Courseiva
AZ-305
Full test
hardmultiple choiceObjective-mapped

A company needs to store large amounts of unstructured data (log files) for analytics. The data is accessed frequently for the first 30 days, then occasionally for the next 90 days, and rarely after that but must be retained for 7 years for compliance. The data must not be modified or deleted during the retention period, and administrative access must not be able to bypass this restriction. They want to minimize storage costs. Which combination of Azure Blob Storage features should they configure?

Question 1hardmultiple choice
Full question →

A company needs to store large amounts of unstructured data (log files) for analytics. The data is accessed frequently for the first 30 days, then occasionally for the next 90 days, and rarely after that but must be retained for 7 years for compliance. The data must not be modified or deleted during the retention period, and administrative access must not be able to bypass this restriction. They want to minimize storage costs. Which combination of Azure Blob Storage features should they configure?

Full question →

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

A

Best answer

Configure a lifecycle management policy to move blobs to Cool tier after 30 days and to Archive tier after 120 days. Apply a time-based retention policy with a retention period of 2,555 days and lock it.

A locked time-based retention policy on the container ensures that blobs cannot be deleted or overwritten for the specified duration (7 years = 2555 days). Lifecycle management moves blobs to cost-efficient tiers. Locking prevents bypass.

B

Distractor review

Enable soft delete and versioning on the storage account, and use a custom script to delete blobs after 7 years. Manually move blobs to Cool and Archive tiers using Azure PowerShell.

Soft delete and versioning do not prevent all modifications and can be bypassed by administrators with proper permissions. Manual tier changes are not automated and may fail sporadically.

C

Distractor review

Set each blob's access tier to Cool on upload, then manually change to Archive after 30 days. Enable Azure Backup on the storage account for retention.

Manual tier management is not scalable and prone to human error. Azure Backup does not enforce immutability or automatically transition tiers. It only provides recovery points.

D

Distractor review

Apply a legal hold on the container to prevent deletion, and configure a lifecycle policy to move blobs to Archive after 30 days.

Legal hold does not prevent modifications, only deletion. Also, it must be removed manually after 7 years. The scenario requires both deletion and modification protection for the full period.

Common exam trap

Common exam trap: NAT rules depend on direction and matching traffic

NAT is not only about the public address. The inside/outside interface roles and the ACL or rule that matches traffic are just as important.

Technical deep dive

How to think about this question

NAT questions usually test address translation, overload/PAT behaviour, static mappings and whether the right traffic is being translated. Read the interface direction and address terms carefully.

KKey Concepts to Remember

  • Static NAT maps one inside address to one outside address.
  • PAT allows many inside hosts to share one public address using ports.
  • Inside local and inside global describe the private and translated addresses.
  • NAT ACLs identify traffic for translation, not always security filtering.

TExam Day Tips

  • Identify inside and outside interfaces first.
  • Check whether the scenario needs static NAT, dynamic NAT or PAT.
  • Do not confuse NAT matching ACLs with normal packet-filtering intent.

Related practice questions

Related AZ-305 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

SAA-C03 VPC practice questions

Practise AZ-305 questions linked to SAA-C03 VPC.

SAA-C03 S3 lifecycle policy questions

Practise AZ-305 questions linked to SAA-C03 S3 lifecycle policy questions.

SAA-C03 RDS Multi-AZ questions

Practise AZ-305 questions linked to SAA-C03 RDS Multi-AZ questions.

SAA-C03 IAM policy practice questions

Practise AZ-305 questions linked to SAA-C03 IAM policy.

SAA-C03 Route 53 failover questions

Practise AZ-305 questions linked to SAA-C03 Route 53 failover questions.

SAA-C03 CloudFront practice questions

Practise AZ-305 questions linked to SAA-C03 CloudFront.

SAA-C03 NAT gateway questions

Practise AZ-305 questions linked to SAA-C03 NAT gateway questions.

SAA-C03 VPC endpoint questions

Practise AZ-305 questions linked to SAA-C03 VPC endpoint questions.

SAA-C03 Auto Scaling practice questions

Practise AZ-305 questions linked to SAA-C03 Auto Scaling.

SAA-C03 disaster recovery questions

Practise AZ-305 questions linked to SAA-C03 disaster recovery questions.

SAA-C03 high availability questions

Practise AZ-305 questions linked to SAA-C03 high availability questions.

SAA-C03 cost optimization questions

Practise AZ-305 questions linked to SAA-C03 cost optimization questions.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

Question 1

A company is designing hub-and-spoke networking. Spoke VNets must use a central Azure Firewall for outbound internet traffic. Which two configurations are required?

Question 2

A company is designing private access to a PaaS database from workloads in a VNet. The database should not be reachable over its public endpoint. What should be recommended?

Question 3

A data platform must support analytical queries over petabytes of files in a data lake, while preserving hierarchical namespaces and fine-grained ACLs. Which storage service should you design around?

Question 4

A database workload has an RPO of 15 minutes and an RTO of 4 hours. Cost is more important than near-zero data loss. Which design is usually more appropriate than synchronous multi-region replication?

Question 5

A hub-and-spoke Azure network must centralize outbound inspection and still allow spokes to resolve private endpoint DNS names. Which two components are commonly required? (Choose 2.)

Question 6

A multinational company uses Microsoft Entra ID and several Azure subscriptions. Security administrators need to review privileged role assignments every month and require justification for continued access. Which design should be recommended?

FAQ

Questions learners often ask

What does this AZ-305 question test?

Static NAT maps one inside address to one outside address.

What is the correct answer to this question?

The correct answer is: Configure a lifecycle management policy to move blobs to Cool tier after 30 days and to Archive tier after 120 days. Apply a time-based retention policy with a retention period of 2,555 days and lock it. — To meet the requirements, you need to automatically transition blobs between access tiers based on age using a lifecycle management policy, and apply a time-based retention policy to protect blobs from deletion/modification. The time-based retention policy with the 'Locked' option prevents administrators from using elevated permissions to bypass the immutability, because once locked, the policy cannot be removed or shortened. Cool and Archive tiers minimize costs.

What should I do if I get this AZ-305 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.

Discussion

Loading comments…

Sign in to join the discussion.