• Home
  • Articles
  • [2025] Pass Microsoft AZ-305 Premium Files Test Engine pdf - Free Dumps Collection [Q110-Q128]

[2025] Pass Microsoft AZ-305 Premium Files Test Engine pdf - Free Dumps Collection [Q110-Q128]

Share

[2025] Pass Microsoft AZ-305 Premium Files Test Engine pdf - Free Dumps Collection

New 2025 Realistic AZ-305 Dumps Test Engine Exam Questions in here


Microsoft AZ-305 (Designing Microsoft Azure Infrastructure Solutions) Certification Exam is designed for IT professionals who want to demonstrate their expertise in designing, implementing, and managing solutions on the Microsoft Azure platform. AZ-305 exam is intended for individuals who have experience working with Azure technologies and want to validate their skills in designing and deploying Azure infrastructure solutions.

 

NEW QUESTION # 110
You have an Azure subscription named Sub1 that is linked to an Azure AD tenant named contoso.com.
You plan to implement two ASP.NET Core apps named App1 and App2 that will be deployed to 100 virtual machines in Sub1. Users will sign in to App1 and App2 by using their contoso.com credentials.
App1 requires read permissions to access the calendar of the signed-m user. App2 requires write permissions to access the calendar of the signed-in user.
You need to recommend an authentication and authorization solution for the apps. The solution must meet the following requirements:
* Use the principle of least privilege.
* Minimize administrative effort
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one pent.

Answer:

Explanation:

Explanation:


NEW QUESTION # 111
You have the resources shown in the following table.

You create a new resource group in Azure named RG2.
You need to move the virtual machines to RG2.
What should you use to move each virtual machine? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 112
You have several Azure App Service web apps that use Azure Key Vault to store data encryption keys. Several departments have the following requests to support the web app:

Which service should you recommend for each department's request? To answer, configure the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 113
You have two app registrations named App1 and App2 in Azure AD. App1 supports role-based access control (RBAC) and includes a role named Writer.
You need to ensure that when App2 authenticates to access App1, the tokens issued by Azure AD include the Writer role claim.
Which blade should you use to modify each app registration? To answer, drag the appropriate blades to the correct app registrations. Each blade may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 114
You plan to migrate App1 to Azure.
You need to recommend a storage solution for App1 that meets the security and compliance requirements.
Which type of storage should you recommend, and how should you recommend configuring the storage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Text, table Description automatically generated

Box 1: Standard general-purpose v2
Standard general-purpose v2 supports Blob Storage.
Azure Storage provides data protection for Blob Storage and Azure Data Lake Storage Gen2.
Scenario:
Litware identifies the following security and compliance requirements:
Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
On-premises users and services must be able to access the Azure Storage account that will host the data in App1.
Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.
All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
App1 must NOT share physical hardware with other workloads.
Box 2: NFSv3
Scenario: Plan: Migrate App1 to Azure virtual machines.
Blob storage now supports the Network File System (NFS) 3.0 protocol. This support provides Linux file system compatibility at object storage scale and prices and enables Linux clients to mount a container in Blob storage from an Azure Virtual Machine (VM) or a computer on-premises.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/data-protection-overview
Topic 1, Litware, Inc
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview. General Overview
Litware, Inc. is a medium-sized finance company.
Overview. Physical Locations
Litware has a main office in Boston.
Existing Environment. Identity Environment
The network contains an Active Directory forest named Litware.com that is linked to an Azure Active Directory (Azure AD) tenant named Litware.com. All users have Azure Active Directory Premium P2 licenses.
Litware has a second Azure AD tenant named dev.Litware.com that is used as a development environment.
The Litware.com tenant has a conditional acess policy named capolicy1. Capolicy1 requires that when users manage the Azure subscription for a production environment by using the Azure portal, they must connect from a hybrid Azure AD-joined device.
Existing Environment. Azure Environment
Litware has 10 Azure subscriptions that are linked to the Litware.com tenant and five Azure subscriptions that are linked to the dev.Litware.com tenant. All the subscriptions are in an Enterprise Agreement (EA).
The Litware.com tenant contains a custom Azure role-based access control (Azure RBAC) role named Role1 that grants the DataActions read permission to the blobs and files in Azure Storage.
Existing Environment. On-premises Environment
The on-premises network of Litware contains the resources shown in the following table.

