Question 1mediummultiple choice
Full question →AZ-305 · topic practice
NAT Gateway practice questions
Use this page to practise AZ-305 NAT Gateway practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.
What the exam tests
What to know about NAT Gateway
NAT questions usually test how private addresses are translated, when to use static NAT, dynamic NAT or PAT, and how inside/outside interfaces affect traffic flow.
Static NAT, dynamic NAT and PAT behaviour.
Inside local, inside global, outside local and outside global address meanings.
How NAT affects connectivity between private networks and public destinations.
How to troubleshoot NAT rules, ACL matches and interface direction.
Practice set
NAT Gateway questions
20 questions · select your answer, then reveal the explanation
Question 2mediummultiple choice
Full question →A company deploys a containerized application on Azure Kubernetes Service (AKS). They need to expose the application to the internet and provide TLS termination. The solution must also include a Web Application Firewall (WAF) to protect against common attacks. Which Azure service should they use as the ingress controller?
Question 3easymultiple choice
Full question →A company plans to deploy a web application on Azure VMs across multiple availability zones. They need to distribute incoming HTTP traffic across the VMs and provide health probes. Which Azure load balancing solution should they use?
Question 4easymultiple choice
Full question →A company deploys a web application on Azure VMs. They need to distribute incoming HTTP and HTTPS traffic based on the URL path: requests to /api/* go to one VM pool, requests to /images/* go to another pool. They also need to offload SSL/TLS termination. Which Azure load balancing solution should they use?
Question 5mediummultiple choice
Full question →A company deploys a web application on Azure VMs across multiple availability zones in the East US region. They need to distribute incoming HTTPS traffic across the VMs, offload SSL termination, and ensure that client requests from the same user session are sent to the same backend VM (session persistence). Which Azure load balancing solution should they choose?
Question 6mediummultiple choice
Full question →A company deploys a containerized microservices application on Azure Kubernetes Service (AKS). They need to expose the application to the internet with TLS termination and provide a single endpoint for multiple services. The solution must also include a Web Application Firewall (WAF). Which Azure service should they use as the ingress controller?
Question 7hardmultiple choice
Full question →A company has a hub-spoke network topology in Azure. They have multiple spoke VNets connected to a hub VNet via peering. They need to ensure that all east-west traffic between spoke VNets goes through a network virtual appliance (NVA) in the hub for inspection. Additionally, all outbound internet traffic from spoke VMs must use a single public IP address. What should they configure?
Question 8mediummultiple choice
Full question →A company deploys a web application on multiple Azure VMs in a single region. They need to distribute incoming HTTP and HTTPS traffic across the VMs, offload SSL/TLS termination, and maintain session persistence (sticky sessions) so that all requests from a user session go to the same backend VM. Which Azure load balancing solution should they use?
Question 9easymultiple choice
Full question →A company deploys a web application on multiple Azure virtual machines (VMs) in a single region. The application receives HTTP and HTTPS traffic. They need to distribute the traffic across the VMs, offload SSL/TLS termination, and ensure that client requests from the same user session are always sent to the same backend VM (session persistence). Additionally, they need to route requests based on URL paths (e.g., /api/* to one pool, /images/* to another). Which Azure load balancing solution should they use?
Question 10mediummultiple choice
Full question →A company has deployed several Azure VMs that do not have public IP addresses. Administrators need to securely connect to these VMs using RDP and SSH from the internet over a browser without deploying a jump box or managing VPN connections. The solution must use Microsoft Entra ID authentication for single sign-on. Which Azure service should they use?
Question 11easymultiple choice
Full question →A company deploys a web application on Azure VMs across availability zones. They need to distribute HTTPS traffic, offload SSL termination, and maintain session persistence. They do not require traffic inspection. Which Azure load balancing solution should they use?
Question 12mediummultiple choice
Full question →A company has headquarters and multiple branch offices worldwide, each with its own on-premises network. They want to connect all these sites to Azure and to each other over a single, centrally managed solution. They need high bandwidth connectivity for site-to-site traffic, support for both VPN and ExpressRoute connections, and automatic routing management without the complexity of configuring multiple VPN tunnels or BGP manually. Which Azure service should they use?
Question 13mediummultiple choice
Full question →A company deploys a web application on Azure virtual machines (VMs) across multiple availability zones. The application needs to automatically distribute incoming HTTPS traffic, offload SSL/TLS termination, and provide session persistence. Additionally, the solution must include a Web Application Firewall (WAF) to protect against common web vulnerabilities. Which Azure load balancing solution should they use?
Question 14easymultiple choice
Full question →A company deploys a web application on multiple Azure VMs within an availability set. They need to distribute incoming HTTP traffic evenly across the VMs and provide health probe monitoring. The solution must support SSL termination and source IP affinity (session persistence). Which Azure load balancing solution should they choose?
Question 15hardmultiple choice
Full question →A company deploys a multi-tier web application on Azure VMs across availability zones. The web tier must have SSL termination, session persistence, and health probe monitoring. Additionally, all traffic must be inspected by a central firewall for compliance. The solution must be highly available. Which combination of Azure services should they implement?
