How to use AZ-305 flashcards effectively
Flashcards work through active recall — the process of retrieving information from memory rather than passively re-reading it. Research consistently shows that active recall produces stronger, longer-lasting memory than re-reading study guides. For AZ-305 preparation, this means flashcards are one of the highest-return study tools available.
Attempt recall first
Read the AZ-305 question on each card, pause, and attempt to formulate the answer in your own words before revealing. This retrieval attempt — even if wrong — dramatically strengthens memory compared to immediately reading the answer.
Review wrong cards again
When you get a card wrong, note it and add it back to your review pile. Spaced repetition — seeing difficult cards more frequently — is the mechanism that makes flashcard study far more efficient than linear reading.
Study by domain
Group your AZ-305 flashcard sessions by domain for the first 3–4 weeks. Master one domain before moving to the next. In the final week, shuffle all cards together to test cross-domain recall — which is what the real AZ-305 exam requires.
Short sessions beat marathon reviews
20–30 flashcard cards per session, done daily, produces better retention than a single 200-card marathon session. Five short daily sessions per week over 4 weeks gives you over 400 total card reviews — enough to reliably pass AZ-305.
AZ-305 flashcard preview
Sample cards from the AZ-305 flashcard bank. Read the question, think of the answer, then read the explanation below.
A large enterprise wants to enforce zero-trust conditional access policies that use real-time user risk, sign-in risk, and device compliance. Which combination of Microsoft Entra ID features should they use?
Microsoft Entra ID Identity Protection and Conditional Access
Microsoft Entra ID Identity Protection provides real-time risk detection (user risk, sign-in risk), and Conditional Access can use those signals to enforce policies, such as requiring MFA or blocking access. Other options focus on privileged access or external identities.
A multinational company stores large amounts of unstructured data (documents, images) that must be read with low latency from multiple global regions. Data is written primarily in one region but read globally. Cost optimization is a key requirement. Which Azure storage replication option should they use?
Azure Blob Storage with read-access geo-redundant storage (RA-GRS)
Read-access geo-redundant storage (RA-GRS) provides a secondary read-only endpoint, allowing global readers to access data with low latency from the secondary region while minimizing write costs. Geo-redundant storage (GRS) does not permit reads from the secondary without failover, and premium options are more expensive.
A financial services company runs a critical SQL Server database on Azure Virtual Machines. They require a disaster recovery solution with an RPO of less than 15 seconds and an RTO of less than 1 hour. Which technology should they implement?
SQL Server Always On Availability Groups
SQL Server Always On Availability Groups with synchronous commit mode can achieve very low RPO (near zero) and fast failover (RTO typically under a minute), meeting the stringent requirements. Other options like Azure Site Recovery or Azure Backup have higher RPO/RTO.
A company is designing a hub-spoke network topology in Azure. The hub contains a third-party network virtual appliance (NVA) for inspection. Spokes need to communicate with each other, and all inter-spoke traffic must be routed through the NVA in the hub. Which configuration should they use?
Create user-defined routes (UDRs) in each spoke subnet that force traffic to go through the hub NVA
User-defined routes (UDRs) on the spoke subnets can force traffic destined for other spokes to go through the NVA in the hub. The UDR sets the next hop to the private IP address of the NVA, ensuring inspection.
A company is designing private access to a PaaS database from workloads in a VNet. The database should not be reachable over its public endpoint. What should be recommended?
Private Endpoint with public network access disabled
Private Endpoint is the standard design for private access to Azure PaaS services.
A data platform must support analytical queries over petabytes of files in a data lake, while preserving hierarchical namespaces and fine-grained ACLs. Which storage service should you design around?
Azure Data Lake Storage Gen2.
Azure Data Lake Storage Gen2 is built on Blob Storage and adds hierarchical namespace support, ACLs, and analytics-oriented file system semantics.
A database workload has an RPO of 15 minutes and an RTO of 4 hours. Cost is more important than near-zero data loss. Which design is usually more appropriate than synchronous multi-region replication?
Use scheduled backups or asynchronous replication aligned to the RPO/RTO.
Backup-based or asynchronous replication designs can satisfy moderate RPO/RTO targets at lower cost than synchronous active-active architectures.
