Knowledge + Practice

AZ-305 · topic practice

IAM Policy practice questions

Use this page to practise AZ-305 IAM Policy practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.

20 questionsDomain: IAM Policy

Practice 10 questions Browse domain →

What the exam tests

What to know about IAM Policy

IAM Policy questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Practice set

IAM Policy questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice

Full question →

A company ingests IoT sensor data into Azure Blob Storage. Data is written frequently and accessed rarely after the first 24 hours. The company must retain the data for exactly 90 days for compliance. They want to minimize storage costs by automatically moving data to cheaper tiers as soon as possible. Which lifecycle management policy should they implement?

Full question →

Question 2easymultiple choice

Full question →

A company has multiple Azure subscriptions and on-premises data centers connected via ExpressRoute. They want to centralize connectivity to the internet and enforce a single web filtering and security policy for all outbound internet traffic from Azure VMs. Which Azure networking architecture should they implement?

Full question →

Question 3hardmultiple choice

Full question →

A company has multiple Azure subscriptions and wants to enforce that all administrators must use multi-factor authentication (MFA) when accessing the Azure portal. They also want to monitor and report on any policy changes that affect this enforcement. Which combination of Azure services should they use?

Full question →

Question 4mediummultiple choice

Full question →

A company runs a critical application on Azure VMs. They want to back up the VMs using Azure Backup. The retention requirements are: daily backups for 35 days, weekly backups for 52 weeks, and yearly backups for 10 years. Which backup policy should they create?

Full question →

Question 5mediummultiple choice

Full question →

A company ingests IoT sensor data into Azure Blob Storage. Data is written frequently and is accessed rarely after the first 24 hours. The company must retain the data for exactly 90 days for compliance. They want to minimize storage costs by automatically moving data to the cheapest possible storage tier as soon as possible. Which Azure Blob Storage lifecycle management policy should they implement?

Full question →

Question 6mediummultiple choice

Full question →

A company runs an application on Azure VMs that must be backed up according to regulatory compliance: daily backups retained for 30 days, weekly backups retained for 12 months, and yearly backups retained for 7 years. The backups must be stored in a secondary region for disaster recovery. They want to use Azure Backup for VMs. Which backup policy and storage configuration should they implement?

Full question →

Question 7hardmultiple choice

Full question →

A company uses Microsoft Entra ID B2B to collaborate with external vendors. They want to enforce that external users must use multi-factor authentication (MFA) and access company resources only from compliant devices (e.g., managed by Intune). They also want to require a session timeout of 1 hour. Which combination of Microsoft Entra ID features should they use?

Full question →

Question 8hardmultiple choice

Full question →

A company needs to store large amounts of unstructured data (log files) for analytics. The data is accessed frequently for the first 30 days, then occasionally for the next 90 days, and rarely after that but must be retained for 7 years for compliance. The data must not be modified or deleted during the retention period, and administrative access must not be able to bypass this restriction. They want to minimize storage costs. Which combination of Azure Blob Storage features should they configure?

Full question →

Question 9mediummultiple choice

Full question →

A company stores unstructured data such as documents and images in Azure Blob Storage. The data is accessed frequently for the first month, then only rarely for the next year, and after that must be retained for 10 years for compliance. The company wants to minimize storage costs by automatically moving data to the most cost-effective storage tiers. Which Azure Blob Storage feature should they implement?

Full question →

Question 10hardmultiple choice

Full question →

A company stores terabytes of archival data that must be retained for 10 years per regulatory requirements. The data is accessed infrequently (once or twice per year) and retrieval latency of up to 5 hours is acceptable. The company wants the lowest storage cost. They also need to ensure data is encrypted at rest and immutability to prevent deletion or modification during the retention period. Which Azure storage solution should they choose?

Full question →

Question 11hardmultiple choice

Full question →

A company stores petabytes of image files for a content delivery network. The images are accessed frequently for the first week, then rarely afterward. They must be retained for 5 years for compliance. The company wants to minimize storage costs while maintaining performance for frequently accessed data. Which storage solution and tier strategy should they recommend?

Full question →

Question 12mediummultiple choice

Full question →

A company uses Microsoft Entra ID (Microsoft Entra ID) and Microsoft Intune. They want to block all access to internal corporate applications from devices that are not enrolled in Intune and do not meet the company's compliance policies. The solution must apply to all cloud app access seamlessly. Which Microsoft Entra ID feature should they configure?

Full question →

Question 13easymultiple choice

Full question →

A company uses Microsoft Entra ID. They need to automatically block sign-ins from users whose accounts have been identified as high-risk for compromise. They also want users to be prompted to reset their password when the risk is detected. Which Microsoft Entra ID feature should they use?

Full question →

Question 14hardmultiple choice

Full question →

A company uses Microsoft Entra ID (Microsoft Entra ID) and Microsoft Intune. They want to block access to all corporate cloud applications (e.g., Office 365, Azure portal) from devices that are not enrolled in Intune or do not meet the company's compliance policies. The solution must work seamlessly for all cloud apps without requiring per-app configuration. Which Microsoft Entra ID feature should they configure?

Full question →

Question 15mediummultiple choice

Full question →

A company stores large amounts of log data in Azure Blob Storage. Logs are accessed frequently for the first 30 days, then rarely accessed afterward, but must be retained for 7 years for compliance. The company wants to minimize storage costs. They need to configure automatic data movement and retention policies. Which combination of Azure Blob Storage access tiers and lifecycle management policy should they use?

