Microsoft AZ-305  Designing Microsoft Azure Infrastructure Solutions Exam Dumps and Practice Test Questions Set 4 Q61-80

Visit here for our full Microsoft AZ-305 exam dumps and practice test questions.

Question 61

A company plans to deploy a multi-region web application that must support millions of users, low-latency access, and automatic failover. Which Azure services should they use?

Answer

A) Azure Front Door and Azure Cosmos DB
B) Azure Load Balancer and Azure SQL Database
C) Azure Application Gateway and Azure Table Storage
D) Azure CDN and Azure Virtual Machines

Explanation

The correct answer is A) Azure Front Door and Azure Cosmos DB.

Azure Front Door provides global HTTP/HTTPS load balancing and routes traffic to the closest or healthiest backend, reducing latency for users worldwide. It supports dynamic site acceleration, SSL offloading, and Web Application Firewall (WAF) for security. Front Door also allows path-based routing and caching, improving the responsiveness of both dynamic and static content.

Azure Cosmos DB is a globally distributed, multi-model NoSQL database that supports multi-region writes and low-latency reads. Its five consistency models—strong, bounded staleness, session, consistent prefix, and eventual—allow applications to optimize for performance, availability, or consistency. Cosmos DB automatically scales throughput and storage across regions, making it ideal for massive, high-traffic applications.

Option B (Load Balancer and SQL Database) is limited to regional scaling and does not support multi-region write operations. SQL Database can replicate data globally, but it is single-master, limiting write scalability across regions.

Option C (Application Gateway and Table Storage) is primarily regional and lacks advanced global traffic management or high-performance NoSQL support. Table Storage is simple and inexpensive but cannot handle highly transactional workloads.

Option D (CDN and VMs) optimizes static content delivery but requires manual scaling, patching, and failover management for the VMs. CDN alone cannot provide automatic failover or global dynamic routing.

By combining Front Door and Cosmos DB, enterprises achieve a resilient, scalable, globally distributed architecture capable of supporting millions of users with minimal latency. Integration with Azure Monitor and Application Insights ensures observability and operational management, aligning with AZ-305 objectives for high-performance, globally available applications. This solution also supports automatic failover, compliance requirements, and operational efficiency by reducing infrastructure overhead.

Question 62

A company needs to deploy a serverless workflow that reacts to Blob storage uploads, queue messages, and HTTP triggers while automatically scaling. Which Azure service is most suitable?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions provides a serverless compute platform where code executes in response to events. It scales automatically based on demand and removes the need to manage infrastructure. Supported triggers include:

Blob Storage: Automatically processes files as they arrive.

Queue Storage: Handles asynchronous background processing efficiently.

HTTP Triggers: Provides endpoints for serverless APIs.

Serverless architecture reduces operational costs, as customers pay only for execution time. Azure Functions integrates with Key Vault for secure secrets, Cosmos DB for persistence, Event Grid for event routing, and Application Insights for monitoring and logging.

Option B (VMs) requires manual scaling, patching, and operational management, which increases complexity and cost.

Option C (AKS) is suitable for containerized workloads but adds significant operational overhead for lightweight event-driven scenarios.

Option D (Dedicated App Service Plan) is not fully serverless and requires resource provisioning, limiting automatic scaling and cost efficiency.

Using Azure Functions, enterprises can design resilient, cost-effective, and scalable serverless workflows for event-driven workloads. This aligns with AZ-305 objectives by minimizing operational management, supporting secure event-driven designs, and integrating seamlessly with other Azure services to maintain high availability, observability, and security compliance.

Question 63

A company requires a secure and highly available relational database for its multi-tier application with zone-redundancy. Which solution is appropriate?

Answer

A) Azure SQL Database with zone-redundancy
B) SQL Server on Azure Virtual Machines with premium storage
C) Azure Database for PostgreSQL single instance
D) Azure Table Storage

Explanation

The correct answer is A) Azure SQL Database with zone-redundancy.

Azure SQL Database provides a fully managed relational database service with built-in high availability, automatic patching, and backups. Zone-redundant configuration ensures that the database is replicated across multiple availability zones, protecting against zone-level failures.

