← Azure Solutions Architect Expert (AZ-305) · AZ-305 Intermediate

AZ-305 Intermediate Quiz

Learning Objectives

Design Azure solutions: HA architectures, governance, monitoring, and integration patterns.

Azure Solutions Architect Expert (AZ-305) certification badge
Time left --:--:--
Question 1 / 60 · 60 unanswered
Question 1 of 60
A solutions architect needs to design a multi-region active-active web application on Azure. Traffic must be distributed to the nearest healthy region with automatic failover and WAF protection. Which Azure service combination BEST meets these requirements?
1 / 60
Question 2 of 60
A company needs to expose an on-premises web application to external internet users without opening inbound firewall ports. The application uses HTTP/HTTPS. Which Azure service enables this without modifying on-premises firewall rules?
2 / 60
Question 3 of 60
A company is implementing Azure landing zones using the Cloud Adoption Framework. They need to separate billing boundaries, isolate production from non-production environments, and apply different governance policies to different business units. Which Azure construct achieves ALL of these simultaneously?
3 / 60
Question 4 of 60
A company needs to implement a disaster recovery strategy for its on-premises SQL Server that achieves an RPO of 15 minutes and RTO of 2 hours. The company wants to minimize on-premises DR hardware investment. Which Azure-based DR strategy BEST meets these requirements?
4 / 60
Question 5 of 60
An organization wants to ensure that Azure resources cannot be deployed in regions outside of Europe, must have specific tags, and that VMs cannot be created without encryption at host. Which Azure governance service enforces these requirements across all subscriptions?
5 / 60
Question 6 of 60
An architect must design a solution where Azure Functions read messages from an Azure Service Bus queue and write results to Cosmos DB. The function must handle up to 100 messages per batch and scale automatically. Which Function trigger and binding combination BEST fits this design?
6 / 60
Question 7 of 60
An architect needs to design a globally distributed web application on Azure. The application requires the lowest possible latency for static content delivery, HTTPS termination at the edge, and automatic failover to a secondary region if the primary is unavailable. Which combination BEST meets ALL requirements?
7 / 60
Question 8 of 60
An architect designing an AZ-305 solution needs to provide developers with pre-configured development environments on Azure that can be created, paused, and deleted on demand, with standardized configurations managed by the platform team. Which Azure service is designed for this use case?
8 / 60
Question 9 of 60
A company is migrating a SQL Server database that relies on SQL Server Agent jobs, cross-database queries, and linked servers to Azure. Which Azure SQL offering provides the BEST compatibility for this migration with minimal code changes?
9 / 60
Question 10 of 60
A company's Azure SQL Database experiences performance issues during peak load. The DBA observes high CPU utilization and query timeouts. Which Azure SQL feature provides query-level performance diagnostics and automatically applies corrective execution plans?
10 / 60
Question 11 of 60
A company migrates a .NET web application with Windows authentication to Azure. The application must continue to support Windows Integrated Authentication (Kerberos/NTLM) for on-premises users while also supporting external Azure AD authentication for remote users. Which deployment configuration supports BOTH authentication methods?
11 / 60
Question 12 of 60
A company is deploying Azure Virtual Desktop at scale for 5,000 users. They need to ensure that session host VMs use golden images with pre-installed software, are automatically updated monthly, and failed VMs are automatically replaced. Which Azure feature enables automated golden image management and deployment for AVD?
12 / 60
Question 13 of 60
An AZ-305 architect designs a microservices application on AKS. Multiple services need to access Azure Key Vault secrets without storing credentials. Which approach follows Azure security best practices?
13 / 60
Question 14 of 60
An organization uses Azure Kubernetes Service (AKS) for its workloads. The security team requires that all container images are scanned for vulnerabilities and only images from approved registries can be deployed. Which solution enforces this at the Kubernetes admission level?
14 / 60
Question 15 of 60
An AZ-305 architect must implement a data exfiltration prevention strategy for Azure Storage accounts. The requirement specifies that storage accounts can only be accessed from specific VNets and that data cannot be transferred to external storage accounts outside the organization's tenant. Which Azure feature combination enforces this?
15 / 60
Question 16 of 60
An organization uses Azure Active Directory for identity management and needs to ensure that external guest users from partner organizations have access only to specific SharePoint Online sites and Teams channels — not to all organizational resources. Which Azure AD feature enables scoped external collaboration?
16 / 60
Question 17 of 60
A team deploys Azure API Management as a gateway in front of multiple backend APIs. They need to enforce OAuth 2.0 token validation and rate limit requests by subscription key. Which APIM component implements these requirements?
17 / 60
Question 18 of 60
A company running Azure Virtual Desktop (AVD) needs to provide developers with a Windows 11 desktop environment with Visual Studio and access to Azure DevOps. To minimize cost while supporting 200 concurrent users with variable usage patterns, which AVD host pool type and licensing model is MOST cost-effective?
18 / 60
Question 19 of 60
A financial services company requires that Azure SQL Database connections from application servers never traverse the public internet and that database traffic is encrypted with an organization-managed TLS certificate. Which configuration achieves both requirements?
