AZ-305 Practice Test 1 – 50 Questions and Answers (Azure Solutions Architect Expert)

AZ-305 Practice Test 1: 51 Questions and Answers for Azure Solutions Architect Expert

Practice AZ-305 questions covering identity, governance, monitoring, data storage, business continuity, and Azure infrastructure solution design. Select your answers, review the explanations, and track your progress in the Learning Dashboard.

Exam: AZ-305Questions: 51Recommended score: 70%+Time: 90 minutes

Before you start

This practice test includes single-choice, multiple-response, and true/false questions. When a question requires more than one answer, the question text tells you exactly how many answers to choose.

AZ-305 practice test questions

Question 1: Which Azure feature allows you to enforce governance across multiple subscriptions by defining rules and ensuring compliance?

The correct answer is Azure Policy.

Azure Policy enables you to define and enforce rules for resource properties and deployments within Azure. You can apply these policies at the management group, subscription, or resource group level, ensuring consistent compliance across your environment. Policies can be used to restrict resource types, enforce naming standards, or require tags on resources. Azure Policy also allows you to remediate existing non-compliant resources automatically. This service is fundamental to maintaining governance and regulatory standards in Azure environments.

Related Microsoft Learn topic

Azure governance documentation

Question 2: Which service should you use to centralize identity management for multiple Azure tenants and on-premises directories?

The correct answer is Azure AD Connect.

Azure AD Connect is a tool that provides hybrid identity by synchronizing on-premises Active Directory objects to Azure Active Directory. It supports scenarios such as password hash synchronization, pass-through authentication, and federation. This centralization allows users to have a single identity across cloud and on-premises environments. Azure AD Connect also supports seamless sign-on and can help organizations with multiple Azure tenants maintain consistent identity management. Using this tool simplifies administration and enhances user experience.

Related Microsoft Learn topic

Azure governance documentation

Question 3: What is the primary purpose of Azure Management Groups?

The correct answer is Organize subscriptions for unified policy and access management.

Azure Management Groups provide a way to group multiple subscriptions together so you can apply governance and security controls at scale. This hierarchy allows policies and RBAC assignments to be inherited by all resources under a management group. Management groups are especially valuable for large organizations with many subscriptions that require centralized management. By using management groups, you can ensure consistent governance, compliance, and access control across your Azure estate.

Related Microsoft Learn topic

Azure governance documentation

Question 4: Which Azure feature enables users to request time-bound, approval-based access to critical resources?

The correct answer is Privileged Identity Management (PIM).

Azure PIM allows administrators to provide just-in-time privileged access to resources, reducing the risks associated with standing administrative permissions. Users can request access for a specific period, and administrators can require approval or enforce MFA as part of the process. PIM also provides audit logs and alerts for any changes or unusual activities related to privileged roles. This helps organizations maintain tight control over high-risk permissions. By leveraging PIM, you reduce the attack surface and ensure compliance with best security practices.

Related Microsoft Learn topic

Azure governance documentation

Question 5: Which two solutions can be used to monitor security events and alert administrators? Choose 2 answers.

The correct answers are Azure Monitor and Azure Sentinel.

Azure Monitor collects and analyzes telemetry from your cloud and on-premises environments, helping you detect, diagnose, and mitigate issues. It can generate alerts based on specific metrics or log data, enabling proactive response to security threats. Azure Sentinel is a cloud-native SIEM (Security Information and Event Management) system that ingests data from a wide range of sources, uses analytics to identify threats, and automates responses. Sentinel can correlate data and trigger automated playbooks for rapid response. Together, these tools provide comprehensive security monitoring and alerting capabilities in Azure.

Related Microsoft Learn topic

Azure governance documentation

Question 6: Which components are required to enable Azure AD Single Sign-On (SSO) for SaaS apps? Choose 2 answers.

The correct answers are Enterprise applications and App registrations.