Option B (SQL Server on VMs) introduces manual management overhead including patching, scaling, backups, and high-availability configuration. While premium storage improves performance, it does not automatically provide zone-redundancy.

Option C (PostgreSQL single instance) provides managed capabilities but is limited to a single availability zone, making it less resilient.

Option D (Table Storage) is NoSQL and not suitable for relational workloads requiring transactions and relational integrity.

Azure SQL Database with zone-redundancy ensures minimal downtime, supports automatic failover, and integrates with Key Vault for secure credential management. It aligns with AZ-305 objectives for designing highly available, secure, and operationally efficient relational database architectures.

The most appropriate solution for a company that requires a secure and highly available relational database with zone-redundancy for its multi-tier application is Azure SQL Database with zone-redundancy. Azure SQL Database is a fully managed relational database service that provides built-in high availability, automatic patching, and automated backups. By using zone-redundant configuration, the database is replicated across multiple availability zones within a region, ensuring resilience against zone-level failures. This architecture guarantees that the application can continue to operate even if one zone experiences an outage, minimizing downtime and maintaining business continuity.

Azure SQL Database offers features such as automatic failover, read replicas, and point-in-time restore, which enhance both availability and disaster recovery capabilities. It also integrates with Azure Key Vault to securely store and manage credentials and encryption keys, ensuring that sensitive information is protected while meeting regulatory compliance requirements. With its fully managed platform, organizations do not need to worry about manual patching, maintenance, or configuring high availability, allowing teams to focus on application development rather than database administration.

Alternative options have limitations for this scenario. SQL Server on Azure Virtual Machines with premium storage provides flexibility and performance but requires manual management of patching, scaling, backups, and high-availability configuration. While premium storage improves database performance, it does not provide automatic zone-redundancy, leaving the system more vulnerable to infrastructure failures. Azure Database for PostgreSQL single instance offers a managed relational database but is limited to a single availability zone, reducing resilience during zone-level outages. Azure Table Storage is a NoSQL solution and does not support relational features such as transactions, foreign keys, or complex queries, making it unsuitable for multi-tier applications that require relational integrity.

By selecting Azure SQL Database with zone-redundancy, companies benefit from a highly available, secure, and operationally efficient relational database architecture. This solution aligns with AZ-305 best practices, ensuring minimal downtime, strong security, and seamless integration with other Azure services, while simplifying the management of critical data for mission-critical applications.

Question 64

A company wants to deploy a global web application with automatic failover, low-latency access, and secure routing. Which Azure services should be combined?

Answer

A) Azure Front Door with Web Application Firewall
B) Azure Load Balancer and Traffic Manager
C) Azure Application Gateway and VPN Gateway
D) Azure CDN and Bastion

Explanation

The correct answer is A) Azure Front Door with Web Application Firewall.

Azure Front Door provides global traffic management, low-latency routing, SSL offloading, caching, and path-based routing for high-performance web applications. WAF protects against web vulnerabilities like SQL injection and XSS, providing centralized security management for global applications.

Option B (Load Balancer + Traffic Manager) lacks application layer security and low-latency global edge routing.

Option C (Application Gateway + VPN Gateway) is regional, not global, and does not support cross-region failover or dynamic routing.

Option D (CDN + Bastion) optimizes static content but does not address dynamic application traffic management, failover, or WAF protection.

This combination enables resilient, globally distributed, and secure web applications, aligning with AZ-305 best practices for performance, high availability, and security.

The most suitable combination of services for deploying a global web application with automatic failover, low-latency access, and secure routing is Azure Front Door paired with Web Application Firewall. Azure Front Door is a global, fully managed service that provides high-performance load balancing, fast failover, and intelligent routing of user traffic to the nearest available backend. It ensures low-latency access for users by leveraging Microsoft’s global edge network and supports features such as SSL offloading, caching, and path-based routing. These capabilities make it ideal for applications that need to serve users across multiple regions while maintaining consistent performance.

The Web Application Firewall provides a critical layer of security by protecting applications against common web vulnerabilities such as SQL injection, cross-site scripting, and other OWASP top 10 threats. It centralizes security management for web applications and integrates seamlessly with Front Door, ensuring that global traffic is both efficiently routed and secured. By combining Front Door with WAF, organizations can achieve a resilient and secure architecture that minimizes downtime and protects sensitive data.

