← Azure Solutions Architect Expert (AZ-305) · AZ-305 Advanced

AZ-305 Advanced Quiz

Learning Objectives

Master AZ-305 exam scenarios: enterprise-scale landing zones, FinOps, and hybrid architectures.

Azure Solutions Architect Expert (AZ-305) certification badge
Time left --:--:--
Question 1 / 60 · 60 unanswered
Question 1 of 60
An organization deploys a mission-critical financial trading application on Azure that requires sub-2ms network latency between compute nodes for in-memory data sharing. The application processes 10 million transactions per second. Which Azure compute and networking configuration achieves the required latency?
1 / 60
Question 2 of 60
An AZ-305 architect must design a solution for a bank that processes loan applications. The process has 15 sequential and parallel steps taking up to 30 minutes, requires compensating transactions for failures, and must support human approval steps. Which Azure service orchestrates this complex workflow?
2 / 60
Question 3 of 60
An AZ-305 architect designs a solution for processing 10TB of daily log data. Logs arrive continuously from 1,000 Azure VMs and must be available for querying within 5 minutes. The solution must support both operational dashboards (last 7 days) and compliance reporting (3 years). Which storage and processing architecture is MOST cost-effective while meeting all latency requirements?
3 / 60
Question 4 of 60
An organization runs a critical Azure SQL Database with 10TB of data. The database must support a secondary replica for reporting in the same region with <10ms replication lag, another replica for disaster recovery in a paired region, and a named readable replica for heavy analytics workloads. Which Azure SQL Database tier supports ALL three replica requirements simultaneously?
4 / 60
Question 5 of 60
A company's Azure architecture includes 200 microservices deployed on AKS. Service-to-service authentication uses shared Kubernetes secrets. The security team identifies that a compromised pod could exfiltrate credentials for all services. Which architectural change provides cryptographic service identity with automatic certificate rotation?
5 / 60
Question 6 of 60
A company implements a hub-and-spoke Azure network topology with Azure Firewall in the hub. A new security requirement mandates that east-west traffic between production spokes must be inspected, but development spoke traffic should bypass the firewall for cost reasons. Which routing configuration implements this selective inspection?
6 / 60
Question 7 of 60
A company running Azure SQL Database Hyperscale wants to offload read-intensive reporting queries from the primary replica. Reporting queries are complex analytical queries taking 10-30 minutes. Which Hyperscale configuration provides the BEST read scale-out for these queries?
7 / 60
Question 8 of 60
A company implements Azure Service Bus Topics for event distribution. The consumer application uses topic subscriptions with SQL filter expressions to receive only relevant messages. During testing, a filter expression (MessageType = 'OrderPlaced' AND Priority > 5) is not matching expected messages. What is the MOST likely cause?
8 / 60
Question 9 of 60
An architect must design a Cosmos DB solution for a multi-tenant SaaS application serving 10,000 enterprise customers. Each customer must have strict data isolation, and top-tier customers require guaranteed throughput. How should the architect structure Cosmos DB containers and throughput to meet these requirements while optimizing cost?
9 / 60
Question 10 of 60
An organization's Azure workloads must comply with PCI DSS. A compliance scan reveals that Azure SQL Database query results containing card data are cached in Redis without encryption. The security team must ensure that card data in Redis is always encrypted using a customer-managed key. Which Redis and Azure integration achieves this?
10 / 60
Question 11 of 60
An organization deploys Azure Front Door with WAF in Prevention mode to protect its web application. The WAF policy uses OWASP 3.2 managed rule set. After deployment, legitimate requests from a partner's API integration are blocked by rule 930120 (path traversal). How should the architect resolve this while maintaining security?
11 / 60
Question 12 of 60
An AZ-305 architect must implement a solution for a startup with zero initial traffic that can scale to handle viral growth (100× normal traffic in minutes) with zero code changes, serving a React SPA with dynamic server-side API calls. Which Azure architecture achieves elastic scale from zero to 100×?
12 / 60
Question 13 of 60
A global organization runs its Azure API Management gateway in 3 regions. Each regional APIM instance must share the same API definitions, products, and policies but serve traffic independently. Which APIM feature enables this multi-region configuration?
13 / 60
Question 14 of 60
A financial organization needs to build a real-time fraud detection system on Azure that analyzes 1 million transactions per minute, enriches each transaction with customer risk profile data (stored in Cosmos DB), and produces fraud scores within 200ms. Which architecture achieves sub-200ms latency at this scale?
