AZ-305 Practice Test 2 – 50 Questions and Answers (Azure Solutions Architect Expert)

AZ-305 Practice Test 2: 50 Questions and Answers for Azure Solutions Architect Expert

Practice AZ-305 questions covering identity, governance, monitoring, data storage, business continuity, and Azure infrastructure solution design. Select your answers, review the explanations, and track your progress in the Learning Dashboard.

Exam: AZ-305Questions: 50Recommended score: 70%+Time: 90 minutes

Before you start

This practice test includes single-choice, multiple-response, and true/false questions. When a question requires more than one answer, the question text tells you exactly how many answers to choose.

AZ-305 practice test questions

Question 1: Which Azure service provides a unified dashboard to analyze sign-in activity, risky users, and security recommendations for Azure AD?

The correct answer is Identity Protection.

Azure AD Identity Protection provides insights into sign-in risks, compromised accounts, and risky users. It uses machine learning to detect suspicious behavior such as impossible travel or leaked credentials. Administrators can configure Conditional Access policies to respond automatically to detected risks. The dashboard summarizes trends and provides actionable recommendations. It integrates with Azure Monitor and Security Center for centralized visibility. Using Identity Protection is a core practice in zero-trust identity management.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 2: Which two services enable centralized auditing and enforcement of Azure configuration standards across management groups? Choose 2 answers.

The correct answers are Azure Policy and Azure Blueprints.

Azure Policy defines and enforces resource configurations to ensure compliance at scale. Azure Blueprints packages policies, RBAC assignments, and templates for reusable deployments. When combined, they allow consistent enforcement of organizational standards across multiple subscriptions. These tools help detect drift, automate remediation, and simplify compliance audits. They are the foundation of Azure governance models. Together they provide both operational efficiency and regulatory alignment for enterprises.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 3: Azure AD B2C can be integrated with external identity providers such as Google, Facebook, and Microsoft accounts.

The correct answer is True.

Azure AD B2C (Business-to-Consumer) enables integration with social identity providers like Google, Facebook, Apple, and Microsoft. It supports OpenID Connect, OAuth2, and SAML protocols. This allows customers to authenticate using familiar credentials while maintaining centralized policy control. It simplifies registration and improves user experience in consumer-facing applications. B2C also supports custom user journeys through identity experience frameworks. This flexibility makes it ideal for building secure, scalable customer identity solutions.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 4: Which Azure service should you use to host a managed PostgreSQL database with flexible scaling and zone redundancy?

The correct answer is Azure Database for PostgreSQL Flexible Server.

It is a managed relational database service that supports built-in high availability and zone redundancy. Flexible Server allows fine-grained control over maintenance windows, scaling, and backup retention. It offers both burstable and general-purpose compute tiers for cost efficiency. Automated patching and backup simplify operations. The service supports VNet integration for network isolation. It is ideal for production-grade PostgreSQL workloads needing predictable performance and resilience.

Related Microsoft Learn topic

Azure Storage documentation

Question 5: Which two features improve security for Azure SQL Database connections? Choose 2 answers.

The correct answers are Private Link and Transparent Data Encryption.

Private Link ensures that SQL Database connections occur over the Microsoft backbone rather than the public internet. Transparent Data Encryption automatically encrypts data at rest using symmetric keys managed by Azure. Combined, they protect against data exposure both in transit and at rest. These features are enabled with minimal configuration. They are essential for compliance with data security standards such as ISO and GDPR. Implementing them strengthens defense-in-depth for database workloads.

Related Microsoft Learn topic

Azure Storage documentation

Question 6: Which feature allows you to perform disaster recovery testing in Azure Site Recovery without impacting production workloads?

The correct answer is Test Failover.

This feature in Azure Site Recovery lets administrators validate disaster recovery plans by simulating a failover to an isolated network. The production environment continues running unaffected during testing. It ensures that failover procedures, configurations, and applications work as expected. Test Failover provides valuable insights for improving recovery readiness. It can be automated through Recovery Plans. Regular testing helps meet compliance and audit requirements. Using it confirms that business continuity processes are effective and reliable.

Related Microsoft Learn topic

Azure Site Recovery overview

Question 7: Azure Backup encrypts all data in transit and at rest using AES-256 encryption by default.

