Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsAZ-305Exam Questions

Microsoft · Free Practice Questions · Last reviewed May 2026

AZ-305 Exam Questions and Answers

24real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.

50 exam questions
120 min time limit
Pass: 700/1000 / 1000
4 exam domains
OverviewDomain BlueprintStudy GuideAll QuestionsSample by Domain
1. Design identity, governance, and monitoring solutions2. Design data storage solutions3. Design business continuity solutions4. Design infrastructure solutions
1

Domain 1: Design identity, governance, and monitoring solutions

All Design identity, governance, and monitoring solutions questions
Q1
hardFull explanation →

A large enterprise wants to enforce zero-trust conditional access policies that use real-time user risk, sign-in risk, and device compliance. Which combination of Microsoft Entra ID features should they use?

A

Microsoft Entra ID Identity Protection and Conditional Access

Correct. Identity Protection detects risks like leaked credentials and unusual sign-ins, and Conditional Access uses these risks to enforce adaptive policies for a zero-trust model.

B

Microsoft Entra ID Privileged Identity Management and Access Reviews

C

Microsoft Entra ID B2B and External Identities

D

Microsoft Entra ID Domain Services and Managed Identities

Why: Microsoft Entra ID Identity Protection provides real-time risk detection for users and sign-ins, while Conditional Access policies can enforce access controls based on those risk signals and device compliance. Together, they enable zero-trust conditional access by blocking or requiring MFA when user or sign-in risk is high, and ensuring only compliant devices can access resources.
Q2
mediumFull explanation →

A company needs to monitor sign-in logs from multiple Microsoft Entra ID tenants and analyze user sign-in patterns across those tenants. Which Azure solution should they use?

A

Azure Sentinel with Microsoft Entra ID connectors

Correct. Azure Sentinel can connect to multiple Microsoft Entra ID tenants via connectors and perform advanced analytics across data sources, making it ideal for cross-tenant sign-in analysis.

B

Azure Log Analytics workspace with Microsoft Entra ID diagnostic settings

C

Microsoft Entra ID Reports and Monitoring

D

Azure Monitor Workbooks

Why: Azure Sentinel (now Microsoft Sentinel) is the correct choice because it provides a cloud-native SIEM that can ingest sign-in logs from multiple Microsoft Entra ID tenants via its built-in Microsoft Entra ID connectors. This enables cross-tenant analysis of user sign-in patterns, which is not possible with single-tenant monitoring tools. Sentinel's analytics rules and workbooks allow security teams to detect anomalies and investigate sign-in behaviors across all connected tenants.
Q3
mediumFull explanation →

A multinational company uses Microsoft Entra ID for identity. They need to grant external partners access to specific SharePoint Online sites. The access must be time-limited and require approval from a resource owner. Which Microsoft Entra ID feature should they use?

A

Microsoft Entra ID Entitlement Management.

Entitlement Management enables creation of access packages with approvals and time-limited access. It is designed for governing external user access to resources like SharePoint Online.

B

Microsoft Entra ID B2C.

C

Microsoft Entra ID Conditional Access.

D

Microsoft Entra ID Identity Protection.

Why: Microsoft Entra ID Entitlement Management (A) is the correct feature because it enables organizations to manage external partner access to resources like SharePoint Online sites through access packages. These access packages can enforce time-limited access and require approval from designated resource owners, directly meeting the scenario's requirements.
Q4
hardFull explanation →

A company has multiple Azure subscriptions and wants to enforce that all administrators must use multi-factor authentication (MFA) when accessing the Azure portal. They also want to monitor and report on any policy changes that affect this enforcement. Which combination of Azure services should they use?

A

Azure Policy with built-in policy to enforce MFA and Azure Activity Log to monitor changes.

B

Microsoft Entra ID Conditional Access policy to require MFA for Azure management and Azure Monitor with Log Analytics for monitoring.

Conditional Access policies are the appropriate way to enforce MFA for accessing Azure Portal (Azure Management cloud app). Azure Monitor can collect Activity Logs from Microsoft Entra ID and Azure subscriptions to track changes to Conditional Access policies or other critical resources, and Log Analytics can be used for querying and alerting.

C

Microsoft Entra ID Identity Protection to enforce MFA and Azure Sentinel for monitoring.

