MICROSOFT CERTIFICATION
AZ-305 Azure Solutions Architect Expert Practice Exam
Exam Number: 3107 | Last updated 16-Apr-26 | 798+ questions across 4 vendor-aligned objectives
The AZ-305 Azure Solutions Architect Expert certification validates the skills of solutions architects who design cloud and hybrid infrastructure solutions on Azure. This exam measures your ability to work with Azure Well-Architected Framework, Azure Front Door, Azure Kubernetes Service, Azure SQL, Azure Active Directory B2C, demonstrating both conceptual understanding and practical implementation skills required in today’s enterprise environments.
The heaviest exam domains include Design Identity, Governance, and Monitoring Solutions (25–30%), Design Infrastructure Solutions (25–30%), and Design Data Storage Solutions (20–25%). These areas collectively represent the majority of exam content and require focused preparation across their respective subtopics.
Additional domains tested include Design Business Continuity Solutions (15–20%). Together, these areas round out the full exam blueprint and ensure candidates possess well-rounded expertise across the certification scope.
Every answer links to the source. Each explanation below includes a hyperlink to the exact Microsoft documentation page the question was derived from. PowerKram is the only practice platform with source-verified explanations. Learn about our methodology →
515
practice exam users
92.6%
satisfied users
91.2%
passed the exam
4.2/5
quality rating
Test your AZ-305 Azure Solutions Architect Expert knowledge
10 of 798+ questions
Question #1 - Design Identity, Governance, and Monitoring Solutions
A multinational enterprise needs to centrally manage access policies across 50 Azure subscriptions organized by region and business unit.
Which governance structure should the architect implement?
A) Assign policies individually to each subscription
B) Create a management group hierarchy with inherited Azure Policies
C) Use a single subscription with resource groups per business unit
D) Delegate policy management to individual subscription owners
Show solution
Correct answers: B – Explanation:
Management group hierarchies enable policy inheritance across subscriptions, ensuring consistent governance at scale. Individual policy assignment does not scale. A single subscription creates blast-radius and limit concerns. Delegation without hierarchy leads to inconsistent policies. Source: Check Source
Question #2 - Design Identity, Governance, and Monitoring Solutions
A multinational enterprise needs to centrally manage access policies across 50 Azure subscriptions organized by region and business unit.
Which governance structure should the architect implement?
A) Assign Azure Policy definitions individually to each of the 50 subscriptions separately
B) Delegate full policy management authority to each individual subscription owner independently
C) Use a single subscription organized with resource groups defined per business unit
D) Create a management group hierarchy with inherited Azure Policies flowing to child subscriptions
Show solution
Correct answers: D – Explanation:
Management group hierarchies enable policy inheritance across subscriptions, ensuring consistent governance at scale with centralized control. Individual assignment to 50 subscriptions does not scale and risks inconsistency. A single subscription creates resource limit concerns and blast-radius issues. Full delegation without hierarchy leads to fragmented and inconsistent policies across the organization. Source: Check Source
Question #3 - Design Identity, Governance, and Monitoring Solutions
A company needs all Azure admin actions auditable with 90-day retention. Alerts should fire when critical resources are deleted.
Which monitoring solution meets these requirements?
A) Activity Log with diagnostic settings exporting events to a Log Analytics workspace
B) Application Insights configured with custom events tracking administrative user actions
C) Azure Advisor with email notification subscriptions for weekly recommendation summaries
D) Microsoft Sentinel deployed with a dedicated data connector but no alert rule configuration
Show solution
Correct answers: A – Explanation:
Activity Log captures all management-plane operations. Diagnostic settings export to Log Analytics for 90 day retention, and alert rules fire on delete operations in near-real-time. Application Insights monitors application performance, not Azure administrative operations. Advisor provides optimization recommendations on a periodic basis, not real-time audit trails. Sentinel without alert rules collects data but would not generate the required deletion notifications. Source: Check Source
Question #4 - Design Identity, Governance, and Monitoring Solutions
A healthcare organization must enforce that all Azure resources are deployed only in US regions for data sovereignty compliance.
