Designing Microsoft Azure Infrastructure Solutions
Exam Details
Exam Code
:AZ-305
Exam Name
:Designing Microsoft Azure Infrastructure Solutions
Certification
:Microsoft Certifications
Vendor
:Microsoft
Total Questions
:378 Q&As
Last Updated
:Mar 25, 2025
Microsoft Microsoft Certifications AZ-305 Questions & Answers
Question 121:
You have an Azure subscription that contains the resources shown in the following table.
You need to recommend a load balancing solution that will distribute incoming traffic for VMSS1 across NVA1 and NVA2. The solution must minimize administrative effort. What should you include in the recommendation?
A. Gateway Load Balancer
B. Azure Front Door
C. Azure Application Gateway
D. Azure Traffic Manager
Correct Answer: A
Gateway Load Balancer is a fully managed service enabling you to deploy, scale, and enhance the availability of third party network virtual appliances (NVAs) in Azure. You can add your favorite third party appliance whether it's a firewall, inline DDoS appliance, deep packet inspection system, or even your own custom appliance into the network path transparently ?all with a single action.
You plan to use an Azure Storage account to store data assets.
You need to recommend a solution that meets the following requirements:
1.
Supports immutable storage
2.
Disables anonymous access to the storage account
3.
Supports access control list (ACL)-based Azure AD permissions What should you include in the recommendation?
A. Azure Files
B. Azure Data Lake Storage
C. Azure NetApp Files
D. Azure Blob Storage
Correct Answer: C
*
An invaluable feature of NetApp Snapshot copies is their innate immutability. They can't be changed. This is especially important because an increasing number of ransomware attacks involve attackers encrypting your data and holding the
key hostage.
*
docs.netapp.com. ONTAP, Configure access restrictions for anonymous users
By default, an anonymous, unauthenticated user (also known as the null user) can access certain information on the network. You can use a SMB server option to configure access restrictions for the anonymous user.
*
Azure NetApp Files supports access control lists (ACLs) on NFSv4.1 volumes. ACLs provide granular file security via NFSv4.1.
ACLs contain access control entities (ACEs), which specify the permissions (read, write, etc.) of individual users or groups. When assigning user roles, provide the user email address if you're using a Linux VM joined to an Active Directory Domain. Otherwise, provide user IDs to set permissions.
You have an Azure subscription. The subscription contains a tiered app named App1 that is distributed across multiple containers hosted in Azure Container Instances.
You need to deploy an Azure Monitor monitoring solution for App. The solution must meet the following requirements:
Support using synthetic transaction monitoring to monitor traffic between the App1 components.
Minimize development effort.
What should you include in the solution?
A. Network insights
B. Application Insights
C. Container insights
D. Log Analytics Workspace insights
Correct Answer: B
Application Insights provides other features including, but not limited to:
*
Availability: Also known as synthetic transaction monitoring. Probe the external endpoints of your applications to test the overall availability and responsiveness over time.
*
Etc.
Note: Synthetic monitoring is the use of software to simulate user interactions with a system. The data generated from the simulated transactions is then analyzed to evaluate how the system behaves.
You have 12 Azure subscriptions and three projects. Each project uses resources across multiple subscriptions.
You need to use Microsoft Cost Management to monitor costs on a per project basis. The solution must minimize administrative effort.
Which two components should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. budgets
B. resource tags
C. custom role-based access control (RBAC) roles
D. management groups
E. Azure boards
Correct Answer: BD
B: Resource tags are the only way to add your own business context to cost details and are perhaps the most flexible way to map resources to applications, business units, environments, owners, etc.
D: Management groups allow grouping subscriptions together.
Note: Cost Management is available from within the Billing experience. It's also available from every subscription, resource group, and management group in the Azure portal. The availability is to ensure everyone has full visibility into the costs they're responsible for. And, so they can optimize their workloads to maximize efficiency. Cost Management is also available independently to streamline the process for managing cost across multiple billing accounts, subscriptions, resource groups, and management groups.
You have an Azure subscription that contains 10 web apps. The apps are integrated with Azure AD and are accessed by users on different project teams.
The users frequently move between projects.
You need to recommend an access management solution for the web apps. The solution must meet the following requirements:
1.
The users must only have access to the app of the project to which they are assigned currently.
2.
Project managers must verify which users have access to their project's app and remove users that are no longer assigned to their project.
3.
Once every 30 days, the project managers must be prompted automatically to verify which users are assigned to their projects. What should you include in the recommendation?
A. Azure AD Identity Protection
B. Microsoft Defender for Identity
C. Microsoft Entra Permissions Management
D. Azure AD Identity Governance
Correct Answer: D
Azure Active Directory (Azure AD) Identity Governance allows you to balance your organization's need for security and employee productivity with the right processes and visibility. It provides you with capabilities to ensure that the right
principals have the right access to the right resources and at the right time.
The principals (or identities) whose access you can govern include users, groups, and applications (or service principals). The users can be your employees, business partners, vendors, or contractors. The resources to which you can govern
access include groups, access packages, and privileged roles.
Note: Azure AD access reviews
Use Azure AD access reviews to configure one-time or recurring access reviews for attestation of a principal's right to access Azure AD resources. The principals are users or applications (service principals). The Azure AD resources include
groups, applications (service principals), access packages, and privileged roles. Access reviews is a feature of Azure AD Identity Governance.
Typical customer scenarios for access reviews include:
Customers can review and certify guest user access to groups through group memberships. Reviewers can use the insights that are provided to efficiently decide whether guests should have continued access.
Customers can review and certify employee access to Azure AD resources.
