Learn Cloud from Experts

Microsoft Azure Solutions

Architect Expert
Certification [AZ-305]

25 SAMPLE EXAM
QUESTIONS

[EDITION 01]

1. © Copyright 2021 | K21 Academy | All Rights Reserved

 Learn Cloud from Experts

Q 1. I have some private servers on my premises, also I have distributed some of my workload
on the public cloud, what is this architecture called?

A. Virtual Private Network

B. Private Cloud
C. Virtual Private Cloud
D. Hybrid Cloud

Answer: D
This type of architecture would be a hybrid cloud. Why? Because we are using both, the public cloud,
and on premises servers i.e., the private cloud. To make this hybrid architecture easy to use, would not it
be better if your private and public cloud were all on the same network (virtually). This is established by
including your public cloud servers in a virtual private cloud and connecting virtual cloud with your
on-premises servers using a VPN (Virtual Private Network).

For more information on Hybrid Cloud, you can visit the below links

 https://k21academy.com/az90015
 https://azure.microsoft.com/en-in/overview/what-is-hybrid-cloud-computing

Q 2. You plan to use the Azure Import/Export service to copy files to a storage account.
Which two files should you create before you prepare the drives for the import job? Each
correct answer presents part of the solution.

A. An XML manifest file

B. Dataset CSV file
C. A JSON configuration file
D. A PowerShell PS1 file
E. A Drive set CSV file

Answer: B, E
Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to
import a file or folder or both, add entries in the dataset.csv file.
For more information visit the below link

 https://docs.microsoft.com/en-us/azure/import-export/storage-import-export-data-to-files?
tabs=azure-portal#step-1-prepare-the-drives

Q 3. You have an Azure subscription named Subscription1.

You have 5 TB of data that you need to transfer to Subscription1.
You plan to use an Azure Import/Export job.
What can you use as the destination of the imported data?
What should you do first?

A. Azure Data Lake Store

B. A virtual machine
C. The Azure File Sync Storage Sync Service
D. Azure Blob storage

2. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

Answer: D
Azure Blob Storage, Azure Import/Export service is used to securely import large amounts of data to
Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
The maximum size of an Azure Files Resource of a file share is 5TB.
For more information visit the below link

● https://k21academy.com/az10428
● https://azure.microsoft.com/en-in/services/storage/import-export/

Q 4. You have an Azure Storage account named storage1.

You plan to use AzCopy to copy data to storage1.
You need to identify the storage services in storage1 to which you can copy the data.
What should you identify?

A. Blob, file, table, and queue

B. Blob and file only
C. File and table only
D. File only

Answer: B
Blob and File only, AzCopy is a command-line utility that you can use to copy blobs or files to or from a
storage account.
AzCopy does not support table and queue storage services.

For more information visit the below link

● https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10

Q 5. You have an app named App1 that runs on two Azure virtual machines named VM1 and
VM2.
You plan to implement an Azure Availability Set for App1. The solution must ensure that App1
is available during planned maintenance of the hardware hosting
VM1 and VM2.
What should you include in the Availability Set?

A. One update domain

B. Two fault domains
C. One fault domain
D. Two update domains

Answer: D
Two update domains, Microsoft updates which Microsoft refers to as planned maintenance events,
sometimes require that VMs be rebooted to complete the update. To reduce the impact on VMs, the
Azure fabric is divided into update domains to ensure that not all VMs are rebooted at the same time.
An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same
time
A fault domain shares common storage as well as a common power source and network switch. It is
used to protect against unplanned system failure.

For more information visit the below link

3. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

● https://k21academy.com/az10414
● https://docs.microsoft.com/en-us/azure/virtual-machines/availability-set-overview

Q 6. Which of the following rule would you apply to the Network Security Group for the
Network interface attached to the Web server?

A. An inbound rule allowing traffic on port 80

B. An inbound rule allowing traffic on port 443
C. An outbound rule allowing traffic on port 80
D. An outbound rule allowing traffic on port 443

Answer: B
Since the users will connect via HTTPS, that means that port 443 should be open. And we need to add
an Inbound security rule.

For more information visit the below link

● https://k21academy.com/az90022
● https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

Q 7. Your company has an Azure virtual machine that runs Windows Server 2016. You must
create an alert in Azure whenever two error events are logged to the System log on the virtual
machine within an hour.
You decide to create a Log Analytics workspace and configure the data settings. You then
setup the virtual machine as a data source. You then create an alert in Azure Monitor and
specify the Log Analytics as the source.

Would this fulfill the requirement?

A. Yes
B. No

Answer: A
You can create alerts in Azure Monitor based on the events recorded in the Log Analytics workspace.