Existing Environment. Network Environment
Litware has ExpressRoute connectivity to Azure.
Planned Changes and Requirements. Planned Changes
Litware plans to implement the following changes:
Migrate DB1 and DB2 to Azure.
Migrate App1 to Azure virtual machines.
Deploy the Azure virtual machines that will host App1 to Azure dedicated hosts.
Planned Changes and Requirements. Authentication and Authorization Requirements Litware identifies the following authentication and authorization requirements:
Users that manage the production environment by using the Azure portal must connect from a hybrid Azure AD-joined device and authenticate by using Azure Multi-Factor Authentication (MFA).
The Network Contributor built-in RBAC role must be used to grant permission to all the virtual networks in all the Azure subscriptions.
To access the resources in Azure, App1 must use the managed identity of the virtual machines that will host the app.
Role1 must be used to assign permissions to the storage accounts of all the Azure subscriptions.
RBAC roles must be applied at the highest level possible.
Planned Changes and Requirements. Resiliency Requirements
Litware identifies the following resiliency requirements:
Once migrated to Azure, DB1 and DB2 must meet the following requirements:
- Maintain availability if two availability zones in the local Azure region fail.
- Fail over automatically.
- Minimize I/O latency.
App1 must meet the following requirements:
- Be hosted in an Azure region that supports availability zones.
- Be hosted on Azure virtual machines that support automatic scaling.
- Maintain availability if two availability zones in the local Azure region fail.
Planned Changes and Requirements. Security and Compliance Requirements
Litware identifies the following security and compliance requirements:
Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
On-premises users and services must be able to access the Azure Storage account that will host the data in App1.
Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.
All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
App1 must not share physical hardware with other workloads.
Planned Changes and Requirements. Business Requirements
Litware identifies the following business requirements:
Minimize administrative effort.
Minimize costs.


NEW QUESTION # 115
You need to recommend a solution that meets the data requirements for App1.
What should you recommend deploying to each availability zone that contains an instance of App1?

  • A. an Azure Storage account that uses geo-zone-redundant storage (GZRS)
  • B. an Azure Data Lake store that uses geo-zone-redundant storage (GZRS)
  • C. an Azure SQL database that uses active geo-replication
  • D. an Azure Cosmos DB that uses multi-region writes

Answer: D

Explanation:
Scenario: App1 has the following data requirements:
Each instance will write data to a data store in the same availability zone as the instance.
Data written by any App1 instance must be visible to all App1 instances.
Azure Cosmos DB: Each partition across all the regions is replicated. Each region contains all the data partitions of an Azure Cosmos container and can serve reads as well as serve writes when multi-region writes is enabled.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/high-availability
Topic 4, HABInsurance
Current environment
General
An insurance company, HABInsurance, operates in three states and provides home, auto, and boat insurance. Besides the head office, HABInsurance has three regional offices.
Technology assessment
The company has two Active Directory forests: main.habinsurance.com and region.habinsurance.com. HABInsurance's primary internal system is Insurance Processing System (IPS). It is an ASP.Net/C# application running on IIS/Windows Servers hosted in a data center. IPS has three tiers: web, business logic API, and a datastore on a back end. The company uses Microsoft SQL Server and MongoDB for the backend. The system has two parts: Customer data and Insurance forms and documents. Customer data is stored in Microsoft SQL Server and Insurance forms and documents - in MongoDB. The company also has 10 TB of Human Resources (HR) data stored on NAS at the head office location.
Requirements
General
HABInsurance plans to migrate its workloads to Azure. They purchased an Azure subscription. Segment Changes During a transition period, HABInsurance wants to create a hybrid identity model along with a Microsoft Office 365 deployment. The company intends to sync its AD forests to Azure AD and benefit from Azure AD administrative units functionality.
HABInsurance needs to migrate the current IPSCustomers SQL database to a new fully managed SQL database in Azure that would be budget-oriented, balanced with scalable compute and storage options. The management team expects the Azure database service to scale the database resources dynamically with minimal downtime. The technical team proposes implementing a DTU-based purchasing model for the new database.
HABInsurance wants to migrate Insurance forms and documents to Azure database service. HABInsurance plans to move IPS first two tiers to Azure without any modifications. The technology team discusses the possibility of running IPS tiers on a set of virtual machines instances. The number of instances should be adjusted automatically based on the CPU utilization. An SLA of 99.95% must be guaranteed for the compute infrastructure.
The company needs to move HR data to Azure File shares.
In their new Azure ecosystem, HABInsurance plans to use internal and third-party applications. The company considers adding user consent for data access to the registered applications Later, the technology team contemplates adding a customer self-service portal to IPS and deploying a new IPS to multi-region ASK. But the management team is worried about performance and availability of the multi-region AKS deployments during regional outages.