D

Azure Policy to assign built-in policy 'MFA should be enabled on accounts with write permissions' and Azure Security Center for monitoring.

Why: Option B is correct because Microsoft Entra ID Conditional Access policies can enforce MFA specifically for Azure management (including the Azure portal), and Azure Monitor with Log Analytics provides the monitoring and reporting of policy changes via the Azure Activity Log. This combination directly addresses both requirements: enforcing MFA for administrators and auditing changes to the Conditional Access policy itself.
Q5
easyFull explanation →

A company uses Microsoft Entra ID for identity management. They need to automate the process of granting access to resources for employees and external partners, and require periodic access reviews to ensure compliance. Which Microsoft Entra ID feature should they use?

A

Microsoft Entra ID Privileged Identity Management (PIM)

B

Microsoft Entra ID Entitlement Management

Entitlement Management allows you to create access packages that define the resources and policies for access. It can automate the request workflow and integrate with access reviews for periodic recertification.

C

Microsoft Entra ID Conditional Access

D

Microsoft Entra ID Identity Protection

Why: Microsoft Entra ID Entitlement Management is the correct feature because it enables automation of access request workflows for employees and external partners, including time-limited access packages and periodic access reviews to enforce compliance. This directly matches the requirement for granting access and ensuring ongoing governance through reviews.
Q6
mediumFull explanation →

A company has Microsoft Entra ID Premium P2 licenses and wants to ensure that privileged roles (e.g., Global Administrator) are only activated when needed and with approval. They also need to regularly review who has access to these roles. Which combination of features should they use?

A

Privileged Identity Management (PIM) and Microsoft Entra ID Access Reviews

PIM enables time-bound, approved activation of privileged roles, and Access Reviews can be configured to recertify assignments regularly.

B

Identity Protection and Conditional Access

C

Entitlement Management and Conditional Access

D

Microsoft Entra ID Access Reviews and Identity Protection

Why: Privileged Identity Management (PIM) provides just-in-time (JIT) activation of privileged roles with approval workflows, meeting the requirement for activation only when needed and with approval. Microsoft Entra ID Access Reviews then enable recurring certification of role assignments, ensuring that access is regularly reviewed and stale or inappropriate assignments are removed. Together, they form the correct combination for managing and governing privileged roles.

Want more Design identity, governance, and monitoring solutions practice?

Practice this domain
2

Domain 2: Design data storage solutions

All Design data storage solutions questions
Q1
mediumFull explanation →

A multinational company stores large amounts of unstructured data (documents, images) that must be read with low latency from multiple global regions. Data is written primarily in one region but read globally. Cost optimization is a key requirement. Which Azure storage replication option should they use?

A

Azure Blob Storage with geo-redundant storage (GRS)

B

Azure Blob Storage with read-access geo-redundant storage (RA-GRS)

Correct. RA-GRS replicates data to a secondary region and provides a read-only endpoint, allowing low-latency reads from the secondary region without the cost of premium storage.

C

Azure Files with premium shares

D

Azure NetApp Files

Why: B is correct because RA-GRS provides geo-redundant storage with read access to the secondary region, enabling low-latency reads from multiple global regions while maintaining cost efficiency. The data is written primarily in one region, but RA-GRS allows read requests to be served from the secondary region without additional compute costs, meeting the global read requirement.
Q2
mediumFull explanation →

A startup is building a social media analytics platform that processes streaming data. They need a data store for time-series events with high write throughput and fast timestamp-based range queries. Which Azure data store is most suitable for this workload?

A

Azure Cosmos DB with SQL API

B

Azure SQL Database with columnstore index

C

Azure Table Storage

Correct. Azure Table Storage is designed for high-volume structured data and supports efficient point queries and range scans on PartitionKey and RowKey, making it ideal for time-series data at low cost.

D

Azure Data Lake Storage Gen2

Why: Azure Table Storage is a NoSQL key-value store that supports high-volume, low-latency writes and efficient range queries on the PartitionKey and RowKey, which can be structured as a timestamp for time-series data. Its schema-less design and ability to scale to massive throughput without sharding overhead make it ideal for streaming event ingestion and timestamp-based retrieval.
Q3
hardFull explanation →

A company ingests millions of IoT events per second from sensors around the world. Each event is a JSON message with timestamp, device ID, and readings. They need to support real-time analytics dashboards and also store all raw data for long-term historical analysis. They want to minimize operational overhead. Which Azure data storage solution should they recommend?