For more information visit the below link

● https://docs.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-tutorial

Q 8. A company has setup a Load balancer that load balances traffic on port 80 and 443 across
3 virtual machines. You have to ensure that all clients are serviced by the same web server for
each request. Which of the following would you configure for this requirement?

A. Floating IP
B. Health Probe
C. Session Persistence
D. TCP Reset

4. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

Answer: C
Session Persistence, Floating IP is incorrect since this is used when you have multiple front-end IP’s,
Health Probe is incorrect since this is used to check the health of the back end VM’s, and TCP Reset is
incorrect since this is used for idle timeout.

For more information visit the below link

● https://k21academy.com/az10426
● https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-distribution-mode?tabs=
azure-portal

Q 9. You need to allow traffic onto certain FQDN’s via the Azure Firewall. Which of the follow-
ing rules would you create for this requirement?

A. NAT collections rules

B. Network collection rules
C. Application collection rules
D. FQDN collection rules

Answer: C
Application collection rules. One way you can control outbound network access from an Azure subnet is
with Azure Firewall. With Azure Firewall, you can configure, Application rules that define fully qualified
domain names (FQDNs) that can be accessed from a subnet.

For more information visit the below link

● https://docs.microsoft.com/en-us/azure/firewall/rule-processing

Q 10. You have to deploy a web application for your company by using the Azure Web App
Service. The backup and restore option should be available for the web application. Costs
should also be minimized for hosting the application.
Which of the following would you choose as the underlying App Service Plan?

A. Shared
B. Basic
C. Standard
D. Premium

Answer: C
Standard, the backup and restore option is available with the Standard App Service Plan. So, no need to
go with premium.

For more information visit the below link

● https://k21academy.com/az10429
● https://azure.microsoft.com/en-in/pricing/details/app-service/windows/

5. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

Q 11. A company has two applications, appA and appB. Below are the details of each
application
● appA – This application is deployed to an Azure Web App. Manged Identity has been enabled
for the web app.
● appB – This application is deployed to an Azure Container Instance. Manged Identity has
been enabled on the container instance.

These applications need to access a storage account. The solution needs to limit the use of
secrets. Also, appB should only be able to access the storage account for a maximum of 15
days.
Which of the following needs to be used to allow appB to access the storage account?

A. CORS
B. Access Keys
C. Shared Access Signatures
D. Managed Identity

Answer: C
Shared Access Signature, here we need to provide time bound access, we need to make use of Shared
Access Signatures.

For more information visit the below link

● https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview

Q 12. A company has an Azure subscription and an Azure tenant. The administrator has
enabled multi-factor authentication for all users. The administrator needs to ensure that users
can lock out their own account if they receive an unsolicited MFA request from Azure. Which
of the following needs to be configured for this requirement?

A. Configure Block/unblock users

B. Configure Providers
C. Configure Fraud alerts
D. Configure Notifications

Answer: C
Configure Fraud alerts Configure settings that allow users to report fraudulent verification requests.

For more information visit the below link

● https://k21academy.com/az30412
● https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

Q 13. A development team has just launched an Azure Kubernetes cluster. They have images
placed in an Azure container registry. They want to deploy an application onto the cluster
using an image from the Azure container registry. Which of the following command could be
used to fulfil this requirement?
Would this fulfil the requirement?

6. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

A. AZ kubernetes deploy
B. kubectl apply
C. Docker run
D. Docker build

Answer: B
kubectl apply, to deploy an application to the cluster, you have to use the kubectl apply command.

For more information visit the below link

● https://k21academy.com/kubernetes40
● https://docs.microsoft.com/en-us/azure/aks/tutorial-kubernetes-deploy-application?tabs=azure-cli

Q 14. Your team needs to deploy an Azure Resource manager template. This template would
be used to deploy 10 Azure Web Apps. The team needs to ensure the required resources are
present in Azure prior to the deployment of the template. The implementation needs to mini-
mize on costs. Which of the following would the team need to deploy as a pre-requisite?
Would this fulfil the requirement?

A. An Azure Application Gateway

B. A single App Service Plan
C. An Azure Load Balancer
D. 10 App Service Plans

Answer: B
A Single App Service Plan, For an Azure Web App, you need to have an Azure App Service Plan in place.
To minimize costs, you can have a single App Service Plan and link all the Azure Web Apps to that App
Service Plan

For more information visit the below link

● https://k21academy.com/az10429
● https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans

Q 15. You discover that VM3 does NOT meet the technical requirements. You need to verify
whether the issue relates to the NSGs. What should you use?

