Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-305

Microsoft AZ-305 Exam
Designing Microsoft Azure Infrastructure Solutions (Page 8 )

Updated On: 12-Feb-2026
Page 8 of 67
PDF with 343 Questions

You plan to deploy an app that will use an Azure Storage account.

You need to deploy the storage account. The storage account must meet the following requirements:

Store the data for multiple users.

Encrypt each user’s data by using a separate key.

Encrypt all the data in the storage account by using customer-managed keys.

What should you deploy?

  1. files in a premium file share storage account
  2. blobs in a general purpose v2 storage account
  3. blobs in an Azure Data Lake Storage Gen2 account
  4. files in a general purpose v2 storage account

Answer(s): B

Explanation:

You can specify a customer-provided key on Blob storage operations. A client making a read or write request against Blob storage can include an encryption key on the request for granular control over how blob data is encrypted and decrypted.


Reference:



HOTSPOT (Drag and Drop is not supported)

You have an Azure App Service web app that uses a system-assigned managed identity.

You need to recommend a solution to store the settings of the web app as secrets in an Azure key vault. The solution must meet the following requirements:

Minimize changes to the app code.

Use the principle of least privilege.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:


  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Key Vault references in Application settings
Source Application Settings from Key Vault.
Key Vault references can be used as values for Application Settings, allowing you to keep secrets in Key Vault instead of the site config. Application Settings are securely encrypted at rest, but if you need secret management capabilities, they should go into Key Vault.

To use a Key Vault reference for an app setting, set the reference as the value of the setting. Your app can reference the secret through its key as normal. No code changes are required.

Box 2: Secrets: Get
In order to read secrets from Key Vault, you need to have a vault created and give your app permission to access it.

1. Create a key vault by following the Key Vault quickstart.
2. Create a managed identity for your application.
3. Key Vault references will use the app’s system assigned identity by default, but you can specify a user- assigned identity.
4. Create an access policy in Key Vault for the application identity you created earlier. Enable the “Get” secret permission on this policy.


Reference:

https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references



You plan to deploy an application named App1 that will run on five Azure virtual machines. Additional virtual machines will be deployed later to run App1.

You need to recommend a solution to meet the following requirements for the virtual machines that will run App1:

Ensure that the virtual machines can authenticate to Microsoft Entra ID to gain access to an Azure key vault,

Azure Logic Apps instances, and an Azure SQL database.
Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines.

Avoid storing secrets and certificates on the virtual machines.

Minimize administrative effort for managing identities.

Which type of identity should you include in the recommendation?

  1. a system-assigned managed identity
  2. a service principal that is configured to use a certificate
  3. a service principal that is configured to use a client secret
  4. a user-assigned managed identity

Answer(s): D

Explanation:

Managed identities provide an identity for applications to use when connecting to resources that support Microsoft Entra authentication.
A user-assigned managed identity:
Can be shared.
The same user-assigned managed identity can be associated with more than one Azure resource.
Common usage:
Workloads that run on multiple resources and can share a single identity.
For example, a workload where multiple virtual machines need to access the same resource.
Incorrect:
Not A: A system-assigned managed identity can’t be shared. It can only be associated with a single Azure resource.
Typical usage:
Workloads that are contained within a single Azure resource.
Workloads for which you need independent identities.
For example, an application that runs on a single virtual machine.


Reference:



You have the resources shown in the following table:



CDB1 hosts a container that stores continuously updated operational data.

You are designing a solution that will use AS1 to analyze the operational data daily.

You need to recommend a solution to analyze the data without affecting the performance of the operational data store.

What should you include in the recommendation?

  1. Azure Cosmos DB change feed
  2. Azure Data Factory with Azure Cosmos DB and Azure Synapse Analytics connectors
  3. Azure Synapse Link for Azure Cosmos DB
  4. Azure Synapse Analytics with PolyBase data loading

Answer(s): C

Explanation:

Azure Synapse Link for Azure Cosmos DB creates a tight integration between Azure Cosmos DB and Azure Synapse Analytics. It enables customers to run near real-time analytics over their operational data with full performance isolation from their transactional workloads and without an ETL pipeline.


Reference:



HOTSPOT (Drag and Drop is not supported)

You deploy several Azure SQL Database instances.

You plan to configure the Diagnostics settings on the databases as shown in the following exhibit.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: 90 days
As per exhibit.

Box 2: 730 days
How long is the data kept?
Raw data points (that is, items that you can query in Analytics and inspect in Search) are kept for up to 730 days.


Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/app/data-retention-privacy






Post your Comments and Discuss Microsoft AZ-305 exam prep with other Community members:

Join the AZ-305 Discussion