A

Azure Data Lake Storage Gen2 for all data.

B

Azure Event Hubs with Capture to Azure Data Lake Storage.

Event Hubs can handle millions of events per second. The Capture feature automatically writes ingested events to Data Lake Storage in Avro format (or JSON). For real-time dashboards, you can use Stream Analytics to query the Event Hubs stream. This provides a seamless, low-operational-overhead solution.

C

Azure Cosmos DB for both real-time and historical data.

D

Azure Time Series Insights (TSI) Standard.

Why: Azure Event Hubs is designed for high-throughput data ingestion, capable of handling millions of events per second. By enabling the Capture feature, data is automatically and durably persisted to Azure Data Lake Storage in Avro format, providing a serverless, low-latency pipeline for real-time dashboards while storing raw data for long-term analytics. This minimizes operational overhead by eliminating the need to manage separate ingestion and storage infrastructure.
Q4
mediumFull explanation →

A company runs a legacy application on Azure Virtual Machines. The application uses a SQL Server database that requires 50,000 IOPS consistently. It also uses a shared file system for storing documents. They plan to migrate from on-premises where they used a SAN for block storage and NAS for file shares. Which combination of Azure storage should they use to meet performance requirements?

A

Premium SSD v2 disks for the database and Azure Files premium tier for the file share.

Premium SSD v2 can achieve 50,000 IOPS with a 320 GiB disk (which gives 4,000 IOPS per GiB, 320*4000=1,280,000? No, let's check: Premium SSD v2 IOPS scales linearly to 80,000 at 1 TiB, but smaller disks can still achieve high IOPS. It is designed for high-performance databases. Azure Files Premium offers low latency and high throughput for file sharing, suitable for a shared file system.

B

Premium SSD (non-v2) for the database and Azure NetApp Files for the file share.

C

Ultra Disk for the database and Azure Files standard tier for the file share.

D

Standard SSD for the database and Azure Blob Storage for the file share.

Why: Premium SSD v2 disks can deliver up to 80,000 IOPS per disk, easily meeting the 50,000 IOPS requirement for the SQL Server database. Azure Files premium tier uses SSD-backed storage and provides consistent low-latency performance suitable for a shared file system, replacing the on-premises NAS. This combination directly maps the SAN (block) and NAS (file) workloads to Azure's highest-performance managed disks and file shares.
Q5
mediumFull explanation →

A company needs a fully managed NoSQL database for a JSON document-oriented application that requires low latency (single-digit milliseconds) for reads and writes at any scale. The application will run globally and needs multi-region writes with automatic failover. Which Azure data store should they use?

A

Azure Cosmos DB

Cosmos DB offers multi-region writes, elastic scalability, and guarantees single-digit millisecond latency at the 99th percentile. It supports document models natively.

B

Azure Table Storage

C

Azure SQL Database

D

Azure Cache for Redis

Why: Azure Cosmos DB is the correct choice because it is a fully managed NoSQL database that natively supports JSON documents, offers single-digit millisecond latency for reads and writes at any scale, and provides multi-region writes with automatic failover through its multi-master replication capability. Its global distribution model allows you to configure multiple write regions, ensuring high availability and low latency worldwide.
Q6
hardFull explanation →

A company needs to store and analyze petabytes of semi-structured data from IoT devices. The data is append-only and written in time order. They need to support fast queries on time ranges and also aggregate data in real-time. Which Azure data service should they use?

A

Azure Data Explorer

ADX (Kusto) is built for real-time analysis on large volumes of streaming data. It supports efficient time-series queries, ingestion from IoT sources, and real-time aggregations.

B

Azure Cosmos DB

C

Azure SQL Database

D

Azure Table Storage

Why: Azure Data Explorer (ADX) is purpose-built for high-performance analysis of large volumes of time-series and semi-structured data. It supports append-only ingestion, optimized time-range queries via its columnar storage and indexing, and real-time aggregation using Kusto Query Language (KQL) with built-in materialized views and update policies.

Want more Design data storage solutions practice?

Practice this domain
3

Domain 3: Design business continuity solutions

All Design business continuity solutions questions
Q1
mediumFull explanation →

A financial services company runs a critical SQL Server database on Azure Virtual Machines. They require a disaster recovery solution with an RPO of less than 15 seconds and an RTO of less than 1 hour. Which technology should they implement?

