AZ-305 Test Comprehensive
Questions with Verified
Answers Graded A+
You have an Azure solution that uses a virtual network, a storage account, and multiple virtual
machines.
You need to recommend a solution to log information about IP traffic entering and leaving the
virtual network.
Which type of logging solution should you recommend? - Answer: network security group (NSG)
flow logs
You have an Azure App Service app named App1.
You need to identify the App1 features that are most popular with users and how users interact
with App1.
Which Azure Monitor insight should you use? - Answer: Application Insights
You have five Azure SQL databases in a resource group named RG1.
Logs from the databases in RG1 are sent to a Log Analytics workspace named WS1. WS1 is
configured to use resource-context access mode.
,You need to recommend the permissions required to provide a user with the ability to review
the logs for the databases. The solution must follow the principle of least privilege.
What should you recommend? - Answer: Reader access to RG1
You are designing a solution that uses Azure Kubernetes Service (AKS).
You need to ensure that a user has permissions to view and modify AKS roles within an AKS
cluster. The solution must follow the principle of least privilege.
Which built-in role should you assign to the user? - Answer: Azure Kubernetes Service
Contributor Role
You are designing the authentication strategy for Azure.
You need to ensure that when users authenticate from an unknown device, they are required to
use multi-factor authentication (MFA).
What should you include in the design? - Answer: Conditional Access
You have an Azure subscription that contains a web app named WebApp1.
You need to recommend a solution to allow or deny access to WebApp1 only for users signed in
from compliant tablet devices.
What should you use? - Answer: Conditional Access
, You have an application that runs on load-balanced Azure virtual machines. The application
must access an Azure storage account and an Azure key vault.
You need to recommend an identity strategy for accessing Azure resources. The solution must
meet the following requirements:
Secure access to the resources based on permissions.
Minimize the number of identities to create.
Which type of identity should you include in the recommendation? - Answer: user-assigned
managed identities
You need to design an identity solution for Azure virtual machines. The solution must meet with
the following requirements:
Identities must be removed when virtual machines are deleted.
Identities cannot be shared among multiple virtual machines.
Which type of identity should you use? - Answer: system-assigned managed identities
You are designing an authentication solution for a hybrid environment that spans Azure and on-
premises datacenters.
You need to use Microsoft Entra ID to authenticate remote users accessing applications on-
premises.
What should you include in the design? - Answer: Microsoft Entra Application Proxy
You are migrating an on-premises application to Azure.
Questions with Verified
Answers Graded A+
You have an Azure solution that uses a virtual network, a storage account, and multiple virtual
machines.
You need to recommend a solution to log information about IP traffic entering and leaving the
virtual network.
Which type of logging solution should you recommend? - Answer: network security group (NSG)
flow logs
You have an Azure App Service app named App1.
You need to identify the App1 features that are most popular with users and how users interact
with App1.
Which Azure Monitor insight should you use? - Answer: Application Insights
You have five Azure SQL databases in a resource group named RG1.
Logs from the databases in RG1 are sent to a Log Analytics workspace named WS1. WS1 is
configured to use resource-context access mode.
,You need to recommend the permissions required to provide a user with the ability to review
the logs for the databases. The solution must follow the principle of least privilege.
What should you recommend? - Answer: Reader access to RG1
You are designing a solution that uses Azure Kubernetes Service (AKS).
You need to ensure that a user has permissions to view and modify AKS roles within an AKS
cluster. The solution must follow the principle of least privilege.
Which built-in role should you assign to the user? - Answer: Azure Kubernetes Service
Contributor Role
You are designing the authentication strategy for Azure.
You need to ensure that when users authenticate from an unknown device, they are required to
use multi-factor authentication (MFA).
What should you include in the design? - Answer: Conditional Access
You have an Azure subscription that contains a web app named WebApp1.
You need to recommend a solution to allow or deny access to WebApp1 only for users signed in
from compliant tablet devices.
What should you use? - Answer: Conditional Access
, You have an application that runs on load-balanced Azure virtual machines. The application
must access an Azure storage account and an Azure key vault.
You need to recommend an identity strategy for accessing Azure resources. The solution must
meet the following requirements:
Secure access to the resources based on permissions.
Minimize the number of identities to create.
Which type of identity should you include in the recommendation? - Answer: user-assigned
managed identities
You need to design an identity solution for Azure virtual machines. The solution must meet with
the following requirements:
Identities must be removed when virtual machines are deleted.
Identities cannot be shared among multiple virtual machines.
Which type of identity should you use? - Answer: system-assigned managed identities
You are designing an authentication solution for a hybrid environment that spans Azure and on-
premises datacenters.
You need to use Microsoft Entra ID to authenticate remote users accessing applications on-
premises.
What should you include in the design? - Answer: Microsoft Entra Application Proxy
You are migrating an on-premises application to Azure.