The correct answer is True.

Azure Backup secures backup data using AES-256 encryption for both in-transit and at-rest protection. This ensures confidentiality even if the storage media is compromised. Encryption keys can be managed automatically by Azure or integrated with Azure Key Vault for customer-managed keys. Encryption occurs before data leaves the source system. Azure Backup also complies with major security and privacy certifications. This design fulfills enterprise data protection and compliance obligations efficiently.

Related Microsoft Learn topic

Azure Site Recovery overview

Question 8: Which Azure service allows automatic patching, monitoring, and scaling of managed Kubernetes clusters?

The correct answer is Azure Kubernetes Service.

AKS automates deployment, patching, and scaling of Kubernetes clusters. It integrates with Azure Monitor, Container Insights, and Azure Policy for observability and governance. The service handles node lifecycle management and version upgrades. AKS supports autoscaling based on workload demand, improving resource efficiency. It integrates with Azure Active Directory for role-based access control. Using AKS simplifies container orchestration and reduces operational complexity in production-grade environments.

Related Microsoft Learn topic

Azure Architecture Center

Question 9: Which two Azure services provide centralized logging and metrics for infrastructure monitoring? Choose 2 answers.

The correct answers are Azure Monitor and Log Analytics.

Azure Monitor collects and aggregates telemetry from Azure and on-premises resources. Log Analytics enables querying, visualization, and alerting on log data. Together they provide comprehensive insights into infrastructure health and performance. They help detect anomalies, automate alerts, and visualize KPIs. These services integrate with dashboards for real-time monitoring. They are essential for maintaining operational excellence and reliability. Using both ensures unified observability across distributed environments.

Related Microsoft Learn topic

Azure Architecture Center

Question 10: Azure Availability Zones provide higher fault isolation than Availability Sets within the same region.

The correct answer is True.

Availability Zones distribute resources across physically separate datacenters within a region, ensuring greater fault tolerance. Each zone has independent power, cooling, and networking. Availability Sets only distribute resources within a single datacenter across update and fault domains. Using zones protects workloads from complete datacenter failures. Combining zones with managed services enhances high availability and resilience. This design is essential for mission-critical applications requiring strict SLA compliance. It is the preferred approach for modern enterprise deployments.

Related Microsoft Learn topic

Azure Architecture Center

Question 11: Which Azure service enables you to create reusable policy definitions and apply them across multiple subscriptions for consistent compliance?

The correct answer is Azure Policy.

Azure Policy provides a centralized way to define and enforce rules that ensure resources remain compliant with organizational standards. Policies can restrict specific regions, enforce tags, or mandate configurations. You can apply them at management group or subscription level, allowing scalable governance. Azure Policy can also audit and automatically remediate non-compliant resources. It helps organizations maintain consistent security and compliance posture. In enterprise architectures, it is the foundation of Azure governance.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 12: Which service integrates on-premises Active Directory with Azure Active Directory for hybrid identity management?

The correct answer is Azure AD Connect.

This tool synchronizes users, groups, and credentials between on-premises Active Directory and Azure AD. It supports password hash synchronization, pass-through authentication, and federation. It ensures users have a unified identity across environments. Azure AD Connect simplifies authentication for hybrid infrastructures. It helps maintain consistent access control policies. It is essential for organizations adopting a hybrid cloud model.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 13: Which feature provides just-in-time privileged access to Azure resources?

The correct answer is Privileged Identity Management.

PIM reduces standing administrative access by allowing time-bound role activations with approval workflows. Administrators can enforce MFA before role elevation. It includes alerts, auditing, and access review capabilities. PIM helps organizations adhere to least-privilege principles. It integrates with Azure AD and supports fine-grained control. Implementing PIM improves both security and compliance.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 14: Which Azure solution aggregates logs from multiple sources and uses analytics to detect threats?

The correct answer is Microsoft Sentinel.

Sentinel is a cloud-native SIEM and SOAR platform that collects and correlates security data from Azure, on-premises, and third-party sources. It uses AI-driven analytics to detect and investigate incidents. Playbooks enable automated responses to threats. Sentinel improves situational awareness across hybrid environments. It reduces detection time and supports compliance frameworks. It is a critical component of modern Azure security design.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 15: Which feature allows users to access cloud resources from any device under conditional policies like MFA and location?