Enterprise applications in Azure AD represent the SaaS or on-premises apps you want to integrate for SSO. App registrations provide the identity configuration and credentials that allow these applications to communicate with Azure AD for authentication. Together, they allow users to access applications using their Azure AD credentials, enabling seamless SSO. Proper configuration of these components is essential to maintain a secure and integrated identity solution. SSO reduces the need for users to remember multiple passwords and enhances organizational security.

Related Microsoft Learn topic

Azure governance documentation

Question 7: Which tasks are possible with Azure Monitor? Choose 2 answers.

The correct answers are Set up alerts for resource metrics and Collect and analyze log data.

Azure Monitor allows you to define alerts on metrics from Azure resources, enabling proactive notifications about potential issues. You can also use it to collect, aggregate, and analyze log data for troubleshooting and performance monitoring. This service integrates with Log Analytics to provide powerful querying and visualization capabilities. Azure Monitor is crucial for maintaining the health and performance of your infrastructure. It does not manage RBAC, policy compliance, or billing, but is central to observability in Azure.

Related Microsoft Learn topic

Azure governance documentation

Question 8: Which two features help protect identities from compromise in Azure AD? Choose 2 answers.

The correct answers are Identity Protection and Multi-factor Authentication.

Azure AD Identity Protection detects and responds to risky sign-ins and users, automatically enforcing additional controls if threats are detected. Multi-factor Authentication adds an extra layer of security, requiring users to provide additional verification beyond a password. These features help mitigate common attack vectors like phishing and credential theft. Together, they form the foundation of a strong identity security posture in Azure. Neither resource locks nor service endpoints directly address identity compromise.

Related Microsoft Learn topic

Azure governance documentation

Question 9: Azure AD Conditional Access policies can require MFA only for risky sign-ins.

The correct answer is True.

Azure AD Conditional Access policies are highly flexible and can be tailored to target specific scenarios, such as requiring multi-factor authentication (MFA) only for sign-ins deemed risky by Identity Protection. This helps balance security with user convenience, as users are only prompted for additional authentication when necessary. Conditional Access uses signals like user location, device state, and sign-in risk to enforce policies. By focusing MFA on risky sign-ins, organizations can strengthen security while reducing unnecessary friction for trusted users. This targeted approach improves the overall user experience.

Related Microsoft Learn topic

Azure governance documentation

Question 10: Azure Policy can automatically remediate non-compliant resources.

The correct answer is True.

Azure Policy supports not only compliance detection but also automated remediation tasks, known as policy initiatives or remediation tasks. For example, if a required tag is missing on a resource, Azure Policy can automatically apply the tag to bring the resource into compliance. Remediation can also include deploying specific configurations or settings as required by policy definitions. This automation greatly reduces manual intervention and supports ongoing compliance. Regular policy evaluation and remediation are essential for governance at scale.

Related Microsoft Learn topic

Azure governance documentation

Question 11: Activity logs in Azure Monitor retain data for a maximum of 365 days by default.

The correct answer is False.

By default, Azure activity logs are retained for 90 days, not 365. If you need longer retention, you must configure diagnostic settings to export logs to an Azure Storage account or Log Analytics workspace. This extended retention can be critical for meeting compliance and auditing requirements. Failing to configure additional retention could result in lost audit data after the default period. Always plan log retention in line with your organization's regulatory needs.

Related Microsoft Learn topic

Azure governance documentation

Question 12: Access Reviews in Azure AD can help ensure users do not retain unnecessary access.

The correct answer is True.

Access Reviews are a key feature in Azure AD Identity Governance that allow organizations to periodically review user access to resources. By using Access Reviews, administrators or group owners can evaluate if users still need access, removing permissions that are no longer necessary. This supports the principle of least privilege and minimizes security risks due to excessive or outdated access rights. Access Reviews can also be scheduled and automated, streamlining the process for large organizations. Regularly conducting these reviews improves both security and compliance.

Related Microsoft Learn topic

Azure governance documentation

Question 13: Which service provides a centralized dashboard for viewing, analyzing, and acting on alerts across Azure resources?