14 / 60
Question 15 of 60
An architect designs an AZ-305 solution for a B2B integration platform. Partner organizations must send data to Azure using SFTP (SSH File Transfer Protocol), which cannot be replaced due to existing partner tooling. The data must then trigger automated processing. Which Azure service natively supports SFTP ingestion directly to Azure Blob Storage?
15 / 60
Question 16 of 60
A company needs to ensure Azure resource deployments across all subscriptions follow approved patterns. Specifically, VMs must be deployed only in approved sizes, storage accounts must use ZRS or GZRS redundancy, and all resources must deploy to approved regions. Which Azure governance approach enforces these constraints with ZERO manual intervention on every new deployment?
16 / 60
Question 17 of 60
An organization implements Azure landing zones and needs to prevent subscription owners from disabling Azure Defender for Cloud (Microsoft Defender for Cloud) or modifying required security policies. Which Azure governance mechanism achieves immutable security baseline enforcement?
17 / 60
Question 18 of 60
An AZ-305 architect designs a multi-tenant application on Azure that must isolate tenant data at the database level. For premium tenants requiring maximum isolation, and standard tenants where cost optimization is critical, which Azure SQL Database architecture pattern provides the BEST balance?
18 / 60
Question 19 of 60
An AZ-305 architect must implement certificate management at scale for an organization with 500 public-facing web applications running on Azure App Service. Certificates expire on different dates and require renewal without downtime. Which solution automates certificate lifecycle management at scale?
19 / 60
Question 20 of 60
An architect must design a solution where an AKS cluster can access an Azure Key Vault to retrieve TLS certificates used by ingress controllers. The solution must follow zero-credential principles (no stored secrets) and support automatic certificate rotation propagation to the ingress controller. Which integration achieves this?
20 / 60
Question 21 of 60
An architect designs an event-driven order processing system on Azure. An order placement event must trigger payment processing, inventory reservation, and fraud detection concurrently. If any step fails, the entire order must be compensated (rolled back). Which pattern and Azure services implement distributed transaction management without two-phase commit?
21 / 60
Question 22 of 60
A company needs to implement automated infrastructure cost governance on Azure. Resources not tagged with a valid CostCenter tag must be automatically shut down after 72 hours. Which Azure automation approach implements this lifecycle governance?
22 / 60
Question 23 of 60
A company migrates to Azure and needs to implement centralized DNS management. Private Azure resources must use private DNS zones, while on-premises systems must resolve Azure private hostnames. The solution must work for both Azure and hybrid (on-premises to Azure) name resolution. Which architecture achieves bidirectional hybrid DNS resolution?
23 / 60
Question 24 of 60
A company's Azure environment has grown organically to 200 subscriptions with inconsistent naming conventions, tagging policies, and RBAC assignments. An architect is commissioned to implement enterprise governance retroactively. Which approach provides the MOST comprehensive, automated remediation path?
24 / 60
Question 25 of 60
A company needs to implement a solution where Azure Functions process events from Azure Event Hubs at exactly-once semantics, ensuring no event is processed more than once even during failures or restarts. Which approach achieves idempotent, exactly-once processing?
25 / 60
Question 26 of 60
An architect must design an AZ-305 solution for a digital bank that requires all API calls to be logged with full request/response payloads for regulatory compliance, with logs retained for 7 years and accessible for audit within 1 hour of request. Which Azure API Management logging configuration satisfies ALL requirements?
26 / 60
Question 27 of 60
An architect designs an AZ-305 solution for a global e-commerce platform. The platform must serve static assets (images, JS, CSS) from the nearest edge location, handle dynamic checkout requests (requiring session state and real-time inventory) from the nearest healthy origin, and protect against L3/L4 and L7 DDoS attacks. Which Azure service combination achieves ALL requirements in a single platform?
27 / 60
Question 28 of 60
An organization's Azure data platform uses Azure Databricks for ML model training. The data science team complains that cluster startup time (5-10 minutes) significantly impacts productivity during interactive development. Which Databricks configuration reduces cluster startup time for development workloads?
28 / 60
Question 29 of 60
An AZ-305 architect designs a zero-trust network access (ZTNA) solution for Azure workloads. Applications deployed in private Azure VNets must be accessible to remote employees without exposing public IP addresses, with access controlled per-application based on user identity and device compliance. Which solution achieves this?
29 / 60
Question 30 of 60
An organization uses Azure Kubernetes Service (AKS) and needs to implement GitOps for automated, reconciliation-based deployment of Kubernetes manifests. Changes committed to a Git repository should automatically be reflected in the cluster without CI/CD pipeline triggers. Which AKS-native GitOps solution achieves this?
