Proximity Placement Group.
Reference:
https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-ultra-ssd
https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes
https://www.shudnow.io/2022/04/09/pin-azure-vm-availability-sets-into-an-availability-zone/
Case Study 2 - Fabrikam, Inc
Overview
Fabrikam, Inc. is an engineering company that has offices throughout Europe. The company has a main office in London and three branch offices in Amsterdam, Berlin, and Rome.
Existing Environment: Active Directory Environment
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.
Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.
Rd.fabrikam.com is used by the research and development (R&D) department only. The R&D department is restricted to using on-premises resources only.
Existing Environment: Network Infrastructure
Each office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.
All the offices have a high-speed connection to the internet.
An existing application named WebApp1 is hosted in the data center of the London office.
WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet information Services (IIS) and a database tier that runs Microsoft SQL Server
2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.
The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.
Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.
Existing Environment: Problem Statements
The use of WebApp1 is unpredictable. At peak times, users often report delays. At other times, many resources for WebApp1 are underutilized.
Requirements: Planned Changes
Fabrikam plans to move most of its production workloads to Azure during the next few years, including virtual machines that rely on Active Directory for authentication.
As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft 365 deployment.
All R&D operations will remain on-premises.
Fabrikam plans to migrate the production and test instances of WebApp1 to Azure.
Requirements: Technical Requirements
Fabrikam identifies the following technical requirements:
* Website content must be easily updated from a single point.
* User input must be minimized when provisioning new web app instances.
* Whenever possible, existing on-premises licenses must be used to reduce cost.
* Users must always authenticate by using their corp.fabrikam.com UPN identity.
* Any new deployments to Azure must be redundant in case an Azure region fails.
* Whenever possible, solutions must be deployed to Azure by using the Standard pricing tier of Azure App Service.
* An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.
* In the event that a link fails between Azure and the on-premises network, ensure that the virtual machines hosted in Azure can authenticate to Active Directory.
* Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network.
Requirements: Database Requirements
Fabrikam identifies the following database requirements:
* Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.
* To avoid disrupting customer access, database downtime must be minimized when databases are migrated.
* Database backups must be retained for a minimum of seven years to meet compliance requirements.
Requirements: Security Requirements
Fabrikam identifies the following security requirements:
* Company information including policies, templates, and data must be inaccessible to anyone outside the company.
* Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an internet link fails.
* Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.
* All administrative access to the Azure portal must be secured by using multi-factor authentication (MFA).
* The testing of WebApp1 updates must not be visible to anyone outside the company.
Hotspot Question
You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account. For each of the following statements, select Yes if the statement is true.
Otherwise, select No.
NOTE: Each correct selection is worth one point.

Overview
Fabrikam, Inc. is an engineering company that has offices throughout Europe. The company has a main office in London and three branch offices in Amsterdam, Berlin, and Rome.
Existing Environment: Active Directory Environment
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.
Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.
Rd.fabrikam.com is used by the research and development (R&D) department only. The R&D department is restricted to using on-premises resources only.
Existing Environment: Network Infrastructure
Each office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.
All the offices have a high-speed connection to the internet.
An existing application named WebApp1 is hosted in the data center of the London office.
WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet information Services (IIS) and a database tier that runs Microsoft SQL Server
2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.
The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.
Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.
Existing Environment: Problem Statements
The use of WebApp1 is unpredictable. At peak times, users often report delays. At other times, many resources for WebApp1 are underutilized.
Requirements: Planned Changes
Fabrikam plans to move most of its production workloads to Azure during the next few years, including virtual machines that rely on Active Directory for authentication.
As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft 365 deployment.
All R&D operations will remain on-premises.
Fabrikam plans to migrate the production and test instances of WebApp1 to Azure.
Requirements: Technical Requirements
Fabrikam identifies the following technical requirements:
* Website content must be easily updated from a single point.
* User input must be minimized when provisioning new web app instances.
* Whenever possible, existing on-premises licenses must be used to reduce cost.
* Users must always authenticate by using their corp.fabrikam.com UPN identity.
* Any new deployments to Azure must be redundant in case an Azure region fails.
* Whenever possible, solutions must be deployed to Azure by using the Standard pricing tier of Azure App Service.
* An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.
