Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-305

Microsoft AZ-305 Exam
Designing Microsoft Azure Infrastructure Solutions (Page 15 )

Updated On: 15-Feb-2026
Page 13 of 67
PDF with 343 Questions

HOTSPOT (Drag and Drop is not supported)

You have an Azure subscription that contains 50 Azure SQL databases.

You create an Azure Resource Manager (ARM) template named Template1 that enables Transparent Data Encryption (TDE).

You need to create an Azure Policy definition named Policy1 that will use Template1 to enable TDE for any noncompliant Azure SQL databases.

How should you configure Policy1? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:


  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: DeployIfNotExists
DeployIfNotExists
Similar to AuditIfNotExists, a DeployIfNotExists policy definition executes a template deployment when the condition is met.

DeployIfNotExists evaluation
DeployIfNotExists runs after a configurable delay when a Resource Provider handles a create or update subscription or resource request and has returned a success status code. A template deployment occurs if there are no related resources or if the resources defined by ExistenceCondition don’t evaluate to true. The duration of the deployment depends on the complexity of resources included in the template.

During an evaluation cycle, policy definitions with a DeployIfNotExists effect that match resources are marked as non-compliant, but no action is taken on that resource.

Incorrect:
* EnforceRegoPolicy
No such thing in this context.

* Modify
Modify is used to add, update, or remove properties or tags on a subscription or resource during creation or update. A common example is updating tags on resources such as costCenter.

Modify evaluation
Modify evaluates before the request gets processed by a Resource Provider during the creation or updating of a resource. The Modify operations are applied to the request content when the if condition of the policy rule is met. Each Modify operation can specify a condition that determines when it’s applied. Operations with false condition evaluations are skipped.

Box 2: The identity required to perform the remediation task Policy assignments with effect set as DeployIfNotExists require a managed identity to do remediation.

Note: Each policy definition in Azure Policy has a single effect. That effect determines what happens when the policy rule is evaluated to match. The effects behave differently if they are for a new resource, an updated resource, or an existing resource.

These effects are currently supported in a policy definition:

Append
Audit
AuditIfNotExists
Deny
DenyAction (preview)
DeployIfNotExists
Disabled
Manual
Modify


Reference:

https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effects



You have an Azure subscription. The subscription contains a tiered app named App1 that is distributed across multiple containers hosted in Azure Container Instances.

You need to deploy an Azure Monitor monitoring solution for App1. The solution must meet the following requirements:

Support using synthetic transaction monitoring to monitor traffic between the App1 components.

Minimize development effort.

What should you include in the solution?

  1. Network Insights
  2. Application Insights
  3. Container insights
  4. Log Analytics Workspace insights

Answer(s): B

Explanation:

Application Insights provides other features including, but not limited to:
* Availability: Also known as synthetic transaction monitoring. Probe the external endpoints of your applications to test the overall availability and responsiveness over time.
* Etc.
Note: Synthetic monitoring is the use of software to simulate user interactions with a system. The data generated from the simulated transactions is then analyzed to evaluate how the system behaves.


Reference:



HOTSPOT (Drag and Drop is not supported)

You have an Azure subscription that contains the resources shown in the following table:



Log files from App1 are registered to App1Logs. An average of 120 GB of log data is ingested per day.

You configure an Azure Monitor alert that will be triggered if the App1 logs contain error messages.

You need to minimize the Log Analytics costs associated with App1. The solution must meet the following requirements:
Ensure that all the log files from App1 are ingested to App1Logs.

Minimize the impact on the Azure Monitor alert.

Which resource should you modify, and which modification should you perform? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Workspace1
Resource

Box 2: Change to a commitment pricing tier
Modification

Commitment tiers
In addition to the pay-as-you-go model, Log Analytics has commitment tiers, which can save you as much as 30 percent compared to the pay-as-you-go price. With commitment tier pricing, you can commit to buy data ingestion for a workspace, starting at 100 GB per day, at a lower price than pay-as-you-go pricing. Any usage above the commitment level (overage) is billed at that same price per GB as provided by the current commitment tier.

Incorrect:
*Change to the Basic Logs data plan.
Would not support alerts.

Note: Azure Monitor Logs offers two log data plans that let you reduce log ingestion and retention costs and take advantage of Azure Monitor’s advanced features and analytics capabilities based on your needs:

The default Analytics log data plan provides full analysis capabilities and makes log data available for queries, Azure Monitor features, such as alerts, and use by other services. The Basic log data plan lets you save on the cost of ingesting and storing high-volume verbose logs in your Log Analytics workspace for debugging, troubleshooting, and auditing, but not for analytics and alerts.

* Set a daily cap
A daily cap would not guarantee that all log files are ingested.

Set daily cap on Log Analytics workspace
A daily cap on a Log Analytics workspace allows you to avoid unexpected increases in charges for data ingestion by stopping collection of billable data for the rest of the day whenever a specified threshold is reached.


Reference:

https://learn.microsoft.com/en-us/azure/azure-monitor/logs/cost-logs#commitment-tiers https://learn.microsoft.com/en-us/azure/azure-monitor/logs/daily-cap https://learn.microsoft.com/en-us/azure/azure-monitor/logs/basic-logs-configure



You have 12 Azure subscriptions and three projects. Each project uses resources across multiple subscriptions.

You need to use Microsoft Cost Management to monitor costs on a per project basis. The solution must minimize administrative effort.

Which two components should you include in the solution? Each correct answer presents part of the solution.

Note: Each correct selection is worth one point.

  1. budgets
  2. resource tags
  3. custom role-based access control (RBAC) roles
  4. management groups
  5. Azure boards

Answer(s): A,B


Reference:



HOTSPOT (Drag and Drop is not supported)

You have an Azure subscription that contains multiple storage accounts.

You assign Azure Policy definitions to the storage accounts.

You need to recommend a solution to meet the following requirements:

Trigger on-demand Azure Policy compliance scans.

Raise Azure Monitor non-compliance alerts by querying logs collected by Log Analytics.

What should you recommend for each requirement? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Azure Command-Line Interface (CLI)
Trigger on-demand Azure Policy compliance scans.

On-demand evaluation scan
An evaluation scan for a subscription or a resource group can be started with Azure CLI, Azure PowerShell, a call to the REST API, or by using the Azure Policy Compliance Scan GitHub Action. This scan is an asynchronous process.

Box 2: Azure Activity logs
Raise Azure Monitor non-compliance alerts by querying logs collected by Log Analytics.

Azure Monitor logs
If you have a Log Analytics workspace with AzureActivity from the Activity Log Analytics solution tied to your subscription, you can also view non-compliance results from the evaluation of new and updated resources using simple Kusto queries and the AzureActivity table. With details in Azure Monitor logs, alerts can be configured to watch for non-compliance.


Reference:

https://learn.microsoft.com/en-us/azure/governance/policy/how-to/get-compliance-data






Post your Comments and Discuss Microsoft AZ-305 exam prep with other Community members:

Join the AZ-305 Discussion