Alternative options are less suitable for this scenario. Azure Load Balancer combined with Traffic Manager provides basic traffic distribution and failover capabilities, but it lacks application layer security, advanced routing features, and low-latency global edge routing. Azure Application Gateway with VPN Gateway is primarily regional, does not support cross-region dynamic failover, and is not designed for global traffic management. This combination is more appropriate for internal or regional applications. Azure CDN paired with Bastion optimizes static content delivery and provides secure remote access to virtual machines, but it does not handle dynamic application traffic management, failover, or web application firewall protection, making it insufficient for a global web application.

By using Azure Front Door with WAF, organizations can deploy globally distributed applications that are highly available, secure, and optimized for performance. This solution aligns with AZ-305 best practices for designing resilient web architectures with low-latency access, centralized security management, and automatic failover, ensuring an optimal user experience across all regions.

Question 65

A company wants to migrate on-premises VMs to Azure with continuous replication, planned and unplanned failover, and non-disruptive testing. Which service is suitable?

Answer

A) Azure Site Recovery
B) Azure Backup
C) Azure Migrate
D) Azure Automation

Explanation

The correct answer is A) Azure Site Recovery.

Azure Site Recovery provides Disaster Recovery as a Service (DRaaS), replicating on-premises workloads to Azure. Continuous replication ensures minimal downtime and supports both planned failover during maintenance and unplanned failover in case of outages. Non-disruptive testing allows validation of disaster recovery plans without impacting production workloads.

Option B (Backup) protects data but does not enable failover orchestration or real-time replication.

Option C (Azure Migrate) assists with assessment and planning but does not handle failover or replication.

Option D (Automation) is for task automation and cannot replicate or failover workloads.

ASR aligns with AZ-305 objectives for resilient hybrid cloud migrations, enabling enterprises to maintain high availability, minimal operational overhead, and compliance with disaster recovery requirements.

Question 66

A company wants to implement a serverless, event-driven application that reacts to Blob storage, queues, and HTTP requests, with automatic scaling. Which service should they use?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions is a serverless compute platform where code executes in response to events. It supports Blob storage, queue messages, HTTP triggers, and Event Grid events, scaling automatically to handle high workloads. Integration with Key Vault for secrets, Cosmos DB for persistence, and Application Insights for monitoring provides a fully managed, secure, and observable event-driven workflow.

Option B (VMs) requires manual scaling and management.

Option C (AKS) adds operational complexity for simple event-driven applications.

Option D (Dedicated App Service) is not fully serverless and does not scale automatically based on event volume.

Using Azure Functions supports cost-efficient, highly available, and globally scalable serverless architectures, aligning with AZ-305 objectives for modern event-driven cloud solutions.

The most appropriate service for implementing a serverless, event-driven application that reacts to Blob storage, queues, and HTTP requests with automatic scaling is Azure Functions. Azure Functions provides a fully managed serverless compute platform where code runs in response to specific events, without the need to provision or manage infrastructure. This allows developers to focus entirely on application logic and event processing while the platform automatically handles scaling to accommodate varying workloads. It is capable of responding to Blob storage changes, queue messages, HTTP requests, and Event Grid events, enabling a wide range of reactive workflows for modern cloud applications.

Azure Functions integrates seamlessly with other Azure services to provide secure and observable workflows. Integration with Azure Key Vault allows secure storage and access to secrets and credentials, ensuring compliance and minimizing security risks. For data persistence, Azure Functions can connect to Cosmos DB, SQL Database, or other storage solutions to maintain state or store processed information. Application Insights provides detailed telemetry and monitoring, allowing developers to track performance, diagnose issues, and gain real-time visibility into application behavior. This combination of features ensures that serverless applications remain highly available, cost-efficient, and easy to manage.

Alternative options are less suitable for this scenario. Virtual Machines require manual provisioning, patching, scaling, and monitoring, increasing operational overhead and making it difficult to respond efficiently to event-driven workloads. Azure Kubernetes Service is ideal for containerized applications but introduces significant operational complexity, which may be unnecessary for simple event-driven architectures. A dedicated App Service Plan does not provide true serverless capabilities and cannot automatically scale based on event volume, resulting in higher costs and less elasticity.