30 / 60
Question 31 of 60
An organization runs Azure Machine Learning pipelines that process sensitive training data stored in ADLS Gen2. The ML engineer team must have access to run experiments but must NOT be able to exfiltrate training data to external storage. Which AZ-305 security configuration enforces this constraint in the Azure ML workspace?
31 / 60
Question 32 of 60
A financial services company must implement a disaster recovery solution for Azure Virtual Desktop that meets an RTO of 4 hours and RPO of 1 hour for personal desktop pools with persistent user profiles. Which Azure components support this DR architecture?
32 / 60
Question 33 of 60
A company implements a data platform on Azure using the medallion architecture (Bronze/Silver/Gold layers). The Gold layer must have ACID transactions, schema enforcement, and the ability to query historical data states (time travel). Which storage technology and compute pair implements the Gold layer?
33 / 60
Question 34 of 60
A company runs a latency-sensitive trading application on Azure. The application must process market data events within 1 millisecond of receipt and write results to Azure SQL Database. The current architecture uses Azure Functions Premium plan but experiences 5-10ms latency spikes during garbage collection. Which architectural change reduces GC-induced latency?
34 / 60
Question 35 of 60
A company needs to implement a scalable, cost-efficient notification system for its mobile application serving 50 million devices. The backend must send push notifications to iOS (APNs) and Android (FCM) devices with custom payloads per notification segment. Which Azure service provides managed multi-platform push notification routing at scale?
35 / 60
Question 36 of 60
An architect must design an AZ-305 solution providing geo-redundant file storage that on-premises Windows servers can access via native SMB protocol with AD authentication, and that synchronizes between two Azure regions for DR. Which Azure service provides all these capabilities?
36 / 60
Question 37 of 60
An organization's AKS cluster uses Azure CNI networking. The security team requires network policy enforcement between pods — only authorized pods should communicate on specific ports. Which AKS networking feature enforces pod-level network segmentation?
37 / 60
Question 38 of 60
An architect evaluates Cosmos DB consistency levels for a globally distributed order management system. Orders must be immediately visible to all regions after placement (strong consistency for order records) but inventory updates can tolerate up to 10 seconds of staleness (bounded staleness). How should the architect configure consistency?
38 / 60
Question 39 of 60
An AZ-305 architect must design an Azure SQL Database solution for an application that experiences predictable high transactional load during business hours (9AM-5PM) and minimal load at night. The database must cost-optimize by automatically scaling compute resources. Which Azure SQL Database purchasing model and configuration achieves automatic compute scaling?
39 / 60
Question 40 of 60
An AZ-305 architect designs a solution where Azure Logic Apps orchestrate a complex business workflow integrating Salesforce, SAP, ServiceNow, and Azure SQL Database. The workflow must handle partial failures (if SAP update fails, revert Salesforce change) and run for up to 48 hours waiting for human approvals. Which Logic Apps tier and pattern handles long-running workflows with compensation?
40 / 60
Question 41 of 60
A company uses Azure Monitor Log Analytics to collect security logs from 500 Azure resources. The cost is exceeding budget. An architect reviews logs and identifies that some diagnostic log categories (verbose application traces) contribute 70% of ingestion cost but are never queried for security purposes. Which cost optimization approach reduces cost without losing security visibility?
41 / 60
Question 42 of 60
A security architect at a regulated financial institution must ensure that Azure administrators cannot access customer data stored in Azure services, even during support incidents. Which Azure feature provides a technical control that requires customer approval before Microsoft support can access customer data?
42 / 60
Question 43 of 60
Which AZ-305 pattern allows an Azure Functions app to reliably communicate with an external HTTPS API that requires a specific source IP for firewall allowlisting, while the Functions app uses the serverless Consumption plan?
43 / 60
Question 44 of 60
An organization must comply with a regulatory requirement that all Azure administrative actions (portal, CLI, PowerShell) against production subscriptions are logged with user identity, timestamp, and full request details, and these logs are retained for 7 years in a tamper-proof storage. Which Azure monitoring configuration meets this requirement?
44 / 60
Question 45 of 60
An AZ-305 architect must design a solution handling 50,000 concurrent WebSocket connections for a real-time gaming application. The backend processes game state updates and broadcasts to all connected clients. Which Azure service BEST handles large-scale persistent WebSocket connections with fan-out broadcasting?
