Microsoft Azure Solutions Architect Expert (AZ-305) Dumps 2025
Microsoft Azure Solutions Architect Expert (AZ-305) Dumps 2025
Visit Official SkillCertPro Website :-
For a full set of 1050 questions. Go to
https://skillcertpro.com/product/microsoft-azure-solutions-architect-expert-az-305-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 1:
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. You create a resource lock, and then you assign the lock to the subscription. Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
No.
While creating a resource lock on the subscription level can prevent certain actions, it won’t automatically apply specific configurations to newly created resources like NSGs. To ensure that TCP port 8080 is blocked between virtual networks for all new NSGs, you’ll need to implement a more granular approach.
Here are some potential solutions:
Azure Policy: Create an Azure Policy that defines a rule to deny the creation of NSGs unless they have a specific rule to block TCP port 8080 between the virtual networks. Apply this policy to the subscription or resource group containing the virtual networks.
Custom Script Extension: Use a custom script extension to automatically add a rule blocking TCP port 8080 to any newly created NSG. This can be triggered by an event such as NSG creation.
Azure Automation: Create an Azure Automation runbook that monitors for new NSG creations and automatically adds a rule to block TCP port 8080.
By using one of these methods, you can ensure that the desired configuration is applied consistently to all new NSGs, regardless of the resource group or administrator creating them.
Refer: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json
Question 2:
You have an Azure subscription named Subscription1 that contains two Azure networks named VNet1 and VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1. On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1. You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2. You need to ensure that you can connect Client1 to VNet2. What should you do?
A. Select Allow gateway transit on VNet2.
B. Enable BGP on VPNGW1.
C. Download and re-install the VPN client configuration package on Client1
D. Select Allow gateway transit on VNet1
Answer: C
Explanation:
If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again in order for the changes to be applied to the client. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
Question 3:
You have an Azure Active Directory (Azure AD) tenant named fabrikam.onmicrosoft.com. Your company has a public DNS zone for contoso.com. You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name. Which type of DNS record should you create?
A. SOA
B. TXT
C. PTR
D. NSEC3
Answer: B
Explanation:
Adding custom domain names helps you to create user names that are familiar to your users, such as arun@kloudviva.com. https://docs.microsoft.com/bs-latn-ba/azure/active-directory/fundamentals/add-custom-domain#add-your-custom-domain-name-to-azure-ad The propagation from your domain registrar to Azure AD can be instantaneous or it can take a few days, depending on your domain registrar. To verify your custom domain name, follow the steps mentioned in below article https://docs.microsoft.com/bs-latn-ba/azure/active-directory/fundamentals/add-custom-domain#verify-your-custom-domain-name
Question 4:
You have an Azure Active Directory (Azure AD) tenant. You are the global administrator. You need to ensure that users accessing azure portal are only required to pass additional authentications after 14 days of their additional authentication from the devices they trust. How can you achieve this?
A. Define user risk policy on Azure AD Identity Protection
B. Define trusted IP from MFA Service settings
C. Configure Azure AD Identity Protection sign-in risk policy
D. Define remember Multi-factor authentication from MFA Service Settings
Answer: C
Explanation:
The correct answer is: Configure Azure AD Identity Protection sign-in risk policy.
Here’s a breakdown of why this is the correct approach:
Azure AD Identity Protection sign-in risk policy: This policy allows you to define rules for how Azure AD evaluates the risk associated with a user’s sign-in attempt. You can set conditions based on various factors, including the user’s location, device, and recent sign-in activity. In this case, you can configure the policy to require additional authentication if the user has not passed MFA from a trusted device within the last 14 days.
The other options are not directly relevant to the requirement:
Define user risk policy on Azure AD Identity Protection: While user risk policies can be used to identify risky users, they don’t directly address the requirement of enforcing additional authentication based on the time since the last successful MFA.
Define trusted IP from MFA Service settings: This option allows you to define trusted IP addresses for MFA, but it doesn’t help in enforcing additional authentication based on the time since the last successful MFA.
Define remember Multi-factor authentication from MFA Service Settings: This option allows users to remember their MFA devices for a certain period, which is not what is required in this scenario.
By configuring the Azure AD Identity Protection sign-in risk policy, you can effectively enforce additional authentication for users who have not passed MFA from a trusted device within the specified timeframe, ensuring that your Azure AD tenant remains secure.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#remember-multi-factor-authentication
Question 5:
You have an Azure subscription that contains a resource group named RG1. RG1 contains 150 virtual machines. Your company has three cost centers named Manufacturing, Sales, and Finance. You need to associate each virtual machine to a specific cost center. How can you achieve this?
A. Add an extension to the virtual machines
B. Modify the inventory settings of the virtual machine
C. Assign tags to the virtual machines
D. Configure locks for the virtual machine
Answer: C
Explanation:
Applying tags to Azure resources will help in logically organizing them into a taxonomy. Each tag consists of a name and a value pair. After you apply tags, you can retrieve all the resources in your subscription with that tag name and value. Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management. https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources
For a full set of 1050 questions. Go to
https://skillcertpro.com/product/microsoft-azure-solutions-architect-expert-az-305-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 6:
You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com. You need to enable time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources. How can you achieve this?
A. Enable RBAC
B. Distribute Secure hard tokens for admins
C. Define conditional access policy
D. Enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
Answer: D
Explanation:
Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services like Office 365 or Microsoft Intune. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure#what-does-it-do
Question 7:
You have an Azure subscription. You are planning data security for Azure resources. You need to ensure that the confidentiality of code on virtual machines must be protected while the code is being processed. Which feature should you use?