By choosing Azure Functions, organizations can implement globally scalable, cost-efficient, and highly available serverless applications that respond dynamically to events. This aligns with AZ-305 best practices for designing modern, event-driven cloud solutions that minimize operational effort while ensuring security, observability, and resilience. Azure Functions provides the flexibility to handle both small and large workloads efficiently, making it the preferred choice for serverless event-driven architectures.

Question 67

A company needs a globally distributed NoSQL database that provides multi-region writes, low-latency reads, and automatic scaling. Which service should they select?

Answer

A) Azure Cosmos DB
B) Azure SQL Database
C) Azure Database for PostgreSQL
D) Azure Table Storage

Explanation

The correct answer is A) Azure Cosmos DB.

Cosmos DB provides multi-region writes, global replication, and low-latency reads. Its five consistency levels allow a trade-off between performance and data integrity. Cosmos DB automatically scales throughput and storage and integrates with Azure Front Door for optimized request routing.

Option B (SQL Database) supports geo-replication but not multi-region writes.

Option C (PostgreSQL) supports read replicas but cannot provide low-latency multi-region writes.

Option D (Table Storage) is simple and cost-effective but lacks transactional capabilities, advanced querying, and global replication.

Cosmos DB is suitable for IoT, gaming, and social applications, providing resilient, globally distributed, high-performance NoSQL architectures that align with AZ-305 objectives.

Question 68

A company wants to deploy a multi-tier application with high availability, secure secrets storage, and automatic scaling. Which architecture is best?

Answer

A) Azure App Service, Key Vault, and Azure SQL Database with zone-redundancy
B) Azure Virtual Machines with SQL Server and Storage Account
C) AKS with PostgreSQL single instance
D) Azure Functions with Cosmos DB

Explanation

The correct answer is A) Azure App Service, Key Vault, and SQL Database zone-redundant.

App Service provides managed hosting, automatic scaling, and staging slots. Key Vault securely stores secrets, certificates, and keys. SQL Database zone-redundancy ensures high availability and disaster recovery.

Options B, C, and D increase operational complexity, reduce availability, or are not suitable for multi-tier relational applications.

This architecture aligns with AZ-305 objectives for secure, highly available, and scalable enterprise applications.

The most suitable architecture for deploying a multi-tier application that requires high availability, secure storage of secrets, and automatic scaling is a combination of Azure App Service, Azure Key Vault, and Azure SQL Database with zone-redundancy. Azure App Service provides a fully managed platform for hosting web applications, offering built-in high availability and automatic scaling based on traffic demands. It also supports staging slots, which allow developers to test new versions of an application in a separate environment before promoting them to production, reducing the risk of downtime during updates. App Service integrates with continuous integration and continuous delivery pipelines, making deployment processes more efficient and reliable.

For secure management of sensitive information, Azure Key Vault is used to store secrets, certificates, and encryption keys. It provides centralized secret management and allows applications to access secrets using managed identities, eliminating the need to embed credentials in code. Key Vault also supports auditing, secret rotation, and compliance with regulatory frameworks such as GDPR and HIPAA, ensuring that sensitive information is protected at all times.

The data tier is handled by Azure SQL Database with zone-redundant configuration, which replicates data across multiple availability zones within a region. This ensures that the database remains highly available even in the event of zone-level failures, providing resilience and disaster recovery capabilities. SQL Database also offers automated backups, patching, monitoring, and SLA-backed uptime guarantees, reducing operational overhead and simplifying database management.

Alternative architectures are less suitable. Using virtual machines with SQL Server and a Storage Account requires manual scaling, patching, and high-availability configuration, increasing operational complexity. Deploying AKS with a single-instance PostgreSQL database does not provide zone-redundancy or guaranteed high availability and adds unnecessary operational overhead. Serverless options such as Azure Functions with Cosmos DB are more suited for event-driven workloads and do not provide relational capabilities required by multi-tier applications.

