20+ practice questions focused on Design infrastructure solutions — one of the most tested topics on the Microsoft Azure Solutions Architect Expert AZ-305 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Design infrastructure solutions PracticeA company is designing a hub-spoke network topology in Azure. The hub contains a third-party network virtual appliance (NVA) for inspection. Spokes need to communicate with each other, and all inter-spoke traffic must be routed through the NVA in the hub. Which configuration should they use?
Explanation: Option C is correct because user-defined routes (UDRs) allow you to explicitly override Azure's default system routes. By adding a route in each spoke subnet with the hub NVA's private IP as the next hop for inter-spoke traffic (e.g., 10.1.0.0/16 -> 10.0.0.4), all traffic between spokes is forced through the NVA for inspection. This ensures the hub-spoke topology meets the requirement without relying on Azure Firewall or Internet routing.
A company is deploying a web application on Azure App Service. They need to guarantee that all traffic from the internet goes through a Web Application Firewall (WAF) before reaching the app. The solution must be cost-effective for a single application. Which Azure service should they place in front of the App Service?
Explanation: Azure Application Gateway with WAF is the correct choice because it provides a regional, layer-7 load balancer with built-in Web Application Firewall capabilities, designed to protect web applications from common exploits and vulnerabilities. For a single application, it is more cost-effective than Azure Front Door, which is a global service with higher minimum costs and additional features not required here. Application Gateway can be deployed directly in front of App Service to inspect and filter all internet traffic before it reaches the app.
A company has multiple Azure subscriptions and on-premises data centers connected via ExpressRoute. They want to centralize connectivity to the internet and enforce a single web filtering and security policy for all outbound internet traffic from Azure VMs. Which Azure networking architecture should they implement?
Explanation: Option A is correct because a hub-spoke topology with Azure Firewall in the hub provides a centralized point for routing all outbound internet traffic from Azure VMs. By using user-defined routes (UDRs) on the spoke subnets that point to the Azure Firewall as the default gateway (0.0.0.0/0 next hop), all outbound traffic is forced through the firewall, enabling consistent web filtering and security policy enforcement. This architecture also integrates seamlessly with ExpressRoute for on-premises connectivity, ensuring a single egress point for internet-bound traffic.
A company has multiple branch offices and needs to connect them to Azure and to each other using a scalable, managed solution that simplifies network architecture. The solution should support automatic routing and integration with ExpressRoute and VPN. Which Azure service should they use?
Explanation: Azure Virtual WAN is a managed networking service that aggregates branch, VPN, and ExpressRoute connectivity into a single hub-and-spoke architecture. It automatically handles routing between branches and Azure, supports any-to-any connectivity, and integrates natively with ExpressRoute and VPN gateways, making it the correct choice for a scalable, managed solution that simplifies network architecture.
A company runs a high-performance computing (HPC) workload on Azure that requires extremely low latency (under 10 microseconds) between multiple VMs for MPI communication. The VMs are part of a single job and must be placed together to minimize network latency. Which VM deployment option should they use?
Explanation: A Proximity Placement Group (PPG) within a Virtual Machine Scale Set ensures that all VMs are physically located as close as possible within an Azure datacenter, reducing network latency to under 10 microseconds for MPI communication. This is the only option that guarantees co-location of VMs for a single HPC job, as PPGs minimize inter-VM latency by placing VMs in the same rack or cluster.
+15 more Design infrastructure solutions questions available
Practice all Design infrastructure solutions questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Design infrastructure solutions. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Design infrastructure solutions questions on the AZ-305 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Design infrastructure solutions is tested as part of the Microsoft Azure Solutions Architect Expert AZ-305 blueprint. Practicing with targeted Design infrastructure solutions questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free AZ-305 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Design infrastructure solutions is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Design infrastructure solutions practice session with instant scoring and detailed explanations.
Start Design infrastructure solutions Practice →