Microsoft AZ-305  Designing Microsoft Azure Infrastructure Solutions Exam Dumps and Practice Test Questions Set 7 Q121-140

Visit here for our full Microsoft AZ-305 exam dumps and practice test questions.

Question 121

A company wants to deploy a highly available, globally distributed e-commerce platform with low-latency access for customers in multiple regions. Which combination of services is most appropriate?

Answer

A) Azure Front Door, Azure SQL Database with geo-replication, and Azure Active Directory B2C
B) Azure Load Balancer, SQL Server on VMs, and VPN Gateway
C) Azure Application Gateway, Bastion, and PostgreSQL single instance
D) Azure CDN and Table Storage

Explanation

The correct answer is A) Azure Front Door, Azure SQL Database with geo-replication, and Azure Active Directory B2C.

When designing a globally distributed e-commerce platform, the primary considerations include performance, high availability, security, and compliance. Azure Front Door serves as a global HTTP/HTTPS load balancer, directing users to the nearest healthy backend region. This ensures low-latency access to content, which is critical for improving user experience and reducing cart abandonment rates. Front Door also provides automatic failover, ensuring that traffic is rerouted seamlessly if a regional outage occurs.

Azure SQL Database with geo-replication allows the database to be replicated across multiple regions. Geo-replication ensures high availability and disaster recovery. Customers interacting with the platform in different regions can access a nearby database replica, reducing latency for read-heavy workloads. In case of a primary region failure, automatic or manual failover can direct traffic to a secondary region, minimizing downtime and ensuring business continuity.

Azure Active Directory B2C manages secure authentication for external users, supporting social identity providers, multi-factor authentication (MFA), and user self-service features. This service simplifies secure access for a global user base while maintaining compliance with identity-related regulations.

Option B (Load Balancer + SQL on VMs + VPN Gateway) lacks global routing and introduces high operational overhead, requiring manual failover orchestration, patching, and scaling. Option C (Application Gateway + Bastion + PostgreSQL) is regionally constrained and does not provide global low-latency delivery or integrated authentication for external users. Option D (CDN + Table Storage) is suitable for static content delivery but lacks transactional support, low-latency dynamic data processing, and authentication.

From an AZ-305 perspective, this architecture demonstrates designing globally distributed, highly available, and secure applications. Key architectural benefits include:

Global Load Balancing and Failover: Front Door ensures users access the nearest healthy backend, improving latency and availability.

High Availability for Data: Geo-replicated SQL Database ensures disaster recovery, automatic failover, and compliance with business continuity objectives.

Secure Access Management: Azure AD B2C ensures enterprise-level identity management for a distributed, global customer base.

Operational Efficiency: Managed services reduce infrastructure overhead, patching, and failover management.

Scalability: Front Door and SQL Database scale with traffic and transactional requirements.

This combination aligns with exam objectives for globally distributed, highly available, and secure solutions, meeting performance, resilience, and compliance requirements.

Question 122

A company wants a serverless API that responds to HTTP requests, queue messages, and database triggers, with automatic scaling based on demand. Which service should they use?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions is a serverless compute platform optimized for event-driven architectures, allowing enterprises to run code without managing servers. It can react to HTTP requests, messages from Azure Storage Queues or Service Bus, and database triggers (e.g., changes in Azure Cosmos DB or SQL Database). This makes it ideal for building APIs that require scalable, real-time processing.

One of the biggest advantages of Azure Functions is automatic scaling. Functions scale out when event volumes increase and scale in during low activity periods, optimizing resource utilization and cost. This is particularly important for workloads with unpredictable traffic patterns, such as APIs for IoT telemetry, customer interactions, or e-commerce.

Security is integrated through managed identities, allowing Functions to securely access resources like Key Vault without embedding credentials in code. Observability and monitoring are provided through Application Insights, enabling developers and operations teams to track performance, error rates, and execution latency.

Durable Functions extends Azure Functions’ capabilities, allowing orchestration of long-running or stateful workflows, fan-out/fan-in processing, and complex event handling without manual infrastructure management.

Option B (VMs) introduces manual scaling and operational overhead. Option C (AKS) adds orchestration complexity for lightweight serverless workloads. Option D (Dedicated App Service) lacks true serverless elasticity, limiting responsiveness during peak events and increasing costs.

From an AZ-305 perspective, Azure Functions exemplifies scalable, resilient, serverless, and event-driven application design. Enterprises can implement real-time APIs and workflows, minimizing operational overhead while ensuring security, observability, and compliance, which are core objectives in the exam.

Question 123

A company needs a globally distributed, multi-region NoSQL database for an IoT telemetry platform with low-latency reads and high write throughput. Which service is most appropriate?

Answer

A) Azure Cosmos DB
B) Azure SQL Database
C) Azure Database for PostgreSQL
D) Azure Table Storage

Explanation

The correct answer is A) Azure Cosmos DB.