Combining Azure App Service, Key Vault, and SQL Database with zone-redundancy delivers a secure, scalable, and highly available multi-tier architecture. This approach aligns with AZ-305 best practices, supporting enterprise applications that demand resilience, operational efficiency, and strong security while minimizing management overhead.

Question 69

A company needs to migrate on-premises workloads to Azure with minimal downtime and continuous replication. Which service should they implement?

Answer

A) Azure Site Recovery
B) Azure Backup
C) Azure Migrate
D) Azure Automation

Explanation

The correct answer is A) Azure Site Recovery.

ASR provides continuous replication, planned and unplanned failover, and non-disruptive testing. It supports multi-tier recovery plans, operational visibility via Azure Monitor, and aligns with AZ-305 objectives for resilient hybrid cloud migration with minimal operational risk.

The most suitable service for migrating on-premises workloads to Azure with minimal downtime and continuous replication is Azure Site Recovery. Azure Site Recovery is a disaster recovery and migration solution that enables organizations to replicate workloads running on physical servers or virtual machines to Azure. It provides continuous replication of workloads, ensuring that data is synchronized between the on-premises environment and the Azure cloud, which minimizes downtime during migration or failover scenarios. This continuous replication allows for near real-time data availability, reducing the risk of data loss and ensuring business continuity.

Azure Site Recovery supports both planned and unplanned failovers. Planned failovers allow organizations to migrate workloads to Azure in a controlled manner, ensuring that applications remain available and consistent during the migration process. Unplanned failovers provide immediate recovery in case of an unexpected outage, helping organizations meet stringent recovery time objectives. ASR also allows for non-disruptive testing of failover plans, enabling administrators to validate recovery procedures without affecting production workloads.

Operational visibility is another key benefit of Azure Site Recovery. Through integration with Azure Monitor, administrators gain real-time insights into replication status, failover readiness, and overall system health. This visibility allows proactive management of workloads during migration and ensures that any potential issues can be addressed before they impact operations. Additionally, ASR supports multi-tier recovery plans, allowing complex applications with multiple dependent components to be replicated and recovered in a coordinated manner.

Alternative options are less suitable for workload migration. Azure Backup is designed for data protection and point-in-time recovery rather than live workload migration. Azure Migrate provides assessment, planning, and initial migration guidance, but it does not offer continuous replication or automated failover. Azure Automation is primarily for process automation and management and does not provide replication or failover capabilities.

Implementing Azure Site Recovery ensures a smooth migration to Azure with minimal downtime, continuous replication, and robust operational control. This aligns with AZ-305 best practices for resilient hybrid cloud strategies, supporting enterprise objectives of high availability, disaster recovery, and operational efficiency during cloud migration.

Question 70

A company wants to deploy a serverless event-driven workflow reacting to Blob storage, queue messages, and HTTP requests, with secure secret access. Which service is most appropriate?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions enables serverless, event-driven workflows with automatic scaling. Integration with Key Vault for secrets, Cosmos DB for persistence, and Application Insights provides a secure, observable, and scalable solution.

Option B (VMs) requires manual management. Option C (AKS) adds complexity. Option D (Dedicated App Service) lacks automatic event-driven scaling.

This architecture aligns with AZ-305 objectives for cost-efficient, highly available, serverless applications.

Question 71

A company wants a highly available web application with automatic failover, SSL offload, and low-latency global access. Which services should they combine?

Answer

A) Azure Front Door with Web Application Firewall
B) Azure Load Balancer and Traffic Manager
C) Azure Application Gateway and VPN Gateway
D) Azure CDN and Bastion

Explanation

The correct answer is A) Azure Front Door with WAF.

Front Door provides global Layer 7 routing, low-latency delivery, SSL offload, caching, and path-based routing. WAF protects against web vulnerabilities, ensuring secure and globally distributed access. Option B is regional; Option C lacks global failover; Option D does not handle dynamic traffic or security.

This combination ensures resilience, performance, and security for global applications, aligning with AZ-305 best practices.

