Microsoft - AZ-305: Designing Microsoft Azure Infrastructure Solutions
Sample Questions
Question: 464
Measured Skill: Design data storage solutions (25-30%)
You have an Azure subscription that contains a storage account named storage1.
You need to provide developers with the ability to read and write the data in storage1. The solution must meet the following requirements:
- Limit the exposure of sensitive data.
- Follow the principle of least privilege.
What should you use?| A | A role-based access control (RBAC) role |
| B | A certificate |
| C | A shared access signature (SAS) |
| D | A storage account key |
Correct answer: AExplanation:
Azure Storage built-in and custom roles help you grant least-privilege access to users, groups, and applications.
Azure role-based access control (Azure RBAC) lets you assign a specific role such as Storage Blob Data Contributor to developers, granting only the permissions they need (read/write) and nothing more. RBAC with Microsoft Entra ID is the recommended approach for granular, least-privilege access to Azure Storage.
Reference: Assign an Azure role for access to blob data
Question: 465
Measured Skill: Design identity, governance, and monitoring solutions (25-30%)
You have an Azure subscription that is linked to a Microsoft Entra tenant. The tenant contains a user named User1 that is assigned a Microsoft Entra ID P2 license.
The tenant has security defaults disabled.
You need to ensure that User1 is prompted for multifactor authentication (MFA) when the user attempts to access Azure resources from untrusted networks. The solution must minimize administrative effort.
What should you use?| A | A user risk policy |
| B | An access package |
| C | An identity governance policy |
| D | A sign-in risk policy |
Correct answer: DExplanation:
Most users have normal behavior that can be tracked. When their behavior falls outside this norm, it might be risky to let them sign in. You might want to block the user or ask them to complete multifactor authentication to confirm their identity.
Sign-in risk represents the likelihood that an authentication request isn't from the identity owner. Organizations with Microsoft Entra ID P2 licenses can create sign-in risk policies as well as Conditional Access policies incorporating Microsoft Entra ID Protection sign-in risk detections.
Sign-in risk policies in Microsoft Entra ID Protection evaluate the risk of a specific authentication attempt (for example, sign-ins from unfamiliar locations, anonymous IP addresses, or suspicious networks) and can require MFA as remediation.
Reference: Require multifactor authentication for elevated sign-in risk
Question: 466
Measured Skill: Design data storage solutions (25-30%)
You have an Azure subscription that contains 10 Azure SQL databases in an elastic pool. Each database is 600 GB.
You need to ensure that you can increase the size of each database to 15 TB. The solution must minimize database downtime.
What should you do?| A | Enable geo-replication for each database. |
| B | Remove the elastic pool. Update each database to the Hyperscale service tier. |
| C | Update the elastic pool to the Premium service tier. |
| D | Remove the elastic pool. Update each database to the Business Critical service tier. |
Correct answer: BExplanation:
We should migrate to the Hyperscale service tier. The Hyperscale service tier supports very large databases (up to 128 TB) and provides rapid scaling with minimal downtime when converting existing Azure SQL databases. Hyperscale is specifically designed for large databases and offers fast storage scaling without data movement.
Note: The Premium service tier and the Business Critical service tier support databases up to 4 TB.
Reference: Hyperscale service tier
Question: 467
Measured Skill: Design infrastructure solutions (25-30%)
You are designing an Azure solution for an app named App1. App1 has the following components:
- A microservice that is written as a .NET 9 console app that runs in a single container instance
- An image classification model that requires multiple containers, which use GPU-based nodes
You need to recommend a hosting solution for each component of App1. The solution must minimize costs and administrative effort.
What should you include in the recommendation for each component?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

| A | Microservice: Azure App Service
Image classification model: Azure Functions |
| B | Microservice: Azure Container Instances
Image classification model: Azure Container Instances |
| C | Microservice: Azure Container Instances
Image classification model: Azure Kubernetes Service (AKS) |
| D | Microservice: Azure Kubernetes Service (AKS)
Image classification model: Azure App Service |
| E | Microservice: Azure Kubernetes Service (AKS)
Image classification model: Azure Kubernetes Service (AKS) |
| F | Microservice: Azure Functions
Image classification model: Azure Container Instances |
Correct answer: CExplanation:
The microservice runs as a single container instance. Azure Container Instances is the simplest and most cost-effective way to run a container without managing servers or Kubernetes infrastructure. It minimizes both administrative effort and cost
The image classification workload requires:
- Multiple containers
- GPU-based nodes
Azure Kubernetes Service (AKS) provides container orchestration and supports GPU-enabled node pools, making it the best fit for a multi-container AI/ML workload that requires GPU resources.
References:
What is Azure Container Instances?
Use GPUs for compute-intensive workloads on Azure Kubernetes Service (AKS)
Question: 468
Measured Skill: Design infrastructure solutions (25-30%)
You have an Azure subscription that contains the resources shown in the following table.
You are developing a background task named Task1 that will perform CPU-intensive calculations. The solution must meet the following requirements:
- Support overlapping runs.
- Run every five minutes.
- Be highly available.
You need to deploy Task1 as a WebJob. The solution must minimize costs and administrative effort.
What should you do?| A | Deploy Task1 to App1 as a continuous WebJob by using the WebJobs SDK. |
| B | Deploy Task1 to App2 as a triggered WebJob. |
| C | Deploy Task1 to App3 as a triggered WebJob. Configure Plan3 to scale out App2 automatically. |
| D | Deploy Task1 to App3 as a continuous WebJob by using the WebJobs SDK. |
Correct answer: DExplanation:
WebJobs is a feature of Azure App Service that enables you to run a program or script in the same instance as a web app. All app service plans support WebJobs. There's no extra cost to use WebJobs.
A continuous WebJob using the WebJobs SDK is the recommended approach for long-running or scheduled background processing. Continuous WebJobs run on all instances of the App Service plan, supporting scale-out and high availability. Additionally, Always On is required for reliable continuous execution.
The Premium tier provides the best support for CPU-intensive processing, scale-out, and high availability. Continuous WebJobs with the SDK are designed for this type of workload.
Note: The Basic tier supports continuous execution, but with limited scale and availability compared to Premium. The Basic tier is Not suitable for CPU-intensive workloads. The Shared tier does not support Always On, making reliable scheduled execution unsuitable.
References:
How WebJobs run in Azure App Service
Run background tasks with WebJobs