For IoT platforms, devices generate continuous telemetry streams, often from multiple geographic locations. Cosmos DB supports multi-region writes, allowing simultaneous updates across regions while maintaining replication and consistency. This capability ensures that all device-generated data is accurately captured and available in near real-time, regardless of the user’s or device’s location.

Cosmos DB offers five consistency models—strong, bounded staleness, session, consistent prefix, and eventual—enabling architects to choose between strong consistency for critical data and eventual consistency for high-throughput, latency-sensitive operations. This flexibility allows developers to balance performance, latency, and correctness based on application requirements.

The platform provides elastic throughput, automatically scaling to handle spikes in telemetry volume, such as during peak device usage or global events. Horizontal partitioning ensures predictable performance for massive datasets, which is critical for real-time telemetry analytics.

Cosmos DB integrates seamlessly with Azure Functions, Event Grid, and Stream Analytics, enabling event-driven processing pipelines for telemetry. Alerts, dashboards, and automated workflows can react instantly to IoT data streams. Security is robust, with encryption at rest and in transit, RBAC via Azure Active Directory, private endpoints, and Key Vault integration.

Options B, C, and D lack multi-region write support, low-latency performance at a global scale, or the ability to handle real-time high-throughput IoT workloads.

From an AZ-305 perspective, Cosmos DB illustrates designing resilient, highly available, globally distributed databases, aligned with enterprise IoT requirements for real-time data ingestion, operational efficiency, and secure, compliant storage.

Question 124

A company wants to deploy a multi-tier application requiring automatic scaling, high availability, and secure secret management. Which architecture is optimal?

Answer

A) Azure App Service, Key Vault, and Azure SQL Database zone-redundant
B) Azure VMs, SQL Server, and Storage Account
C) AKS with PostgreSQL single instance
D) Azure Functions with Cosmos DB

Explanation

The correct answer is A) Azure App Service, Key Vault, and Azure SQL Database zone-redundant.

App Service provides automatic scaling for the application tier, ensuring responsiveness under variable loads. Key Vault centralizes secret management, preventing credentials from being stored in code and reducing exposure risk. Azure SQL Database with zone redundancy guarantees high availability and automatic failover in case of zone or region failures.

Option B requires manual patching, failover configuration, and scaling, increasing operational overhead. Option C lacks database high availability. Option D is suitable for serverless stateless workloads but cannot ensure ACID-compliant relational multi-tier functionality.

From an AZ-305 perspective, this architecture demonstrates scalable, resilient, and secure multi-tier application design, fulfilling core objectives for enterprise applications.

Question 125

A company wants to migrate on-premises workloads to Azure with continuous replication, automated failover, and minimal downtime. Which service should they implement?

Answer

A) Azure Site Recovery
B) Azure Backup
C) Azure Migrate
D) Azure Automation

Explanation

The correct answer is A) Azure Site Recovery (ASR).

ASR replicates on-premises VMs and physical servers to Azure, providing continuous replication to ensure minimal data loss. It supports planned and unplanned failovers, enabling maintenance or unanticipated outages with minimal business disruption. Recovery plans orchestrate multi-tier application failover, ensuring services start in the correct sequence.

Option B only provides data backup; Option C assesses readiness without failover; Option D cannot orchestrate replication.

From an AZ-305 perspective, ASR aligns with hybrid disaster recovery solutions, supporting resiliency, operational efficiency, compliance, and minimal downtime, which are key exam objectives.

Question 126

A company wants a serverless workflow that reacts to HTTP requests, storage events, and queue messages, scaling automatically based on workload. Which service should they use?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions is a serverless compute platform designed for event-driven architectures. It enables developers to execute code in response to events such as HTTP requests, Blob storage changes, and queue messages. This approach eliminates the need for manual server management and enables automatic scaling, which is crucial for workloads with unpredictable traffic patterns such as e-commerce spikes, IoT telemetry, or user-driven workflows.

Scalability and Event-Driven Design

Azure Functions automatically scales out to meet demand. When multiple events arrive simultaneously, the platform spawns additional instances to process them in parallel. Once the workload decreases, it scales in, reducing costs. This elasticity ensures that organizations can handle millions of events per day without overprovisioning resources. The scaling mechanism is fully managed, so there is no need for manual intervention, which reduces operational overhead.

Security and Compliance

Security is a core consideration for serverless architectures. Functions integrate with Azure Key Vault and managed identities, allowing secure access to secrets, credentials, and certificates without embedding sensitive information in the code. This supports compliance with regulations like GDPR, HIPAA, and ISO standards. Additionally, traffic can be restricted to private networks or monitored via Azure Monitor to ensure secure operation and observability.

Observability and Monitoring

Azure Functions integrates with Application Insights, providing detailed telemetry, including execution duration, error rates, request counts, and dependency calls. This allows developers and operations teams to identify performance bottlenecks, detect failures, and monitor SLA adherence. Observability is critical for event-driven architectures, where multiple functions may interact asynchronously.

