AZ-305 · topic practice

S3 Lifecycle Policy practice questions

Practise Microsoft Azure Solutions Architect Expert AZ-305 S3 Lifecycle Policy practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: S3 Lifecycle Policy

What the exam tests

What to know about S3 Lifecycle Policy

S3 Lifecycle Policy questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common S3 Lifecycle Policy exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

S3 Lifecycle Policy questions

20 questions · select your answer, then reveal the explanation

Question 1hardmultiple choice
Read the full NAT/PAT explanation →

A company has multiple Azure subscriptions and wants to enforce that all administrators must use multi-factor authentication (MFA) when accessing the Azure portal. They also want to monitor and report on any policy changes that affect this enforcement. Which combination of Azure services should they use?

A company needs to store and retrieve large binary files (e.g., images and videos) for a web application. The data must be accessible via HTTPS URLs and support both public read access for anonymous users and private access for administrators. The solution must be highly durable and cost-effective for storing terabytes of data. Which Azure storage solution should they recommend?

A company must prevent non-compliant devices from accessing Exchange Online and SharePoint Online. Which design should you recommend?

A company is migrating on-premises Windows applications that require LDAP, NTLM, or Kerberos authentication to Azure VMs. They want to provide domain services for these applications without deploying and managing domain controllers. Which Azure service should they use?

A company stores unstructured data such as documents and images in Azure Blob Storage. The data is accessed frequently for the first month, then only rarely for the next year, and after that must be retained for 10 years for compliance. The company wants to minimize storage costs by automatically moving data to the most cost-effective storage tiers. Which Azure Blob Storage feature should they implement?

A company needs to store audit logs for 7 years to meet compliance requirements. The logs are generated at a high volume and must be cost-effective. They need to run occasional queries on recent logs (less than 30 days old) but rarely on older ones. Which Azure storage solution should they recommend?

A company stores website static assets in Azure Blob Storage. The assets are updated weekly and must be available for immediate access for 30 days. After 30 days, older versions can be moved to the Cool tier to save costs but must still be accessible within seconds. They want an automated solution. What should they configure?

Question 8easymultiple choice
Read the full wireless explanation →

A company uses Microsoft Entra ID (Microsoft Entra ID). They need to ensure that users who access sensitive cloud applications from untrusted networks (e.g., public Wi-Fi) are prompted for multi-factor authentication (MFA). Which Microsoft Entra ID feature should they configure?

A company uses Microsoft Entra ID. They want to automatically detect sign-ins from anonymous IP addresses, sign-ins from unfamiliar locations, and other risky activities. When such a risk is detected, they want to block the sign-in or require multi-factor authentication. They also need a dashboard to review risk events. Which Microsoft Entra ID feature should they use?

A company wants to back up their Azure VMs (running Windows and Linux) to a Recovery Services vault. The backup data must be encrypted at rest using customer-managed keys. They also need to retain monthly backups for 5 years for compliance. Which configuration should they use?

A company stores terabytes of archival data that must be retained for 10 years per regulatory requirements. The data is accessed infrequently (once or twice per year) and retrieval latency of up to 5 hours is acceptable. The company wants the lowest storage cost. They also need to ensure data is encrypted at rest and immutability to prevent deletion or modification during the retention period. Which Azure storage solution should they choose?

Refer to the exhibit. You create this Azure Policy definition in a management group that contains all subscriptions. After assigning the policy, you notice that no audit events are generated when a new custom RBAC role is created. What is the most likely reason?

Exhibit

Refer to the exhibit.
{
  "type": "Microsoft.Authorization/policyDefinitions",
  "properties": {
    "displayName": "Audit usage of custom RBAC roles",
    "policyType": "Custom",
    "mode": "All",
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Authorization/roleDefinitions"
      },
      "then": {
        "effect": "Audit",
        "details": {
          "roleDefinitionIds": ["/providers/Microsoft.Authorization/roleDefinitions/*"]
        }
      }
    }
  }
}

Which TWO are benefits of using Microsoft Entra ID Governance? (Choose two.)

Your company uses Microsoft Entra ID to manage identities for 5,000 employees. You plan to implement Microsoft Entra ID Governance to automate the user provisioning lifecycle for a third-party SaaS application. The application supports SCIM 2.0. You need to ensure that user accounts are automatically created, updated, and disabled in the application based on changes in Entra ID. What should you do?

Your organization has a hybrid identity infrastructure with Microsoft Entra ID and on-premises Active Directory. You plan to implement Microsoft Entra ID Protection to detect and respond to identity risks. You need to ensure that risky sign-ins from anonymous IP addresses are automatically blocked, while still allowing legitimate users to self-remediate. What should you configure?

A company uses Microsoft Entra ID for identity management. They want to ensure that users accessing sensitive data from unmanaged devices are prompted for multifactor authentication (MFA) and must accept a terms-of-use. Which policy should be configured?

Your company has multiple Azure subscriptions managed by a management group. You need to enforce that all resources are deployed in the West US region only. Additionally, you must allow a specific resource group in the production subscription to be deployed in East US. What should you configure?

Your organization uses Azure Monitor to monitor a fleet of 500 VMs running Windows Server. You need to collect security event logs (Event ID 4625 for failed logons) from all VMs and send them to a Log Analytics workspace. The solution must support centralized configuration and be scalable. You also want to filter out high-volume noise events to reduce costs. What should you do?

Which THREE conditions should be met to implement a successful Azure landing zone for a new enterprise subscription? (Choose three.)

Your organization has multiple Azure subscriptions. You need to create a central view of policy compliance across all subscriptions. What should you use?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused S3 Lifecycle Policy sessions

Start a S3 Lifecycle Policy only practice session

Every question in these sessions is drawn from the S3 Lifecycle Policy domain — nothing else.

Related practice questions

Related AZ-305 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the AZ-305 exam test about S3 Lifecycle Policy?
S3 Lifecycle Policy questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just S3 Lifecycle Policy questions in a focused session?
Yes — the session launcher on this page draws every question from the S3 Lifecycle Policy domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other AZ-305 topics?
Use the topic links above to move to related areas, or go back to the AZ-305 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the AZ-305 exam covers. They are not copied from any real exam or dump site.