The most suitable combination of services for deploying a highly available web application with automatic failover, SSL offload, and low-latency global access is Azure Front Door paired with Web Application Firewall. Azure Front Door is a global, fully managed service that provides intelligent Layer 7 routing and traffic distribution, ensuring that users are always directed to the nearest and healthiest backend. By leveraging Microsoft’s global edge network, Front Door delivers low-latency access to users worldwide and enables features such as SSL termination, caching, and path-based routing. SSL offload at the edge reduces load on backend servers while ensuring secure communication between clients and the application.

Web Application Firewall complements Front Door by providing an additional layer of security. It protects against common web vulnerabilities such as SQL injection, cross-site scripting, and other OWASP top 10 threats. By integrating WAF with Front Door, organizations gain centralized security management for globally distributed applications, ensuring that incoming traffic is both efficiently routed and secured. This combination allows businesses to deploy resilient applications that are optimized for performance, availability, and security across multiple regions.

Alternative options are less suitable for this scenario. Azure Load Balancer combined with Traffic Manager can distribute traffic and provide some failover capabilities, but it operates primarily at the network or DNS level, lacks Layer 7 routing, does not provide SSL offload, and does not include integrated application security. Azure Application Gateway paired with VPN Gateway is designed for regional applications and does not support global traffic routing or automatic cross-region failover, making it insufficient for globally distributed workloads. Azure CDN combined with Bastion optimizes static content delivery and provides secure remote access to virtual machines, but it does not manage dynamic application traffic, failover, or WAF protection, limiting its effectiveness for highly available web applications.

By combining Azure Front Door with Web Application Firewall, organizations can ensure globally distributed, secure, and high-performance web applications. This architecture aligns with AZ-305 best practices, providing resilience, low-latency access, centralized security, and automatic failover, enabling businesses to deliver a reliable and secure user experience worldwide.

Question 72

A company requires a serverless API that scales automatically and integrates with queues, Blob storage, and database triggers. Which service is most appropriate?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Azure Functions supports event-driven, serverless workflows with automatic scaling. It integrates with Blob Storage, queues, HTTP triggers, Key Vault, and Cosmos DB, providing secure, highly available, and cost-efficient serverless APIs.

The most appropriate service for implementing a serverless API that scales automatically and integrates with queues, Blob storage, and database triggers is Azure Functions. Azure Functions is a fully managed, event-driven compute platform that allows developers to run code in response to various events without managing infrastructure. This serverless approach automatically handles scaling based on workload, ensuring that applications remain responsive even during sudden spikes in traffic. Because it only consumes resources when code executes, it provides a cost-efficient solution for workloads with variable or unpredictable demand.

Azure Functions supports multiple types of triggers, making it ideal for serverless APIs and event-driven workflows. Blob storage triggers allow automatic processing of files when they are uploaded or modified, enabling scenarios such as ETL pipelines, media processing, or automated document handling. Queue storage triggers facilitate asynchronous message processing, allowing different components of an application to communicate reliably while decoupling their execution. Database triggers, such as Cosmos DB change feed or SQL Database change tracking, allow the application to react immediately to data changes, ensuring real-time processing and reactive workflows. HTTP triggers enable the creation of serverless APIs that can directly handle requests from web or mobile clients.

Alternative options are less suitable for this scenario. Virtual Machines require manual provisioning, scaling, patching, and monitoring, which significantly increases operational overhead and is not cost-efficient for event-driven APIs. Azure Kubernetes Service provides container orchestration and scalability but introduces complexity that is unnecessary for a serverless, event-driven application. A dedicated App Service Plan does not provide true serverless functionality, and scaling is tied to pre-provisioned resources rather than dynamic workloads, making it less flexible and potentially more costly.

Azure Functions also integrates with Azure Key Vault for secure secret management, Cosmos DB for persistence, and Application Insights for monitoring and observability. This enables the development of fully managed, secure, and highly available serverless APIs. By leveraging Azure Functions, organizations can build globally scalable, resilient, and cost-efficient serverless applications that align with AZ-305 best practices for modern cloud architectures.

Question 73

A company wants a secure and highly available relational database with zone-redundancy. Which service should they choose?

Answer

A) Azure SQL Database zone-redundant
B) SQL Server on VMs
C) Azure Database for PostgreSQL single instance
D) Azure Table Storage

Explanation

The correct answer is A) Azure SQL Database zone-redundant.