The correct answer is Azure Monitor.

Azure Monitor delivers a unified dashboard for tracking metrics, viewing logs, and managing alerts from across all Azure resources. It enables administrators to quickly respond to issues and optimize resource performance. The dashboard is highly customizable, allowing you to create visualizations tailored to your needs. Integration with Log Analytics and Application Insights further enhances observability. Using Azure Monitor's centralized dashboard is essential for efficient resource management and operational awareness.

Related Microsoft Learn topic

Azure governance documentation

Question 14: Which service can automate identity lifecycle management (provisioning, updates, removal) for SaaS applications?

The correct answer is Azure AD Identity Governance.

This solution includes features like Entitlement Management and automated user provisioning, making it easier to onboard and offboard users in connected SaaS applications. Automated provisioning helps eliminate manual errors and speeds up user access to required resources. Azure AD Identity Governance also supports access reviews and policy enforcement to maintain compliance. These capabilities are vital for organizations with large SaaS app portfolios. Using automated identity lifecycle management reduces security risks and administrative overhead.

Related Microsoft Learn topic

Azure governance documentation

Question 15: Which storage type in Azure is optimized for storing structured NoSQL data with high throughput?

The correct answer is Azure Cosmos DB.

Cosmos DB is a globally distributed, multi-model NoSQL database service. It is optimized for high throughput and low latency, making it suitable for mission-critical applications that require fast, consistent responses. Cosmos DB supports multiple APIs, including SQL, MongoDB, Cassandra, and Gremlin. It also provides comprehensive SLA-backed guarantees for performance and availability. This makes Cosmos DB a strong choice for modern cloud applications needing flexible, scalable, and resilient data storage.

Related Microsoft Learn topic

Azure Storage documentation

Question 16: What is the best Azure service for storing large, unstructured binary objects, such as images or video?

The correct answer is Azure Blob Storage.

Azure Blob Storage is designed specifically to store massive amounts of unstructured data such as text, images, video, and backups. It provides high durability and scalability, supporting workloads from small personal projects to global enterprise needs. Blobs can be accessed over HTTP/HTTPS and are integrated with features like lifecycle management, redundancy, and security. Blob Storage also supports data lake analytics for big data processing. Its flexibility and performance make it ideal for storing binary large objects.

Related Microsoft Learn topic

Azure Storage documentation

Question 17: Which Azure feature allows automated, policy-driven movement of blobs between Hot, Cool, and Archive tiers?

The correct answer is Blob Lifecycle Management.

This feature enables organizations to create rules that automatically move blobs to more cost-effective storage tiers based on criteria such as last access time or modification date. It helps reduce storage costs by transitioning infrequently accessed data to cooler or archive tiers. These policies can also automate the deletion of data after a specified period, supporting compliance and retention requirements. Blob Lifecycle Management operates at scale and is fully integrated with Azure Storage. Using this feature is essential for optimizing storage expenses in the cloud.

Related Microsoft Learn topic

Azure Storage documentation

Question 18: Which storage option is most suitable for high transaction OLTP workloads requiring relational capabilities?

The correct answer is Azure SQL Database.

Azure SQL Database is a fully managed relational database service that offers advanced querying, transaction support, and high availability. It is specifically designed to handle OLTP (Online Transaction Processing) workloads, ensuring ACID compliance and consistent performance. The service scales dynamically based on workload requirements and supports automated backups and point-in-time restore. Azure SQL Database also integrates security features like encryption, auditing, and threat detection. This makes it ideal for business-critical applications that need reliable, secure relational storage.

Related Microsoft Learn topic

Azure Storage documentation

Question 19: Which features help secure data at rest in Azure Storage accounts? Choose 2 answers.

The correct answers are Server-side encryption and Private Endpoints.