* In the event that a link fails between Azure and the on-premises network, ensure that the virtual machines hosted in Azure can authenticate to Active Directory.
* Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network.
Requirements: Database Requirements
Fabrikam identifies the following database requirements:
* Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.
* To avoid disrupting customer access, database downtime must be minimized when databases are migrated.
* Database backups must be retained for a minimum of seven years to meet compliance requirements.
Requirements: Security Requirements
Fabrikam identifies the following security requirements:
* Company information including policies, templates, and data must be inaccessible to anyone outside the company.
* Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an internet link fails.
* Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.
* All administrative access to the Azure portal must be secured by using multi-factor authentication (MFA).
* The testing of WebApp1 updates must not be visible to anyone outside the company.
Hotspot Question
You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account. For each of the following statements, select Yes if the statement is true.
Otherwise, select No.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
Box 1: Yes
Minimize downtime, so needs to be an online migration.
For online migrations from SQL Server to SQL Managed Instance using Azure Database Migration Service, you must provide the full database backup and subsequent log backups in the SMB network share that the service can use to migrate your databases.
When configuring the migration, you need to select the Azure Storage Account that DMS can upload the backup files from the SMB network share to and use for database migration. We recommend selecting the Storage Account in the same region as the DMS service for optimal file upload performance.
Box 2: No
Web site content must be easily updated from a single point -> Azure App Services Unpredictable workloads -> The Standard plan includes auto-scale which can automatically adjust the number of virtual machine instances running to match your traffic needs.
Box 3: No
You can stream SQL diagnostic telemetry to the following destinations:
- Log Analytics and SQL Analytics
- Event Hubs
- Azure Storage
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/migrate-to-vm-from-sql-server#choose-a-migration-method
https://docs.microsoft.com/en-us/azure/app-service/deploy-continuous-deployment?tabs=github
https://docs.microsoft.com/en-us/azure/azure-sql/database/monitor-tune-overview
Case Study 3 - Contoso
Existing Environment: Technical Environment
The on-premises network contains a single Active Directory domain named contoso.com.
Contoso has a single Azure subscription.
Existing Environment: Business Partnerships
Contoso has a business partnership with Fabrikam, Inc. Fabrikam users access some Contoso applications over the internet by using Azure Active Directory (Azure AD) guest accounts.
Requirements: Planned Changes
Contoso plans to deploy two applications named App1 and App2 to Azure.
Requirements: App1
App1 will be a Python web app hosted in Azure App Service that requires a Linux runtime. Users from Contoso and Fabrikam will access App1.
App1 will access several services that require third-party credentials and access strings. The credentials and access strings are stored in Azure Key Vault.
App1 will have six instances: three in the East US Azure region and three in the West Europe Azure region.
App1 has the following data requirements:
* Each instance will write data to a data store in the same availability zone as the instance.
* Data written by any App1 instance must be visible to all App1 instances.
App1 will only be accessible from the internet. App1 has the following connection requirements:
* Connections to App1 must pass through a web application firewall (WAF).
* Connections to App1 must be active-active load balanced between instances.
* All connections to App1 from North America must be directed to the East US region. All other connections must be directed to the West Europe region.
Every hour, you will run a maintenance task by invoking a PowerShell script that copies files from all the App1 instances. The PowerShell script will run from a central location.
Requirements: App2
App2 will be a NET app hosted in App Service that requires a Windows runtime. App2 has the following file storage requirements:
* Save files to an Azure Storage account.
* Replicate files to an on-premises location.
* Ensure that on-premises clients can read the files over the LAN by using the SMB protocol.
You need to monitor App2 to analyze how long it takes to perform different transactions within the application. The solution must not require changes to the application code.
Application Development Requirements
Application developers will constantly develop new versions of App1 and App2. The development process must meet the following requirements:
* A staging instance of a new application version must be deployed to the application host before the new version is used in production.
* After testing the new version, the staging version of the application will replace the production version.
* The switch to the new application version from staging to production must occur without any downtime of the application.
Identity Requirements
Contoso identifies the following requirements for managing Fabrikam access to resources:
* Every month, an account manager at Fabrikam must review which Fabrikam users have access permissions to App1. Accounts that no longer need permissions must be removed as guests.