The correct answer is Conditional Access.

Conditional Access policies evaluate sign-in signals such as device compliance, location, and risk to enforce contextual access decisions. It supports enforcing MFA, blocking risky sign-ins, or requiring compliant devices. Conditional Access enhances security without overly restricting productivity. It integrates with Identity Protection for adaptive access control. It is a cornerstone of zero-trust architectures. Proper configuration balances usability and protection.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 16: Which two tools help automate deployment of governance and compliance baselines in Azure? Choose 2 answers.

The correct answers are Azure Blueprints and Azure Policy.

Blueprints package policies, RBAC assignments, and ARM templates for consistent environment creation. Azure Policy enforces compliance by auditing or denying resource configurations. Together they provide a repeatable governance framework. These tools reduce drift between environments. They simplify enterprise governance at scale. They are recommended for organizations managing multiple subscriptions.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 17: Which two services provide visibility and metrics across Azure resources for proactive monitoring? Choose 2 answers.

The correct answers are Azure Monitor and Log Analytics.

Azure Monitor collects metrics and logs from cloud and on-premises environments, while Log Analytics enables querying and visualization. Together they provide end-to-end observability. They support alerting, dashboards, and anomaly detection. Integrations with Application Insights enhance application performance tracking. These tools are essential for operational excellence. They enable proactive maintenance and rapid incident resolution.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 18: Which two features are used to prevent identity compromise in Azure Active Directory? Choose 2 answers.

The correct answers are Multi-factor Authentication and Identity Protection.

MFA requires additional verification factors, reducing credential theft risk. Identity Protection detects and responds to risky sign-ins and users using adaptive policies. These features enforce stronger authentication controls. They integrate into Conditional Access to create risk-based enforcement. Implementing both is essential for securing user accounts. They significantly enhance identity resilience in Azure AD.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 19: Azure AD Access Reviews can be scheduled to automatically revoke unnecessary group memberships.

The correct answer is True.

Access Reviews enable organizations to periodically assess user access to groups, apps, and roles. Reviews can be automated and delegated to resource owners. Expired or unapproved access is automatically revoked. This maintains least-privilege principles. It supports regulatory compliance and reduces insider risk. Regular access reviews are recommended in large enterprise environments.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 20: Activity logs in Azure Monitor are retained indefinitely by default.

The correct answer is False.

Azure Activity Logs are retained for 90 days by default. To keep them longer, administrators must export logs to a Storage account or Log Analytics workspace. This ensures compliance and audit readiness. Without configuration, older data will be purged automatically. Planning retention is critical for governance and forensics. Log export is a standard practice in production environments.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 21: Azure Blueprints can include role assignments, policies, and ARM templates as reusable artifacts.

The correct answer is True.

Blueprints encapsulate governance components like RBAC roles, ARM templates, and policies. They allow consistent environment provisioning across subscriptions. Version control ensures repeatability. Blueprints streamline compliance for new projects. They integrate with Policy to enforce rules automatically. They are essential for managing enterprise-scale deployments.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 22: Which Azure service provides recommendations for cost optimization, performance, and reliability improvements?

The correct answer is Azure Advisor.

Azure Advisor analyzes deployed resources and recommends improvements aligned to best practices. It provides insights across cost, security, reliability, and performance categories. Recommendations can be automated using remediation scripts. Advisor integrates with Policy and Security Center for holistic optimization. It enables continuous improvement of deployed environments. Regularly reviewing Advisor insights helps maintain operational efficiency.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 23: Which service allows delegated resource management across multiple tenants securely?

The correct answer is Azure Lighthouse.

Lighthouse enables cross-tenant management for service providers or enterprise teams. It allows secure delegation with precise RBAC scopes. It simplifies MSP and multi-tenant administration. All actions are logged for transparency. Lighthouse enhances efficiency for organizations managing multiple tenants. It integrates naturally with Azure governance tools for unified control.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 24: Which component helps monitor sign-in attempts and risky behavior in Azure AD?

The correct answer is Azure AD Identity Protection.

