Practice set
Microsoft Azure Solutions Architect Expert AZ-305 questions
Question 1mediummultiple choice
Full question →A company is deploying a web application on Azure App Service. They need to guarantee that all traffic from the internet goes through a Web Application Firewall (WAF) before reaching the app. The solution must be cost-effective for a single application. Which Azure service should they place in front of the App Service?
Question 2hardmulti select
Full question →A company is designing hub-and-spoke networking. Spoke VNets must use a central Azure Firewall for outbound internet traffic. Which two configurations are required?
Question 3mediummultiple choice
Full question →A company is designing private access to a PaaS database from workloads in a VNet. The database should not be reachable over its public endpoint. What should be recommended?
Question 4hardmultiple choice
Full question →A data platform must support analytical queries over petabytes of files in a data lake, while preserving hierarchical namespaces and fine-grained ACLs. Which storage service should you design around?
Question 5mediummultiple choice
Full question →A database workload has an RPO of 15 minutes and an RTO of 4 hours. Cost is more important than near-zero data loss. Which design is usually more appropriate than synchronous multi-region replication?
Question 6mediummulti select
Full question →A hub-and-spoke Azure network must centralize outbound inspection and still allow spokes to resolve private endpoint DNS names. Which two components are commonly required? (Choose 2.)
Question 7hardmultiple choice
Full question →A multinational company uses Microsoft Entra ID and several Azure subscriptions. Security administrators need to review privileged role assignments every month and require justification for continued access. Which design should be recommended?
Question 8hardmultiple choice
Full question →A business-critical App Service application must survive a full regional outage. The recovery design should fail over automatically based on endpoint health and avoid DNS-cache delay where possible. Which service should front the regional deployments?
Question 9mediummultiple choice
Full question →A company backs up their Azure VMs using Azure Backup. They need to meet compliance that requires backups to be stored in a separate geographic region. Additionally, they want to be able to restore the entire VM to that secondary region in case of a regional disaster. What should they configure?
Question 10mediummultiple choice
Full question →A company deploys a containerized application on Azure Kubernetes Service (AKS). They need to expose the application to the internet and provide TLS termination. The solution must also include a Web Application Firewall (WAF) to protect against common attacks. Which Azure service should they use as the ingress controller?
Question 11mediummultiple choice
Full question →A company deploys a containerized microservices application on Azure Kubernetes Service (AKS). They need to expose the application to the internet with TLS termination and provide a single endpoint for multiple services. The solution must also include a Web Application Firewall (WAF). Which Azure service should they use as the ingress controller?
Question 12easymultiple choice
Full question →A company deploys a critical multi-tier application on Azure VMs. The application includes a database tier that must be recovered to the same point in time as the application tier after a disaster. They use Azure Site Recovery (ASR) for disaster recovery to a secondary region. They also need to run a custom script after failover to update connection strings. Which ASR feature should they use?
Question 13mediummultiple choice
Full question →A company deploys a multi-tier application on Azure virtual machines. They need to implement disaster recovery using Azure Site Recovery. The recovery plan must ensure that the database VMs are started before the application VMs, and the application VMs before the web VMs. They also need to run a script after failover to update DNS records. Which ASR feature should they use?
Question 14hardmultiple choice
Full question →A company deploys a multi-tier web application on Azure VMs across availability zones. The web tier must have SSL termination, session persistence, and health probe monitoring. Additionally, all traffic must be inspected by a central firewall for compliance. The solution must be highly available. Which combination of Azure services should they implement?
Question 15easymultiple choice
Full question →A company deploys a stateless web application on Azure VMs in a single region. They need to distribute incoming HTTP traffic across multiple VMs and perform health checks. The solution should be highly available within the region. Which Azure load balancing solution should they use?
Question 16easymultiple choice
Full question →A company deploys a web application across multiple Azure VMs in a single region. They want to distribute incoming HTTP traffic evenly across the VMs, offload SSL encryption, and provide a fixed public IP address for clients. Which Azure load balancing solution should they use?
Question 17mediummultiple choice
Full question →A company deploys a web application across multiple Azure VMs in a single region. They need to distribute incoming HTTP traffic, offload SSL termination, and perform URL-based routing to different backend pools (e.g., /images to one pool, /api to another). Which Azure load balancing solution should they use?
Question 18easymultiple choice
Full question →A company deploys a web application in two Azure regions for high availability. They need to automatically direct users to the nearest healthy region based on geographic location and endpoint health. Which Azure service should they use?
Question 19mediummultiple choice
Full question →A company deploys a web application on Azure virtual machines (VMs) across multiple availability zones in the East US region. The application receives HTTPS traffic. They need to distribute incoming traffic across the VMs, offload SSL/TLS termination, and ensure that client requests from the same user session are always sent to the same backend VM (session persistence). Which Azure load balancing solution should they choose?
Question 20mediummultiple choice
Full question →A company deploys a web application on Azure virtual machines (VMs) across multiple availability zones. The application needs to automatically distribute incoming HTTPS traffic, offload SSL/TLS termination, and provide session persistence. Additionally, the solution must include a Web Application Firewall (WAF) to protect against common web vulnerabilities. Which Azure load balancing solution should they use?
Question 21easymultiple choice
Full question →A company deploys a web application on Azure VMs across availability zones. They need to distribute HTTPS traffic, offload SSL termination, and maintain session persistence. They do not require traffic inspection. Which Azure load balancing solution should they use?
Question 22mediummultiple choice
Full question →A company deploys a web application on Azure VMs across multiple availability zones in a region. They need to distribute incoming traffic across VMs in all zones, maintain session persistence, and support SSL offloading and URL-based routing (e.g., /api/* to one pool, /app/* to another). Which Azure load balancing solution should they use?
Question 23mediummultiple choice
Full question →A company deploys a web application on Azure VMs across multiple availability zones in the East US region. They need to distribute incoming HTTPS traffic across the VMs, offload SSL termination, and ensure that client requests from the same user session are sent to the same backend VM (session persistence). Which Azure load balancing solution should they choose?
Question 24easymultiple choice
Full question →