SQL Database provides automatic patching, backups, monitoring, and high availability across multiple zones. Options B, C, and D introduce manual management or are unsuitable for relational workloads, aligning with AZ-305 objectives for highly available, secure relational databases.

Question 74

A company wants a globally distributed NoSQL database with multi-region writes and low-latency reads. Which service is most suitable?

Answer

A) Azure Cosmos DB
B) Azure SQL Database
C) Azure Database for PostgreSQL
D) Azure Table Storage

Explanation

The correct answer is A) Azure Cosmos DB.

Cosmos DB offers global replication, low-latency reads, automatic scaling, and five consistency models, ideal for IoT, gaming, and social apps. Other options do not provide multi-region write support or global low-latency performance.

The most suitable service for a company that requires a globally distributed NoSQL database with multi-region writes and low-latency reads is Azure Cosmos DB. Azure Cosmos DB is a fully managed, globally distributed database service designed for mission-critical applications that demand high availability, low latency, and scalability. It enables organizations to replicate data across multiple regions, allowing both reads and writes to occur in any region, which ensures fast response times for users regardless of their geographic location. Cosmos DB also provides five well-defined consistency models, giving developers flexibility to balance performance and data consistency based on application requirements.

Cosmos DB automatically scales throughput and storage to meet the needs of dynamic workloads, making it ideal for applications with variable or unpredictable traffic patterns. Its global distribution capabilities are particularly useful for scenarios such as IoT platforms, gaming, social media applications, and e-commerce systems, where users are spread across different continents and require near real-time access to data. The service also provides comprehensive SLAs covering availability, latency, throughput, and consistency, ensuring predictable performance for critical applications.

Alternative options are less suitable for this scenario. Azure SQL Database is a fully managed relational database that supports high availability and geo-replication, but it does not provide multi-region write capabilities or the same level of low-latency global performance as Cosmos DB. Azure Database for PostgreSQL is also a relational solution with strong performance and high availability features, but it is limited to single-region writes and does not natively support global low-latency distribution. Azure Table Storage is a simple NoSQL key-value store, but it lacks multi-region write support, advanced consistency models, and global distribution features required for modern high-performance, globally accessible applications.

By selecting Azure Cosmos DB, organizations can achieve a highly available, globally distributed NoSQL database with multi-region writes and low-latency reads. This solution aligns with AZ-305 best practices for globally scalable applications, providing automatic scaling, reliable performance, and the flexibility to serve users worldwide while maintaining operational simplicity and high resilience.

Question 75

A company wants to deploy a multi-tier application with automatic scaling, high availability, and secure secrets management. Which architecture should they implement?

Answer

A) Azure App Service, Key Vault, Azure SQL Database zone-redundant
B) Virtual Machines, SQL Server, Storage Account
C) AKS with PostgreSQL single instance
D) Azure Functions with Cosmos DB

Explanation

The correct answer is A) Azure App Service, Key Vault, SQL Database zone-redundant.

App Service provides scaling, staging slots, and managed hosting. Key Vault secures secrets, certificates, and keys. SQL Database zone-redundancy ensures high availability. Options B, C, and D increase operational overhead or are not suitable for relational multi-tier apps, meeting AZ-305 objectives.

The most suitable architecture for deploying a multi-tier application that requires automatic scaling, high availability, and secure secrets management is a combination of Azure App Service, Azure Key Vault, and Azure SQL Database with zone-redundancy. Azure App Service provides a fully managed platform for hosting web applications, offering automatic scaling based on demand, high availability across multiple instances, and staging slots that allow developers to test updates before deploying them to production. This reduces the risk of downtime during updates and ensures that applications remain responsive under varying workloads. App Service also integrates seamlessly with continuous integration and continuous delivery pipelines, simplifying deployment processes and operational management.

Azure Key Vault is used to securely store and manage sensitive information, including secrets, certificates, and encryption keys. By leveraging managed identities, applications can access these secrets without embedding credentials in code, enhancing security and reducing operational risks. Key Vault also supports features such as secret rotation, auditing, and compliance with regulatory standards like HIPAA and GDPR, ensuring that sensitive data is protected throughout its lifecycle.