Customers can review and audit assignments to Azure AD privileged roles. This supports organizations in the management of privileged access.
You plan to deploy a monitoring solution that will include the following:
Azure Monitor Network Insights
Application Insights Microsoft Sentinel VM insights
The monitoring solution will be managed by a single team.
What is the minimum number of Azure Monitor workspaces required?
A. 1
B. 2
C. 3
D. 4
Correct Answer: C
1:
A Log Analytics workspace is a unique environment for log data from Azure Monitor and other Azure services, such as Microsoft Sentinel and Microsoft Defender for Cloud. Each workspace has its own data repository and configuration but might combine data from multiple services.
1:
With workspace-based resources, Application Insights sends telemetry to a common Log Analytics workspace, providing full access to all the features of Log Analytics while keeping your application, infrastructure, and platform logs in a single consolidated location.
1:
VM insights collects its data from one or more Log Analytics workspaces in Azure Monitor. Prior to onboarding agents, you must create and configure a workspace. The only requirement of the workspace is that it must be located in a supported location and be configured with the VMInsights solution.
You have an Azure subscription that contains 1,000 resources.
You need to generate compliance reports for the subscription. The solution must ensure that the resources can be grouped by department.
What should you use to organize the resources?
A. application groups and quotas
B. Azure Policy and tags
C. administrative units and Azure Lighthouse
D. resource groups and role assignments
Correct Answer: B
Compliance Report using Azure Policy Azure Policy is a powerful tool for Azure Governance. With Azure Policy we can define rules for all Azure Subscriptions the we manage. We can use this rules for simple limitation actions, like permitting only specific VM Series and Sizes that can be created and also more complex rule sets that helps you standardize the whole Azure deployment.
Enforce tags for resource creation So, why tags? Why we need to add tags to all Azure resources? The Microsoft Azure environments are getting bigger and bigger and managed by multiple people and teams. That makes it difficult to understand who created a resource and what is the purpose of that resource. Another critical matter that we need tags is Cost Management. At the Azure Cost Management Portal, we can sort and arrange the resource cost using the Tags. This way we can provide an expense dashboard with the actual cost of the resources per department, project or whatever tags we have added to the Resource.
Your company has the divisions shown in the following table.
Sub1 contains an Azure App Service web app named App1. App1 uses Azure AD for single-tenant user authentication. Users from contoso.com can authenticate to App1.
You need to recommend a solution to enable users in the fabrikam.com tenant to authenticate to App1.
What should you recommend?
A. Configure Azure AD Identity Protection.
B. Configure assignments for the fabrikam.com users by using Azure AD Privileged Identity Management (PIM).
C. Configure Supported account types in the application registration and update the sign-in endpoint.
D. Configure a Conditional Access policy.
Correct Answer: C
Identity and account types for single- and multi-tenant apps
You, as a developer, can choose if your app allows only users from your Azure Active Directory (Azure AD) tenant, any Azure AD tenant, or users with personal Microsoft accounts. You can configure your app to be either single tenant or
multitenant during app registration in Azure.
Note: A required part of application registration in Azure AD is your selection of supported account types. While IT Pros in administrator roles decide who can consent to apps in their tenant, you, as a developer, specify who can use your app
based on account type. When a tenant doesn't allow you to register your application in Azure AD, administrators will provide you with a way to communicate those details to them through another mechanism.
You'll choose from the following supported account type options when registering your application.
Accounts in this organizational directory only (O365 only - Single tenant)
Accounts in any organizational directory (Any Azure AD directory - Multitenant)
Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) Personal Microsoft accounts only
Incorrect:
* Configure Azure AD Identity Protection
Identity Protection allows organizations to accomplish three key tasks: Automate the detection and remediation of identity-based risks. Investigate risks using data in the portal. Export risk detection data to other tools.
Your company has the divisions shown in the following table.
Sub1 contains an Azure App Service web app named App1. App1 uses Azure AD for single-tenant user authentication. Users from contoso.com can authenticate to App1.
You need to recommend a solution to enable users in the fabrikam.com tenant to authenticate to App1.
What should you recommend?
A. Configure Azure AD join.
B. Configure Azure AD Identity Protection.
C. Configure a Conditional Access policy.
D. Configure Supported account types in the application registration and update the sign-in endpoint.
Correct Answer: D
Identity and account types for single- and multi-tenant apps You, as a developer, can choose if your app allows only users from your Azure Active Directory (Azure AD) tenant, any Azure AD tenant, or users with personal Microsoft accounts. You can configure your app to be either single tenant or multitenant during app registration in Azure.
Note: A required part of application registration in Azure AD is your selection of supported account types. While IT Pros in administrator roles decide who can consent to apps in their tenant, you, as a developer, specify who can use your app based on account type. When a tenant doesn't allow you to register your application in Azure AD, administrators will provide you with a way to communicate those details to them through another mechanism.
You'll choose from the following supported account type options when registering your application.
Accounts in this organizational directory only (O365 only - Single tenant) Accounts in any organizational directory (Any Azure AD directory - Multitenant) Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) Personal Microsoft accounts only
Incorrect:
*
Configure Azure AD join.
Azure AD joined devices are signed in to using an organizational Azure AD account. Access to resources can be controlled based on Azure AD account and Conditional Access policies applied to the device.
*
Configure Azure AD Identity Protection
Identity Protection allows organizations to accomplish three key tasks: Automate the detection and remediation of identity-based risks. Investigate risks using data in the portal. Export risk detection data to other tools.
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases.
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions.The resources for the App Service instances must reside in the same region.
You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend using an Azure policy to enforce the location of resource groups.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your AZ-305 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