Durable Functions for Complex Workflows

For workflows that require orchestration, Durable Functions extend Azure Functions with stateful capabilities. This allows complex patterns such as fan-out/fan-in, sequential workflows, and timer-based actions without maintaining infrastructure or state externally. For example, an IoT processing pipeline might fan out to process multiple device telemetry streams in parallel, then aggregate the results, all orchestrated automatically.

Comparison with Other Options

Option B (VMs) introduces significant operational overhead, requiring manual provisioning, scaling, patching, and monitoring. Option C (AKS) provides container orchestration but is overkill for lightweight serverless workflows, requiring expertise in Kubernetes. Option D (Dedicated App Service) lacks true serverless elasticity, leading to inefficiencies and increased costs.

AZ-305 Alignment

From an AZ-305 perspective, Azure Functions exemplifies event-driven, scalable, resilient, and secure architectures. Key design principles covered include:

Elastic scaling to handle variable workloads efficiently.

Integration with Azure services for seamless event processing.

Secure identity and secrets management using Key Vault and managed identities.

Observability via Application Insights for performance monitoring and troubleshooting.

Orchestration of complex workflows using Durable Functions, enabling enterprise-grade automation.

In conclusion, Azure Functions is the optimal choice for serverless, event-driven workflows, offering cost-efficiency, high scalability, secure integration, and operational simplicity, making it highly aligned with AZ-305 objectives.

Question 127

A company wants a globally distributed database for an IoT platform requiring low-latency reads and multi-region writes. Which service should they implement?

Answer

A) Azure Cosmos DB
B) Azure SQL Database
C) Azure Database for PostgreSQL
D) Azure Table Storage

Explanation

The correct answer is A) Azure Cosmos DB.

IoT platforms generate massive streams of telemetry data from devices worldwide. To ensure real-time processing and analysis, the database must support low-latency reads, multi-region writes, and high availability. Cosmos DB is designed for this exact scenario.

Global Distribution and Multi-Region Writes

Cosmos DB allows writes to be accepted in multiple regions simultaneously. This eliminates latency issues associated with centralized databases and ensures devices located across continents can write data without waiting for replication to a single master region. It automatically handles replication and conflict resolution, guaranteeing data integrity.

Consistency Models

Cosmos DB supports five consistency levels: strong, bounded staleness, session, consistent prefix, and eventual. This flexibility allows architects to choose a consistency model that balances performance, availability, and data correctness. For example, critical device state updates may use strong consistency, while high-volume telemetry events may rely on eventual consistency for maximum throughput.

Elastic Scaling and Partitioning

IoT workloads are highly variable. Cosmos DB supports elastic scaling, allowing enterprises to dynamically adjust throughput (Request Units) to meet demand. Its horizontal partitioning ensures large datasets are distributed efficiently, preventing performance bottlenecks. High ingestion rates from millions of IoT devices can be accommodated seamlessly.

Integration with Azure Ecosystem

Cosmos DB integrates with Azure Functions, Event Grid, and Stream Analytics, enabling real-time processing pipelines for telemetry. Alerts, dashboards, or automated workflows can react to IoT events instantly. This reduces latency from ingestion to action, which is essential for real-time monitoring, predictive maintenance, and anomaly detection.

Security and Compliance

Cosmos DB supports encryption at rest and in transit, RBAC via Azure Active Directory, private endpoints, and integration with Key Vault. This ensures that IoT data is secure, compliant, and isolated, meeting regulatory requirements like HIPAA or ISO certifications.

Comparison with Other Options

Azure SQL Database: Limited multi-region write support, higher latency for global deployments.

PostgreSQL: Regional write limitations and lacks built-in global replication.

Table Storage: No advanced consistency, limited querying, and not optimized for real-time analytics.

AZ-305 Alignment

Cosmos DB exemplifies resilient, globally distributed database design, supporting enterprise IoT scenarios requiring high throughput, low latency, and secure integration. It aligns with AZ-305 objectives for globally distributed, high-performance, and resilient data architectures.

Question 128

A company wants a multi-tier web application requiring automatic scaling, secure secrets management, and high-availability database. Which architecture is optimal?

Answer

A) Azure App Service, Key Vault, and Azure SQL Database zone-redundant
B) Azure VMs, SQL Server, and Storage Account
C) AKS with PostgreSQL single instance
D) Azure Functions with Cosmos DB

Explanation

The correct answer is A) Azure App Service, Key Vault, and Azure SQL Database zone-redundant.

This architecture ensures scalability, security, and resilience:

App Service handles the application tier with automatic scaling, reducing the risk of downtime during traffic spikes.

Key Vault centralizes secrets management, preventing credentials from being hardcoded.

SQL Database zone redundancy ensures high availability and failover capabilities.

Option B requires manual management of VMs and SQL, increasing operational overhead. Option C lacks database HA. Option D is serverless and stateless, unsuitable for relational multi-tier applications requiring ACID compliance.