It identifies anomalous sign-ins, leaked credentials, and compromised accounts. Administrators can configure risk policies to require MFA or block access automatically. Reports offer visibility into risky users and sessions. It integrates with Conditional Access to apply mitigations dynamically. This service is vital for proactive identity defense. It strengthens the Azure security baseline through adaptive access control.

Related Microsoft Learn topic

AZ-305 study guide on Microsoft Learn

Question 25: Which Azure service provides globally distributed NoSQL database with multi-region writes and low latency?

The correct answer is Azure Cosmos DB.

It supports multiple APIs such as SQL, MongoDB, Cassandra, and Gremlin. It offers guaranteed throughput, latency, and availability SLAs. Multi-region replication ensures global scalability. Consistency levels allow trade-offs between performance and reliability. Cosmos DB suits mission-critical, real-time applications. It simplifies data replication and global access patterns.

Related Microsoft Learn topic

Azure Storage documentation

Question 26: Which storage type should you choose for hosting unstructured binary data such as images and video?

The correct answer is Azure Blob Storage.

It stores massive unstructured data efficiently with hot, cool, and archive tiers. Blobs can be accessed via REST APIs or SDKs globally. It offers built-in redundancy, encryption, and lifecycle management. Blob Storage integrates with Content Delivery Network for performance. It is ideal for scalable media, backups, and analytics workloads. It underpins Azure Data Lake Gen2 for big data analytics.

Related Microsoft Learn topic

Azure Storage documentation

Question 27: Which feature automatically transitions blobs between storage tiers to reduce cost?

The correct answer is Blob Lifecycle Management.

It enables policy-based tiering of data from hot to cool or archive tiers. Rules can be triggered by last modified date or access time. This feature optimizes storage cost without manual intervention. It helps enforce retention and deletion policies automatically. It aligns with compliance and cost optimization goals. It should be used for large-scale archival strategies.

Related Microsoft Learn topic

Azure Storage documentation

Question 28: Which two features enhance the security of Azure Storage accounts? Choose 2 answers.

The correct answers are Private Endpoints and Server-side Encryption.

Private Endpoints secure access to storage over private networks, isolating from public internet. Server-side Encryption automatically encrypts all data at rest. Together, they fulfill strict compliance standards. They mitigate data exfiltration risks and ensure confidentiality. They are key for designing secure storage solutions. They align with Microsoft’s shared responsibility model.

Related Microsoft Learn topic

Azure Storage documentation

Question 29: Which two redundancy configurations replicate data across regions for disaster recovery? Choose 2 answers.

The correct answers are GRS and GZRS.

Geo-Redundant Storage replicates asynchronously to a paired region. GZRS combines zone and region redundancy for maximum resilience. These provide continuity during regional outages. LRS and ZRS are confined within one region only. Choosing the right redundancy depends on RTO/RPO objectives. GRS/GZRS are recommended for critical workloads requiring cross-region protection.

Related Microsoft Learn topic

Azure Storage documentation

Question 30: Which service should you use for relational OLTP workloads requiring automatic scaling and high availability?

The correct answer is Azure SQL Database.

It provides managed relational storage with dynamic scaling and built-in high availability. Backups and patching are automated. It supports advanced security like auditing and transparent encryption. Elastic pools allow cost optimization across databases. It is ideal for transactional business systems. It offers predictable performance and enterprise-grade reliability.

Related Microsoft Learn topic

Azure Storage documentation

Question 31: Azure Data Lake Storage Gen2 supports hierarchical namespace for folder-level ACLs.

The correct answer is True.

ADLS Gen2 combines object storage scalability with hierarchical namespace features. It supports POSIX-style permissions and directory-based access control. This enables analytics engines like Spark to perform efficiently. It optimizes data organization and throughput. It is suitable for big data and AI pipelines. It is part of Azure’s unified analytics ecosystem.

Related Microsoft Learn topic

Azure Storage documentation

Question 32: Soft Delete in Azure Storage retains deleted blobs for a configured retention period to prevent data loss.

The correct answer is True.

Soft Delete safeguards against accidental or malicious deletions. It retains deleted data for a user-defined period. During this time, data can be easily restored. It enhances data protection and supports compliance. Enabling it is considered a best practice for critical workloads. It provides safety without complex backup configurations.