* The solution must minimize development effort.
Security Requirement
All secrets used by Azure services must be stored in Azure Key Vault.
Services that require credentials must have the credentials tied to the service instance. The credentials must NOT be shared between services.
You need to recommend an App Service architecture that meets the requirements for App1.
The solution must minimize costs.
What should few recommend?
Existing Environment: Technical Environment
The on-premises network contains a single Active Directory domain named contoso.com.
Contoso has a single Azure subscription.
Existing Environment: Business Partnerships
Contoso has a business partnership with Fabrikam, Inc. Fabrikam users access some Contoso applications over the internet by using Azure Active Directory (Azure AD) guest accounts.
Requirements: Planned Changes
Contoso plans to deploy two applications named App1 and App2 to Azure.
Requirements: App1
App1 will be a Python web app hosted in Azure App Service that requires a Linux runtime. Users from Contoso and Fabrikam will access App1.
App1 will access several services that require third-party credentials and access strings. The credentials and access strings are stored in Azure Key Vault.
App1 will have six instances: three in the East US Azure region and three in the West Europe Azure region.
App1 has the following data requirements:
* Each instance will write data to a data store in the same availability zone as the instance.
* Data written by any App1 instance must be visible to all App1 instances.
App1 will only be accessible from the internet. App1 has the following connection requirements:
* Connections to App1 must pass through a web application firewall (WAF).
* Connections to App1 must be active-active load balanced between instances.
* All connections to App1 from North America must be directed to the East US region. All other connections must be directed to the West Europe region.
Every hour, you will run a maintenance task by invoking a PowerShell script that copies files from all the App1 instances. The PowerShell script will run from a central location.
Requirements: App2
App2 will be a NET app hosted in App Service that requires a Windows runtime. App2 has the following file storage requirements:
* Save files to an Azure Storage account.
* Replicate files to an on-premises location.
* Ensure that on-premises clients can read the files over the LAN by using the SMB protocol.
You need to monitor App2 to analyze how long it takes to perform different transactions within the application. The solution must not require changes to the application code.
Application Development Requirements
Application developers will constantly develop new versions of App1 and App2. The development process must meet the following requirements:
* A staging instance of a new application version must be deployed to the application host before the new version is used in production.
* After testing the new version, the staging version of the application will replace the production version.
* The switch to the new application version from staging to production must occur without any downtime of the application.
Identity Requirements
Contoso identifies the following requirements for managing Fabrikam access to resources:
* Every month, an account manager at Fabrikam must review which Fabrikam users have access permissions to App1. Accounts that no longer need permissions must be removed as guests.
* The solution must minimize development effort.
Security Requirement
All secrets used by Azure services must be stored in Azure Key Vault.
Services that require credentials must have the credentials tied to the service instance. The credentials must NOT be shared between services.
You need to recommend an App Service architecture that meets the requirements for App1.
The solution must minimize costs.
What should few recommend?
Correct Answer: B
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Hotspot Question
You have an Azure subscription that contains multiple storage accounts.
You assign Azure Policy definitions to the storage accounts.
You need to recommend a solution to meet the following requirements:
- Trigger on-demand Azure Policy compliance scans.
- Raise Azure Monitor non-compliance alerts by querying logs collected
by Log Analytics.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains multiple storage accounts.
You assign Azure Policy definitions to the storage accounts.
You need to recommend a solution to meet the following requirements:
- Trigger on-demand Azure Policy compliance scans.
- Raise Azure Monitor non-compliance alerts by querying logs collected
by Log Analytics.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
To trigger the compliance scans, use Azure CLI
https://learn.microsoft.com/en-us/azure/governance/policy/how-to/get-compliance-data#on-demand-evaluation-scan An evaluation scan for a subscription or a resource group can be started with Azure CLI, Azure PowerShell, a call to the REST API, or by using the Azure Policy Compliance Scan GitHub Action. This scan is an asynchronous process. An evaluation scan for a subscription or a resource group can be started with Azure CLI, Azure PowerShell, a call to the REST API, or by using the Azure Policy Compliance Scan GitHub Action. This scan is an asynchronous process.
To generate alerts, configure diagnostic settings for the Azure activity logs
https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule
