Microsoft AZ-305 Designing Microsoft Azure Infrastructure Solutions Exam Dumps and Practice Test Questions Set 3 Q41-60

Visit here for our full Microsoft AZ-305 exam dumps and practice test questions.

Question 41

A company plans to deploy a multi-tier application in Azure that requires high availability, secure access to secrets, and automatic scaling. The web tier must also support staging environments for zero-downtime deployments. Which architecture should they implement?

Answer

A) Azure App Service for the web tier, Azure Key Vault for secrets, and Azure SQL Database with zone-redundant configuration
B) Azure Virtual Machines for the web tier, Azure Storage Account for secrets, SQL Server on VM
C) Azure Kubernetes Service for the web tier, Azure App Configuration for secrets, PostgreSQL single instance
D) Azure Functions for the web tier, Azure Storage Account for secrets, Cosmos DB

Explanation

The correct answer is A) Azure App Service for the web tier, Azure Key Vault for secrets, and Azure SQL Database with zone-redundant configuration.

Azure App Service is a fully managed platform for hosting web applications. It provides automatic scaling to handle varying loads, integrated high availability with SLA-backed uptime, and staging slots that enable zero-downtime deployments. Staging slots allow developers to deploy new versions of the application into a separate environment, test them, and swap them into production safely. This reduces risks of downtime and ensures continuous delivery in complex multi-tier architectures. App Service integrates natively with CI/CD pipelines in Azure DevOps, GitHub, and other platforms, allowing teams to maintain agile development practices.

Azure Key Vault securely manages secrets, certificates, and encryption keys. Applications can access secrets via managed identities, eliminating hard-coded credentials and minimizing security risks. Key Vault also supports auditing, secret rotation, versioning, and integration with regulatory compliance frameworks like HIPAA and GDPR, providing a centralized and secure approach to secret management.

Azure SQL Database with zone-redundant configuration ensures database availability even during zone-level failures. It provides automatic patching, backups, monitoring, and high availability, reducing operational burden. Zone redundancy replicates the database across multiple availability zones in the same region, protecting against hardware, power, or network failures.

Option B increases operational complexity. Hosting web tiers on VMs requires manual scaling, patching, and load balancing configuration. Using a Storage Account for secrets lacks enterprise-grade secret management, increasing the risk of credential exposure.

Option C introduces AKS for web tiers, which adds operational overhead. Kubernetes clusters require management of nodes, pods, scaling, and monitoring. PostgreSQL single instance lacks zone redundancy, making it less resilient for high-availability scenarios. App Configuration is designed for app settings management but does not provide secure secret storage.

Option D focuses on serverless architectures. Azure Functions is suitable for event-driven workloads, but may not meet requirements for multi-tier, relational applications with persistent connections. Cosmos DB is NoSQL, which may require significant changes for relational workloads. Storage Account for secrets does not meet enterprise security standards.

This architecture ensures a secure, highly available, and scalable multi-tier solution. Integrating monitoring with Azure Monitor and Application Insights provides visibility into performance metrics, resource utilization, and operational alerts. Azure Policy and RBAC ensure compliance and governance across the solution.

The combination of App Service, Key Vault, and SQL Database aligns with AZ-305 objectives for designing highly available, secure, and scalable architectures, supporting business-critical applications such as SaaS platforms, e-commerce websites, and enterprise applications. This solution minimizes operational overhead, reduces risks, and ensures resiliency and compliance.

Question 42

A company plans to migrate its on-premises virtual machines to Azure. They require continuous replication, planned and unplanned failover, and minimal downtime. Which Azure service is most suitable?

Answer

A) Azure Site Recovery
B) Azure Backup
C) Azure Migrate
D) Azure Automation

Explanation

The correct answer is A) Azure Site Recovery.

Azure Site Recovery (ASR) provides Disaster Recovery as a Service (DRaaS). It replicates on-premises VMs, physical servers, and workloads to Azure, enabling organizations to maintain business continuity. ASR ensures continuous replication, meaning the Azure environment remains up-to-date with minimal lag.

Key features of ASR include:

Planned Failover: Administrators can initiate a controlled failover during maintenance or upgrades, ensuring minimal downtime.

Unplanned Failover: If the primary site experiences an outage, ASR enables automatic failover to Azure.

Recovery Plans: Multi-tier applications can be orchestrated to start in the correct sequence, maintaining consistency and functionality.

Non-Disruptive Testing: Organizations can validate DR plans without impacting production, ensuring readiness for compliance audits.

