Free Microsoft AZ-305 Practice Test & Real Exam Questions

  • Exam Code/Number: AZ-305
  • Exam Name/Title: Designing Microsoft Azure Infrastructure Solutions
  • Certification Provider: Microsoft
  • Corresponding Certification: Microsoft Azure Solutions Architect Expert
  • Exam Questions: 475
  • Updated On: Jun 29, 2026
Hotspot Question
You have an Azure subscription that contains the resources shown in the following table.

VNet1, VNet2, and VNet3 each has multiple virtual machines connected. The virtual machines use the Azure DNS service for name resolution.
You need to recommend an Azure Monitor log routing solution that meets the following requirements:
- Ensures that the logs collected from the virtual machines and sent to Workspace1 are routed over the Microsoft backbone network
- Minimizes administrative effort
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
Correct Answer:
Your company has setup an Azure subscription and an Azure AD tenant. The company wants to develop several applications that would make use of Azure based services. Each application has a different messaging requirement. Below are the key requirements for each application.

Which of the following would you use as a messaging service for domain-app2?
Correct Answer: B Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
* Provide access to the full .NET framework.
* Provide redundancy if an Azure region fails.
* Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy two Azure virtual machines to two Azure regions, and you create an Azure Traffic Manager profile.
Does this meet the goal?
Correct Answer: B Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
You have an Azure subscription.
You need to recommend an Azure Kubernetes service (AKS) solution that will use Linux nodes.
The solution must meet the following requirements:
- Minimize the time it takes to provision compute resources during
scale-out operations.
- Support autoscaling of Linux containers.
- Minimize administrative effort.
Which scaling option should you recommend?
Correct Answer: C Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Case Study 1 - Litware
Existing Environment
Azure Environment
Litware has 10 Azure subscriptions that are linked to the Litware.com tenant and five Azure subscriptions that are linked to the dev.litware.com tenant. All the subscriptions are in an Enterprise Agreement (EA).
The litware.com tenant contains a custom Azure role-based access control (Azure RBAC) role named Role1 that grants the DataActions read permission to the blobs and files in Azure Storage.
On-Premises Environment
The on-premises network of Litware contains the resources shown in the following table.

Network Environment
Litware has ExpressRoute connectivity to Azure.
Planned Changes and Requirements
Litware plans to implement the following changes:
* Migrate DB1 and DB2 to Azure.
* Migrate App1 to Azure virtual machines.
* Migrate the external storage used by App1 to Azure Storage.
* Deploy the Azure virtual machines that will host App1 to Azure dedicated hosts.
Authentication and Authorization Requirements
Litware identifies the following authentication and authorization requirements:
* Only users that manage the production environment by using the Azure portal must connect from a hybrid Azure AD-joined device and authenticate by using Azure Multi-Factor Authentication (MFA).
* The Network Contributor built-in RBAC role must be used to grant permissions to the network administrators for all the virtual networks in all the Azure subscriptions.
* To access the resources in Azure, App1 must use the managed identity of the virtual machines that will host the app.
* RBAC roles must be applied at the highest level possible.
Resiliency Requirements
Litware identifies the following resiliency requirements:
* Once migrated to Azure, DB1 and DB2 must meet the following requirements:
- Maintain availability if two availability zones in the local Azure region fail.
- Fail over automatically.
- Minimize I/O latency.
* App1 must meet the following requirements:
- Be hosted in an Azure region that supports availability zones.
- Be hosted on Azure virtual machines that support automatic scaling.
- Maintain availability if two availability zones in the local Azure region fail.
Security and Compliance Requirements
Litware identifies the following security and compliance requirements:
* Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
* On-premises users and services must be able to access the Azure Storage account that will host the data in App1.
* Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.
* All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
* App1 must NOT share physical hardware with other workloads.
Business Requirements
Litware identifies the following business requirements:
* Minimize administrative effort.
* Minimize costs.
Hotspot Question
You plan to migrate App1 to Azure.
You need to recommend a high-availability solution for App1. The solution must meet the resiliency requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:

Explanation:
Box 1: 3
Need three host groups to meet the third scenario requirement below.
Scenario: App1 must meet the following requirements:
- Be hosted in an Azure region that supports availability zones.
- Be hosted on Azure virtual machines that support automatic scaling.
-Maintain availability if two availability zones in the local Azure region fail.
Box 2: 3
The availability setting of your host group should match your scale set.
* The host group and the scale set must be using the same availability zone.
* The fault domain count for the host group level should match the fault domain count for your scale set.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/dedicated-hosts
You need to design a solution that will execute custom C# code in response to an event routed to Azure Event Grid. The solution must meet the following requirements:
* The executed code must be able to access the private IP address of a Microsoft SQL Server instance that runs on an Azure virtual machine.
* Costs must be minimized.
What should you include in the solution?
Correct Answer: C Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Hotspot Question
You have an Azure subscription.
You plan to deploy an app that requires an Azure Data Lake Storage Gen2 account.
You need to recommend which settings to modify during the storage account deployment. The solution must ensure that the data in the account is protected if an attacker gains access to the physical disk that stores the data.
Which two settings should you recommend? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:

Explanation:
Box 1: Infrastructure encryption
Enable infrastructure encryption for double encryption of data
Infrastructure encryption can be enabled for the entire storage account, or for an encryption scope within an account. When infrastructure encryption is enabled for a storage account or an encryption scope, data is encrypted twice - once at the service level and once at the infrastructure level - with two different encryption algorithms and two different keys.
Double encryption of Azure Storage data protects against a scenario where one of the encryption algorithms or keys might be compromised. In this scenario, the additional layer of encryption continues to protect your data.
Box 2: Allow access from
In Firewalls and virtual networks set Allow access from: to Allow public access from specific virtual networks and IP addresses.
Under Exception, check Allow trusted Microsoft services to bypass this firewall.
Reference:
https://learn.microsoft.com/en-us/azure/storage/common/infrastructure-encryption-enable
https://learn.microsoft.com/en-us/azure/databricks/connect/storage/tutorial-azure-storage
Hotspot Question
You plan to develop a new app that will store business critical data. The app must meet the following requirements:
- Prevent new data from being modified for one year.
- Maximize data resiliency.
- Minimize read latency.
What storage solution should you recommend for the app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Correct Answer:

Explanation:
Box 1: Premium block blobs
Azure Storage provides data protection for Blob Storage and Azure Data Lake Storage Gen2 to help you to prepare for scenarios where you need to recover data that has been deleted or overwritten.
Data protection refers to strategies for protecting the storage account and data within it from being deleted or modified, or for restoring data after it has been deleted or modified.
* Prevent new data from being modified for one year.
Box 2: Read-access geo-redundant storage (RA-GRS)
RA-GRS has better data protection compared to ZRS and LRS.
* Maximize data resiliency.
* Minimize read latency.
Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/data-protection-overview