19 / 60
Question 20 of 60
An AZ-305 architect must design a solution where multiple Azure Function apps share a common outbound IP address for connecting to an external third-party API that allowlists by IP. Which Azure networking configuration achieves this?
20 / 60
Question 21 of 60
An architect is designing a message-based integration between an order processing system and multiple downstream services (inventory, shipping, email). Each downstream service must independently receive every order event. Which Azure messaging pattern BEST supports this?
21 / 60
Question 22 of 60
An AZ-305 architect needs to design a data integration pipeline that extracts data from SAP, transforms it, and loads it into Azure Synapse Analytics on a nightly schedule. Which service provides the MOST appropriate managed ETL/ELT capabilities for this scenario?
22 / 60
Question 23 of 60
An architect designing an AZ-305 solution for a healthcare application must ensure that PHI (Protected Health Information) in Azure Blob Storage is encrypted with a customer-managed key (CMK) where the key can be revoked by the customer, immediately preventing data access. Which Azure Key Vault and Storage configuration achieves this?
23 / 60
Question 24 of 60
A company needs to implement private connectivity from its Azure Kubernetes Service cluster to an Azure SQL Database without any traffic traversing the public internet. The cluster also needs to resolve the SQL Database hostname to its private IP. Which configuration achieves both requirements?
24 / 60
Question 25 of 60
A company wants to implement disaster recovery for Azure VMs with an RPO of 1 hour and RTO of 4 hours. The secondary region should be used for DR only (not actively serving traffic). Which Azure service BEST meets this requirement?
25 / 60
Question 26 of 60
A company implements Azure AD Conditional Access to enforce Zero Trust. A policy must block access to all cloud apps from non-compliant devices, allow access with MFA from compliant devices, and block all access from countries without a business presence. How should the architect structure these policies?
26 / 60
Question 27 of 60
A company runs a global SaaS application on Azure. The application database (Azure Cosmos DB) must serve reads locally from each region with millisecond latency and tolerate regional failures. Writes must be globally consistent. Which Cosmos DB configuration BEST supports this?
27 / 60
Question 28 of 60
An architect designing an AZ-305 solution selects Azure Cosmos DB for a global e-commerce platform. The product catalog is read-heavy (99% reads) with occasional price updates. Reads must be served locally from each region. Which Cosmos DB configuration BEST optimizes read performance and cost?
28 / 60
Question 29 of 60
An AZ-305 architect designs a solution for 50,000 IoT devices sending telemetry. The solution must ingest data in real-time, store raw events for 90 days, and process them for anomaly detection within 5 seconds. Which architecture BEST meets these requirements?
29 / 60
Question 30 of 60
An architect designs a multi-tier application on Azure with a web tier (App Service), business logic tier (Azure Functions), and data tier (Azure SQL Database). The application must prevent direct internet access to the Functions and SQL Database. Which networking pattern achieves this?
30 / 60
Question 31 of 60
An AZ-305 architect designs a zero-downtime deployment strategy for an Azure App Service application. New features must be deployed to a staging environment, tested, and then promoted to production with instant switchover and the ability to roll back within minutes. Which App Service feature implements this?
31 / 60
Question 32 of 60
Which AZ-305 monitoring configuration enables an organization to automatically create an incident in ServiceNow when an Azure Monitor alert fires on a critical production resource?
32 / 60
Question 33 of 60
A company needs to ensure that developers can only create specific Azure resource types (approved VMs, storage, databases) in their development subscriptions. Which Azure Policy effect PREVENTS unapproved resource type creation?
33 / 60
Question 34 of 60
A company needs a cache layer for its Azure-hosted e-commerce application to store product catalog data that changes every 30 minutes. Which Azure Cache for Redis tier and eviction policy BEST supports this use case?
34 / 60
Question 35 of 60
A company needs to implement identity governance for its Azure AD environment. External contractors must receive guest accounts that automatically expire after 90 days, and internal employees' access to sensitive applications must be reviewed quarterly. Which Azure AD feature provides both capabilities?
35 / 60
Question 36 of 60
An AZ-305 architect must ensure that all Azure resources in an organization have a specific tag (CostCenter) with a valid value before they can be deployed. Existing non-compliant resources must also be remediated. Which Azure Policy effect combination implements both requirements?
36 / 60
Question 37 of 60
An organization uses Azure AD Connect to synchronize on-premises Active Directory to Azure AD. Users report they can sign in to Azure but cannot use SSO for on-premises applications from Azure AD-joined devices. Which configuration is MOST LIKELY missing?
37 / 60
Question 38 of 60
An AZ-305 architect designs an event-driven architecture where a single event (order placed) must trigger multiple downstream processes in parallel: payment processing, inventory reservation, and shipment scheduling — each independently scalable. Which Azure messaging pattern implements this fan-out?
38 / 60
Question 39 of 60
An AZ-305 architect must design a solution for processing financial transaction files that arrive in Azure Blob Storage. Each file must be processed exactly once, and processing order within a batch must be guaranteed. Which messaging service and configuration ensures exactly-once processing with ordered delivery?