Monitoring and Integration: ASR integrates with Azure Monitor and Log Analytics, providing insights into replication health, failover events, and operational alerts.

Option B) Azure Backup protects data but does not offer real-time replication or failover, so it is not suitable for migrations requiring minimal downtime.

Option C) Azure Migrate helps with discovery, assessment, and planning of migrations but does not provide replication or failover capabilities.

Option D) Azure Automation automates administrative tasks but cannot replicate workloads or manage failover.

Using ASR allows enterprises to migrate workloads such as SAP, SQL Server, and custom applications to Azure with high availability. It can be combined with ExpressRoute to improve network performance for replication. ASR also supports RTO (Recovery Time Objective) and RPO (Recovery Point Objective) definitions, aligning with business continuity requirements.

This solution aligns with AZ-305 objectives for designing resilient and highly available hybrid infrastructures, enabling enterprises to ensure minimal downtime, operational reliability, and compliance with disaster recovery standards.

Question 43

A company is designing a globally distributed web application that requires low-latency access for users worldwide and automatic failover in case a region becomes unavailable. Which Azure services should they use?

Answer

A) Azure Front Door and Azure Traffic Manager
B) Azure Load Balancer and Azure Application Gateway
C) Azure CDN and Azure Bastion
D) Azure App Service Environment and VPN Gateway

Explanation

The correct answer is A) Azure Front Door and Azure Traffic Manager.

Azure Front Door provides global HTTP/HTTPS load balancing, routing users to the nearest or healthiest backend. It supports edge caching, SSL offload, WAF integration, and dynamic site acceleration, which collectively improve application performance and security.

Azure Traffic Manager is a DNS-based traffic routing service that monitors backend health and performs automatic failover. Traffic Manager can direct traffic using performance, priority, weighted, or geographic routing methods, ensuring users are always connected to the optimal endpoint.

Option B) Load Balancer is regional, distributing traffic within a single region. Application Gateway provides Layer 7 routing but lacks cross-region failover.

Option C) CDN accelerates static content delivery but does not provide dynamic traffic management or failover. Bastion secures VM access and is unrelated to web application routing.

Option D) App Service Environment is private and regional; VPN Gateway secures network connectivity but does not provide low-latency global routing or failover.

By combining Front Door and Traffic Manager, organizations achieve resiliency, global performance optimization, and security. Integrating Azure Monitor and Application Insights provides observability, alerting, and performance metrics. This architecture aligns with AZ-305 objectives for designing high-performance, globally available applications that can scale efficiently and recover from regional outages.

Question 44

A company wants to deploy a serverless, event-driven application that must automatically scale based on demand and integrate with Blob storage, queues, and HTTP triggers. Which service should they use?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions is a serverless compute platform that executes code in response to events. It automatically scales to meet highly variable workloads, ensuring cost-efficient operation. Supported triggers include:

Blob Storage: Executes when new files are uploaded, ideal for ETL pipelines or automated file processing.

Queue Storage: Processes queued messages asynchronously for background workflows.

HTTP Triggers: Provides serverless API endpoints that integrate with web and mobile applications.

Option B) VMs require manual management, scaling, and patching, which increases operational overhead.

Option C) AKS is suitable for containerized applications but adds complexity for simple event-driven workloads.

Option D) Dedicated App Service Plans provide hosting but lack true serverless elasticity and granular event-driven triggers.

Azure Functions integrates with Key Vault for secure secret access, Cosmos DB for persistence, and Application Insights for monitoring, enabling fully managed, highly available, and scalable event-driven architectures. This aligns with AZ-305 objectives for designing serverless architectures with minimal operational overhead and high availability.

Question 45

A company requires a globally distributed NoSQL database that supports low-latency reads, multi-region writes, and automatic scaling. Which service should they implement?

Answer

A) Azure Cosmos DB
B) Azure SQL Database
C) Azure Database for PostgreSQL
D) Azure Table Storage

Explanation

The correct answer is A) Azure Cosmos DB.

Azure Cosmos DB is a fully managed, globally distributed NoSQL database supporting multi-region writes, automatic replication, and low-latency reads at the 99th percentile. It offers five consistency models (strong, bounded staleness, session, consistent prefix, and eventual), allowing organizations to balance performance and data integrity according to their application needs.

Option B) SQL Database supports geo-replication but is single-master and does not natively support multi-region writes.

Option C) PostgreSQL supports read replicas but cannot achieve multi-region write and low-latency global replication natively.

Option D) Table Storage is simple and cost-effective but lacks advanced querying, global write support, and multi-region replication.