NEW QUESTION # 116
Your on-premises network contains a file server named Server1 that stores 500 GB of data.
You need to use Azure Data Factory to copy the data from Server1 to Azure Storage.
You add a new data factory.
What should you do next? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science-process/move-sql-azure-adf


NEW QUESTION # 117
You have the Free edition of a hybrid Azure Active Directory (Azure AD) tenant. The tenant uses password hash synchronization.
You need to recommend a solution to meet the following requirements:
Prevent Active Directory domain user accounts from being locked out as the result of brute force attacks targeting Azure AD user accounts.
Block legacy authentication attempts to Azure AD integrated apps.
Minimize costs.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication


NEW QUESTION # 118
You plan to create an Azure environment that will contain a root management group and 10 child management groups. Each child management group will contain five Azure subscriptions. You plan to have between 10 and 30 resource groups in each subscription.
You need to design an Azure governance solution. The solution must meet the following requirements:
* Use Azure Blueprints to control governance across all the subscriptions and resource groups.
* Ensure that Blueprints-based configurations are consistent across all the subscriptions and resource groups.
* Minimize the number of blueprint definitions and assignments.
What should you include in the solution? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 119
You are planning an Azure Storage solution for sensitive data. The data will be accessed daily. The data set is less than 10 GB.
You need to recommend a storage solution that meets the following requirements:
* All the data written to storage must be retained for five years.
* Once the data is written, the data can only be read. Modifications and deletion must be prevented.
* After five years, the data can be deleted, but never modified.
* Data access charges must be minimized
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Box 1: General purpose v2 with Archive acce3ss tier for blobs
Archive - Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements, on the order of hours.
Cool - Optimized for storing data that is infrequently accessed and stored for at least 30 days.
Hot - Optimized for storing data that is accessed frequently.
Box 2: Storage account resource lock
As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have.
Note: You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
* CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.
* ReadOnly means authorized users can read a resource, but they can't delete or update the resource.
Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers


NEW QUESTION # 120
You have an app named App1 that uses two on-premises Microsoft SQL Server databases named DB1 and DB2.
You plan to migrate DB1 and DB2 to Azure.
You need to recommend an Azure solution to host DB1 and DB2. The solution must meet the following requirements:
* Support server-side transactions across DB1 and DB2.
* Minimize administrative effort to update the solution.
What should you recommend?

  • A. two Azure SQL databases in an elastic pool
  • B. two SQL Server databases on an Azure virtual machine
  • C. two Azure SQL databases on the same Azure SQL Database managed instance
  • D. two Azure SQL databases on different Azure SQL Database servers

Answer: C

Explanation:
When both the database management system and client are under the same ownership (e.g. when SQL Server is deployed to a virtual machine), transactions are available and the lock duration can be controlled.
Reference: https://docs.particular.net/nservicebus/azure/understanding-transactionality-in-azure


NEW QUESTION # 121
You have several Azure App Service web apps that use Azure Key Vault to store data encryption keys.
Several departments have the following requests to support the web app:

Which service should you recommend for each department's request? To answer, configure the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 122
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use the Azure Traffic Analytics solution in Azure Log Analytics to analyze the network traffic.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Explanation
Instead use Azure Network Watcher to run IP flow verify to analyze the network traffic.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview


NEW QUESTION # 123
You need to implement the Azure RBAC role assignment. The solution must meet the authentication and authorization requirements.
How many assignment should you configure for the Network Contributor role for Role1? To answer, select appropriate in the answer area.
NOTE:

Answer:

Explanation:


NEW QUESTION # 124
You need to design a solution that will execute custom C# code in response to an event routed to Azure Event Grid. The solution must meet the following requirements:
The executed code must be able to access the private IP address of a Microsoft SQL Server instance that runs on an Azure virtual machine.
Costs must be minimized.
What should you include in the solution?

  • A. Azure Logic Apps in the Consumption plan
  • B. Azure Logic Apps in the integrated service environment
  • C. Azure Functions in the Consumption plan
  • D. Azure Functions in the Dedicated plan and the Basic Azure App Service plan

Answer: C

Explanation:
When you create a function app in Azure, you must choose a hosting plan for your app. There are three basic hosting plans available for Azure Functions: Consumption plan, Premium plan, and Dedicated (App Service) plan.
For the Consumption plan, you don't have to pay for idle VMs or reserve capacity in advance.
Connect to private endpoints with Azure Functions
As enterprises continue to adopt serverless (and Platform-as-a-Service, or PaaS) solutions, they often need a way to integrate with existing resources on a virtual network. These existing resources could be databases, file storage, message queues or event streams, or REST APIs.
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale
https://techcommunity.microsoft.com/t5/azure-functions/connect-to-private-endpoints-with-azure-functions/ba-p Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale#hosting-plans-comparison