Server-side encryption ensures that all data stored in Azure Storage is automatically encrypted before being written to disk, providing a robust layer of protection against unauthorized access. Private Endpoints allow you to access Azure Storage accounts over a private network connection within Azure, preventing exposure to the public internet. This combination of encryption and network isolation greatly enhances the security of stored data. Using both features helps organizations meet regulatory and compliance requirements. Together, they are best practices for protecting sensitive cloud data.

Related Microsoft Learn topic

Azure Storage documentation

Question 20: Which two redundancy options are available for Azure Storage accounts to enhance durability? Choose 2 answers.

The correct answers are Locally Redundant Storage (LRS) and Geo-Redundant Storage (GRS).

LRS maintains multiple copies of your data within a single Azure datacenter, protecting against hardware failures. GRS replicates data to a secondary region, ensuring availability even if the primary region experiences an outage. These redundancy options provide different levels of durability and disaster recovery, allowing organizations to select the most appropriate protection for their needs. Redundancy is critical for minimizing the risk of data loss in cloud environments. Proper configuration of redundancy options is a key aspect of resilient storage design.

Related Microsoft Learn topic

Azure Storage documentation

Question 21: Which solutions are best for high-performance, low-latency data analytics on Azure? Choose 2 answers.

The correct answers are Azure Data Lake Storage Gen2 and Azure Synapse Analytics.

Azure Data Lake Storage Gen2 is built for big data analytics, providing hierarchical namespaces and high throughput for massive datasets. Azure Synapse Analytics is an integrated analytics service that combines big data and data warehousing, enabling real-time analytics across large datasets. Both services are optimized for parallel processing and scale-out architectures. This allows for efficient querying, data transformation, and analysis at enterprise scale. Using these solutions supports advanced business intelligence and machine learning scenarios.

Related Microsoft Learn topic

Azure Storage documentation

Question 22: Which actions can help reduce storage costs in Azure Blob Storage? Choose 2 answers.

The correct answers are Implement lifecycle management policies and Use Archive tier for infrequently accessed data.

Lifecycle management policies can automate the transition of data to lower-cost storage tiers or delete it when it is no longer needed. The Archive tier offers the lowest storage costs, making it ideal for data that is rarely accessed but must be retained for compliance or historical reasons. By using these features, organizations can optimize costs without sacrificing data retention requirements. Proper tiering is a vital strategy for cost control in cloud storage. Always review access patterns to determine the best approach.

Related Microsoft Learn topic

Azure Storage documentation

Question 23: Azure Files supports integration with on-premises Active Directory for authentication.

The correct answer is True.

Azure Files can be integrated with on-premises Active Directory Domain Services (AD DS), allowing organizations to control file share access using existing AD credentials and security groups. This enables single sign-on for users accessing Azure file shares from Windows, macOS, or Linux. Integration simplifies administration by leveraging existing identity and access management practices. It also supports scenarios like lift-and-shift of legacy applications to Azure. Using AD authentication for Azure Files helps maintain consistent security policies across hybrid environments.

Related Microsoft Learn topic

Azure Storage documentation

Question 24: Soft Delete in Azure Storage allows you to recover accidentally deleted blobs.

The correct answer is True.

Soft Delete is a feature in Azure Storage that retains deleted blobs for a specified retention period, giving administrators the ability to recover them if needed. This prevents accidental or malicious deletions from resulting in permanent data loss. Organizations can set the retention period according to their requirements. Soft Delete is important for compliance, data protection, and operational resilience. Enabling this feature is a best practice for critical workloads using Azure Blob Storage.

Related Microsoft Learn topic

Azure Storage documentation

Question 25: Which feature allows you to protect a blob from being overwritten or deleted for a specified time?

The correct answer is Immutable Blob Storage.

This feature allows you to set legal holds or time-based retention policies on blobs, preventing them from being modified or deleted until the policy expires. It is particularly useful for organizations with regulatory requirements for data retention. Immutable Blob Storage supports WORM (Write Once, Read Many) scenarios, making it suitable for storing audit logs and compliance records. Setting these policies ensures data integrity and meets compliance mandates. Using immutable storage is essential for protecting critical business and legal data.

