Free Microsoft AZ-305 Practice Test & Real Exam Questions
Your company, named Contoso, Ltd., implements several Azure logic apps that have HTTP triggers. The logic apps provide access to an on-premises web service. Contoso establishes a partnership with another company named Fabrikam. IncL Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users. Developers at Fabrikam plan to use a subset of the logic apps to build applications that will integrate with the on-premises web service of Contoso.
You need to design a solution to provide the Fabrikam developers with access to the logic apps.
The solution must meet the following requirements:
- Requests to the logic apps from the developers must be limited to
lower rates than the requests from the users at Contoso.
- The developers must be able to rely on their existing OAuth 2.0
provider to gain access to the logic apps.
- The solution must NOT require changes to the logic apps.
- The solution must NOT use Azure AD guest accounts.
What should you include in the solution?
You need to design a solution to provide the Fabrikam developers with access to the logic apps.
The solution must meet the following requirements:
- Requests to the logic apps from the developers must be limited to
lower rates than the requests from the users at Contoso.
- The developers must be able to rely on their existing OAuth 2.0
provider to gain access to the logic apps.
- The solution must NOT require changes to the logic apps.
- The solution must NOT use Azure AD guest accounts.
What should you include in the solution?
Correct Answer: A
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Hotspot Question
You have 10 on-premises servers that run Windows Server.
You need to perform daily backups of the servers to a Recovery Services vault. The solution must meet the following requirements:
- Back up all the files and folders on the servers.
- Maintain three copies of the backups in Azure.
- Minimize costs.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have 10 on-premises servers that run Windows Server.
You need to perform daily backups of the servers to a Recovery Services vault. The solution must meet the following requirements:
- Back up all the files and folders on the servers.
- Maintain three copies of the backups in Azure.
- Minimize costs.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

You are designing an app that will include two components. The components will communicate by sending messages via a queue.
You need to recommend a solution to process the messages by using a First in, First out (FIFO) pattern.
What should you include in the recommendation?
You need to recommend a solution to process the messages by using a First in, First out (FIFO) pattern.
What should you include in the recommendation?
Correct Answer: A
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Case Study 1 - Litware
Existing Environment
Azure Environment
Litware has 10 Azure subscriptions that are linked to the Litware.com tenant and five Azure subscriptions that are linked to the dev.litware.com tenant. All the subscriptions are in an Enterprise Agreement (EA).
The litware.com tenant contains a custom Azure role-based access control (Azure RBAC) role named Role1 that grants the DataActions read permission to the blobs and files in Azure Storage.
On-Premises Environment
The on-premises network of Litware contains the resources shown in the following table.

Network Environment
Litware has ExpressRoute connectivity to Azure.
Planned Changes and Requirements
Litware plans to implement the following changes:
* Migrate DB1 and DB2 to Azure.
* Migrate App1 to Azure virtual machines.
* Migrate the external storage used by App1 to Azure Storage.
* Deploy the Azure virtual machines that will host App1 to Azure dedicated hosts.
Authentication and Authorization Requirements
Litware identifies the following authentication and authorization requirements:
* Only users that manage the production environment by using the Azure portal must connect from a hybrid Azure AD-joined device and authenticate by using Azure Multi-Factor Authentication (MFA).
* The Network Contributor built-in RBAC role must be used to grant permissions to the network administrators for all the virtual networks in all the Azure subscriptions.
* To access the resources in Azure, App1 must use the managed identity of the virtual machines that will host the app.
* RBAC roles must be applied at the highest level possible.
Resiliency Requirements
Litware identifies the following resiliency requirements:
* Once migrated to Azure, DB1 and DB2 must meet the following requirements:
- Maintain availability if two availability zones in the local Azure region fail.
- Fail over automatically.
- Minimize I/O latency.
* App1 must meet the following requirements:
- Be hosted in an Azure region that supports availability zones.
- Be hosted on Azure virtual machines that support automatic scaling.
- Maintain availability if two availability zones in the local Azure region fail.
Security and Compliance Requirements
Litware identifies the following security and compliance requirements:
* Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
* On-premises users and services must be able to access the Azure Storage account that will host the data in App1.
* Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.
* All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
* App1 must NOT share physical hardware with other workloads.
Business Requirements
Litware identifies the following business requirements:
* Minimize administrative effort.
* Minimize costs.
You plan to migrate App1 to Azure.
You need to recommend a network connectivity solution for the Azure Storage account that will host the App1 data. The solution must meet the security and compliance requirements.
What should you include in the recommendation?
Existing Environment
Azure Environment
Litware has 10 Azure subscriptions that are linked to the Litware.com tenant and five Azure subscriptions that are linked to the dev.litware.com tenant. All the subscriptions are in an Enterprise Agreement (EA).
The litware.com tenant contains a custom Azure role-based access control (Azure RBAC) role named Role1 that grants the DataActions read permission to the blobs and files in Azure Storage.
On-Premises Environment
The on-premises network of Litware contains the resources shown in the following table.