A. Azure Container Service
B. Azure Batch
C. Azure Disk Encryption
D. Azure Confidential Compute
Answer: D
Explanation:
Azure confidential computing protects your data while it’s in use. It is the final piece to enable data protection through its lifecycle whether at rest, in transit, or in use. It is the cornerstone of Microsoft’s ‘Confidential Cloud’ vision, which aims to make data and code opaque to the cloud provider. https://azure.microsoft.com/en-us/blog/protect-data-in-use-with-the-public-preview-of-azure-confidential-computing/
Question 8:
You are developing a speech-enabled home automation control bot. The bot interprets some spoken words incorrectly. You need to improve the spoken word recognition for the bot. What should you implement?
A. The Cortana Channel and use scorable dialogs for improving conversation flow.
B. The Skype for Business Channel and use scorable dialogs for improving conversation flow.
C. The Skype Channel and use scorable dialogs for improving conversation flow.
D. The Web Chat Channel and Speech priming using a Bing Speech Service and LUIS app.
Answer: D
Explanation:
The correct answer is: The Web Chat Channel and Speech priming using a Bing Speech Service and LUIS app.
Here’s why:
Web Chat Channel: This channel is well-suited for speech-enabled interactions, as it can handle both text and speech input.
Speech priming using Bing Speech Service: By using Bing Speech Service, you can improve the accuracy of speech recognition by providing context and hints about the expected words. This can help the bot better understand spoken words, especially in noisy environments or when there are accents or regional dialects.
LUIS app: A Language Understanding Intelligent Service (LUIS) app can be used to analyze the intent and entities within the recognized speech. This helps the bot understand the user’s request and respond appropriately.
The other options are not as suitable for improving spoken word recognition:
Cortana, Skype for Business, and Skype Channels: These channels are primarily designed for different purposes and may not provide the necessary features or integration with speech services for optimal spoken word recognition.
Scorable dialogs: While scorable dialogs can be used to improve conversation flow, they don’t directly address the issue of spoken word recognition accuracy.
By combining the Web Chat Channel, Speech priming with Bing Speech Service, and a LUIS app, you can create a more accurate and effective speech-enabled home automation control bot.
Question 9:
A company is migrating an existing on-premises third-party website to Azure. The website is stateless. The company does not have access to the source code for the website. They do not have the original installer. The number of visitors at the website varies throughout the year. The on-premises infrastructure was resized to accommodate peaks but the extra capacity was not used. You need to implement a virtual machine scale set instance. What should you do?
A. Use an autoscale setting to scale instances vertically
B. Use Azure Monitor to create autoscale settings using custom metrics
C. Use a webhook to log autoscale failures
D. Scale out by one instance when the average CPU usage of one of the instances is over 80 percent
E. Use an autoscale setting with unlimited maximum number of instances
F. Create 100 autoscale settings per resource
Answer: B
Explanation:
To effectively scale the stateless website on Azure, you should implement an autoscale setting that scales the virtual machine scale set horizontally based on CPU utilization.
Here’s a breakdown of the best approach:
1. Create an Autoscale Setting with Horizontal Scaling:
Scale-out: When the average CPU utilization of one of the instances exceeds 80%, add a new instance to the scale set.
Scale-in: When the average CPU utilization falls below a certain threshold (e.g., 30%), remove instances to save costs.
2. Avoid Vertical Scaling:
Vertical scaling involves increasing the resources (CPU, memory) of existing instances. This is less flexible and can be more expensive than horizontal scaling.
3. Leverage Azure Monitor for Custom Metrics:
If needed, you can use Azure Monitor to create custom metrics and use them as triggers for autoscaling. However, for basic CPU-based scaling, the default metrics are sufficient.
4. Implement a Webhook for Notifications (Optional):
You can configure a webhook to receive notifications about autoscale events, including failures. This can help you monitor the scaling behavior and troubleshoot issues.
5. Avoid Unlimited Maximum Instances:
While it’s tempting to set an unlimited maximum, it’s important to consider resource constraints and potential costs. Set a reasonable maximum based on your expected traffic and resource limits.
By following these guidelines, you can ensure that your website scales efficiently to handle varying traffic loads while optimizing costs.
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-custom-metric
Question 10:
You have two Azure Active Directory (Azure AD) tenants named contoso.com and fabrikam.com. You have a Microsoft account that you use to sign in to both tenants. You need to configure the default sign-in tenant for the Azure portal. What should you do?
A. From the Azure portal, change the directory
B. From Azure Cloud Shell, run Set-AzureRmContext
C. From Azure Cloud Shell, run Set-AzureRmSubscription
D. From the Azure portal, configure the portal settings
Answer: A
Explanation:
Change the subscription directory in the Azure portal. The classic portal feature Edit Directory, that allows you to associate an existing subscription to your Azure Active Directory (AAD), is now available in Azure portal. It used to be available only to Service Admins with Microsoft accounts, but now it’s available to users with AAD accounts as well. To get started: 1. Go to Subscriptions. 2. Select a subscription. 3. Select Change directory. https://azure.microsoft.com/en-us/updates/edit-directory-now-in-new-portal/
For a full set of 1050 questions. Go to
https://skillcertpro.com/product/microsoft-azure-solutions-architect-expert-az-305-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.