Related Microsoft Learn topic

Azure Storage documentation

Question 26: Which Azure service provides automated backup for SQL databases with point-in-time restore?

The correct answer is Azure SQL Database automated backups.

This built-in feature of Azure SQL Database provides continuous backups with the ability to restore to any point in time within the retention period. Automated backups are managed by Microsoft and stored in geo-redundant storage for resilience. No manual configuration is required, making it easy for administrators to ensure recoverability. The retention period can be configured based on business needs and compliance requirements. Using automated backups is essential for business continuity and disaster recovery planning.

Related Microsoft Learn topic

Azure reliability documentation

Question 27: What is the primary function of Azure Site Recovery?

The correct answer is Disaster recovery orchestration.

Azure Site Recovery (ASR) is designed to replicate workloads running on physical and virtual machines from a primary site to a secondary location. In the event of an outage, you can fail over to the secondary site and continue operations with minimal disruption. ASR supports replication across Azure regions as well as from on-premises to Azure, offering flexible DR options. It also automates recovery plans and testing to ensure business continuity. ASR helps meet compliance and availability requirements for critical workloads.

Related Microsoft Learn topic

Azure reliability documentation

Question 28: Which metric best defines the maximum tolerable period data might be lost due to an incident?

The correct answer is Recovery Point Objective (RPO).

RPO measures the maximum age of data that may be lost due to a disruption, indicating how frequently data should be backed up. It is a crucial metric for designing backup and disaster recovery strategies. A shorter RPO means more frequent backups and less data loss. RTO, on the other hand, refers to the time taken to restore services after an incident. Understanding RPO is key to balancing data protection and operational cost.

Related Microsoft Learn topic

Azure reliability documentation

Question 29: Which option ensures that critical secrets are recoverable if accidentally deleted?

The correct answer is Soft Delete in Key Vault.

This feature retains deleted keys, secrets, and certificates for a configurable retention period, allowing administrators to recover them if deleted accidentally. Soft Delete prevents permanent loss due to human error or malicious actions. It works alongside Purge Protection to add another layer of protection. Enabling Soft Delete is recommended for all production Key Vaults. It is a critical feature for business continuity and compliance with data retention policies.

Related Microsoft Learn topic

Azure reliability documentation

Question 30: Which two Azure features can help minimize downtime during planned maintenance? Choose 2 answers.

The correct answers are Availability Zones and Update Domains.

Availability Zones distribute resources across physically separate datacenters within an Azure region, protecting against datacenter-level failures and reducing downtime. Update Domains, used in availability sets, ensure that not all instances of a resource are updated at the same time during maintenance. This allows applications to remain available even during platform updates. By combining these features, organizations can achieve high availability and business continuity. Proper use of both is a best practice for critical production workloads.

Related Microsoft Learn topic

Azure reliability documentation

Question 31: Which activities are part of designing a geo-disaster recovery plan for Azure SQL Database? Choose 2 answers.

The correct answers are Configure active geo-replication and Implement failover groups.

Active geo-replication allows you to create readable secondary replicas in different regions, providing both disaster recovery and load balancing capabilities. Failover groups enable automated failover and read-write endpoint management between primary and secondary databases across regions. These features support seamless business continuity with minimal data loss and downtime. Setting up these mechanisms is vital for mission-critical applications that require high availability. Geo-disaster recovery planning should always include these Azure SQL capabilities.

Related Microsoft Learn topic

Azure reliability documentation

Question 32: Azure Backup can protect both on-premises and cloud workloads.

The correct answer is True.

Azure Backup supports backing up data from on-premises servers, virtual machines, Azure Files, and various workloads running in the Azure cloud. It provides a centralized management platform for monitoring and restoring backups across different environments. Azure Backup uses Recovery Services vaults for secure storage and retention management. The service includes features like application-consistent backups, long-term retention, and encryption at rest. This flexibility makes Azure Backup a comprehensive solution for hybrid and cloud-native environments.

