Free practice test · no sign-up

Azure AZ-305Free Azure Solutions Architect Expert practice test

  • ✓ 10 free questions
  • ✓ Instant answers & explanations
  • ✓ No sign-up, no email

10 real Azure AZ-305 practice questions with instant answers and explanations — no account, no credit card, no email. Score yourself, then unlock the full bank of 70 questions whenever you’re ready. The Azure AZ-305 passing score is 700 / 1000.

Question 1 of 10

A virtual machine must read secrets from Azure Key Vault, and the design mandates that no credentials or connection strings be stored in the application configuration. Which identity approach satisfies this requirement with the least ongoing maintenance?

Answer key

All 10 Azure AZ-305 questions & answers

Prefer to just read the answers and explanations? Here’s the full key for this free Azure AZ-305 test.

Q1. A virtual machine must read secrets from Azure Key Vault, and the design mandates that no credentials or connection strings be stored in the application configuration. Which identity approach satisfies this requirement with the least ongoing maintenance?

Correct answer: B. Enable a system-assigned managed identity on the VM and grant it access to the vault

A system-assigned managed identity gives the VM an Entra ID identity whose lifecycle is tied to the resource, so Azure rotates the credentials automatically and no secret ever lives in configuration.

Q2. An architect needs to guarantee that no storage account in the organization can be created without encryption at rest and that non-compliant deployments are blocked at request time. Which Azure control is designed for enforcing this kind of guardrail?

Correct answer: B. An Azure Policy definition with a deny effect

Azure Policy evaluates resource properties and can deny non-compliant deployments, making it the tool for enforcing configuration guardrails, whereas RBAC only governs who may act, not how resources must be configured.

Q3. A company operates 40 subscriptions across several business units and wants to apply a single set of compliance policies and access assignments consistently to all of them. Which governance construct should the design use as the assignment scope?

Correct answer: B. Group the subscriptions under management groups and assign at the management group scope

Management groups sit above subscriptions in the governance hierarchy, so policy and RBAC assignments made there are inherited by every child subscription, giving consistent organization-wide control.

Q4. Which of the following can be stored and centrally managed as first-class objects in Azure Key Vault?

Correct answer: B. Secrets, cryptographic keys, and certificates

Key Vault is purpose-built to hold three object types: secrets (such as passwords and connection strings), keys (cryptographic operations), and certificates.

Q5. Security requires that administrators authenticating from outside the corporate network always complete multi-factor authentication, while sign-ins from trusted office IP ranges are exempt. Which capability implements this policy?

Correct answer: B. A Microsoft Entra Conditional Access policy using named locations

Conditional Access evaluates signals such as the user's location (via named locations) and can require MFA for untrusted networks while excluding trusted IP ranges.

Q6. A solution collects platform and application logs from dozens of resources and analysts need to run ad-hoc analytical queries across all of them. Which service and language pairing fits this monitoring requirement?

Correct answer: B. A Log Analytics workspace queried with Kusto Query Language (KQL)

Azure Monitor Logs are stored in a Log Analytics workspace and queried with KQL, which is designed for fast ad-hoc analytics over large volumes of telemetry.

Q7. Developers need distributed tracing, dependency maps, and live request/failure metrics for a web application to diagnose latency in production. Which Azure Monitor feature is intended for this?

Correct answer: A. Application Insights

Application Insights is the application performance management component of Azure Monitor, providing request/dependency telemetry, distributed tracing, and failure analytics for apps.

Q8. Three virtual machines and a Logic App must all authenticate to a shared Azure SQL Database using the SAME Entra ID identity, and that identity must persist even if any individual resource is deleted. Which identity type best fits?

Correct answer: B. A single user-assigned managed identity assigned to all four resources

A user-assigned managed identity is a standalone resource that can be attached to many resources and survives the deletion of any of them, which is exactly the shared-identity requirement.

Q9. Finance wants to break down the monthly Azure bill by department and project without changing how resources are organized. Which mechanism most directly enables this cost reporting?

Correct answer: B. Tags applied to resources with department and project values

Tags are key/value metadata that Cost Management can group and filter by, letting finance allocate spend across departments and projects without restructuring resources.

Q10. An organization wants to be alerted when a subscription's spending is forecast to exceed a monthly threshold so it can react before overspending. Which Microsoft Cost Management feature provides this?

Correct answer: A. A budget with cost and forecast alerts

Cost Management budgets track actual and forecasted spend against a defined amount and trigger alerts (including action groups) when thresholds are approached or predicted to be crossed.

Exam facts and objectives sourced from the official Microsoft certification page. Last reviewed June 2026.

Ready for the full Azure AZ-305 bank? Start free.

70 questions, timed mock exams, and missed-question review — 30 free questions, no card.

Start free trial
Azure AZ-305 study guide & details →