Question 16hardmultiple choice
Full question →A company is deploying a multi-tier web application on Azure. The web tier must be accessible from the internet. The application tier and database tier must be isolated within the virtual network and not directly accessible from the internet. The solution must provide SSL termination, URL-based routing, and Web Application Firewall (WAF) capabilities. Which Azure service should they use to expose the web tier?
Question 17easymultiple choice
Full question →A company deploys a web application on multiple Azure VMs. They need to distribute incoming HTTP traffic across the VMs, offload SSL/TLS termination, and maintain session persistence (sticky sessions) so that all requests from a user session go to the same backend VM. Which Azure load balancing solution should they use?
Question 18mediummultiple choice
Full question →A company deploys a web application across multiple Azure VMs in a single region. They need to distribute incoming HTTP traffic, offload SSL termination, and perform URL-based routing to different backend pools (e.g., /images to one pool, /api to another). Which Azure load balancing solution should they use?
Question 19hardmultiple choice
Full question →A company has multiple Azure virtual networks (VNets) spread across three Azure regions (West US, East US, and West Europe). They also have an on-premises network connected to East US via ExpressRoute. They need to connect all VNets to each other and to the on-premises network. They require centralized management of routing and the ability to enforce security policies such as forcing all internet-bound traffic from any VNet to pass through a central firewall in East US. Which Azure solution should they implement?
Question 20mediummultiple choice
Full question →A company plans to deploy a multi-tier application on Azure. The web tier requires SSL termination and health probes. The application tier must be isolated from the internet. The database tier requires high availability. They want to minimize administrative overhead and use Azure native services. Which architecture should they recommend?
Watch out for
Common NAT Gateway exam traps
- ▸PAT allows many inside hosts to share one public address by using port numbers.
- ▸NAT rules depend on correct inside and outside interface configuration.
- ▸The ACL used for NAT identifies traffic to translate; it is not always a security filtering ACL.
- ▸Static NAT maps one private address to one public address, while PAT overloads translations.
Free account
Track your progress over time
Create a free account to save your results and see which topics improve across sessions.
Focused NAT Gateway sessions
Start a NAT Gateway only practice session
Every question in these sessions is drawn from the NAT Gateway domain — nothing else.
Related practice questions
Related AZ-305 topic practice pages
Move into related areas when this topic feels solid.
SAA-C03 VPC practice questions
Practise AZ-305 questions linked to SAA-C03 VPC.
SAA-C03 S3 lifecycle policy questions
Practise AZ-305 questions linked to SAA-C03 S3 lifecycle policy questions.
SAA-C03 RDS Multi-AZ questions
Practise AZ-305 questions linked to SAA-C03 RDS Multi-AZ questions.
SAA-C03 IAM policy practice questions
Practise AZ-305 questions linked to SAA-C03 IAM policy.
SAA-C03 Route 53 failover questions
Practise AZ-305 questions linked to SAA-C03 Route 53 failover questions.
SAA-C03 CloudFront practice questions
Practise AZ-305 questions linked to SAA-C03 CloudFront.
SAA-C03 NAT gateway questions
Practise AZ-305 questions linked to SAA-C03 NAT gateway questions.
SAA-C03 VPC endpoint questions
Practise AZ-305 questions linked to SAA-C03 VPC endpoint questions.
SAA-C03 Auto Scaling practice questions
Practise AZ-305 questions linked to SAA-C03 Auto Scaling.
SAA-C03 disaster recovery questions
Practise AZ-305 questions linked to SAA-C03 disaster recovery questions.
SAA-C03 high availability questions
Practise AZ-305 questions linked to SAA-C03 high availability questions.
SAA-C03 cost optimization questions
Practise AZ-305 questions linked to SAA-C03 cost optimization questions.
Frequently asked questions
- What does the AZ-305 exam test about NAT Gateway?
- NAT questions usually test how private addresses are translated, when to use static NAT, dynamic NAT or PAT, and how inside/outside interfaces affect traffic flow.
- How should I use these practice questions?
- Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
- Can I practise just NAT Gateway questions in a focused session?
- Yes — the session launcher on this page draws every question from the NAT Gateway domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
- Where can I practise other AZ-305 topics?
- Use the topic links above to move to related areas, or go back to the AZ-305 question bank to see all topics.
- Are these real exam questions or dumps?
- These are original practice questions written to test the same concepts the AZ-305 exam covers. They are not copied from any real exam or dump site.
Track your progress
A free account saves results across sessions and highlights which topics need work.
Sign up freeExam traps to avoid
- ▸PAT allows many inside hosts to share one public address by using port numbers.
- ▸NAT rules depend on correct inside and outside interface configuration.
- ▸The ACL used for NAT identifies traffic to translate; it is not always a security filtering ACL.
- ▸Static NAT maps one private address to one public address, while PAT overloads translations.