Related Microsoft Learn topic

Azure reliability documentation

Question 33: Azure Site Recovery can only replicate resources within a single Azure region.

The correct answer is False.

Azure Site Recovery supports replication of resources across different Azure regions, not just within a single region. This enables geographic redundancy and enhances business continuity planning. Replicating across regions helps protect against large-scale outages affecting an entire Azure region. Cross-region replication is essential for mission-critical workloads with strict disaster recovery requirements. Properly configuring region-to-region failover is a best practice for enterprise cloud solutions.

Related Microsoft Learn topic

Azure reliability documentation

Question 34: Which Azure service provides automated deployment and configuration of virtual networks, storage, and compute resources?

The correct answer is Azure Resource Manager.

Azure Resource Manager (ARM) is the foundational deployment and management service for all Azure resources. It enables the use of declarative templates to automate the deployment and configuration of networks, storage, compute, and more. ARM templates ensure repeatability and consistency across environments, supporting infrastructure as code principles. ARM also integrates with Azure Policy and RBAC to manage access and compliance. Using ARM is essential for scalable and maintainable cloud infrastructure.

Related Microsoft Learn topic

Azure Architecture Center

Question 35: Which Azure solution enables secure and scalable remote desktop access to corporate applications and data?

The correct answer is Azure Virtual Desktop.

Azure Virtual Desktop (AVD) is a managed desktop and application virtualization service that allows users to securely access their work environments from anywhere. It supports multi-session Windows 10/11 desktops, remote app delivery, and integration with Azure Active Directory. AVD can scale dynamically based on user demand and provides centralized management for administrators. The solution includes built-in security controls such as reverse connect, data isolation, and conditional access. AVD is ideal for supporting remote work, BYOD, and secure access to corporate resources.

Related Microsoft Learn topic

Azure Architecture Center

Question 36: Which networking service provides dedicated, private connectivity between your on-premises environment and Azure?

The correct answer is ExpressRoute.

ExpressRoute provides a private, dedicated connection between your on-premises infrastructure and Azure datacenters, bypassing the public internet. This results in increased security, higher reliability, and lower, more consistent latencies. ExpressRoute is often used for data-sensitive workloads and regulatory requirements. The service supports connections from co-location facilities, enterprise edge routers, and MPLS VPNs. Using ExpressRoute is a best practice for enterprises requiring predictable network performance and enhanced security.

Related Microsoft Learn topic

Azure Architecture Center

Question 37: What is the main advantage of using Azure Load Balancer?

The correct answer is Distributes incoming traffic among healthy instances.

Azure Load Balancer operates at Layer 4 (transport), automatically distributing network traffic to virtual machines or services based on health probes. It helps ensure high availability and resilience by routing requests only to healthy endpoints. Azure Load Balancer supports both inbound and outbound scenarios, including NAT rules and port forwarding. It is fully integrated with Azure networking and provides automatic reconfiguration as endpoints scale. Leveraging load balancing is crucial for building scalable and fault-tolerant applications in the cloud.

Related Microsoft Learn topic

Azure Architecture Center

Question 38: Which solution should you use to host web applications in a fully managed environment with autoscaling?

The correct answer is Azure App Service.

Azure App Service provides a fully managed platform for building, deploying, and scaling web applications and APIs. It supports multiple programming languages and integrates with DevOps tools for CI/CD. App Service offers built-in autoscaling, custom domains, SSL certificates, and authentication. Applications run in isolated containers, abstracting away server management tasks. Using App Service accelerates development and ensures high availability without infrastructure overhead.

Related Microsoft Learn topic

Azure Architecture Center

Question 39: Which Azure service allows for automated deployment, scaling, and management of containerized applications?

The correct answer is Azure Kubernetes Service.