A multinational company uses Microsoft Entra ID and several Azure subscriptions. Security administrators need to review privileged role assignments every month and require justification for continued access. Which design should be recommended?
Microsoft Entra Privileged Identity Management with access reviews
PIM with access reviews is the identity governance design for periodic privileged-access review.
A company is deploying a web application on Azure App Service. They need to guarantee that all traffic from the internet goes through a Web Application Firewall (WAF) before reaching the app. The solution must be cost-effective for a single application. Which Azure service should they place in front of the App Service?
Azure Application Gateway with WAF.
Azure Application Gateway is a regional web traffic load balancer with built-in WAF capability. It is ideal for a single application in one region, providing Layer 7 routing, SSL termination, and WAF at a lower cost than a global solution. Azure Front Door is a global load balancer with WAF, but it is designed for multi-region deployments and comes with additional costs. Azure Firewall does not provide WAF features; it is a stateful firewall. Traffic Manager is a DNS-level load balancer without WAF.
A company deploys a containerized application on Azure Kubernetes Service (AKS). They need to expose the application to the internet and provide TLS termination. The solution must also include a Web Application Firewall (WAF) to protect against common attacks. Which Azure service should they use as the ingress controller?
Azure Application Gateway
Azure Application Gateway can be used as an ingress controller for AKS. It provides layer-7 load balancing, TLS termination, and a built-in Web Application Firewall (WAF). Azure Front Door is an alternative but it is not an ingress controller; it is a global load balancer. Azure Load Balancer operates at layer-4 and does not provide WAF. Azure Traffic Manager is DNS-based and does not provide TLS termination or WAF.
A company has deployed Azure virtual machines without public IP addresses. They need to provide secure RDP and SSH access to these VMs for administrators from the corporate network (on-premises). The solution must integrate with Microsoft Entra ID for authentication and support multi-factor authentication (MFA). It must not require any public endpoint exposure on the VMs. Which Azure service should they use?
Azure Bastion
Azure Bastion is a fully managed PaaS service that provides secure RDP/SSH connectivity to VMs directly in the Azure portal over TLS. It runs in a separate virtual network and uses a public IP on the Bastion service, not on the VMs. It can integrate with Microsoft Entra ID for authentication and support MFA via Conditional Access. Point-to-Site VPN would expose VMs to VPN clients but requires a public IP on the VPN gateway. ExpressRoute is for private connectivity but does not provide RDP/SSH access. Application Proxy is for web applications, not RDP/SSH.
A company has Azure virtual networks (VNets) in three different Azure regions (West US, East US, and West Europe). They also have an on-premises data center connected to the East US region via ExpressRoute. They need to connect all VNets to each other and to the on-premises network. The solution must support transitive routing between all sites and provide centralized management of connectivity and routing policies. Which Azure service should they use?
Azure Virtual WAN
Azure Virtual WAN is designed to provide transitive connectivity between VNets and on-premises sites (via ExpressRoute or VPN) using a hub-and-spoke architecture. It offers centralized management through the Virtual WAN hub and supports routing policies. VNet peering does not provide transitive routing (non-transitive peerings). VPN Gateway requires manual configuration for transitive routing. ExpressRoute Direct is a physical connection option, not a connectivity service.
A company plans to deploy a web application on Azure VMs across multiple availability zones. They need to distribute incoming HTTP traffic across the VMs and provide health probes. Which Azure load balancing solution should they use?
Azure Application Gateway
Azure Application Gateway is a layer 7 load balancer that supports HTTP/HTTPS traffic, health probes, and SSL termination. It is designed for web applications. Azure Load Balancer works at layer 4 and does not handle HTTP-specific features. Traffic Manager is DNS-based and does not provide direct health probing for individual VMs. Azure Front Door is a global load balancer but is unnecessary for the stated requirement for a single-region deployment with availability zones.
A company runs a critical application using Azure SQL Database in the West US region. They need a disaster recovery solution that automatically fails over to a secondary region (East US) with a recovery point objective (RPO) of 5 seconds and a recovery time objective (RTO) of 1 minute. The secondary region must also be able to serve read-only queries for reporting purposes. Which Azure SQL Database feature should they implement?