From an AZ-305 perspective, this design aligns with scalable, resilient, and secure multi-tier architecture principles, enabling enterprise-grade deployments with reduced operational complexity.

Question 129

A company wants to migrate on-premises workloads to Azure with continuous replication and automated failover. Which service should they implement?

Answer

A) Azure Site Recovery
B) Azure Backup
C) Azure Migrate
D) Azure Automation

Explanation

The correct answer is A) Azure Site Recovery.

ASR replicates on-premises VMs and physical servers to Azure. It supports continuous replication, planned/unplanned failovers, and orchestrated multi-tier application recovery plans. Non-disruptive testing allows validation without impacting production workloads.

Azure Backup protects data but cannot manage live failover. Azure Migrate assesses readiness but does not replicate workloads. Azure Automation cannot orchestrate replication or failover.

ASR aligns with AZ-305 objectives for hybrid disaster recovery, ensuring minimal downtime, resiliency, operational efficiency, and compliance.

Question 130

A company wants a serverless workflow reacting to HTTP requests, storage events, and queue messages, automatically scaling based on workload. Which service is appropriate?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions provides serverless, event-driven compute that automatically scales in response to demand. It integrates with Key Vault for secure secrets and Application Insights for monitoring. Durable Functions allow orchestration of complex workflows, supporting enterprise-scale automation without manual infrastructure management.

VMs require manual scaling. AKS is overkill for lightweight workflows. Dedicated App Service lacks true elasticity. Azure Functions exemplifies dynamic, scalable, resilient, and secure serverless design, fully aligned with AZ-305 objectives.

Question 131

A company wants to deploy a globally distributed e-commerce platform with low-latency access for customers, high availability, and secure authentication. Which combination of services is most appropriate?

Answer

A) Azure Front Door, Azure SQL Database with geo-replication, and Azure Active Directory B2C
B) Azure Load Balancer, SQL Server on VMs, and VPN Gateway
C) Azure Application Gateway, Bastion, and PostgreSQL single instance
D) Azure CDN and Table Storage

Explanation

The correct answer is A) Azure Front Door, Azure SQL Database with geo-replication, and Azure Active Directory B2C.

Designing a globally distributed e-commerce platform involves several key requirements: low-latency content delivery, high availability, secure authentication, and compliance. Azure Front Door serves as a global HTTP/HTTPS load balancer, directing users to the nearest healthy backend, reducing latency for end users. It also offers automatic failover, ensuring uninterrupted service during regional outages.

Azure SQL Database with geo-replication allows databases to be replicated across multiple regions. This provides high availability and disaster recovery while enabling low-latency reads from a nearby replica. If the primary region experiences an outage, the system can failover to a secondary region automatically, maintaining operational continuity.

Azure Active Directory B2C manages authentication for external users, supporting social identity providers, multi-factor authentication, and self-service capabilities. This enables secure access for a global user base while maintaining compliance with regulations such as GDPR and ISO standards.

Option B (Load Balancer + SQL on VMs + VPN) lacks global routing and introduces high operational overhead. Option C (Application Gateway + Bastion + PostgreSQL) is regionally constrained and does not offer global low-latency content delivery. Option D (CDN + Table Storage) only addresses static content delivery and cannot handle transactional data or authentication.

From an AZ-305 perspective, this architecture demonstrates designing globally distributed, highly available, and secure applications. Key benefits include:

Global Load Balancing and Failover: Front Door ensures users access the nearest healthy backend, improving latency and reliability.

High Availability for Data: Geo-replicated SQL Database ensures disaster recovery and minimal downtime.

Secure Access Management: Azure AD B2C enables enterprise-grade identity management for a global customer base.

Operational Efficiency: Managed services reduce maintenance, patching, and failover management.

Scalability: Services scale automatically to handle dynamic traffic loads.

This solution aligns with exam objectives for globally distributed, highly available, and secure architectures.

Question 132

A company wants a multi-tier application with automatic scaling, secure secrets management, and high availability. Which architecture should they implement?

Answer

A) Azure App Service, Key Vault, and Azure SQL Database zone-redundant
B) Azure VMs, SQL Server, and Storage Account
C) AKS with PostgreSQL single instance
D) Azure Functions with Cosmos DB

Explanation

The correct answer is A) Azure App Service, Key Vault, and Azure SQL Database zone-redundant.

Multi-tier web applications require resilient application and database layers, secure credential management, and scalability. Azure App Service provides fully managed PaaS hosting, supporting automatic scaling based on CPU, memory, or custom metrics, ensuring application responsiveness during traffic spikes.

Key Vault centralizes secrets, preventing hard-coded credentials and enabling secure secret rotation. Azure SQL Database with zone redundancy ensures high availability and failover across availability zones, protecting against regional failures.