Cosmos DB is ideal for IoT, gaming, and social applications, providing fast, globally available access. It integrates with Azure Front Door for optimized user request routing. Cosmos DB also ensures automatic indexing, backup, encryption, and compliance, aligning with AZ-305 best practices for highly available, globally distributed NoSQL databases.

Question 46

A company wants to deploy a globally distributed web application that requires low-latency access for users worldwide and automatic failover in case a region becomes unavailable. Which Azure services should they use?

Answer

A) Azure Front Door and Azure Traffic Manager
B) Azure Load Balancer and Azure Application Gateway
C) Azure CDN and Azure Bastion
D) Azure App Service Environment and VPN Gateway

Explanation

The correct answer is A) Azure Front Door and Azure Traffic Manager.

Azure Front Door provides global HTTP/HTTPS load balancing, routing users to the nearest healthy backend. It also supports SSL offload, caching, WAF integration, and dynamic site acceleration, improving both performance and security. Front Door operates at the application layer, enabling advanced routing rules and path-based routing, which is essential for complex multi-tier applications.

Azure Traffic Manager is a DNS-based traffic routing service. It monitors backend health and performs automatic failover based on routing methods such as performance, priority, weighted, or geographic. By combining Traffic Manager with Front Door, organizations achieve both global performance optimization and high availability. Traffic Manager ensures that traffic is directed away from unhealthy regions, while Front Door manages low-latency delivery and security at the edge.

Option B: Load Balancer is regional and cannot handle cross-region failover. Application Gateway is a regional Layer 7 service and does not provide global failover.

Option C: CDN accelerates static content but does not manage dynamic application traffic or failover. Bastion provides secure VM access, unrelated to web routing.

Option D: App Service Environment is private and regional, and VPN Gateway secures connections but does not handle global traffic management or low-latency routing.

Using Front Door and Traffic Manager enables enterprises to build a resilient, highly available, and globally optimized application. Integration with Azure Monitor and Application Insights provides visibility, alerting, and operational insights, supporting AZ-305 objectives for highly available, globally performant web applications. This architecture ensures optimal performance, seamless failover, and enterprise-grade security.

Question 47

A company needs to deploy a multi-tier application in Azure with automatic scaling, high availability, and secure storage of secrets. Which architecture is most suitable?

Answer

A) Azure App Service for the web tier, Azure Key Vault for secrets, and Azure SQL Database with zone-redundant configuration
B) Azure Virtual Machines for the web tier, Azure Storage Account for secrets, SQL Server on VM
C) Azure Kubernetes Service for the web tier, Azure App Configuration for secrets, PostgreSQL single instance
D) Azure Functions for the web tier, Azure Storage Account for secrets, Cosmos DB

Explanation

The correct answer is A) Azure App Service for the web tier, Azure Key Vault for secrets, and Azure SQL Database with zone-redundant configuration.

Azure App Service provides fully managed hosting with automatic scaling, integrated high availability, and staging slots for zero-downtime deployments. Staging slots allow developers to deploy changes to a test environment before swapping into production, reducing operational risk. App Service integrates with CI/CD pipelines, enabling continuous delivery.

Azure Key Vault ensures secure storage of secrets, certificates, and encryption keys. Applications access secrets via managed identities, removing the need for hard-coded credentials. Key Vault supports auditing, secret rotation, and integration with regulatory compliance frameworks such as HIPAA and GDPR.

Azure SQL Database with zone-redundancy ensures high availability even during zone-level failures. It handles automatic backups, patching, and monitoring, and its SLA guarantees uptime. Zone-redundancy replicates data across multiple availability zones within a region, protecting against hardware or network failures.

Option B introduces operational complexity and risks because VM-based hosting requires manual scaling, patching, and high-availability configuration. Storing secrets in Storage Accounts lacks enterprise-grade security.

Option C (AKS and PostgreSQL) introduces operational overhead and lacks zone-redundant database configuration. App Configuration is not a secure secret storage solution.

Option D (Functions and Cosmos DB) is suitable for serverless workloads but does not meet multi-tier relational application requirements.

Combining App Service, Key Vault, and SQL Database creates a secure, highly available, and scalable multi-tier solution. Integration with Application Insights and Azure Monitor enables real-time observability. This architecture aligns with AZ-305 best practices, supporting mission-critical applications with minimal operational overhead and high resilience.