Network Environment
Litware has ExpressRoute connectivity to Azure.
Planned Changes and Requirements
Litware plans to implement the following changes:
* Migrate DB1 and DB2 to Azure.
* Migrate App1 to Azure virtual machines.
* Migrate the external storage used by App1 to Azure Storage.
* Deploy the Azure virtual machines that will host App1 to Azure dedicated hosts.
Authentication and Authorization Requirements
Litware identifies the following authentication and authorization requirements:
* Only users that manage the production environment by using the Azure portal must connect from a hybrid Azure AD-joined device and authenticate by using Azure Multi-Factor Authentication (MFA).
* The Network Contributor built-in RBAC role must be used to grant permissions to the network administrators for all the virtual networks in all the Azure subscriptions.
* To access the resources in Azure, App1 must use the managed identity of the virtual machines that will host the app.
* RBAC roles must be applied at the highest level possible.
Resiliency Requirements
Litware identifies the following resiliency requirements:
* Once migrated to Azure, DB1 and DB2 must meet the following requirements:
- Maintain availability if two availability zones in the local Azure region fail.
- Fail over automatically.
- Minimize I/O latency.
* App1 must meet the following requirements:
- Be hosted in an Azure region that supports availability zones.
- Be hosted on Azure virtual machines that support automatic scaling.
- Maintain availability if two availability zones in the local Azure region fail.
Security and Compliance Requirements
Litware identifies the following security and compliance requirements:
* Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
* On-premises users and services must be able to access the Azure Storage account that will host the data in App1.
* Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.
* All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
* App1 must NOT share physical hardware with other workloads.
Business Requirements
Litware identifies the following business requirements:
* Minimize administrative effort.
* Minimize costs.
You plan to migrate App1 to Azure.
You need to recommend a network connectivity solution for the Azure Storage account that will host the App1 data. The solution must meet the security and compliance requirements.
What should you include in the recommendation?
Correct Answer: B
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Hotspot Question
You are designing a software as a service (SaaS) application that will enable Azure Active Directory (Azure AD) users to create and publish online surveys. The SaaS application will have a front-end web app and a back-end web API. The web app will rely on the web API to handle updates to customer surveys.
You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:
- To access the back-end web API, the web app must authenticate by
using OAuth 2 bearer tokens.
- The web app must authenticate by using the identities of individual
users.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You are designing a software as a service (SaaS) application that will enable Azure Active Directory (Azure AD) users to create and publish online surveys. The SaaS application will have a front-end web app and a back-end web API. The web app will rely on the web API to handle updates to customer surveys.
You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:
- To access the back-end web API, the web app must authenticate by
using OAuth 2 bearer tokens.
- The web app must authenticate by using the identities of individual
users.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
Box 1: Azure AD
The Azure AD server issues tokens (access & refresh token). See step 5 below in graphic.
OAuth 2.0 authentication with Azure Active Directory.
The OAuth 2.0 is the industry protocol for authorization. It allows a user to grant limited access to its protected resources. Designed to work specifically with Hypertext Transfer Protocol (HTTP), OAuth separates the role of the client from the resource owner. The client requests access to the resources controlled by the resource owner and hosted by the resource server (here the Azure AD server). The resource server issues access tokens with the approval of the resource owner. The client uses the access tokens to access the protected resources hosted by the resource server.

Box 2: A web API
Delegated access is used.
The bearer token sent to the web API contains the user identity.
The web API makes authorization decisions based on the user identity.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/auth-oauth2
https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api
Hotspot Question
You have an Azure App Service web app named Webapp1 that connects to an Azure SQL database named DB1. Webapp1 and DB1 are deployed to the East US Azure region.
You need to ensure that all the traffic between Webapp1 and DB1 is sent via a private connection.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure App Service web app named Webapp1 that connects to an Azure SQL database named DB1. Webapp1 and DB1 are deployed to the East US Azure region.
You need to ensure that all the traffic between Webapp1 and DB1 is sent via a private connection.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

You have an Azure subscription.
You need to implement a policy to ensure that all new resource groups include a value for a tag named Department. The solution must ensure that if a value is NOT entered for the Department tag, a resource group is created.
Which effect should you use?
You need to implement a policy to ensure that all new resource groups include a value for a tag named Department. The solution must ensure that if a value is NOT entered for the Department tag, a resource group is created.
Which effect should you use?
Correct Answer: A
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases.
You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting that displays cost broken down by department.
Solution: Create a separate resource group for each department. Place the resources for each department in its respective resource group.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases.
You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting that displays cost broken down by department.
Solution: Create a separate resource group for each department. Place the resources for each department in its respective resource group.
Does this meet the goal?
Correct Answer: A
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
