AZ-305 · topic practice

Design identity, governance, and monitoring solutions practice questions

Practise Microsoft Azure Solutions Architect Expert AZ-305 Design identity, governance, and monitoring solutions practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Design identity, governance, and monitoring solutions

What the exam tests

What to know about Design identity, governance, and monitoring solutions

Design identity, governance, and monitoring solutions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Design identity, governance, and monitoring solutions exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Design identity, governance, and monitoring solutions questions

20 questions · select your answer, then reveal the explanation

Question 1hardmultiple choice
Read the full NAT/PAT explanation →

A large enterprise wants to enforce zero-trust conditional access policies that use real-time user risk, sign-in risk, and device compliance. Which combination of Microsoft Entra ID features should they use?

Question 2mediummultiple choice
Read the full NAT/PAT explanation →

A company needs to monitor sign-in logs from multiple Microsoft Entra ID tenants and analyze user sign-in patterns across those tenants. Which Azure solution should they use?

Question 3mediummultiple choice
Read the full NAT/PAT explanation →

A multinational company uses Microsoft Entra ID for identity. They need to grant external partners access to specific SharePoint Online sites. The access must be time-limited and require approval from a resource owner. Which Microsoft Entra ID feature should they use?

Question 4hardmultiple choice
Read the full NAT/PAT explanation →

A company has multiple Azure subscriptions and wants to enforce that all administrators must use multi-factor authentication (MFA) when accessing the Azure portal. They also want to monitor and report on any policy changes that affect this enforcement. Which combination of Azure services should they use?

A company uses Microsoft Entra ID for identity management. They need to automate the process of granting access to resources for employees and external partners, and require periodic access reviews to ensure compliance. Which Microsoft Entra ID feature should they use?

Question 6mediummultiple choice
Read the full NAT/PAT explanation →

A company has Microsoft Entra ID Premium P2 licenses and wants to ensure that privileged roles (e.g., Global Administrator) are only activated when needed and with approval. They also need to regularly review who has access to these roles. Which combination of features should they use?

A company wants to collect metrics and logs from all Azure resources in their subscription, including custom metrics from their applications, and create dashboards and alerts. Which Azure service should they use as the primary monitoring platform?

Question 8hardmultiple choice
Read the full NAT/PAT explanation →

A large enterprise has multiple Azure subscriptions and on-premises servers. They need to collect performance metrics (CPU, memory) from all servers, create custom dashboards to visualize health across workloads, and set up alerts for critical thresholds. They also need to retain log data for one year. Which combination of Azure services should they use?

Question 9hardmultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID B2B to collaborate with external vendors. They want to enforce that external users must use multi-factor authentication (MFA) and access company resources only from compliant devices (e.g., managed by Intune). They also want to require a session timeout of 1 hour. Which combination of Microsoft Entra ID features should they use?

A company requires all users to use multi-factor authentication (MFA) when accessing cloud applications. However, they want to exempt users from MFA when they connect from the company's headquarters, which has a trusted IP range. They want to enforce this policy centrally. Which Microsoft Entra ID feature should they use?

A company wants to configure policies that detect risky sign-ins (e.g., from anonymous IPs or unfamiliar locations) and automatically require multi-factor authentication (MFA) when such risk is detected. Which Microsoft Entra ID feature should they use to create these policies?

A company uses Microsoft Entra ID and wants to automate the lifecycle management of user accounts in their SaaS applications, such as Salesforce and ServiceNow. The solution should automatically create, update, and deactivate accounts when users join, move, or leave the organization. Which Microsoft Entra ID feature should they use?

A company uses Microsoft Entra ID and wants to allow users to sign in using their existing personal Microsoft accounts, Google, and Facebook identities. They also need custom sign-up and sign-in flows with collection of specific user attributes. Which Microsoft Entra ID feature should they use?

A company uses Microsoft Entra ID and wants to enforce that all users must use multi-factor authentication (MFA) when accessing sensitive applications. However, they want to exclude users when connecting from the corporate office IP range and only allow access from devices that are compliant with Intune policies. Which Microsoft Entra ID feature should they use to create this policy?

Question 15easymultiple choice
Read the full NAT/PAT explanation →

A multinational company uses Microsoft Entra ID. The company has regional IT teams that need to manage users and groups within their respective regions. Each region has a distinct set of users in specific organizational units. The company wants to assign the User Administrator role to regional IT staff, but limit their scope to only the users in their region. Which Microsoft Entra ID feature should they use?

Question 16hardmultiple choice
Read the full NAT/PAT explanation →

A large enterprise has a management group hierarchy with 50 subscriptions. They need to enforce that every resource group must have a 'CostCenter' tag and that any new resource group without that tag is automatically denied creation. Additionally, they need to ensure that only the Finance team can modify tags on any resource. They also want to generate monthly compliance reports showing which resources are non-compliant. Which combination of Azure services should they use?

Question 17hardmultiple choice
Study the full multicast explanation →

A company uses Microsoft Entra ID Privileged Identity Management (PIM) to control access to administrator roles. They want to implement a monitoring solution that sends an email to the security team whenever a user activates the Global Administrator role outside of standard business hours (9 AM–5 PM). They also need to track all activation history for quarterly audits. Which solution should they implement?

Question 18mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID B2B collaboration for external partners. They want to enforce that external users must use multi-factor authentication (MFA) and access company resources only from devices that are compliant with Intune policies. Additionally, they need to require a session timeout of 1 hour. Which combination of Microsoft Entra ID features should they use?

A company uses Microsoft Entra ID and wants to automate the process of granting access to internal applications and Microsoft 365 groups. Employees request access through a portal, and managers must approve the requests. The access should be automatically removed after a defined period, and managers must perform quarterly access reviews to confirm continued need. Which Microsoft Entra ID feature should they use?

A company wants to monitor sign-in failures for their Microsoft Entra ID-integrated applications. They need a dashboard in Azure Monitor showing sign-in failures by application and user location. Which data source should they stream to a Log Analytics workspace?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Design identity, governance, and monitoring solutions sessions

Start a Design identity, governance, and monitoring solutions only practice session

Every question in these sessions is drawn from the Design identity, governance, and monitoring solutions domain — nothing else.

Related practice questions

Related AZ-305 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the AZ-305 exam test about Design identity, governance, and monitoring solutions?
Design identity, governance, and monitoring solutions questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Design identity, governance, and monitoring solutions questions in a focused session?
Yes — the session launcher on this page draws every question from the Design identity, governance, and monitoring solutions domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other AZ-305 topics?
Use the topic links above to move to related areas, or go back to the AZ-305 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the AZ-305 exam covers. They are not copied from any real exam or dump site.