A. Diagram in VNet1
B. The security recommendations in Azure Advisor
C. Diagnostic settings in Azure Monitor
D. IP flow verify in Azure Network Watcher

Answer: D
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information
consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a
security group, the name of the rule that denied the packet is returned. While any source or destination
IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the
internet and from or to the on-premises environment.

For more information visit the below link

7. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

● https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

Q 16. Your company currently has an Azure subscription. They also have third-party hosting
providers. They need to have a centralized monitoring solution in place. Below are the key
requirements for the monitoring solution

● Collect all of the log and diagnostic data from all of the third-party providers.
● Ensure that all data is collected in a centralized repository
● Be able to analyse the log data and detect threats
● Enable the automated response to all known events

Which of the following is an Azure service you would use for these requirements?

A. Azure Sentinel
B. Azure Log Analytics
C. Azure Monitor
D. Azure Application Insights

Answer: A
Azure Sentinel has built in threat intelligence. You can also collect data from a variety of data sources.
The Microsoft documentation mentions the following

All of the other options are incorrect because they don’t provide support for automatic detection of
threats

For more information on Azure Sentinel , you can visit the below link

● https://docs.microsoft.com/en-us/azure/sentinel/overview

8. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

Q 17. A company is going to be deploying an Azure SQL Database instance to the Central US
region. They have the following requirements when it comes to the security for the database
instance

● Only select workstations with static Public IP addresses should be allowed to connect and perform
administration on the database
● An Application hosted in a Virtual Network on a Virtual machine would need to interact with the
Azure SQL database
● A function is implemented which hides the Social Security Numbers column in the Person table in the
database

Which of the following would be best suited to fulfil the requirement?

“Only select workstations with static Public IP addresses should be allowed to connect and perform
administration on the database”

A. Azure Network Watcher

B. Server Level IP Firewall rules
C. Network Security Groups
D. Application Security Groups

Answer: B
You can use as shown in the Microsoft documentation below
Since this is clearly given in the Microsoft documentation, all other options are incorrect
For more information on configuring the firewall for Azure SQL database,
please visit the below URL

● https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure

9. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

Q 18. Your company currently uses Microsoft System Center Service Manager on its on-prem-
ises network. The company needs a solution to push Azure service health alerts to Service
Manager. Which of the following would you recommend in the solution?
A. IT Service Management Connector
B. Application Insights Connector
C. Azure Event Hubs
D. Azure Notification Hubs

Answer:A
If you want to have bi-directional support between Microsoft System Center Service Manager and
Azure, you need to install the IT Service Management Connector.
This is also mentioned in the Microsoft documentation

Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on the IT Service Management Connector,

you can visit the below link

● https://docs.microsoft.com/en-us/azure/azure-monitor/platform/itsmc-overview

Q 19. A company currently used Azure Application Insights. They want to use the continuous
export feature and be able to store the Application Insights data for five years. Which of the
following should they use for the storage of data?

A. Azure SQL database

B. Azure Storage
C. Azure Monitor Logs
D. Azure Backup

10. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

Answer: B
With the continuous export feature of Application Insights, you need to store the data in an Azure
storage account.
The Microsoft documentation mentions the following

Since this is clearly given in the Microsoft documentation, all other options are incorrect
For more information on exporting telemetry data,

you can visit the below link

● https://docs.microsoft.com/en-us/azure/azure-monitor/app/export-telemetry

Q 20. Your company has an Azure SQL database. You have to monitor the number of times the
below query is fired against the database
select * from testlabapp where appId=100
Which of the following can be used for this requirement?

A. Azure Monitor
B. Azure Log Analytics
C. Query Performance Insight
D. Query Store

Answer: C
You can achieve this with Query Performance Insights
The Microsoft documentation mentions the following

11. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

Since this is clearly given in the Microsoft documentation, all other options are incorrect
For more information on Query Performance Insight,

you can visit the below link

● https://docs.microsoft.com/en-us/azure/azure-sql/database/query-performance-insight-use

Q 21. Your company has an Azure storage account. The storage account contains two files
named testlab-file1 and testlab-file2. The data files are 1 GB in size. Each of the files use the
archive access tier.
You have to ensure that testlab-file1 is accessible immediately when a retrieval request is
initiated
You decide to set move the file to a new storage account and then set the Access tier of the
file to Archive.

Would this fulfil the requirement?

A. Yes
B. No

Answer: B
The blob needs to be rehydrated onto the Hot or Cool Access tier to ensure the blob can be download-
ed at any time
For more information on rehydrating blobs which are in the archive access tier,

you can visit the below link

● https://k21academy.com/az10428
● https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-rehydration?tabs=azure-portal

Q 22 . Your company has an on-premises network that contains a file server named test-
lab-server. The server contains 500 GB of data. You have to use the Azure Data Factory service
to copy the data from the server onto Azure Storage.

