Free AZ-305 Questions for Microsoft Designing Microsoft Azure Infrastructure Solutions AZ-305 Exam as PDF & Practice Test Engine
Drag and Drop Question
You have an Azure subscription that contains the virtual machines shown in the following table.

You need to recommend a logging solution for the virtual machines. The solution must meet the following requirements:
- Operating system logs from VM1 must be collected and stored in a Log
Analytics workspace.
- Syslog data logs from VM2 must be archived to a storage account.
What solution should you include in the recommendation for each virtual machine? To answer, drag the appropriate solutions to the correct virtual machines. Each solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains the virtual machines shown in the following table.

You need to recommend a logging solution for the virtual machines. The solution must meet the following requirements:
- Operating system logs from VM1 must be collected and stored in a Log
Analytics workspace.
- Syslog data logs from VM2 must be archived to a storage account.
What solution should you include in the recommendation for each virtual machine? To answer, drag the appropriate solutions to the correct virtual machines. Each solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
Box 1: Azure Monitor Agent
Operating system logs from VM1 must be collected and stored in a Log Analytics workspace.
In this scenario, to collect Windows 11 operating system logs from an Azure VM jump box and store them in a Log Analytics workspace, you should use the Azure Monitor Agent (AMA) combined with Data Collection Rules (DCRs).
Key Components to Use:
*-> Azure Monitor Agent (AMA): This is the recommended, modern agent for collecting guest OS logs (Windows Event Logs, security logs) and performance data from Azure virtual machines.
Data Collection Rules (DCR): These define what data (e.g., Security, System, Application events) is collected and where it is sent (the Log Analytics workspace).
Log Analytics Workspace: The central repository where the logs are stored, analyzed, and queried using Kusto Query Language (KQL).
Implementation Steps:
Install AMA: Enable the Azure Monitor Agent extension on the Windows 11 virtual machine.
Configure DCR: Create a Data Collection Rule in the Azure Portal, select the Windows 11 VM as the resource, and define the Windows Event Log channels (e.g., Security, Application) to collect.
Set Destination: Set the Log Analytics workspace as the destination for the data collected by the DCR.
Box 2: Azure Monitor Agent
Syslog data logs from VM2 must be archived to a storage account.
To archive Syslog data from an Ubuntu virtual machine to an Azure Storage account, you should use Azure Monitor Agent (AMA) in conjunction with a Log Analytics workspace and its Data Export feature.
While the Azure Monitor Agent (AMA) collects the Syslog data from the Ubuntu VM and delivers it to a Log Analytics workspace, the workspace itself acts as the bridge for long-term archiving to storage.
Key Components to Use
*-> Azure Monitor Agent (AMA): Installed on the Ubuntu VM to collect and forward Syslog events.
Data Collection Rule (DCR): Used to define which Syslog facilities and levels to collect and specify the Log Analytics workspace as the destination.
Log Analytics Workspace: Serves as the primary repository where Syslog data is initially ingested.
Log Analytics Workspace Data Export: This feature continuously exports data from specific tables (like the Syslog table) to your designated Azure Storage account.
Reference:
https://learn.microsoft.com/en-us/azure/azure-monitor/vm/data-collection
https://docs.azure.cn/en-us/azure-monitor/vm/data-collection-syslog
Hotspot Question
You have two Azure AD tenants named contoso.com and fabrikam.com. Each tenant is linked to
50 Azure subscriptions. Contoso.com contains two users named User1 and User2.
You need to meet the following requirements:
- Ensure that User1 can change the Azure AD tenant linked to specific
Azure subscriptions.
- If an Azure subscription is liked to a new Azure AD tenant, and no
available Azure AD accounts have full subscription-level permissions to the subscription, elevate the access of User2 to the subscription.