Option B requires manual patching, failover, and scaling, increasing operational overhead. Option C does not provide database high availability for mission-critical workloads. Option D is serverless and stateless, unsuitable for multi-tier relational applications requiring ACID compliance.

From an AZ-305 perspective, this architecture demonstrates resilient, scalable, and secure multi-tier design, reducing operational complexity while meeting availability, performance, and compliance requirements.

Question 133

A company wants to migrate on-premises workloads to Azure with continuous replication, automated failover, and minimal downtime. Which service is most appropriate?

Answer

A) Azure Site Recovery
B) Azure Backup
C) Azure Migrate
D) Azure Automation

Explanation

The correct answer is A) Azure Site Recovery (ASR).

Azure Site Recovery enables Disaster Recovery-as-a-Service (DRaaS) by replicating on-premises VMs and physical servers to Azure. ASR supports continuous replication, ensuring minimal data loss (low RPO). Planned failovers allow maintenance migrations with no downtime, and unplanned failovers handle unexpected outages.

Recovery plans orchestrate multi-tier application startup sequences, ensuring that dependent services start in the correct order. Non-disruptive testing allows validation of failover plans without impacting production workloads.

Option B (Azure Backup) only protects data but cannot orchestrate live failovers. Option C (Azure Migrate) assesses readiness but does not perform replication or failover. Option D (Azure Automation) cannot manage replication or orchestrated failovers.

From an AZ-305 perspective, ASR aligns with hybrid disaster recovery design, ensuring resiliency, operational efficiency, compliance, and minimal downtime, meeting key exam objectives.

Question 134

A company wants a serverless workflow reacting to HTTP requests, storage events, and queue messages, with automatic scaling. Which service should they implement?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions supports event-driven, serverless compute, automatically scaling based on workload. It integrates with Key Vault for secure secret access and Application Insights for observability, enabling tracking of execution, latency, and errors. Durable Functions extend capabilities to orchestrate long-running, complex workflows, such as processing IoT telemetry or user-generated events in parallel.

VMs require manual scaling and management, AKS introduces unnecessary complexity for lightweight workflows, and Dedicated App Service lacks true serverless elasticity.

AZ-305 exam objectives addressed include scalable, resilient, secure, and observable serverless architectures, enabling enterprises to build dynamic, event-driven solutions with minimal operational overhead.

Question 135

A company wants a globally distributed NoSQL database for an IoT telemetry platform that requires low-latency reads, multi-region writes, and high throughput. Which service is optimal?

Answer

A) Azure Cosmos DB
B) Azure SQL Database
C) Azure Database for PostgreSQL
D) Azure Table Storage

Explanation

The correct answer is A) Azure Cosmos DB.

When designing an IoT telemetry platform, enterprises face several key challenges: managing large volumes of data from devices globally, maintaining low-latency read and write access, providing high availability across regions, and ensuring scalable throughput to handle variable workloads. Cosmos DB is purpose-built to address all these requirements, making it the most suitable solution.

Global Distribution and Multi-Region Writes

One of the primary design considerations for IoT workloads is global distribution. Devices might be located in different regions, requiring that data writes occur near the device to reduce latency. Cosmos DB supports multi-region writes, allowing updates to happen simultaneously in multiple regions. This feature ensures that all telemetry data is ingested in near real-time, regardless of device location, while automatically handling conflict resolution and replication.

Multi-region writes also support read/write locality, which reduces latency for both ingestion and querying. Applications and analytics services can access data from the nearest region, ensuring that dashboards, alert systems, and real-time analytics respond promptly. This is critical for IoT scenarios like predictive maintenance, anomaly detection, or operational dashboards, where latency directly affects decision-making and service quality.

Consistency Models

Cosmos DB provides five consistency levels—strong, bounded staleness, session, consistent prefix, and eventual—allowing architects to balance performance, latency, and data correctness according to application requirements. For example, critical operational telemetry such as device state changes may require strong or bounded staleness consistency to ensure accuracy. Less critical data, such as environmental sensor readings or user interaction logs, can utilize eventual consistency, providing higher throughput and reduced latency. This flexibility is unmatched in traditional relational or NoSQL databases that often enforce strict consistency, leading to higher latencies and operational complexity.

Elastic Scaling and Throughput Management

IoT workloads are highly dynamic. Telemetry data often spikes unpredictably—for example, during special events, device firmware updates, or sudden operational anomalies. Cosmos DB provides elastic scaling via Request Units per second (RU/s), which allows organizations to dynamically allocate throughput to meet demand without downtime. Horizontal partitioning ensures data is distributed efficiently across physical nodes, maintaining predictable performance even under extreme loads.

This ability to scale elastically is vital for enterprise-grade IoT platforms. It eliminates the need for manual sharding or pre-provisioning of resources, reducing operational overhead while maintaining performance. The system can handle millions of device messages per second globally, supporting both high write throughput and low-latency reads simultaneously.