Which approach should the architect use?
A) Configure Azure Firewall rules to block network traffic originating from non-US Azure regions
B) Apply an Azure Policy with allowed-locations set to US regions using the Deny enforcement effect
C) Create a custom RBAC role definition that restricts resource deployment to US region targets
D) Provide deployment teams with documented guidelines specifying the approved US regions
Show solution
Correct answers: B – Explanation:
Azure Policy with allowed locations and the Deny effect prevents resource creation outside specified US regions at the ARM level. Training and guidelines rely on human compliance without technical enforcement. Firewall controls network traffic paths, not resource deployment locations. RBAC manages identity permissions, not regional deployment constraints on resources. Source: Check Source
Question #5 - Design Infrastructure Solutions
A media streaming company needs a globally distributed application with traffic routed to the nearest healthy region.
Which architecture pattern and load balancing should be used?
A) Hub-spoke VNet topology with Azure Firewall providing centralized traffic routing control
B) Single-region deployment with Azure CDN caching static media content at global edge nodes
C) Active-passive with Azure Site Recovery standing up a warm secondary during failover
D) Active-active with Azure Front Door providing geographic routing to the nearest healthy region
Show solution
Correct answers: D – Explanation:
Active-active with Front Door routes users to the nearest healthy region providing low latency and high availability simultaneously. Active-passive wastes standby resources and increases failover time. Single-region with CDN caches static content but creates a single point of failure for dynamic services. Hub-spoke is a networking topology for traffic inspection, not a global application distribution pattern. Source: Check Source
Question #6 - Design Infrastructure Solutions
A company migrates 200 legacy VMs. Some workloads suit PaaS while others require IaaS. The architect needs a framework to evaluate each.
Which Azure framework should guide the migration assessment?
A) Azure Advisor analyzing cost optimization recommendations for existing Azure resource usage
B) Azure DevOps project boards tracking the migration task list and completion status
C) Azure Well-Architected Framework evaluating each workload across five architectural pillars
D) Azure Pricing Calculator comparing IaaS and PaaS monthly cost estimates for each workload
Show solution
Correct answers: C – Explanation:
The Well-Architected Framework evaluates workloads across reliability, security, cost optimization, operational excellence, and performance pillars, guiding PaaS vs IaaS decisions systematically. Advisor provides reactive recommendations for existing resources. Pricing Calculator estimates financial cost only without architectural assessment. DevOps boards manage project execution, not architecture evaluation decisions. Source: Check Source
Question #7 - Design Infrastructure Solutions
A retail company needs container orchestration supporting microservices with service mesh, auto-scaling, and Azure DevOps CI/CD integration.
Which Azure service should the architect recommend?
A) Azure App Service for Containers hosting single-container web applications on managed plans
B) Azure Batch managing parallel computing jobs across pools of dedicated compute nodes
C) Azure Kubernetes Service providing full Kubernetes orchestration with service mesh support
D) Azure Container Instances running individual container groups without orchestration features
Show solution
Correct answers: C – Explanation:
AKS provides full Kubernetes orchestration with service mesh (Istio, Linkerd), Horizontal Pod Autoscaler, and native Azure DevOps pipeline integration for CI/CD. ACI runs individual containers without orchestration, scaling, or mesh capabilities. App Service supports containers but lacks service mesh and advanced orchestration. Batch is designed for parallel computing batch jobs, not long-running microservice architectures. Source: Check Source
Question #8 - Design Data Storage Solutions
An IoT platform ingests 1 million events per second from sensors worldwide. Data must be stored for real-time analytics and 7-year archival.
Which storage architecture should the architect design?
A) Event Hubs for ingestion, Data Explorer for real-time analytics, and Blob Archive for archival
B) Azure Queue Storage for event ingestion and Azure Files premium tier for long-term retention
C) Azure Cosmos DB configured as the single storage layer for all ingestion and archival needs
D) Azure SQL Database with table partitioning to handle both ingestion and long-term archival
Show solution
Correct answers: A – Explanation:
Event Hubs handles high-throughput ingestion at millions of events per second, Data Explorer provides real-time analytics on streaming data with KQL, and Blob Archive tier offers low-cost long-term storage. SQL Database cannot handle 1M events/sec ingestion rates. Cosmos DB could handle ingestion but is prohibitively expensive for 7-year archival volumes. Queue Storage has lower throughput limits and Files is not optimized for event archival workloads. Source: Check Source
Question #9 - Design Data Storage Solutions
A banking app needs a globally distributed database with single-digit millisecond reads, multi-region writes, and automatic conflict resolution.
Which Azure database service should be selected?
A) Azure Cache for Redis Enterprise with active geo-replication across multiple Azure regions
B) Azure Cosmos DB with multi-region writes enabled and configurable conflict resolution policy
C) Azure SQL Database with active geo-replication configured for multi-region read replicas
D) Azure Database for PostgreSQL Flexible Server deployed with high-availability zone redundancy
Show solution
Correct answers: B – Explanation:
Cosmos DB provides turnkey global distribution, multi-region writes with configurable conflict resolution, and guaranteed single-digit millisecond latency at any scale. SQL geo-replication supports multi-region reads but limits writes to a single primary region. PostgreSQL Flex is a single-region service with zone redundancy, not global distribution. Redis Enterprise is a caching layer, not a primary transactional database for banking applications. Source: Check Source
Question #10 - Design Business Continuity Solutions
A company requires RPO of 1 hour and RTO of 4 hours for Azure SQL Database. They want automatic failover on regional outage.
Which DR configuration should be implemented?
A) Active geo-replication with an auto-failover group providing automatic regional failover
B) Azure Site Recovery configured with VM-level replication and recovery plans for the server
C) Geo-redundant backup with manual point-in-time restore to a secondary region on demand
D) Locally redundant backup with periodic manual restore testing performed on a monthly basis
Show solution
Correct answers: A – Explanation:
Auto-failover groups with active geo-replication provide automatic failover meeting the 4-hour RTO with continuous async replication meeting the 1-hour RPO target. Geo-redundant backup restores take longer and require manual intervention steps. Locally redundant backup does not protect against regional failure scenarios. Azure Site Recovery is designed for VM replication, not PaaS Azure SQL Database disaster recovery. Source: Check Source
Get 798+ more questions with source-linked explanations
Every answer traces to the exact Microsoft documentation page — so you learn from the source, not just memorize answers.
Exam mode & learn mode · Score by objective · Updated 16-Apr-26
Learn more...
What the AZ-305 Azure Solutions Architect Expert exam measures
- Design Identity, Governance, and Monitoring Solutions (25–30%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
- Design Data Storage Solutions (20–25%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
- Design Business Continuity Solutions (15–20%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
- Design Infrastructure Solutions (25–30%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
How to prepare for this exam
- Review the official exam guide to understand every objective and domain weight before you begin studying
- Complete the relevant Microsoft Learn learning path to build a structured foundation across all exam topics
- Get hands-on practice in an Azure free-tier sandbox or trial environment to reinforce what you have studied with real configurations
- Apply your knowledge through real-world project experience — whether at work, in volunteer roles, or contributing to open-source initiatives
- Master one objective at a time, starting with the highest-weighted domain to maximize your score potential early
- Use PowerKram learn mode to study by individual objective and review detailed explanations for every question
- Switch to PowerKram exam mode to simulate the real test experience with randomized questions and timed conditions
Career paths and salary outlook
Earning this certification can open doors to several in-demand roles:
- Azure Solutions Architect: $140,000–$180,000 per year (based on Glassdoor and ZipRecruiter data)
- Cloud Infrastructure Architect: $135,000–$175,000 per year (based on Glassdoor and ZipRecruiter data)
- Enterprise Architect – Azure: $150,000–$195,000 per year (based on Glassdoor and ZipRecruiter data)
Official resources
Microsoft provides comprehensive free training to prepare for the AZ-305 Azure Solutions Architect Expert exam. Start with the official Microsoft Learn learning path for structured, self-paced modules covering every exam domain. Review the exam study guide for the complete skills outline and recent updates.