The solution must use the principle of least privilege.
Which role should you assign to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have two Azure AD tenants named contoso.com and fabrikam.com. Each tenant is linked to
50 Azure subscriptions. Contoso.com contains two users named User1 and User2.
You need to meet the following requirements:
- Ensure that User1 can change the Azure AD tenant linked to specific
Azure subscriptions.
- If an Azure subscription is liked to a new Azure AD tenant, and no
available Azure AD accounts have full subscription-level permissions to the subscription, elevate the access of User2 to the subscription.
The solution must use the principle of least privilege.
Which role should you assign to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory#before-you-begin Before you can associate or add your subscription, do the following steps:
- Sign in using an account that: Has an Owner role assignment for the subscription.
You have an app named App1 that uses two on-premises Microsoft SQL Server databases named DB1 and DB2.
You plan to migrate DB1 and DB2 to Azure.
You need to recommend an Azure solution to host DB1 and DB2. The solution must meet the following requirements:
- Support server-side transactions across DB1 and DB2.
- Minimize administrative effort to update the solution.
What should you recommend?
You plan to migrate DB1 and DB2 to Azure.
You need to recommend an Azure solution to host DB1 and DB2. The solution must meet the following requirements:
- Support server-side transactions across DB1 and DB2.
- Minimize administrative effort to update the solution.
What should you recommend?
Correct Answer: A
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
You have an Azure subscription that contains an Azure SQL database named DB1.
You need to recommend a long-term retention (LTR) backup solution for DB1. The solution must ensure that backups can be retained for up to seven years.
Which backup periods can you include in the solution?
You need to recommend a long-term retention (LTR) backup solution for DB1. The solution must ensure that backups can be retained for up to seven years.
Which backup periods can you include in the solution?
Correct Answer: F
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
You plan to deploy an application named App1 that will run on five Azure virtual machines.
Additional virtual machines will be deployed later to run App1. You need to recommend a solution to meet the following requirements for the virtual machines that will run App1:
- Ensure that the virtual machines can authenticate to Azure Active
Directory (Azure AD) to gain access to an Azure key vault, Azure Logic
Apps instances, and an Azure SQL database.
- Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines.
- Avoid storing secrets and certificates on the virtual machines.
Which type of identity should you include in the recommendation?
Additional virtual machines will be deployed later to run App1. You need to recommend a solution to meet the following requirements for the virtual machines that will run App1:
- Ensure that the virtual machines can authenticate to Azure Active
Directory (Azure AD) to gain access to an Azure key vault, Azure Logic
Apps instances, and an Azure SQL database.
- Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines.
- Avoid storing secrets and certificates on the virtual machines.
Which type of identity should you include in the recommendation?
Correct Answer: C
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
Drag and Drop Question
You are designing a virtual machine that will run Microsoft SQL Server and contain two data disks. The first data disk will store log files, and the second data disk will store data. Both disks are P40 managed disks.
You need to recommend a host caching method for each disk. The method must provide the best overall performance for the virtual machine while preserving the integrity of the SQL data and logs.
Which host caching method should you recommend for each disk? To answer, drag the appropriate methods to the correct disks. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