AKS is a managed Kubernetes service that automates cluster deployment, scaling, and management of containerized workloads. It provides built-in integration with Azure networking, storage, and monitoring services. AKS offloads much of the operational complexity, such as patching and scaling, to Azure. This allows developers to focus on application logic rather than cluster management. AKS is recommended for organizations adopting microservices or container-based architectures at scale.

Related Microsoft Learn topic

Azure Architecture Center

Question 40: Which two features can be configured to ensure high availability for Azure Virtual Machines? Choose 2 answers.

The correct answers are Availability Sets and Availability Zones.

Availability Sets distribute VMs across fault and update domains within a datacenter, reducing the risk of downtime due to hardware or software maintenance. Availability Zones further increase resiliency by deploying VMs across physically separate datacenters within an Azure region. This approach protects against both planned and unplanned outages. Both features are essential for designing highly available, enterprise-grade solutions. Proper configuration ensures that your applications remain accessible even during failures or maintenance events.

Related Microsoft Learn topic

Azure Architecture Center

Question 41: Which Azure features help implement network security at the subnet level? Choose 2 answers.

The correct answers are Network Security Groups (NSGs) and Application Security Groups.

NSGs allow you to define inbound and outbound security rules at the subnet or network interface level, controlling traffic flow. Application Security Groups enable you to group VMs with similar functions and apply network rules collectively, simplifying management. Both features work together to enforce granular network security in Azure virtual networks. This approach enhances defense-in-depth and supports zero-trust architectures. Implementing subnet-level security is a best practice for protecting cloud resources.

Related Microsoft Learn topic

Azure Architecture Center

Question 42: Which two services can be used to deliver content globally with low latency? Choose 2 answers.

The correct answers are Azure Content Delivery Network and Azure Front Door.

Azure CDN caches and delivers static content from edge locations worldwide, reducing latency for users by serving content closer to their location. Azure Front Door provides global HTTP(S) load balancing, SSL offload, and web application firewall, further optimizing content delivery and application responsiveness. Both services are designed to improve the performance and reliability of applications accessed from different geographic regions. Using global delivery services is essential for customer-facing or high-traffic web applications. They ensure users receive fast, consistent access regardless of their location.

Related Microsoft Learn topic

Azure Architecture Center

Question 43: Which solutions enable secure and seamless connections between Azure virtual networks in different regions? Choose 2 answers.

The correct answers are VNet Peering and ExpressRoute Global Reach.

VNet Peering allows you to connect virtual networks within the same or different Azure regions, enabling low-latency, high-bandwidth communication between resources. ExpressRoute Global Reach extends private connectivity across on-premises and Azure networks worldwide. Both options ensure secure data transfer and support hybrid or multi-region architectures. Implementing these solutions helps organizations build resilient, globally distributed infrastructures. Security and performance are both improved by avoiding public internet routes.

Related Microsoft Learn topic

Azure Architecture Center

Question 44: Which actions can help you meet compliance requirements for resource deployment in Azure? Choose 2 answers.

The correct answers are Use Azure Blueprints and Apply Azure Policy.

Azure Blueprints allow you to package and deploy a set of resources, policies, and RBAC assignments as a repeatable blueprint, ensuring consistent compliance and governance. Azure Policy enforces specific rules on resource properties and deployment practices, automatically auditing or remediating non-compliant resources. Both tools help organizations adhere to regulatory standards and best practices. Using them simplifies resource management and reduces manual effort. Consistent policy enforcement is vital for passing compliance audits in the cloud.

Related Microsoft Learn topic

Azure Architecture Center

Question 45: Azure Virtual Machine Scale Sets automatically distribute instances across update domains.

The correct answer is True.

Azure Virtual Machine Scale Sets (VMSS) are designed to provide high availability by automatically distributing VM instances across multiple update and fault domains. This ensures that maintenance events or hardware failures affect only a portion of the instances, maintaining service continuity. VMSS supports autoscaling, rolling upgrades, and integration with load balancers for even greater resilience. Proper use of scale sets is essential for mission-critical or large-scale deployments. This architecture pattern is widely used for elastic, resilient cloud services.