Azure SQL Database active geo-replication with auto-failover group
Azure SQL Database active geo-replication combined with failover groups provides automatic failover to a secondary region with an RPO of 5 seconds (asynchronous replication) and an RTO of 1 minute when using a failover group. The secondary database can be used for read-only queries, making it suitable for reporting. Auto-failover groups automate the failover process. Geo-restore is for point-in-time restore, not continuous replication. Copy database is a one-time operation. Failover group for Managed Instance would not apply to single databases.
A company runs a large-scale write-intensive application that requires a horizontally scalable relational database. They need to distribute data across multiple nodes to handle high write throughput while supporting SQL queries, including joins and transactions. The solution must be fully managed and provide elastic scaling. Which Azure database service should they choose?
Azure Database for PostgreSQL Hyperscale (Citus)
Azure Database for PostgreSQL Hyperscale (Citus) is a fully managed service that horizontally scales across multiple nodes by distributing data (sharding). It supports SQL queries, transactions, and can handle write-intensive workloads by distributing writes across nodes. Azure SQL Database Hyperscale is designed for large single databases but with a single write primary, not multi-node distribution for write-heavy scaling. Azure Cosmos DB is a NoSQL database with SQL API but not a relational database with full support for joins and transactions across partitions. Azure SQL Managed Instance is a single-instance PaaS database with limited scaling options.
A company runs an SAP HANA database on Azure large instances (HLI) in the West US region. The database is critical for business operations. They need a disaster recovery solution with a recovery point objective (RPO) of near zero (seconds) and a recovery time objective (RTO) of less than 30 minutes in the event of a region-wide outage. The solution must automatically replicate data to a secondary region (East US) and support automated failover. Which design should they implement?
Configure HANA System Replication (async) between the primary and secondary site, and use a Pacemaker cluster with Azure Load Balancer to enable automated failover
SAP HANA System Replication (HSR) is the preferred solution for synchronous or asynchronous replication of HANA databases. For cross-region DR, asynchronous replication is typically used. To achieve automated failover, you can combine HSR with a cluster manager like Pacemaker on Azure VMs or use the HANA backup/restore to a secondary region. Azure Site Recovery can replicate the entire VM but does not provide HANA-consistent replication with near-zero RPO. HANA Backup to Azure Blob with geo-replication does not provide automated failover or sub-minute RPO.
A company uses Microsoft Entra ID (Microsoft Entra ID). They need to allow external business partners to request access to a specific application. The access must be time-limited and require approval from the partner's manager. Additionally, access must automatically expire after the defined period. Which Microsoft Entra ID feature should they use?
Microsoft Entra ID Entitlement Management
Microsoft Entra ID Entitlement Management enables the creation of access packages that can be published to external users. It supports approval workflows, time-limited access, and automatic removal of assignments when the access period ends. This addresses the requirement without manual intervention.
A company needs to store massive amounts of unstructured data, such as images and videos, for a media processing application. The data must be accessible via REST APIs and support tiered storage for cost optimization. Which Azure storage solution should they use?
Azure Blob Storage
Azure Blob Storage is optimized for storing massive amounts of unstructured data, accessible via REST APIs, and supports hot, cool, and archive tiers for cost efficiency. Azure Files provides SMB file shares, not optimized for massive unstructured data via REST APIs. Azure Data Lake Storage Gen2 is built on Blob Storage but adds a hierarchical namespace for analytics, but the media processing scenario with images and videos fits Blob Storage well. Azure Disk Storage is for VM disks.
A company runs a critical line-of-business application on Azure VMs within a single region. The application tier is deployed across multiple VMs. They need to protect against a failure of an entire Azure datacenter within that region. The solution should automatically distribute the VMs across physically separate locations with independent power, cooling, and networking. The company also requires the lowest possible latency between application and database tiers within the same location. Which deployment strategy should they use?
Deploy the VMs across multiple availability zones
Availability zones are physically separate datacenters within an Azure region, each with independent power, cooling, and networking. Deploying VMs across availability zones provides protection against a datacenter failure. Availability sets protect against faults within a single datacenter but not against a full datacenter failure. Azure Site Recovery is for cross-region DR, not within a region. Azure Proximity Placement Groups reduce latency but do not provide datacenter-level redundancy.