Related Microsoft Learn topic

Azure Storage documentation

Question 33: Which service allows you to mount Azure file shares on Windows or Linux servers using SMB protocol?

The correct answer is Azure Files.

It provides managed SMB file shares in the cloud. It supports integration with Active Directory for authentication. Azure Files offers persistent storage for lift-and-shift workloads. It supports both premium and standard tiers. It simplifies migration of legacy applications to Azure. It is accessible securely via private endpoints.

Related Microsoft Learn topic

Azure Storage documentation

Question 34: Which Azure feature ensures blob immutability for compliance purposes?

The correct answer is Immutable Blob Storage.

It enforces write-once-read-many (WORM) retention policies. Data cannot be modified or deleted until retention expires. It supports legal hold for regulatory data. It ensures data integrity and compliance. It is widely used for financial and healthcare workloads. It strengthens audit readiness and tamper protection.

Related Microsoft Learn topic

Azure Storage documentation

Question 35: Which two methods help reduce storage costs for rarely accessed data? Choose 2 answers.

The correct answers are Cool Tier and Archive Tier.

Cool tier is optimized for infrequent access, while Archive provides the lowest cost for long-term retention. Moving rarely accessed data saves costs significantly. Lifecycle policies can automate tier transitions. Cost optimization is key for large data volumes. Choosing correct tiers aligns with data lifecycle strategy.

Related Microsoft Learn topic

Azure Storage documentation

Question 36: Which Azure service replicates workloads to a secondary region for disaster recovery?

The correct answer is Azure Site Recovery.

ASR orchestrates replication and failover of VMs and physical servers. It supports both Azure-to-Azure and on-premises-to-Azure scenarios. It automates recovery plans and testing. ASR minimizes downtime and data loss. It is a core service for enterprise DR strategies. It aligns with high-availability objectives.

Related Microsoft Learn topic

Azure Site Recovery overview

Question 37: Which metric measures the maximum acceptable data loss during an outage?

The correct answer is RPO.

The correct answer is RPO (Recovery Point Objective). It defines how recent your data must be after recovery. Lower RPO requires more frequent backups or replication. RPO is key in designing backup and DR solutions. It helps balance cost versus data protection. Azure Backup and ASR configurations directly affect RPO. Setting it properly ensures business resilience.

Related Microsoft Learn topic

Azure Site Recovery overview

Question 38: Which Azure service provides automatic backups and point-in-time restore for SQL Databases?

The correct answer is Azure SQL Database Automated Backups.

These are built-in continuous backups stored in geo-redundant storage. They enable point-in-time restore within the retention period. The service requires no manual setup. It provides compliance and reliability for databases. It complements failover groups for full DR design. Automated backups simplify continuity operations.

Related Microsoft Learn topic

Azure Site Recovery overview

Question 39: Which two features help achieve high availability within Azure regions? Choose 2 answers.

The correct answers are Availability Sets and Availability Zones.

Sets distribute VMs across update and fault domains. Zones host resources in separate datacenters. Both mitigate planned and unplanned outages. Combined, they provide robust fault tolerance. They reduce downtime and meet SLA requirements. They are key to designing resilient workloads.

Related Microsoft Learn topic

Azure Site Recovery overview

Question 40: Soft Delete in Key Vault allows recovery of deleted secrets within the retention period.

The correct answer is True.

Soft Delete retains deleted keys, secrets, and certificates for a configurable duration. It protects against accidental or malicious deletions. Combined with Purge Protection, it prevents permanent loss. It is crucial for compliance and auditability. Enabling it is recommended in all production Key Vaults. It supports secure secret lifecycle management.

Related Microsoft Learn topic

Azure Site Recovery overview

Question 41: Azure Backup supports application-consistent backups for both VMs and databases.

The correct answer is True.

Azure Backup ensures data integrity by quiescing applications before backup. It captures app-consistent snapshots for SQL, SharePoint, and Exchange. It supports both on-premises and Azure workloads. It ensures reliable recovery and minimal data corruption. It automates scheduling and retention. It forms the backbone of most Azure DR strategies.