Which of the following would you do from the data factory side?
A. Create an import job
B. Create an export job
C. Use the Azure-SQL Server Integration Services Integration runtime
D. Create a pipeline

Answer: D
In Azure Data Factory you would create a pipeline to copy the data
The Microsoft documentation mentions the following

12. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

Since this is the ideal approach , all other options are incorrect
For more information on Azure Data Factory,

you can visit the below link

● https://k21academy.com/azurede13
● https://docs.microsoft.com/en-us/azure/data-factory/introduction

Q 23. A company is planning on storing database backups onto Azure. These backups will be
individual .bak files. The files need to be stored for compliance reasons. Most likely the data
backups will never be used for recovery purposes. You have to decide on which solution to use
for the backup data. You have to minimize on costs.

A. An Azure SQL database

B. Azure BLOB storage that uses the Archive tier
C. Azure BLOB storage that uses the Cool tier
D. A Recovery Services vault

Answer: B
Using BLOB storage for storing files and objects is ideal. You can use the Archive tier to save on storage
costs for objects that are not retrieved. The Microsoft documentation mentions the following

13. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

Option A is incorrect since this is a SQL data store and should not be used to file based backups.
Option C is incorrect since using the Archive tier would be a more cost-effective option
Option D is incorrect since this is used when using the Azure Backup and Site Recovery service
For more information on the different storage tiers,

please visit the below URL

● https://k21academy.com/az10428
● https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

Q 24. Your company currently stores web access logs for an application in Azure Blob storage.
Reports will then be generated from the access logs. You have to ensure that data is sent
automatically to an Azure SQL database from Azure Storage accounts at the end of each
month. The reports are then generated from the data stored in Azure SQL database. Which of
the following should be implemented for this requirement?

A. Azure Data Factory

B. Data Migration Assistant
C. Microsoft SQL Server Migration Assistant (SSMA)
D. AzCopy

Answer: A
With Azure Data Factory, you can create a data pipeline. The data pipeline can be used to transfer data
from Azure Blob storage to an Azure SQL database. The pipeline can also run based on a schedule.
● Option B is incorrect since this is used to assess compatibility issues when it comes to upgrading your
data store to a newer version of SQL Server or Azure SQL database.
● Option C is incorrect since this is used to automate the database from to SQL Server
● Option D is incorrect since this is used for copying of data between Azure storage accounts

For more information on Azure Data Factory, one can go to the following URL

● https://k21academy.com/azurede13
● https://docs.microsoft.com/en-us/azure/data-factory/introduction

Q 25: Which of the following would you use to route traffic across the web tier virtual
machines?
A. Azure VPN gateway
B. Azure Load Balancer
C. Azure Logic Apps
D. Azure Service Bus

Correct Answer: B

● Option A is incorrect since this is used to establish a VPN connection from an Azure virtual network
onto an on-premises data center network
● Option C is incorrect since this is a workflow service in Azure
● Option D is incorrect since this is a messaging service in Azure
Here you can make use of the Azure Load Balancer service to load balance the requests across the
virtual machines. You can place the virtual machines in the backend pool that will take the user traffic
via the load balancer.

14. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

For more information on the Azure Load Balancer, one can go to the following URL

● https://k21academy.com/az10426
● https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

15. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

FREE CLASS

This Interactive Session Will Help You In Gaining An Understanding Of...

• Why and Who should Learn Azure Cloud?

• Azure Certification Roadmap for Architects
• Your paths to earning the Azure Solutions Architect Expert certification
• Difference between AZ-303, AZ-304 vs AZ-305
• Azure Architecture: Geography, Region, AZ.
• Multi-Tier HA & DR Deployment on Azure

https://k21academy.com/az30502

16. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

ABOUT AUTHOR

Atul Kumar Is An Author & Certified Cloud Architect

With 21+ Years of IT Experience. Helped 10000+
Individuals like you to learn cloud including Azure,
AWS, Google & Oracle, Dockers & Kubernetes.

He is helping individuals like you to become expert in

Azure Solutions Architect.

/oracleappsdba /k21academy /k21academy /k21academy /k21academy

17. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502
 Learn Cloud from Experts

Learn Cloud from Experts

[email protected]

PHONE
US: +1 530 264 8480
IN: +91 804 680 8844
+91 7023687648

18. © Copyright 2021 | K21 Academy | All Rights Reserved FREE CLASS: https://k21academy.com/az30502