The most suitable architecture for deploying a multi-tier application in Azure with automatic scaling, high availability, and secure storage of secrets is using Azure App Service for the web tier, Azure Key Vault for secrets, and Azure SQL Database with a zone-redundant configuration. Azure App Service is a fully managed platform that provides built-in support for automatic scaling based on load, high availability across multiple instances, and staging slots that allow zero-downtime deployments. This ensures that the web tier can handle variable traffic without requiring manual intervention while maintaining operational continuity. App Service also integrates seamlessly with continuous integration and continuous delivery pipelines, enabling rapid deployment cycles and reducing deployment risk.

For secure management of sensitive information, Azure Key Vault is the recommended solution. Key Vault allows centralized storage of secrets, certificates, and encryption keys. Applications can access these secrets using managed identities, eliminating the need to embed credentials in code or configuration files. Key Vault also supports features such as secret versioning, automated rotation, and auditing, helping organizations comply with regulatory requirements such as GDPR, HIPAA, and other security frameworks. This ensures that sensitive data is protected throughout its lifecycle and reduces the risk of unauthorized access.

The data tier benefits from Azure SQL Database with zone-redundant configuration, which replicates data across multiple availability zones within a region. This approach ensures that the database remains highly available even in the event of hardware failures or zone-level outages. SQL Database also provides automated backups, patching, monitoring, and an SLA-backed uptime guarantee, reducing administrative overhead and operational complexity.

Alternative options introduce various limitations. Using virtual machines for the web tier and storing secrets in a storage account requires manual scaling and patching, and lacks enterprise-grade secret management. Kubernetes Service with App Configuration and a single-instance database adds operational complexity and does not ensure zone-level redundancy for the database. Serverless options such as Azure Functions with Cosmos DB are better suited for event-driven workloads rather than traditional multi-tier relational applications.

Overall, combining Azure App Service, Key Vault, and zone-redundant SQL Database provides a secure, resilient, and fully managed environment that aligns with best practices for mission-critical applications while minimizing operational burden.

Question 48

A company wants to migrate its on-premises virtual machines to Azure with minimal downtime. The solution must support continuous replication, planned and unplanned failover, and non-disruptive testing. Which service should they use?

Answer

A) Azure Site Recovery
B) Azure Backup
C) Azure Migrate
D) Azure Automation

Explanation

The correct answer is A) Azure Site Recovery.

Azure Site Recovery (ASR) enables Disaster Recovery as a Service (DRaaS). It replicates on-premises VMs and workloads to Azure, ensuring continuous replication. This allows minimal downtime during migration or disaster scenarios. ASR provides planned failover for maintenance and unplanned failover for outages.

Key features:

Recovery Plans: Orchestrate multi-tier application startup sequences to maintain consistency.

Non-Disruptive Testing: Validate DR plans without affecting production systems.

Integration: Works with Azure Monitor for real-time health monitoring, reporting, and alerting.

Automated Failback: Once on-premises systems are restored, workloads can fail back seamlessly.

Option B (Backup) protects data but does not provide continuous replication or failover orchestration.

Option C (Azure Migrate) is primarily for discovery, assessment, and planning, not failover.

Option D (Automation) is for task automation but does not handle replication or DR.

ASR allows migration of critical workloads like SAP, SQL Server, and enterprise apps while ensuring high availability, low RTO/RPO, and compliance. It aligns with AZ-305 best practices for resilient hybrid cloud architectures and disaster recovery planning.

Question 49

A company needs a serverless, event-driven architecture that reacts to Blob storage, queues, and HTTP triggers. The application must scale automatically and minimize operational overhead. Which service should they use?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions provides a serverless compute environment where code executes in response to events. It automatically scales based on demand, eliminating the need to manage infrastructure. Functions support multiple triggers:

Blob Storage: For automated file processing or ETL workflows.

Queue Storage: For asynchronous message processing.

HTTP Triggers: For serverless APIs.

Option B (VMs) requires manual scaling and patching.

Option C (AKS) is complex and adds unnecessary operational overhead for simple event-driven workloads.

Option D (Dedicated App Service) lacks true serverless elasticity and granular event-driven triggers.

Azure Functions integrates with Key Vault, Cosmos DB, Event Grid, and Application Insights, enabling secure, highly available, and observable workflows. This aligns with AZ-305 objectives for serverless architectures with minimal operational effort and high availability.

The most suitable service for a serverless, event-driven architecture that responds to Blob storage, queues, and HTTP triggers is Azure Functions. Azure Functions provides a fully managed serverless compute environment that allows code to execute in response to events without the need to manage infrastructure. This eliminates operational overhead associated with provisioning, patching, or scaling servers. Azure Functions automatically scales based on the number of incoming events, ensuring that workloads are handled efficiently regardless of traffic spikes. This feature is particularly important for applications that experience variable or unpredictable workloads.