Integration with Event-Driven Architectures

Azure Cosmos DB integrates seamlessly with other Azure services, forming a complete event-driven IoT processing pipeline. For example, data can flow directly from devices into Cosmos DB, trigger Azure Functions for real-time processing, feed Event Grid for notifications, or route to Azure Stream Analytics for real-time analytics and aggregation. This integration allows enterprises to implement low-latency, near real-time dashboards, alerts, and predictive analytics, all without manual intervention.

Durable workflows can be orchestrated using Durable Functions, allowing parallel processing of telemetry data, fan-out/fan-in patterns, and aggregation before storing processed results back into Cosmos DB or downstream analytics platforms. This enables complex workflows and event processing at scale while remaining serverless and cost-efficient.

High Availability and Disaster Recovery

Cosmos DB is designed with 99.999% availability SLA for multi-region writes. Its automatic replication ensures that data remains available even during regional failures. Combined with automatic failover capabilities, applications experience minimal downtime during outages. This ensures the IoT telemetry platform remains operational globally, which is critical for applications in healthcare, manufacturing, energy, and transportation, where downtime could have significant operational or safety implications.

Additionally, Cosmos DB automatically handles backup and restore, with point-in-time restore capabilities. Enterprises can recover data in the event of accidental deletion or corruption, maintaining business continuity and compliance with internal or regulatory requirements.

Security and Compliance

Security is a core aspect of IoT deployments, particularly for telemetry that may include sensitive operational or personal data. Cosmos DB supports encryption at rest and in transit, fine-grained Role-Based Access Control (RBAC) via Azure Active Directory, private network endpoints, and integration with Azure Key Vault for managing sensitive credentials or certificates. These security measures align with regulatory requirements like ISO 27001, HIPAA, GDPR, and other industry-specific standards.

This ensures that organizations can confidently deploy globally distributed IoT solutions while maintaining compliance with security policies and legal regulations. Azure Cosmos DB’s security model also simplifies operational overhead for auditing, monitoring, and access control, which is critical for large-scale enterprise deployments.

Comparison with Alternative Services

Azure SQL Database: While SQL Database offers high availability and relational integrity, it does not support multi-region writes natively, which increases write latency for global IoT workloads. Global replication is read-only, making it unsuitable for scenarios requiring low-latency multi-region writes.

Azure Database for PostgreSQL: Offers relational capabilities but lacks native multi-region write support and scales less effectively for high-volume IoT telemetry workloads.

Azure Table Storage: A simple key-value store, suitable for lightweight scenarios, but lacks rich querying, multi-region writes, strong consistency options, and integration with event-driven pipelines, making it insufficient for enterprise-grade IoT telemetry processing.

AZ-305 Alignment

From an AZ-305 perspective, Cosmos DB exemplifies designing resilient, globally distributed, high-performance data solutions. The platform addresses the following exam objectives:

Global Distribution and Resiliency: Supports high availability and disaster recovery across regions.

Low-Latency and High Throughput: Ensures IoT devices can read and write data efficiently, regardless of location.

Scalability: Handles massive spikes in telemetry data through elastic scaling and horizontal partitioning.

Event-Driven Integration: Works with Azure Functions, Event Grid, and Stream Analytics to enable real-time processing and automation.

Security and Compliance: Provides encryption, access control, and integration with Key Vault, meeting enterprise and regulatory requirements.

Operational Efficiency: Minimizes manual infrastructure management, simplifying deployment and reducing administrative overhead.

In summary, Azure Cosmos DB is the optimal solution for globally distributed IoT telemetry platforms. It combines multi-region writes, low-latency reads, elastic scalability, high availability, integrated security, and seamless integration with Azure services, ensuring enterprises can deploy high-performance, resilient, and compliant IoT architectures. This aligns directly with AZ-305 objectives, making it the recommended choice for exam scenarios involving IoT telemetry, global scale, and real-time data processing.

Question 136

A company wants a multi-tier application with automatic scaling, high availability, and secure secret management. Which architecture is optimal?

Answer

A) Azure App Service, Key Vault, and Azure SQL Database zone-redundant
B) Azure VMs, SQL Server, and Storage Account
C) AKS with PostgreSQL single instance
D) Azure Functions with Cosmos DB

Explanation

The correct answer is A) Azure App Service, Key Vault, and Azure SQL Database zone-redundant.

Designing a multi-tier enterprise application involves several architectural concerns, including scalability, high availability, security, operational efficiency, and data integrity. Each tier—web, application, and database—must be resilient and capable of handling variable workloads while ensuring secure communication and authentication between layers.

Application Tier: Azure App Service

Azure App Service is a fully managed Platform-as-a-Service (PaaS) for hosting web applications and APIs. It eliminates the need to manage servers, patch operating systems, or manually scale infrastructure. App Service supports automatic scaling based on CPU, memory, or custom metrics, which ensures that the application remains responsive under varying traffic loads. For instance, during seasonal e-commerce spikes, App Service can automatically scale out to additional instances, maintaining performance without manual intervention.