A

Azure Site Recovery

B

SQL Server Always On Availability Groups

Correct. Always On Availability Groups with synchronous replication can provide an RPO of zero and an RTO of seconds to minutes, satisfying the disaster recovery requirements.

C

Azure Backup for SQL Server

D

Geo-redundant backups

Why: SQL Server Always On Availability Groups provide synchronous data replication at the database level, enabling an RPO of less than 15 seconds by committing transactions on both primary and secondary replicas simultaneously. With automatic failover and a secondary replica in a different Azure region, the RTO can be under 1 hour, meeting the critical requirements for a SQL Server workload on Azure VMs.
Q2
mediumFull explanation →

A company runs a critical web application on Azure App Service in a single region. They need to achieve high availability across regions with automatic failover in the event of a regional outage. Which approach should they recommend?

A

Deploy multiple App Service instances in the same region with Traffic Manager

B

Deploy to multiple regions with Azure Front Door

Correct. Azure Front Door can route traffic across regions and automatically fail over to a healthy region if the primary goes down.

C

Use App Service auto-scaling rules to handle increased load

D

Enable Azure Site Recovery for the App Service

Why: Azure Front Door provides global load balancing and automatic failover across multiple regions by routing traffic to the nearest healthy backend. For a critical web application requiring cross-region high availability, deploying App Service instances in multiple regions behind Front Door ensures seamless failover during a regional outage, as Front Door monitors endpoint health and redirects traffic away from failed regions.
Q3
mediumFull explanation →

A company runs a critical SQL Server database on Azure Virtual Machines in a single region. They need a disaster recovery solution across regions with a recovery point objective (RPO) of zero. The database is update-intensive with frequent writes. Which configuration should they implement?

A

SQL Server Always On Availability Group with asynchronous commit.

B

SQL Server Always On Availability Group with synchronous commit across regions.

Synchronous commit ensures all transactions are committed on both the primary and secondary replicas before acknowledging the commit to the application. If configured across regions, this provides zero data loss (RPO=0). But network latency can affect write performance.

C

Azure Site Recovery to another region.

D

Deploy the VMs in a different availability zone within the same region.

Why: SQL Server Always On Availability Group with synchronous commit across regions ensures zero data loss because transactions are committed on both the primary and secondary replicas before the primary acknowledges the commit. This meets the RPO of zero, even though it introduces latency due to cross-region synchronization. For an update-intensive workload, synchronous commit is the only option that guarantees no data loss at the cost of increased write latency.
Q4
mediumFull explanation →

A company runs a critical application on Azure Virtual Machines in a single availability set. They want to protect against an entire Azure region failure. They need a recovery time objective (RTO) of 30 minutes and a recovery point objective (RPO) of 15 minutes. Which solution should they use?

A

Azure Backup for VMs with geo-redundant backup storage.

B

Azure Site Recovery to another region.

Azure Site Recovery replicates VMs continuously to a secondary region. It can achieve RPO as low as 15 seconds (with app-consistent snapshots) and RTO of minutes (30 minutes is typical). It supports planned and unplanned failover.

C

Deploy VMs in an availability zone within the same region.

D

Use Azure managed disks with geo-replication (LRS to GRS).

Why: Azure Site Recovery (ASR) provides orchestrated replication, failover, and failback of Azure VMs to a secondary region, enabling a recovery time objective (RTO) of 30 minutes and a recovery point objective (RPO) of 15 minutes as required. ASR replicates VM disks continuously to the target region, and in a regional failure, you can initiate a planned or unplanned failover to bring up the application within the specified RTO/RPO. This is the only option that offers both cross-region disaster recovery and the granular recovery objectives stated.
Q5
mediumFull explanation →

A company runs multiple on-premises workloads that are critical. They need a disaster recovery solution that can replicate workloads to Azure and enable failover in the event of an on-premises outage. The solution must support non-VMware and non-Hyper-V physical servers. Which Azure service should they use?

A

Azure Backup

B

Azure Site Recovery

Azure Site Recovery supports replication of physical servers (and virtual machines) to Azure. It provides failover and test failover capabilities for DR.