Related Microsoft Learn topic

Azure Architecture Center

Question 46: Azure Firewall can filter both inbound and outbound network traffic.

The correct answer is True.

Azure Firewall is a fully stateful, managed firewall service that inspects, logs, and controls both inbound and outbound traffic for your Azure virtual networks. It supports both application and network rule collections, allowing granular control over traffic flows. You can enforce policies to restrict access to internet, between subnets, or even block known malicious domains. Azure Firewall integrates with threat intelligence to actively block traffic from or to known bad IP addresses. Its scalability and deep integration with Azure make it a central component of cloud network security.

Related Microsoft Learn topic

Azure Architecture Center

Question 47: Azure Application Gateway only supports Layer 4 load balancing.

The correct answer is False.

Azure Application Gateway is designed as a Layer 7 (application layer) load balancer, providing advanced routing and application delivery features. Unlike traditional load balancers that work at the transport layer, Application Gateway can make routing decisions based on HTTP/S attributes such as URL path or host headers. It supports SSL termination, cookie-based session affinity, and a Web Application Firewall (WAF) to protect against common threats. These capabilities are vital for modern web applications requiring intelligent routing and enhanced security. Using Application Gateway ensures optimized and secure delivery of your web workloads.

Related Microsoft Learn topic

Azure Architecture Center

Question 48: Azure Bastion allows secure RDP/SSH access to virtual machines without exposing public IP addresses.

The correct answer is True.

Azure Bastion is a fully managed service that provides seamless and secure RDP and SSH connectivity to virtual machines directly through the Azure portal. By using Bastion, you eliminate the need to assign public IP addresses to your VMs, reducing the attack surface for brute-force attacks. Traffic is tunneled over SSL, ensuring data confidentiality and integrity during sessions. This service is especially valuable for organizations with strict security requirements or zero-trust architectures. Using Azure Bastion greatly enhances your security posture for remote administration.

Related Microsoft Learn topic

Azure Architecture Center

Question 49: Which feature can be used to automate configuration and deployment of resources according to predefined standards?

The correct answer is Azure Blueprints.

Azure Blueprints lets you orchestrate the deployment of a set of resource templates, policies, and RBAC assignments as a single, repeatable package. This ensures that environments are created consistently and in compliance with organizational or regulatory requirements. Blueprints are especially useful for large enterprises or regulated industries that need to enforce standardized deployments across teams or projects. You can version and update blueprints as your standards evolve, enabling agile yet controlled infrastructure management. Leveraging Blueprints helps minimize configuration drift and speeds up environment provisioning.

Related Microsoft Learn topic

Azure Architecture Center

Question 50: What is the primary purpose of Azure Private Link?

The correct answer is Provide private connectivity to Azure services over the Microsoft backbone.

Azure Private Link allows you to access PaaS services like Azure Storage or SQL Database privately from within your virtual network, bypassing the public internet. This enhances security by preventing data exfiltration risks and allows you to meet stringent compliance requirements. Private Link can be used with both Microsoft and third-party services available in Azure Marketplace. By using Private Link, you ensure that sensitive data remains within your organization's trusted network boundaries. It's a recommended practice for securing communications between your workloads and Azure services.

Related Microsoft Learn topic

Azure Architecture Center

Question 51: Which solution is recommended for hosting serverless event-driven workloads in Azure?

The correct answer is Azure Functions.

Azure Functions is a serverless compute service that lets you run code in response to events or triggers without having to manage servers. It automatically scales to handle varying workloads, charging you only for actual usage, not pre-provisioned resources. Functions are ideal for building microservices, automating tasks, or integrating with other Azure and external services through bindings and triggers. This approach reduces operational overhead and accelerates time to market for new features. Serverless architectures like Azure Functions are increasingly popular for agile, event-driven cloud applications.

Related Microsoft Learn topic

Azure Architecture Center

Comments