It also supports deployment slots, enabling zero-downtime deployment, testing, and staged rollouts. For enterprise applications, this minimizes downtime and improves operational efficiency. App Service also integrates natively with Azure Monitor and Application Insights, providing detailed telemetry, diagnostics, and performance monitoring, essential for maintaining SLAs and quickly troubleshooting issues.

Secrets Management: Azure Key Vault

Secure credential management is critical in multi-tier applications. Azure Key Vault allows the storage and management of secrets, certificates, and cryptographic keys used by the application. This eliminates the need to hard-code credentials in source code, reducing the risk of exposure. Key Vault also supports automated key rotation and granular access control through Azure Role-Based Access Control (RBAC) and managed identities.

Integration with App Service ensures that applications can access secrets securely without embedding them in code or configuration files. For example, database connection strings, API keys, and certificate references can be retrieved at runtime, minimizing security risks while maintaining operational efficiency.

Database Tier: Azure SQL Database Zone-Redundant

For the database tier, Azure SQL Database zone-redundant deployment ensures high availability and resilience to availability zone or regional failures. Data is synchronously replicated across availability zones within the same region, guaranteeing that even if a zone goes offline, the database remains accessible.

Azure SQL Database also provides automatic backups, point-in-time restore, and geo-replication options, which are essential for disaster recovery, business continuity, and compliance. Automatic patching and maintenance reduce administrative overhead, enabling teams to focus on development rather than infrastructure management.

Integration and Communication Between Tiers

The combination of App Service, Key Vault, and SQL Database creates a secure, scalable, and highly available multi-tier application architecture. App Service communicates with SQL Database over private endpoints, ensuring that traffic does not traverse the public internet. Managed identities allow secure authentication to Key Vault and SQL Database without storing credentials in code.

Comparison with Other Options

Option B (VMs + SQL Server + Storage Account) introduces high operational overhead. Administrators must patch, scale, and maintain VMs manually. Disaster recovery must be configured separately, increasing complexity.

Option C (AKS + PostgreSQL single instance) lacks high availability for the database and is overkill for basic multi-tier applications not requiring container orchestration.

Option D (Azure Functions + Cosmos DB) is ideal for serverless, event-driven workloads, but it is stateless and not optimized for multi-tier relational applications requiring ACID transactions.

AZ-305 Alignment

This architecture aligns directly with AZ-305 objectives for designing scalable, resilient, and secure multi-tier applications. Key design principles demonstrated:

Automatic Scaling: App Service handles variable workloads dynamically.

High Availability: SQL Database zone redundancy ensures minimal downtime.

Secure Secrets Management: Key Vault centralizes credentials with RBAC and managed identity integration.

Operational Efficiency: PaaS solutions reduce infrastructure management and monitoring complexity.

Integration: Private endpoints, managed identities, and secure service-to-service communication ensure compliance and security.

In conclusion, this combination provides a production-ready, enterprise-grade architecture suitable for mission-critical multi-tier applications, minimizing operational overhead while ensuring security, availability, and scalability.

Question 137

A company wants to migrate on-premises workloads to Azure with continuous replication, automated failover, and minimal downtime. Which service should they implement?

Answer

A) Azure Site Recovery
B) Azure Backup
C) Azure Migrate
D) Azure Automation

Explanation

The correct answer is A) Azure Site Recovery (ASR).

Migrating on-premises workloads to Azure while ensuring business continuity and minimal downtime is a common requirement for enterprises. Azure Site Recovery provides Disaster Recovery-as-a-Service (DRaaS), allowing organizations to replicate on-premises VMs, physical servers, and even other cloud workloads to Azure.

Continuous Replication and Low RPO

ASR continuously replicates workloads, ensuring that the Recovery Point Objective (RPO) is minimized. Continuous replication allows near real-time updates of data to Azure, reducing the risk of data loss during migration or an unplanned outage. The platform supports multiple replication topologies, including VM-level replication and physical server replication, catering to heterogeneous environments.

Automated Failover and Orchestration

ASR allows organizations to perform planned failovers, ideal for migration or maintenance scenarios, and unplanned failovers, essential during disaster events. Recovery plans orchestrate multi-tier applications, ensuring dependent services start in the correct order. For example, a web application tier can be started only after the database tier is operational, preserving application integrity.

Non-Disruptive Testing

A critical feature of ASR is non-disruptive failover testing, enabling enterprises to validate disaster recovery plans without impacting production workloads. This ensures that migrations or failover processes are reliable and reduces the risk of downtime during actual disaster scenarios.

Comparison with Alternatives

Azure Backup provides data protection but does not support live failover or orchestrated application recovery.

Azure Migrate assesses workload readiness for migration but does not provide continuous replication or failover orchestration.

Azure Automation can orchestrate scripts but cannot manage replication, failover, or recovery sequencing at the VM or application level.