Full question →

Question 16mediummultiple choice

Full question →

A company uses Microsoft Entra ID (Microsoft Entra ID) for identity management. They want to automatically detect sign-in risks such as sign-ins from unfamiliar locations, anonymous IP addresses, or leaked credentials. Based on the risk level, they want to apply different controls: for low-risk sign-ins, show a message but allow access; for medium-risk sign-ins, require multi-factor authentication (MFA); for high-risk sign-ins, block the sign-in. They also need to receive a weekly summary report of risk events. Which Microsoft Entra ID feature should they configure?

Full question →

Question 17mediummultiple choice

Full question →

A company uses Microsoft Entra ID and wants to enforce that all users must use multi-factor authentication (MFA) when accessing sensitive applications. However, they want to exclude users when connecting from the corporate office IP range and only allow access from devices that are compliant with Intune policies. Which Microsoft Entra ID feature should they use to create this policy?

Full question →

Question 18mediummultiple choice

Full question →

A global e-commerce platform uses Azure Cosmos DB for its product catalog. The application requires multi-region writes to provide low-latency updates from any geographic location. Two users may update the same product item concurrently, so the solution must automatically resolve conflicts. For real-time inventory checks, reads must be strongly consistent, while product description reads can be eventually consistent. Which Cosmos DB configuration should they choose?

Full question →

Question 19easymultiple choice

Full question →

A company uses Microsoft Entra ID (Microsoft Entra ID). They need to automatically detect sign-ins from users with leaked credentials and prompt those users to reset their password during the next sign-in. Which Microsoft Entra ID feature should they enable?

Full question →

Question 20mediummultiple choice

Full question →

A company uses Microsoft Entra ID (Microsoft Entra ID). They want to automatically detect sign-in attempts from anonymous IP addresses and sign-ins from unfamiliar locations. When such a risk is detected, they want to block the sign-in or require multi-factor authentication (MFA) in real time. Additionally, they need a dashboard that provides a summary of risk events and allows investigation. Which Microsoft Entra ID feature should they use?

Full question →

Continue with 20-question session →

Watch out for

Common IAM Policy exam traps

▸Answering from memory before reading the full scenario.
▸Missing a constraint such as cost, availability, security, scope or command context.
▸Choosing a broad answer when the question asks for the most specific fix.
▸Ignoring why the wrong options are tempting.

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Sign up free Log in

Focused IAM Policy sessions

Start a IAM Policy only practice session

Every question in these sessions is drawn from the IAM Policy domain — nothing else.

10 questions 20 questions 30 questions 50 questions

Browse all IAM Policy questions →Mixed AZ-305 session

Related practice questions

Related AZ-305 topic practice pages

Move into related areas when this topic feels solid.

SAA-C03 VPC practice questions

Practise AZ-305 questions linked to SAA-C03 VPC.

SAA-C03 S3 lifecycle policy questions

Practise AZ-305 questions linked to SAA-C03 S3 lifecycle policy questions.

SAA-C03 RDS Multi-AZ questions

Practise AZ-305 questions linked to SAA-C03 RDS Multi-AZ questions.

SAA-C03 IAM policy practice questions

Practise AZ-305 questions linked to SAA-C03 IAM policy.

SAA-C03 Route 53 failover questions

Practise AZ-305 questions linked to SAA-C03 Route 53 failover questions.

SAA-C03 CloudFront practice questions

Practise AZ-305 questions linked to SAA-C03 CloudFront.

SAA-C03 NAT gateway questions

Practise AZ-305 questions linked to SAA-C03 NAT gateway questions.

SAA-C03 VPC endpoint questions

Practise AZ-305 questions linked to SAA-C03 VPC endpoint questions.

SAA-C03 Auto Scaling practice questions

Practise AZ-305 questions linked to SAA-C03 Auto Scaling.

SAA-C03 disaster recovery questions

Practise AZ-305 questions linked to SAA-C03 disaster recovery questions.

SAA-C03 high availability questions

Practise AZ-305 questions linked to SAA-C03 high availability questions.

SAA-C03 cost optimization questions

Practise AZ-305 questions linked to SAA-C03 cost optimization questions.

Frequently asked questions

What does the AZ-305 exam test about IAM Policy?: IAM Policy questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?: Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just IAM Policy questions in a focused session?: Yes — the session launcher on this page draws every question from the IAM Policy domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other AZ-305 topics?: Use the topic links above to move to related areas, or go back to the AZ-305 question bank to see all topics.
Are these real exam questions or dumps?: These are original practice questions written to test the same concepts the AZ-305 exam covers. They are not copied from any real exam or dump site.

IAM Policy only

10 questions 20 questions 30 questions 50 questions

Mixed AZ-305 session

Track your progress

A free account saves results across sessions and highlights which topics need work.

Study resources

All AZ-305 questions IAM Policy domain overview AZ-305 exam guide All AZ-305 domains

Exam traps to avoid

▸Answering from memory before reading the full scenario.
▸Missing a constraint such as cost, availability, security, scope or command context.
▸Choosing a broad answer when the question asks for the most specific fix.
▸Ignoring why the wrong options are tempting.