You are designing a virtual machine that will run Microsoft SQL Server and contain two data disks. The first data disk will store log files, and the second data disk will store data. Both disks are P40 managed disks.
You need to recommend a host caching method for each disk. The method must provide the best overall performance for the virtual machine while preserving the integrity of the SQL data and logs.
Which host caching method should you recommend for each disk? To answer, drag the appropriate methods to the correct disks. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
Box 1: None
No data disk caching for the Log files.
Box 2: ReadOnly
Guidelines to optimize performance for your SQL Server on Azure Virtual Machines (VMs) include:
Set host caching to read-only for data file disks.
Set host caching to none for log file disks.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/performance-guidelines-best-practices-storage
Case Study 3 - Contoso
Existing Environment: Technical Environment
The on-premises network contains a single Active Directory domain named contoso.com.
Contoso has a single Azure subscription.
Existing Environment: Business Partnerships
Contoso has a business partnership with Fabrikam, Inc. Fabrikam users access some Contoso applications over the internet by using Azure Active Directory (Azure AD) guest accounts.
Requirements: Planned Changes
Contoso plans to deploy two applications named App1 and App2 to Azure.
Requirements: App1
App1 will be a Python web app hosted in Azure App Service that requires a Linux runtime. Users from Contoso and Fabrikam will access App1.
App1 will access several services that require third-party credentials and access strings. The credentials and access strings are stored in Azure Key Vault.
App1 will have six instances: three in the East US Azure region and three in the West Europe Azure region.
App1 has the following data requirements:
* Each instance will write data to a data store in the same availability zone as the instance.
* Data written by any App1 instance must be visible to all App1 instances.
App1 will only be accessible from the internet. App1 has the following connection requirements:
* Connections to App1 must pass through a web application firewall (WAF).
* Connections to App1 must be active-active load balanced between instances.
* All connections to App1 from North America must be directed to the East US region. All other connections must be directed to the West Europe region.
Every hour, you will run a maintenance task by invoking a PowerShell script that copies files from all the App1 instances. The PowerShell script will run from a central location.
Requirements: App2
App2 will be a NET app hosted in App Service that requires a Windows runtime. App2 has the following file storage requirements:
* Save files to an Azure Storage account.
* Replicate files to an on-premises location.
* Ensure that on-premises clients can read the files over the LAN by using the SMB protocol.
You need to monitor App2 to analyze how long it takes to perform different transactions within the application. The solution must not require changes to the application code.
Application Development Requirements
Application developers will constantly develop new versions of App1 and App2. The development process must meet the following requirements:
* A staging instance of a new application version must be deployed to the application host before the new version is used in production.
* After testing the new version, the staging version of the application will replace the production version.
* The switch to the new application version from staging to production must occur without any downtime of the application.
Identity Requirements
Contoso identifies the following requirements for managing Fabrikam access to resources:
* Every month, an account manager at Fabrikam must review which Fabrikam users have access permissions to App1. Accounts that no longer need permissions must be removed as guests.
* The solution must minimize development effort.
Security Requirement
All secrets used by Azure services must be stored in Azure Key Vault.
Services that require credentials must have the credentials tied to the service instance. The credentials must NOT be shared between services.
Hotspot Question
You are evaluating whether to use Azure Traffic Manager and Azure Application Gateway to meet the connection requirements for App1.
What is the minimum numbers of instances required for each service? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Existing Environment: Technical Environment
The on-premises network contains a single Active Directory domain named contoso.com.
Contoso has a single Azure subscription.
Existing Environment: Business Partnerships
Contoso has a business partnership with Fabrikam, Inc. Fabrikam users access some Contoso applications over the internet by using Azure Active Directory (Azure AD) guest accounts.
Requirements: Planned Changes
Contoso plans to deploy two applications named App1 and App2 to Azure.
Requirements: App1
App1 will be a Python web app hosted in Azure App Service that requires a Linux runtime. Users from Contoso and Fabrikam will access App1.
App1 will access several services that require third-party credentials and access strings. The credentials and access strings are stored in Azure Key Vault.
App1 will have six instances: three in the East US Azure region and three in the West Europe Azure region.
App1 has the following data requirements:
* Each instance will write data to a data store in the same availability zone as the instance.
* Data written by any App1 instance must be visible to all App1 instances.
App1 will only be accessible from the internet. App1 has the following connection requirements:
* Connections to App1 must pass through a web application firewall (WAF).
* Connections to App1 must be active-active load balanced between instances.
* All connections to App1 from North America must be directed to the East US region. All other connections must be directed to the West Europe region.
Every hour, you will run a maintenance task by invoking a PowerShell script that copies files from all the App1 instances. The PowerShell script will run from a central location.
Requirements: App2
App2 will be a NET app hosted in App Service that requires a Windows runtime. App2 has the following file storage requirements:
* Save files to an Azure Storage account.
* Replicate files to an on-premises location.
* Ensure that on-premises clients can read the files over the LAN by using the SMB protocol.
You need to monitor App2 to analyze how long it takes to perform different transactions within the application. The solution must not require changes to the application code.
Application Development Requirements
Application developers will constantly develop new versions of App1 and App2. The development process must meet the following requirements:
* A staging instance of a new application version must be deployed to the application host before the new version is used in production.
* After testing the new version, the staging version of the application will replace the production version.
* The switch to the new application version from staging to production must occur without any downtime of the application.
Identity Requirements
Contoso identifies the following requirements for managing Fabrikam access to resources:
* Every month, an account manager at Fabrikam must review which Fabrikam users have access permissions to App1. Accounts that no longer need permissions must be removed as guests.
* The solution must minimize development effort.
Security Requirement
All secrets used by Azure services must be stored in Azure Key Vault.
Services that require credentials must have the credentials tied to the service instance. The credentials must NOT be shared between services.
Hotspot Question
You are evaluating whether to use Azure Traffic Manager and Azure Application Gateway to meet the connection requirements for App1.
What is the minimum numbers of instances required for each service? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
Box 1: 1
App1 will only be accessible from the internet. App1 has the following connection requirements:
* Connections to App1 must be active-active load balanced between instances.
* All connections to App1 from North America must be directed to the East US region. All other connections must be directed to the West Europe region.
App1 will have six instances: three in the East US Azure region and three in the West Europe Azure region.
Note: Azure Traffic Manager is a DNS-based traffic load balancer. This service allows you to distribute traffic to your public facing applications across the global Azure regions.
Box 2: 2
For production workloads, run at least two gateway instances.
A single Application Gateway deployment can run multiple instances of the gateway.
Use one Application Gateway in East US Region, and one in the West Europe region.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/high-availability/reference-architecture-traffic-manager-application-gateway
Your company has the divisions shown in the following table.