Azure Functions supports a wide range of triggers, making it highly versatile. Blob Storage triggers enable automated processing of files as they are uploaded or modified, supporting scenarios such as ETL pipelines, media processing, or automated data transformation workflows. Queue Storage triggers allow asynchronous message processing, which is useful for decoupling components of an application and ensuring reliable task execution even under heavy load. HTTP triggers enable developers to build serverless APIs that can respond to web requests, allowing seamless integration with web and mobile applications.

Alternative options introduce limitations for the scenario described. Using virtual machines requires manual scaling, patching, and ongoing infrastructure management, which contradicts the goal of minimizing operational overhead. Kubernetes Service provides container orchestration and scalability but introduces significant operational complexity, which is unnecessary for simple event-driven applications. A dedicated App Service plan lacks the fine-grained serverless elasticity of Functions and does not provide native support for event-driven triggers such as Blob or Queue Storage.

Azure Functions integrates effectively with other Azure services to build complete, secure, and observable serverless workflows. Integration with Key Vault ensures secure handling of secrets and credentials, while connections to Cosmos DB or SQL Database provide data persistence. Event Grid enables event routing and complex event-driven patterns, and Application Insights allows real-time monitoring and diagnostics. This combination supports highly available, scalable, and maintainable solutions, aligning with best practices outlined in AZ-305 for serverless architectures with minimal operational effort.

Question 50

A company wants a globally distributed NoSQL database with multi-region writes, low-latency reads, and automatic scaling. Which service should they implement?

Answer

A) Azure Cosmos DB
B) Azure SQL Database
C) Azure Database for PostgreSQL
D) Azure Table Storage

Explanation

The correct answer is A) Azure Cosmos DB.

Cosmos DB is a fully managed NoSQL database with multi-region write support and low-latency reads at the 99th percentile. It offers five consistency levels: strong, bounded staleness, session, consistent prefix, and eventual, providing flexibility for performance and data integrity trade-offs.

Option B (SQL Database) is single-master, supporting only geo-replication but not multi-region writes.

Option C (PostgreSQL) supports read replicas but not multi-region writes or global low-latency replication.

Option D (Table Storage) is simple and cost-effective but lacks advanced querying, multi-region writes, and low-latency global access.

Cosmos DB is ideal for IoT, gaming, and social applications requiring fast, globally distributed access. Integration with Azure Front Door optimizes request routing. Cosmos DB also provides automatic indexing, backups, encryption at rest/in transit, and compliance, aligning with AZ-305 objectives for resilient NoSQL architectures.

Question 51

A company plans to deploy a highly available, multi-region web application that requires automatic failover, SSL offloading, and global traffic routing. Which Azure service combination should they implement?

Answer

A) Azure Front Door with Web Application Firewall
B) Azure Load Balancer with Traffic Manager
C) Azure Application Gateway with VPN Gateway
D) Azure CDN with Bastion

Explanation

The correct answer is A) Azure Front Door with Web Application Firewall.

Azure Front Door is a global, scalable, Layer 7 load balancer that routes HTTP/HTTPS traffic to the nearest or healthiest backend. It provides low-latency global delivery, SSL offloading, path-based routing, caching, and dynamic site acceleration. Front Door ensures that users always connect to the closest or optimal backend, which is crucial for global applications with variable workloads.

Web Application Firewall (WAF) protects against common web application threats, such as SQL injection, cross-site scripting (XSS), and other OWASP Top 10 vulnerabilities. Integrating WAF with Front Door ensures centralized, global security for web applications, meeting compliance requirements such as PCI DSS, HIPAA, and SOC 2.

Option B: Azure Load Balancer handles regional traffic at Layer 4, not Layer 7. Traffic Manager provides DNS-based routing, but it does not provide low-latency, real-time edge routing or WAF capabilities.

Option C: Application Gateway supports WAF and Layer 7 traffic, but it is regional and cannot manage cross-region global traffic. VPN Gateway secures network connectivity but does not improve web application availability or global performance.

Option D: Azure CDN accelerates static content globally but does not provide dynamic application routing, failover, or WAF protection. Bastion provides secure VM access but is unrelated to web traffic management.

Using Front Door and WAF allows enterprises to design a highly available, secure, globally optimized application. Front Door integrates with Azure Monitor and Application Insights, providing end-to-end visibility, alerts, and performance monitoring. Traffic routing can be configured for priority-based, latency-based, or weighted routing, ensuring business continuity in the event of regional failures.