C

Azure Migrate

D

Azure Disaster Recovery

Why: Azure Site Recovery (ASR) is the correct service because it provides orchestrated replication and failover for on-premises physical servers (including non-VMware, non-Hyper-V) to Azure. It supports physical-to-Azure (P2A) replication using the Mobility service installed on the source server, enabling automated failover during an outage. This directly meets the requirement for critical workload disaster recovery with failover capability.
Q6
mediumFull explanation →

A company has several Azure Virtual Machines running Windows Server with critical applications. They need to back up these VMs to a secondary Azure region to protect against regional disasters. The backup must be application-consistent and support file-level restore. Which solution should they implement?

A

Azure Backup with geo-redundant storage (GRS) in a Recovery Services vault

Azure Backup offers VM-level application-consistent backups, supports GRS for cross-region durability, and allows file-level restore from recovery points.

B

Azure Site Recovery

C

Azure Snapshot of managed disks stored in a different region

D

Azure Managed Disk with incremental snapshots and manual cross-region copy

Why: Azure Backup with geo-redundant storage (GRS) in a Recovery Services vault is the correct solution because it provides application-consistent backups of Windows Server VMs using the Volume Shadow Copy Service (VSS) to ensure data integrity, and it supports file-level restore by allowing you to mount the backup as a drive to recover individual files. The GRS option replicates backup data to a paired secondary region, meeting the disaster recovery requirement without additional manual steps.

Want more Design business continuity solutions practice?

Practice this domain
4

Domain 4: Design infrastructure solutions

All Design infrastructure solutions questions
Q1
hardFull explanation →

A company is designing a hub-spoke network topology in Azure. The hub contains a third-party network virtual appliance (NVA) for inspection. Spokes need to communicate with each other, and all inter-spoke traffic must be routed through the NVA in the hub. Which configuration should they use?

A

Set route tables on spoke subnets with a 0.0.0.0/0 route to the Internet

B

Configure Azure Firewall in the hub with forced tunneling to on-premises

C

Create user-defined routes (UDRs) in each spoke subnet that force traffic to go through the hub NVA

Correct. UDRs allow precise control of traffic routing; adding a route for the spoke address spaces with next hop as the NVA IP enforces inspection.

D

Use VNet peering with gateway transit enabled

Why: Option C is correct because user-defined routes (UDRs) allow you to explicitly override Azure's default system routes. By adding a route in each spoke subnet with the hub NVA's private IP as the next hop for inter-spoke traffic (e.g., 10.1.0.0/16 -> 10.0.0.4), all traffic between spokes is forced through the NVA for inspection. This ensures the hub-spoke topology meets the requirement without relying on Azure Firewall or Internet routing.
Q2
mediumFull explanation →

A company is deploying a web application on Azure App Service. They need to guarantee that all traffic from the internet goes through a Web Application Firewall (WAF) before reaching the app. The solution must be cost-effective for a single application. Which Azure service should they place in front of the App Service?

A

Azure Application Gateway with WAF.

Application Gateway is a regional Layer 7 load balancer that integrates WAF. It can be placed directly in front of App Service to inspect all incoming traffic. This is a cost-effective solution for a single-region application.

B

Azure Front Door with WAF policy.

C

Azure Firewall with application rules.

D

Azure Traffic Manager.

Why: Azure Application Gateway with WAF is the correct choice because it provides a regional, layer-7 load balancer with built-in Web Application Firewall capabilities, designed to protect web applications from common exploits and vulnerabilities. For a single application, it is more cost-effective than Azure Front Door, which is a global service with higher minimum costs and additional features not required here. Application Gateway can be deployed directly in front of App Service to inspect and filter all internet traffic before it reaches the app.
Q3
easyFull explanation →

A company has multiple Azure subscriptions and on-premises data centers connected via ExpressRoute. They want to centralize connectivity to the internet and enforce a single web filtering and security policy for all outbound internet traffic from Azure VMs. Which Azure networking architecture should they implement?

A

Use a hub-spoke topology with Azure Firewall in the hub for all outbound traffic.

In a hub-spoke topology, the hub VNet contains shared services like Azure Firewall. Spoke VNets are peered to the hub, and UDRs in each spoke subnet route default internet-bound traffic (0.0.0.0/0) to the firewall. This ensures all outbound traffic is inspected by the firewall, providing centralized filtering.