NEW QUESTION # 125
Your company, named Contoso, Ltd, implements several Azure logic apps that have HTTP triggers: The logic apps provide access to an on-premises web service.
Contoso establishes a partnership with another company named Fabrikam, Inc.
Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users.
Developers at Fabrikam plan to use a subset of the logics apps to build applications that will integrate with the on-premises web service of Contoso.
You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements:
Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso.
The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.
The solution must NOT require changes to the logic apps.
The solution must NOT use Azure AD guest accounts.
What should you include in the solution?

  • A. Azure API Management
  • B. Azure AD business-to-business (B2B)
  • C. Azure AD Application Proxy
  • D. Azure Front Door

Answer: A

Explanation:
API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.
You can secure API Management using the OAuth 2.0 client credentials flow.
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts
https://docs.microsoft.com/en-us/azure/api-management/api-management-features
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#enab


NEW QUESTION # 126
A company named Contoso, Ltd. has an Azure Active Directory (Azure AD) tenant that is integrated with Microsoft Office 365 and an Azure subscription.
Contoso has an on-premises identity infrastructure. The infrastructure includes servers that run Active Directory Domain Services (AD DS),andAzure AD Connect Contoso has a partnership with a company named Fabrikam, Inc. Fabrikam has an Active Directory forest and an Office 365 tenant. Fabrikam has the same on-premises identity infrastructure as Contoso.
A team of 10 developers from Fabrikam will work on an Azure solution that will be hosted in the Azure subscription of Contoso. The developers must be added to the Contributor role for a resource in the Contoso subscription.
You need to recommend a solution to ensure that Contoso can assign the role to the 10 Fabrikam developers.
The solution must ensure that the Fabrikam developers use their existing credentials to access resources.
What should you recommend?

  • A. In the Azure AD tenant of Contoso, use MIM to create guest accounts for the Fabrikam developers.
  • B. Configure an AD FS relying party trust between the fabrikam and Contoso AD FS infrastructures.
  • C. Configure an organization relationship between the Office 365 tenants of Fabrikam and Contoso.
  • D. Configure a forest trust between the on-premises Active Directory forests of Contoso and Fabrikam.

Answer: A

Explanation:
Explanation
Trust configurations - Configure trust from managed forests(s) or domain(s) to the administrative forest A one-way trust is required from production environment to the admin forest.
Selective authentication should be used to restrict accounts in the admin forest to only logging on to the appropriate production hosts.
References:
https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-


NEW QUESTION # 127
Your company deploys several Linux and Windows virtual machines (VMs) to Azure. The VMs are deployed with the Microsoft Dependency Agent and the Microsoft Monitoring Agent installed by using Azure VM extensions. On-premises connectivity has been enabled by using Azure ExpressRoute.
You need to design a solution to monitor the VMs.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/service-map


NEW QUESTION # 128
......


Microsoft AZ-305 exam is an essential certification for professionals who want to demonstrate their expertise in designing Azure infrastructure solutions. Candidates who pass AZ-305 exam will have the skills and knowledge needed to design solutions that meet the needs of customers and provide a secure, scalable, and reliable environment on the Azure platform. With the right preparation and training, candidates can pass AZ-305 exam and achieve the Microsoft Certified: Azure Solutions Architect Expert certification.


To be eligible for the AZ-305 exam, you should have a strong understanding of core Azure services and experience in designing solutions that use them. You should also be familiar with Azure governance, security, and compliance features, as well as Azure Resource Manager templates and Azure DevOps. Additionally, you should have experience in designing solutions that integrate with on-premises infrastructure and hybrid scenarios.

 

Updated Official licence for AZ-305 Certified by AZ-305 Dumps PDF: https://www.troytecdumps.com/AZ-305-troytec-exam-dumps.html

Newly Released AZ-305 Dumps for Microsoft Azure Solutions Architect Expert Certified: https://drive.google.com/open?id=1gDjZvAnD0-SPAPx7sPAwp7w4kUt4Muhh

Related Articles

more
Microsoft AZ-305 Certification Practice Exam

Copyright © 2026 TroytecDumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
TroytecDumps doesn't offer Real CompTIA Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
TroytecDumps material do not contain actual actual Oracle Exam Questions or material.
TroytecDumps doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
TroytecDumps Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
TroytecDumps.com does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. TroytecDumps does not own or claim any ownership on any of the brands.