This combination aligns with AZ-305 objectives for designing globally resilient applications. Enterprises benefit from centralized security, low latency, automatic failover, and simplified operational management. Additionally, integration with Key Vault for SSL certificates and policy enforcement via Azure Policy ensures compliance, governance, and operational efficiency.

Question 52

A company needs to deploy a serverless API solution that integrates with HTTP triggers, queues, and database events. The application must scale automatically and minimize costs. Which service should they implement?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions provides a serverless compute platform that runs code in response to events, enabling automatic scaling. Functions supports multiple triggers, including:

HTTP Triggers for serverless APIs

Queue Triggers for background processing

Database Events (Cosmos DB, SQL change feed) for reactive workflows

Azure Functions offers pay-per-use pricing, ensuring enterprises pay only for execution time, reducing costs for variable workloads. Functions also integrate seamlessly with Azure Logic Apps, Event Grid, and Service Bus, allowing orchestration of complex workflows without managing infrastructure.

Option B (VMs) requires manual scaling, patching, and maintenance, increasing operational overhead.

Option C (AKS) provides container orchestration but is complex for simple event-driven APIs.

Option D (App Service Plan – Dedicated) lacks true serverless elasticity and requires pre-provisioning resources.

Azure Functions can also integrate with Azure Key Vault for secrets, Application Insights for observability, and Cosmos DB for persistence, enabling fully managed, highly available, and secure workflows. This solution aligns with AZ-305 objectives for designing serverless architectures with minimal operational effort, high availability, and global scalability.

The most appropriate service for deploying a serverless API solution that integrates with HTTP triggers, queues, and database events is Azure Functions. Azure Functions is a fully managed serverless compute platform that allows code to execute in response to events without requiring any infrastructure management. It automatically scales to handle variable workloads, ensuring that applications can respond to high volumes of requests efficiently. This automatic scaling and on-demand execution model reduces operational complexity and allows organizations to focus on application logic rather than managing servers.

Azure Functions supports multiple trigger types that make it ideal for building reactive and event-driven APIs. HTTP triggers enable developers to create serverless APIs that respond directly to web requests, supporting modern web and mobile applications. Queue triggers allow asynchronous background processing, which is essential for decoupling components and handling tasks reliably under high load. Database events, such as Cosmos DB change feed triggers or SQL change tracking, allow applications to respond automatically to data modifications, enabling real-time processing and reactive workflows.

One of the key benefits of Azure Functions is its pay-per-use pricing model. Organizations are charged only for the execution time of their functions and the resources consumed during execution. This ensures cost efficiency, especially for applications with fluctuating or unpredictable workloads, as there is no need to provision resources in advance or pay for idle infrastructure. Functions also integrate seamlessly with other Azure services such as Logic Apps, Event Grid, and Service Bus, allowing orchestration of complex workflows without increasing operational overhead.

Alternative options are less suitable for this scenario. Virtual machines require manual scaling, patching, and maintenance, which increases operational complexity and cost. Kubernetes Service provides container orchestration and scaling but introduces unnecessary complexity for simple event-driven APIs. A dedicated App Service plan does not offer true serverless elasticity and requires pre-provisioned resources, making it less cost-efficient and flexible.

Azure Functions can also integrate with Azure Key Vault for secure secret management, Application Insights for monitoring and observability, and Cosmos DB or other databases for persistent storage. This combination enables a fully managed, secure, and highly available architecture. It aligns with AZ-305 best practices for serverless solutions that are cost-efficient, scalable, and operationally simple.

Question 53

A company is designing a multi-tier application in Azure requiring secure storage of secrets, automated scaling, and high availability. The database tier must provide zone-redundancy. Which solution is best?

Answer

A) Azure App Service, Azure Key Vault, and Azure SQL Database with zone-redundancy
B) Azure Virtual Machines, Storage Account for secrets, and SQL Server on VM
C) Azure Kubernetes Service, App Configuration, PostgreSQL single instance
D) Azure Functions, Storage Account for secrets, Cosmos DB

Explanation

The correct answer is A) Azure App Service, Azure Key Vault, and Azure SQL Database with zone-redundancy.

Azure App Service allows automatic scaling, integrated high availability, and staging slots for zero-downtime deployments. This reduces operational complexity for web tiers and allows for agile CI/CD workflows.

Azure Key Vault secures secrets, certificates, and keys, accessible via managed identities, eliminating the risk of hard-coded credentials. It supports auditing, versioning, and secret rotation, ensuring compliance with enterprise security standards.