45 / 60
Question 46 of 60
An AZ-305 architect designs a solution for a media company that transcodes video files stored in Azure Blob Storage. Transcoding is CPU-intensive, takes 1-4 hours per file, and the workload is intermittent (100 files on weekdays, 500 on weekends). Which compute configuration minimizes cost while meeting throughput requirements?
46 / 60
Question 47 of 60
An architect designing an AZ-305 solution must implement cross-subscription resource deployment using Azure Bicep. The deployment creates resources in a shared services subscription (hub VNet, Log Analytics, Key Vault) and an application subscription (spoke VNet, VMs, App Services). Which Bicep capability supports multi-subscription deployment in a single deployment file?
47 / 60
Question 48 of 60
A company deploys Azure Container Apps for its microservices. One service must scale based on the number of messages in an Azure Service Bus queue (queue depth), scaling from 0 to 100 replicas within 60 seconds when messages accumulate. Which Container Apps scaling configuration achieves this?
48 / 60
Question 49 of 60
Which AZ-305 pattern involves using Azure Event Grid to trigger Azure Functions that process events and write results to Cosmos DB, where further Cosmos DB change feed events trigger additional downstream Functions in a chain of event-driven processing?
49 / 60
Question 50 of 60
Which AZ-305 architectural pattern enables an Azure API Management gateway to route requests to different backend versions of an API simultaneously — serving v1 to legacy clients and v2 to modern clients — without deploying separate APIM instances?
50 / 60
Question 51 of 60
A company needs Azure Front Door to route requests to private backend origins (Azure App Service with Private Endpoint) without exposing backends to the public internet. Which Azure Front Door Premium feature enables private connectivity to origins?
51 / 60
Question 52 of 60
An AZ-305 architect is designing the identity architecture for a new Azure environment. The organization has an existing on-premises Active Directory and wants to extend it to Azure AD (Entra ID) while enabling cloud-only accounts for new cloud-native workloads and B2B guest access for partners. Which identity architecture supports ALL three identity types in a single Azure AD tenant?
52 / 60
Question 53 of 60
A global retailer uses Azure Cosmos DB with multi-region writes for its shopping cart service. During a network partition, a customer in Europe updates their cart, and simultaneously an automated price update service in the US updates the same item price in the same cart document. Which Cosmos DB conflict resolution strategy should the architect configure to ensure the customer's cart always reflects the most recent human interaction?
53 / 60
Question 54 of 60
An organization's Azure environment spans 50 subscriptions across 5 management groups. The security team needs a single view of compliance posture across all subscriptions showing which resources fail which Azure Policy assignments, with drill-down to individual non-compliant resources. Which Azure feature provides this consolidated compliance view?
54 / 60
Question 55 of 60
An AZ-305 architect evaluates Azure Cosmos DB for a social media application's activity feed. Users follow up to 10,000 other users and expect their feed to load in under 100ms globally. The feed is write-heavy (millions of posts per minute). Which Cosmos DB design decision MOST impacts feed read performance?
55 / 60
Question 56 of 60
An organization uses Azure Databricks for real-time streaming from Azure Event Hubs. The Databricks Structured Streaming job must exactly process each event once even during cluster failures or restarts. Which Databricks checkpoint configuration ensures exactly-once semantics?
56 / 60
Question 57 of 60
An architect is designing an AZ-305 solution where sensitive encryption keys for an on-premises application must reside in an Azure Managed HSM that meets FIPS 140-2 Level 3 requirements. The application must access keys without them ever leaving the HSM boundary. Which Azure Key Vault offering satisfies all requirements?
57 / 60
Question 58 of 60
A solutions architect designs an AZ-305 solution where Azure Databricks processes sensitive PII data that must never leave the corporate VNet. Databricks workloads must also access Azure Data Lake Storage Gen2 without public internet traversal. Which networking configuration achieves complete private connectivity for the Databricks workspace?
58 / 60
Question 59 of 60
A company needs to build a real-time analytics solution where operational data from Azure SQL Database is automatically replicated to Azure Synapse Analytics for analytical queries without impacting the OLTP database performance. Which Azure service provides low-latency, no-ETL data replication from Azure SQL to Synapse?
59 / 60
Question 60 of 60
A company's AZ-305 architecture includes Azure API Management as a gateway to microservices deployed on AKS. The security team requires that API callers cannot directly access the AKS backend even if they discover the internal URL. The APIM gateway must be the ONLY entry point. Which networking configuration enforces this?
60 / 60