The data tier is handled by Azure SQL Database with zone-redundant configuration, which replicates data across multiple availability zones within a region. This ensures high availability and resilience against zone-level failures. SQL Database also provides automated backups, patching, monitoring, and service-level agreements for uptime, reducing the administrative overhead associated with maintaining a highly available database.

Alternative architectures are less suitable. Using virtual machines with SQL Server and a Storage Account requires manual scaling, patching, and high-availability configuration, increasing operational complexity and risk. Deploying Azure Kubernetes Service with a single-instance PostgreSQL database does not provide zone redundancy and adds unnecessary operational overhead. Using Azure Functions with Cosmos DB is more suitable for serverless or NoSQL applications and lacks relational capabilities required by traditional multi-tier applications.

By combining Azure App Service, Key Vault, and zone-redundant SQL Database, organizations can implement a secure, highly available, and scalable multi-tier application architecture. This approach aligns with AZ-305 best practices for enterprise applications, ensuring operational efficiency, resilience, and strong security while minimizing management overhead.

Question 76

A company needs to migrate on-premises workloads with continuous replication, planned and unplanned failover. Which service should they use?

Answer

A) Azure Site Recovery
B) Azure Backup
C) Azure Migrate
D) Azure Automation

Explanation

The correct answer is A) Azure Site Recovery.

ASR replicates workloads to Azure for high availability and disaster recovery, supporting non-disruptive testing and failback. Backup, Migrate, and Automation do not provide continuous replication and failover orchestration, aligning with AZ-305 objectives.

Question 77

A company wants a serverless, event-driven application reacting to Blob storage, queues, and HTTP requests, scaling automatically. Which service should they implement?

Answer

A) Azure Functions
B) Azure Virtual Machines
C) Azure Kubernetes Service
D) Azure App Service Plan (Dedicated)

Explanation

The correct answer is A) Azure Functions.

Functions is serverless, scalable, and event-driven, integrating with Key Vault, Cosmos DB, Event Grid, and Application Insights, ensuring secure, observable, and highly available workflows. VMs, AKS, and Dedicated App Service introduce unnecessary operational complexity for lightweight event-driven scenarios.

Question 78

A company needs a globally distributed NoSQL database supporting multi-region writes, low-latency reads, and automatic scaling. Which service is most suitable?

Answer

A) Azure Cosmos DB
B) Azure SQL Database
C) Azure Database for PostgreSQL
D) Azure Table Storage

Explanation

The correct answer is A) Azure Cosmos DB.

Cosmos DB provides multi-region writes, global replication, low-latency reads, and multiple consistency models. It integrates with Front Door and CDN for optimized global performance. Other options lack multi-region write and low-latency global access. This aligns with AZ-305 objectives for highly available, globally distributed NoSQL architectures.

Question 79

A company wants a multi-tier application with automatic scaling, high availability, and secure secret storage. Which architecture is best?

Answer

A) Azure App Service, Key Vault, Azure SQL Database zone-redundant
B) Virtual Machines, SQL Server, Storage Account
C) AKS with PostgreSQL single instance
D) Azure Functions with Cosmos DB

Explanation

The correct answer is A) Azure App Service, Key Vault, SQL Database zone-redundant.

App Service provides managed hosting and automatic scaling. Key Vault ensures secure secret management. SQL Database zone-redundancy ensures high availability and disaster recovery. Options B, C, and D introduce manual operations or are unsuitable for multi-tier relational apps, meeting AZ-305 objectives.

Question 80

A company wants to migrate on-premises workloads to Azure with continuous replication, failover, and non-disruptive testing. Which service should they use?

Answer

A) Azure Site Recovery
B) Azure Backup
C) Azure Migrate
D) Azure Automation

Explanation

The correct answer is A) Azure Site Recovery.

ASR provides continuous replication, planned/unplanned failover, and non-disruptive testing. It integrates with Azure Monitor for operational visibility, enabling resilient hybrid cloud migration. Backup, Migrate, and Automation do not provide continuous replication and failover orchestration. This aligns with AZ-305 objectives for highly available, resilient hybrid infrastructures.