Azure SQL Database with zone-redundancy replicates data across multiple availability zones, ensuring high availability and disaster recovery. Zone-redundancy protects against hardware, power, or network failures, and SQL Database provides automatic patching, monitoring, and backups, reducing operational overhead.

Option B introduces manual management and lacks enterprise-grade secret management.

Option C (AKS with PostgreSQL) adds operational overhead and does not meet zone-redundant availability requirements.

Option D (Functions with Cosmos DB) is suitable for serverless or NoSQL workloads but does not support multi-tier relational applications requiring persistent connections and transactional consistency.

This architecture aligns with AZ-305 best practices, ensuring security, high availability, scalability, and operational efficiency for multi-tier enterprise applications.

Question 54

A company wants to migrate on-premises workloads to Azure with minimal downtime, supporting continuous replication and non-disruptive testing. Which service should they implement?

Answer

A) Azure Site Recovery
B) Azure Backup
C) Azure Migrate
D) Azure Automation

Explanation

The correct answer is A) Azure Site Recovery.

ASR enables Disaster Recovery as a Service (DRaaS) by replicating on-premises VMs and workloads to Azure. Continuous replication ensures that the target Azure environment remains in sync, allowing minimal downtime during migration or disaster recovery scenarios.

Key features include:

Planned Failover: Controlled failover for maintenance or upgrades

Unplanned Failover: Recovery during outages

Recovery Plans: Orchestrate multi-tier applications for consistency

Non-Disruptive Testing: Validate DR plans without impacting production

Monitoring: Integration with Azure Monitor and Log Analytics

Option B (Backup) protects data but does not provide failover orchestration.

Option C (Azure Migrate) assists with discovery, assessment, and planning but not replication or failover.

Option D (Automation) automates administrative tasks but cannot replicate workloads.

ASR allows migration of critical workloads with low RTO/RPO, meeting AZ-305 objectives for resilient hybrid cloud infrastructure. It ensures business continuity, compliance, and operational efficiency.

Question 55

A company is designing a serverless, event-driven application that reacts to Blob storage events, queues, and database triggers. Which service is best?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions is a serverless compute platform that executes code in response to events, scaling automatically without manual intervention. It supports triggers from Blob Storage, queues, HTTP requests, and database events, allowing developers to build reactive, event-driven workflows.

Option B (VMs) requires manual management and scaling.

Option C (AKS) is suitable for containerized workloads but adds operational overhead.

Option D (App Service Plan – Dedicated) lacks granular, event-driven serverless triggers.

Azure Functions integrates with Key Vault, Cosmos DB, Event Grid, and Application Insights, enabling secure, observable, and scalable workflows. This aligns with AZ-305 best practices for serverless, event-driven architectures with minimal operational overhead and high availability.

The most suitable service for designing a serverless, event-driven application that responds to Blob storage events, queues, and database triggers is Azure Functions. Azure Functions provides a fully managed serverless compute environment that executes code in response to a wide variety of events, eliminating the need for manual infrastructure management. This service automatically scales based on demand, ensuring that applications can efficiently handle spikes in workload without requiring pre-provisioned resources. Its serverless nature also reduces operational overhead, allowing development teams to focus entirely on implementing business logic and reactive workflows.

Azure Functions supports multiple types of triggers, making it ideal for building reactive, event-driven applications. Blob Storage triggers allow automatic processing of files when they are uploaded, modified, or deleted, which is useful for ETL pipelines, image processing, and data ingestion workflows. Queue Storage triggers enable asynchronous message processing, allowing applications to handle background tasks reliably and decouple different components. Database triggers, including Cosmos DB change feed or SQL Database change tracking, allow the application to respond immediately to data updates, ensuring that workflows remain real-time and responsive. HTTP triggers are also supported, enabling serverless APIs that can interact directly with web or mobile clients.

Alternative options are less suitable for this type of application. Virtual machines require manual patching, scaling, and management, which increases operational complexity and cost. Kubernetes Service provides container orchestration and scaling capabilities but introduces significant complexity for workloads that could be handled more simply with a serverless platform. A dedicated App Service plan does not provide true serverless elasticity and lacks granular event-driven triggers, making it less efficient for reactive architectures.

Azure Functions also integrates seamlessly with other Azure services such as Key Vault for secure secret management, Cosmos DB for data persistence, Event Grid for advanced event routing, and Application Insights for monitoring and observability. These integrations enable the creation of fully managed, highly available, and secure workflows. Overall, Azure Functions aligns with best practices for serverless, event-driven architectures as outlined in AZ-305, providing automatic scaling, minimal operational effort, and cost-efficient execution while supporting complex event-driven scenarios.