B

Use a single virtual network for all resources with a network virtual appliance.

C

Use an Azure Virtual WAN with security virtual WAN hub.

D

Use Azure Traffic Manager with Azure Firewall.

Why: Option A is correct because a hub-spoke topology with Azure Firewall in the hub provides a centralized point for routing all outbound internet traffic from Azure VMs. By using user-defined routes (UDRs) on the spoke subnets that point to the Azure Firewall as the default gateway (0.0.0.0/0 next hop), all outbound traffic is forced through the firewall, enabling consistent web filtering and security policy enforcement. This architecture also integrates seamlessly with ExpressRoute for on-premises connectivity, ensuring a single egress point for internet-bound traffic.
Q4
easyFull explanation →

A company has multiple branch offices and needs to connect them to Azure and to each other using a scalable, managed solution that simplifies network architecture. The solution should support automatic routing and integration with ExpressRoute and VPN. Which Azure service should they use?

A

Azure Virtual Network

B

Azure Virtual WAN

Virtual WAN offers a scalable, managed hub that connects branch offices, Azure VNets, and on-premises resources with automatic routing and integration with ExpressRoute/S2S VPN.

C

Azure ExpressRoute

D

Azure VPN Gateway

Why: Azure Virtual WAN is a managed networking service that aggregates branch, VPN, and ExpressRoute connectivity into a single hub-and-spoke architecture. It automatically handles routing between branches and Azure, supports any-to-any connectivity, and integrates natively with ExpressRoute and VPN gateways, making it the correct choice for a scalable, managed solution that simplifies network architecture.
Q5
hardFull explanation →

A company runs a high-performance computing (HPC) workload on Azure that requires extremely low latency (under 10 microseconds) between multiple VMs for MPI communication. The VMs are part of a single job and must be placed together to minimize network latency. Which VM deployment option should they use?

A

Azure Virtual Machine Scale Sets with a Proximity Placement Group

Proximity Placement Groups (PPG) co-locate VMs in the same datacenter region, providing ultra-low latency required for MPI workloads. VMSS allows scaling out while staying in the PPG.

B

Azure Availability Sets

C

Azure Virtual Machine Scale Sets across Availability Zones

D

Azure Kubernetes Service (AKS)

Why: A Proximity Placement Group (PPG) within a Virtual Machine Scale Set ensures that all VMs are physically located as close as possible within an Azure datacenter, reducing network latency to under 10 microseconds for MPI communication. This is the only option that guarantees co-location of VMs for a single HPC job, as PPGs minimize inter-VM latency by placing VMs in the same rack or cluster.
Q6
mediumFull explanation →

A company is deploying an internal web application on Azure VMs. The application requires SSL offloading, session stickiness, and URL-based routing (e.g., /api/* to one backend, /app/* to another). The solution must operate within a single Azure region and must not be exposed to the public internet. Which Azure load balancing solution should they use?

A

A

B

B

C

C

Azure Application Gateway can be deployed internally (internal Application Gateway) and provides all required features: SSL offloading, session affinity, and URL path-based routing.

D

D

Why: Azure Application Gateway v2 is the correct choice because it provides SSL offloading (SSL termination at the gateway), session stickiness (cookie-based affinity), and URL-based routing (path-based routing rules) within a single Azure region. It can be deployed with a private IP address only, ensuring it is not exposed to the public internet, meeting all requirements.

Want more Design infrastructure solutions practice?

Practice this domain

Frequently asked questions

How many questions are on the AZ-305 exam?

The AZ-305 exam has 50 questions and must be completed in 120 minutes. The passing score is 700/1000.

What types of questions appear on the AZ-305 exam?

Architecture design scenario questions covering Azure identity, networking, compute, storage, data, governance, monitoring, and reliability. Some questions are performance-based (PBQs), asking you to complete tasks in a simulated environment.

How are AZ-305 questions organised by domain?

The exam covers 4 domains: Design identity, governance, and monitoring solutions, Design data storage solutions, Design business continuity solutions, Design infrastructure solutions. Questions are weighted by domain — higher-weight domains appear more on your actual exam.

Are these the actual AZ-305 exam questions?

No. These are original exam-style practice questions written against the official Microsoft AZ-305 exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.

Ready to practice all 60 AZ-305 questions?

Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.

Browse all AZ-305 questionsTake a timed practice test