AZ-305 Alignment

ASR aligns with AZ-305 objectives by supporting resilient, highly available hybrid cloud designs. Key considerations include:

Resiliency and Availability: Automatic replication and failover reduce downtime.

Operational Efficiency: Orchestrated recovery plans reduce manual intervention.

Business Continuity: Continuous replication ensures minimal data loss.

Testing and Validation: Non-disruptive testing validates recovery strategies.

Integration: ASR integrates with Azure Backup and monitoring tools for comprehensive DR strategies.

In summary, Azure Site Recovery enables enterprises to migrate on-premises workloads with confidence, ensuring resilience, operational efficiency, and compliance, which are central objectives in the AZ-305 exam.

Question 138

A company wants a serverless workflow that reacts to HTTP requests, storage events, and queue messages, with automatic scaling. Which service should they implement?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions is a serverless, event-driven compute platform, enabling organizations to execute code in response to events such as HTTP requests, Blob storage changes, and queue messages. This is particularly suitable for IoT pipelines, e-commerce platforms, and automated workflows, where workloads are unpredictable and require automatic scaling.

Automatic Scaling and Event Processing

Functions automatically scale out as events increase and scale in during low activity, providing cost efficiency and responsiveness. It eliminates the need for manual server provisioning, making it ideal for dynamic, event-driven workloads.

Security and Secrets Management

Functions integrate with Azure Key Vault and managed identities, allowing secure access to secrets without embedding credentials in code. This supports regulatory compliance and enterprise security policies.

Observability and Workflow Orchestration

Azure Functions integrates with Application Insights, providing detailed telemetry for execution duration, errors, and dependencies. Durable Functions extend capabilities, enabling orchestration of long-running workflows, fan-out/fan-in patterns, and timer-based tasks. For example, processing IoT telemetry in parallel while aggregating results for real-time dashboards is easily achieved with Durable Functions.

Comparison with Alternatives

VMs require manual scaling and infrastructure management.

AKS provides container orchestration but introduces unnecessary complexity for lightweight workflows.

Dedicated App Service lacks true serverless elasticity, resulting in inefficiencies and higher costs.

AZ-305 Alignment

Azure Functions illustrates scalable, resilient, secure, and observable serverless architecture, meeting AZ-305 objectives for dynamic, event-driven enterprise solutions. It supports:

Cost-efficient elasticity

Integration with other Azure services for event-driven pipelines

Secure identity and secret management

Workflow orchestration for complex processing

In summary, Azure Functions provides an enterprise-ready, serverless solution for dynamic workflows, aligning with AZ-305 best practices.

Question 139

A company wants a globally distributed e-commerce platform with low-latency access, high availability, and secure authentication. Which combination of services is optimal?

Answer

A) Azure Front Door, Azure SQL Database with geo-replication, and Azure Active Directory B2C
B) Azure Load Balancer, SQL Server on VMs, and VPN Gateway
C) Azure Application Gateway, Bastion, and PostgreSQL single instance
D) Azure CDN and Table Storage

Explanation

The correct answer is A) Azure Front Door, Azure SQL Database with geo-replication, and Azure Active Directory B2C.

Global Performance and Load Balancing

Azure Front Door provides global HTTP/HTTPS load balancing with automatic failover, ensuring that users connect to the nearest healthy backend. This reduces latency for international users and maintains high availability during regional outages.

High Availability and Disaster Recovery

Azure SQL Database with geo-replication allows data to be replicated across multiple regions. This ensures high availability, disaster recovery, and low-latency read access for users worldwide. In case of an outage, traffic is automatically routed to a secondary region with minimal disruption.

Secure User Authentication

Azure Active Directory B2C enables enterprise-grade authentication for external customers. It supports social logins, multi-factor authentication, and compliance with global identity standards, ensuring secure access to e-commerce services.

Comparison with Alternatives

Option B lacks global routing and failover automation.

Option C is regionally constrained and does not provide multi-region low-latency delivery.

Option D handles static content but not transactional data or secure authentication.

AZ-305 Alignment

This architecture demonstrates designing globally distributed, highly available, and secure applications, addressing performance, resilience, and compliance, which are key AZ-305 objectives.

Question 140

A company wants a serverless workflow that responds to HTTP requests, storage events, and queue messages, automatically scaling to meet demand. Which service should they use?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions enables serverless, event-driven compute with automatic scaling. It integrates with Key Vault for secure secret management and Application Insights for observability. Durable Functions allow orchestration of long-running, complex workflows, such as IoT telemetry pipelines, e-commerce order processing, or real-time event analytics.

VMs require manual scaling and maintenance. AKS is overkill for lightweight serverless workflows. Dedicated App Service lacks true elasticity.

AZ-305 Alignment

Azure Functions supports scalable, resilient, secure, and observable serverless architecture, allowing enterprises to implement dynamic, cost-efficient workflows aligned with AZ-305 objectives for event-driven and resilient design.