Question 56

A company needs a globally distributed NoSQL database with multi-region write support, low-latency reads, and automatic scaling. Which service should they use?

Answer

A) Azure Cosmos DB
B) Azure SQL Database
C) Azure Database for PostgreSQL
D) Azure Table Storage

Explanation

The correct answer is A) Azure Cosmos DB.

Azure Cosmos DB is a fully managed, globally distributed NoSQL database. It provides multi-region writes, automatic replication, and low-latency reads. Cosmos DB offers five consistency models—strong, bounded staleness, session, consistent prefix, and eventual—allowing organizations to optimize for performance or consistency.

Option B (SQL Database) does not natively support multi-region writes.

Option C (PostgreSQL) cannot achieve low-latency, multi-region writes.

Option D (Table Storage) is simple and cost-effective but lacks advanced querying, global replication, and low-latency multi-region access.

Cosmos DB is ideal for IoT, gaming, and social applications requiring fast, globally distributed access. Integration with Azure Front Door or CDN optimizes user request routing. It provides automatic indexing, encryption, backup, and compliance, aligning with AZ-305 objectives for highly available NoSQL architectures.

Question 57

A company is designing a multi-region web application requiring automatic failover, low latency, and DDoS protection. Which combination of Azure services is most suitable?

Answer

A) Azure Front Door with Web Application Firewall and Azure DDoS Protection
B) Azure Load Balancer with Traffic Manager
C) Azure Application Gateway with VPN Gateway
D) Azure CDN with Bastion

Explanation

The correct answer is A) Azure Front Door with Web Application Firewall and DDoS Protection.

Azure Front Door provides global load balancing, low-latency routing, SSL offload, and path-based routing. WAF protects against web application attacks (SQL injection, XSS). DDoS Protection safeguards against volumetric and protocol attacks, ensuring application availability during attacks.

Option B (Load Balancer + Traffic Manager) lacks Layer 7 security, WAF, and DDoS protection.

Option C (Application Gateway + VPN) is regional and does not offer global routing or DDoS mitigation.

Option D (CDN + Bastion) optimizes static content delivery but does not address application security or failover.

This combination ensures resilient, secure, globally available applications, aligning with AZ-305 objectives for high availability, performance, and enterprise security.

Question 58

A company wants to implement a multi-tier application with high availability and minimal operational overhead. Which architecture should they select?

Answer

A) Azure App Service, Azure Key Vault, and Azure SQL Database with zone-redundancy
B) Virtual Machines with SQL Server and Storage Account
C) AKS with PostgreSQL single instance
D) Azure Functions with Cosmos DB

Explanation

The correct answer is A) Azure App Service, Key Vault, and SQL Database zone-redundant.

App Service provides managed hosting, automatic scaling, and staging slots. Key Vault secures secrets, certificates, and keys. SQL Database zone-redundancy ensures high availability across availability zones.

Options B, C, and D introduce manual management, lower resilience, or unsuited architectures.

This architecture aligns with AZ-305 objectives for secure, highly available multi-tier applications with operational efficiency.

Question 59

A company wants to migrate on-premises virtual machines to Azure with minimal downtime and continuous replication. Which service should they use?

Answer

A) Azure Site Recovery
B) Azure Backup
C) Azure Migrate
D) Azure Automation

Explanation

The correct answer is A) Azure Site Recovery.

ASR enables continuous replication, planned and unplanned failover, and non-disruptive testing. It supports multi-tier recovery plans for consistency and integrates with Azure Monitor for observability. Backup, Migrate, and Automation do not provide continuous replication or failover orchestration.

ASR aligns with AZ-305 objectives for resilient hybrid cloud migration with minimal operational risk.

Question 60

A company requires a serverless, event-driven workflow reacting to Blob storage, queues, and HTTP requests, scaling automatically, and integrating with secure storage for secrets. Which service should they use?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions is serverless, event-driven, and scales automatically. It integrates with Blob storage, queues, HTTP triggers, Event Grid, and Key Vault for secure secrets. This enables cost-efficient, highly available, and observable workflows.

Option B (VMs) requires manual management and scaling.

Option C (AKS) is more complex and operationally heavy.

Option D (Dedicated App Service) lacks granular event-driven scaling and triggers.

This architecture aligns with AZ-305 objectives for serverless applications with high availability, minimal operational effort, and secure secret management, supporting modern cloud-native designs.