39 / 60
Question 40 of 60
A company's development team uses Azure Container Registry (ACR) to store container images. The security team requires that images with critical vulnerabilities cannot be deployed to production AKS clusters. Which solution enforces this policy at deploy time?
40 / 60
Question 41 of 60
A solutions architect must design a data lakehouse on Azure. The solution needs ACID transactions on the data lake, time travel, and unified batch and streaming processing. Which storage format and service combination BEST meets these requirements?
41 / 60
Question 42 of 60
A company's Azure Cosmos DB account has throughput provisioned at 10,000 RU/s globally. During business hours, usage peaks to 25,000 RU/s; at night, it drops to 1,000 RU/s. Which Cosmos DB feature automatically adjusts throughput between a defined range to optimize cost?
42 / 60
Question 43 of 60
An organization wants to implement a hub-and-spoke network topology in Azure that scales to 100+ spoke VNets across multiple regions. Which connectivity service MOST efficiently manages this scale without requiring individual VNet peering connections?
43 / 60
Question 44 of 60
An AZ-305 architect evaluates which Azure SQL Database tier to use for a critical OLTP application requiring sub-5ms response times, in-memory OLTP for high-frequency transactions, and zone-redundant high availability with a 99.995% SLA. Which tier satisfies all requirements?
44 / 60
Question 45 of 60
An AZ-305 architect must implement network security for a hub-and-spoke VNet topology. All traffic between spokes must flow through a central Azure Firewall in the hub for inspection. What routing configuration is required?
45 / 60
Question 46 of 60
An architect must ensure that Azure Storage accounts containing sensitive financial data cannot have public access enabled, blob soft delete is enabled, and advanced threat protection is on — enforced across all subscriptions. Which approach provides the MOST automated enforcement?
46 / 60
Question 47 of 60
A company needs to implement role-based access control for its Azure resources following the principle of least privilege. Engineers need to manage VMs but not billing, security engineers need to manage security policies but not applications, and finance needs cost reports only. Which approach MOST efficiently implements this without creating custom roles?
47 / 60
Question 48 of 60
According to AZ-305, which Azure feature allows an organization to consistently deploy a specific set of Azure resources (VNets, RBAC assignments, policies, and resource groups) to new subscriptions as part of a landing zone provisioning process?
48 / 60
Question 49 of 60
A company runs a stateful web application on Azure App Service requiring session persistence. Which App Service configuration ensures that a user's requests are consistently routed to the same backend instance?
49 / 60
Question 50 of 60
A company deploys Azure Kubernetes Service (AKS) for a multi-tenant SaaS application. Different tenants must be isolated at the namespace level with resource quotas limiting CPU and memory consumption. Which Kubernetes feature enforces these resource constraints?
50 / 60
Question 51 of 60
An AZ-305 architect evaluates options for running a containerized legacy application that requires Windows Server 2019 with specific registry settings. The team wants minimal operational overhead. Which Azure compute option provides the BEST balance of Windows container support and managed infrastructure?
51 / 60
Question 52 of 60
A company uses Azure DevOps for CI/CD and needs to ensure that secrets (API keys, connection strings) used in pipelines are never stored in the pipeline YAML files or Azure DevOps variable groups in plaintext. Which solution provides the MOST secure secret management for Azure DevOps pipelines?
52 / 60
Question 53 of 60
Which Azure identity feature allows granting access to Azure resources for a limited time period to a service principal, with automatic rotation and no need to manage credentials manually?
53 / 60
Question 54 of 60
An AZ-305 architect configures Azure Monitor to track the availability of a web application. The monitoring solution must alert within 2 minutes if the application is unavailable from multiple global locations. Which Azure Monitor feature provides this capability?
54 / 60
Question 55 of 60
Which AZ-305 pattern enables a Cosmos DB collection to stream changes to downstream consumers in real-time, enabling event-driven processing without polling?
55 / 60
Question 56 of 60
An organization deploys Azure API Management to expose internal microservices as a public API. The API must authenticate callers using OAuth 2.0 with Azure AD as the identity provider and enforce rate limiting of 100 calls per minute per subscription. The backend microservices use Basic Auth. Which APIM policy combination handles this?
56 / 60
Question 57 of 60
An AZ-305 architect designs a solution where Azure Functions process images uploaded to Blob Storage. Processing must start within 30 seconds of upload and scale to handle 1,000 concurrent uploads. Which trigger and plan combination BEST meets these requirements?
57 / 60
Question 58 of 60
Which AZ-305 design pattern enables applications to continue serving read requests from cached data even when the primary data store is unavailable, using Azure Cache for Redis as an aside cache?
58 / 60
Question 59 of 60
An architect is designing an Azure solution for a startup with unpredictable traffic patterns. The application is stateless and must automatically scale from zero to hundreds of instances with no cold start penalty and support HTTP and timer-based workloads. Which Azure compute option BEST meets these requirements?
59 / 60
Question 60 of 60
A healthcare organization stores patient data in Azure SQL Database and needs to prevent database administrators from reading PHI in production while still allowing them to manage the database schema and performance. Which Azure SQL Database feature achieves this?
60 / 60