Sub1 contains an Azure App Service web app named App1. App1 uses Azure AD for single- tenant user authentication. Users from contoso.com can authenticate to App1.
You need to recommend a solution to enable users in the fabrikam.com tenant to authenticate to App1.
What should you recommend?

Sub1 contains an Azure App Service web app named App1. App1 uses Azure AD for single- tenant user authentication. Users from contoso.com can authenticate to App1.
You need to recommend a solution to enable users in the fabrikam.com tenant to authenticate to App1.
What should you recommend?
Correct Answer: C
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
You have an Azure subscription that contains 10 web apps. The apps are integrated with Azure AD and are accessed by users on different project teams.
The users frequently move between projects.
You need to recommend an access management solution for the web apps. The solution must meet the following requirements:
- The users must only have access to the app of the project to which
they are assigned currently.
- Project managers must verify which users have access to their
project's app and remove users that are no longer assigned to their
project.
- Once every 30 days, the project managers must be prompted
automatically to verify which users are assigned to their projects.
What should you include in the recommendation?
The users frequently move between projects.
You need to recommend an access management solution for the web apps. The solution must meet the following requirements:
- The users must only have access to the app of the project to which
they are assigned currently.
- Project managers must verify which users have access to their
project's app and remove users that are no longer assigned to their
project.
- Once every 30 days, the project managers must be prompted
automatically to verify which users are assigned to their projects.
What should you include in the recommendation?
Correct Answer: D
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
Drag and Drop Question
You have an Azure subscription.
You are planning the development of two Azure applications as shown in the following table.

You need to configure diagnostic settings and ensure logs are routed to the correct destination for each application.
What destination should you use for each application? To answer, drag the appropriate destinations to the correct applications. Each solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

You have an Azure subscription.
You are planning the development of two Azure applications as shown in the following table.

You need to configure diagnostic settings and ensure logs are routed to the correct destination for each application.
What destination should you use for each application? To answer, drag the appropriate destinations to the correct applications. Each solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Correct Answer:

0
0
0
10