A company runs a critical OLTP application on Azure SQL Database in the West US region. They need to ensure business continuity if a regional outage occurs. The solution must have a recovery point objective (RPO) of 5 seconds and a recovery time objective (RTO) of less than 1 hour. They also want to use the secondary region for read-only query offloading. Which Azure SQL Database feature should they enable?
Active geo-replication with automatic failover group
Azure SQL Database active geo-replication creates a readable secondary in another region with asynchronous replication. The RPO is typically up to 5 seconds (depending on workload). Failover is manual, but with auto-failover group, automatic failover can be configured and RTO is under 1 hour. Read scale-out allows the secondary to be used for read-only queries. Geo-restore is for point-in-time restoration and has longer RPO/RTO. Failover group alone (without active geo-replication) is not an option; failover groups use active geo-replication. Sync replication between regions is not feasible due to latency.
A company has multiple branch offices and needs to connect them to Azure and to each other using a scalable, managed solution that simplifies network architecture. The solution should support automatic routing and integration with ExpressRoute and VPN. Which Azure service should they use?
Azure Virtual WAN
Azure Virtual WAN is a managed networking service that provides a hub-and-spoke architecture with built-in routing, connectivity, and security. It automatically handles routing between branch offices, Azure virtual networks, and on-premises networks via ExpressRoute or VPN, simplifying the overall network design.
A business-critical App Service application must survive a full regional outage. The recovery design should fail over automatically based on endpoint health and avoid DNS-cache delay where possible. Which service should front the regional deployments?
Azure Front Door
Azure Front Door is the preferred global layer for resilient multi-region web applications.
AZ-305 flashcards by domain
The AZ-305 flashcard bank covers all 4 official blueprint domains published by Microsoft. Cards are distributed proportionally, so domains with higher exam weight have more cards.
Domain Coverage
Design identity, governance, and monitoring solutions
Design data storage solutions
Design business continuity solutions
Design infrastructure solutions
Flashcards vs practice tests: which is better for AZ-305?
Both flashcards and practice questions are evidence-based study tools. The difference is in what they train:
Flashcards — concept retention
Best for memorising definitions, acronyms, protocol behaviours, command syntax, and conceptual distinctions. Use flashcards to build the foundational vocabulary that AZ-305 questions assume you know.
Best in: weeks 1–3
Practice tests — application
Best for applying concepts to realistic scenarios, eliminating distractors, and building exam stamina.AZ-305 questions test scenario reasoning — not just recall — so practice tests are essential.
Best in: weeks 3–6
The most effective AZ-305 study plan combines both: use flashcards for the first 2–3 weeks to build conceptual foundations, then shift to practice tests and mock exams in the final 2–3 weeks to apply and benchmark that knowledge. Most candidates who pass on their first attempt use both tools.
AZ-305 flashcards — frequently asked questions
Are the AZ-305 flashcards free?
Yes — all AZ-305 flashcards on Courseiva are completely free, no account required. Every card includes the question, correct answer, and a full explanation. Create a free account to track which cards you have studied and get spaced repetition recommendations.
How many AZ-305 flashcards are on Courseiva?
Courseiva has 300+ original AZ-305 flashcards across all 4 exam blueprint domains. New cards are added regularly as the question bank grows. All cards are written by certified engineers against the official Microsoft exam objectives.
How are Courseiva flashcards different from Anki or Quizlet?
Courseiva flashcards are purpose-built for IT certification exams. Unlike generic flashcard platforms where content quality varies, every Courseiva card is mapped to the official AZ-305 exam blueprint, written by engineers who hold the certification, and includes a full explanation of the correct answer and why the distractors are wrong. This explanation quality is what separates genuine learning from rote memorisation.
Can I use AZ-305 flashcards offline?
Courseiva is a web platform — an internet connection is required. For offline study, we recommend creating free Courseiva account, using the platform in your browser, and using your device's offline capabilities if your browser supports offline web apps.
Track your AZ-305 flashcard progress
Save your results, see which domains need more work, and get spaced repetition recommendations — all free.
Sign Up FreeFree forever · Every certification included