Related Microsoft Learn topic

Azure Site Recovery overview

Question 42: Azure Site Recovery only supports replication within the same Azure region.

The correct answer is False.

ASR supports cross-region replication for VMs, not just intra-region. It can replicate workloads across paired regions for higher resilience. This ensures continued operations during regional outages. It helps organizations meet stringent DR objectives. Region pairing ensures data sovereignty compliance. Cross-region DR is an enterprise best practice.

Related Microsoft Learn topic

Azure Site Recovery overview

Question 43: Which feature provides seamless automatic failover between Azure SQL databases across regions?

The correct answer is Failover Groups.

They automate failover and connection redirection between primary and secondary databases. They simplify DR for multi-region deployments. They support read-write and read-only endpoints. Failover is transparent to applications. This ensures continuity without manual intervention. It is vital for critical production workloads.

Related Microsoft Learn topic

Azure Site Recovery overview

Question 44: Which Azure service provides load balancing at Layer 7 with URL-based routing and WAF?

The correct answer is Azure Application Gateway.

It provides application layer routing based on HTTP attributes. It supports SSL termination, cookie-based affinity, and WAF protection. It enables path-based routing for microservices. It enhances both performance and security. It integrates with Azure Monitor for visibility. It’s recommended for web-tier architectures.

Related Microsoft Learn topic

Azure Architecture Center

Question 45: Which Azure service provides private connectivity between on-premises and Azure networks?

The correct answer is ExpressRoute.

It provides dedicated, private connections via partner circuits. It avoids public Internet paths, improving reliability and security. It offers predictable latency and higher throughput. It’s ideal for regulatory and hybrid workloads. It can be combined with Global Reach for multi-site connectivity. ExpressRoute underpins enterprise hybrid connectivity.

Related Microsoft Learn topic

Azure Architecture Center

Question 46: Which two services enable global load balancing for web applications? Choose 2 answers.

The correct answers are Azure Front Door and Azure Traffic Manager.

Front Door routes HTTP traffic globally with caching and SSL offload. Traffic Manager provides DNS-based routing across endpoints. Both improve performance and availability for global apps. They can be combined for multi-tier load balancing. They provide redundancy and low latency worldwide. They are essential for resilient multi-region architectures.

Related Microsoft Learn topic

Azure Architecture Center

Question 47: Which service allows you to securely connect to VMs via RDP or SSH without public IPs?

The correct answer is Azure Bastion.

Bastion provides browser-based RDP/SSH over SSL directly from the Azure Portal. It eliminates the need for public IP exposure. It integrates with NSGs for additional security. It supports copy/paste and file transfer. It enhances operational security for administrators. It’s key for zero-trust remote access strategies.

Related Microsoft Learn topic

Azure Architecture Center

Question 48: Azure Load Balancer operates at Layer 4 and supports both TCP and UDP traffic.

The correct answer is True.

Azure Load Balancer distributes transport-layer traffic using hashing algorithms. It supports inbound NAT and outbound SNAT rules. Health probes monitor backend availability. It’s optimized for high performance and low latency. It complements higher-level routing services like Application Gateway. It’s suitable for VM and container workloads.

Related Microsoft Learn topic

Azure Architecture Center

Question 49: Which two configurations help improve VM availability within Azure regions? Choose 2 answers.

The correct answers are Availability Sets and Availability Zones.

Sets distribute VMs across update domains to prevent downtime during maintenance. Zones place resources in distinct datacenters for physical isolation. Together, they achieve high fault tolerance. They are key for meeting SLA commitments. They provide foundational resilience for critical applications. Implementing them ensures business continuity during disruptions.

Related Microsoft Learn topic

Azure Architecture Center

Question 50: Which two services provide outbound network protection and filtering in Azure? Choose 2 answers.

The correct answers are Azure Firewall and Network Security Groups.

Azure Firewall provides stateful packet inspection and FQDN-based filtering. NSGs enforce inbound/outbound rules at subnet or NIC level. Combined, they implement defense-in-depth for network security. They help comply with zero-trust models. They centralize and simplify traffic governance. They are essential components of any secure Azure architecture.

Related Microsoft Learn topic

Azure Architecture Center

Comments