Microsoft · AZ-305
Measures your ability to design cloud and hybrid solutions on Azure, including identity, governance, monitoring, data storage, business continuity, and infrastructure solutions.
Questions
530
Duration
120 minutes
Passing Score
700/1000
Difficulty
ExpertLast Updated
Jan 2026
Use this AZ-305 practice exam to prepare for Microsoft Certified: Azure Solutions Architect Expert (AZ-305) with realistic questions, detailed explanations, and focused study modes. The practice bank includes 530 questions for Microsoft AZ-305, so you can review the exam steadily instead of relying on one long cram session.
As you practice, pay extra attention to recurring topics such as Identity, governance, and monitoring solutions, Data storage solutions, Business continuity solutions, and Infrastructure solutions. Start with short sessions to identify weak areas, then move into timed quizzes once your accuracy is consistent.
The explanations are especially useful when you want to connect exam wording to the responsibilities and scenarios described in the official certification guidance. Use the free preview first, then unlock the full question bank when you are ready to build a complete study routine.
The AZ-305 exam, titled 'Designing Microsoft Azure Infrastructure Solutions,' validates expert-level competency in architecting cloud and hybrid solutions on Microsoft Azure. Candidates demonstrate mastery across compute, networking, storage, monitoring, and security design — translating complex business requirements into Azure solutions that conform to the Azure Well-Architected Framework and Cloud Adoption Framework for Azure. The exam was significantly updated on October 18, 2024, and was reviewed for technical accuracy as recently as January 14, 2026, making it reflective of current Azure capabilities and architectural best practices.
Passing this exam, in combination with the prerequisite AZ-104 Azure Administrator Associate certification, earns the Microsoft Certified: Azure Solutions Architect Expert credential. This expert-level designation signals that a professional can operate at the intersection of business strategy and technical implementation — advising stakeholders, evaluating trade-offs across solution domains, and collaborating with developers, security engineers, administrators, and data engineers to deliver end-to-end Azure architectures.
This certification is designed for senior IT professionals who function in an architecture or lead technical role, such as Azure Solutions Architect, Cloud Architect, Senior Cloud Engineer, or Technical Architect. Ideal candidates have advanced experience across IT operations domains including networking, virtualization, identity management, security, disaster recovery, data platforms, and governance — and understand how architectural decisions in one domain affect the overall solution.
Candidates typically have hands-on background in Azure administration (AZ-104 level), Azure development, and DevOps practices. Professionals transitioning from on-premises infrastructure architecture, senior cloud engineers looking to move into design-focused roles, and consultants advising enterprises on Azure adoption strategies are well-suited for this certification.
There are no formal exam prerequisites for sitting the AZ-305 exam itself, but earning the Microsoft Certified: Azure Solutions Architect Expert certification requires holding an active Microsoft Certified: Azure Administrator Associate (AZ-104) certification. Candidates may take AZ-305 before AZ-104, but the Expert credential will not be awarded until both are satisfied.
In terms of recommended experience, Microsoft advises that candidates have strong conceptual and practical knowledge of Azure compute technologies (VMs, containers, serverless), Azure Virtual Networking including load balancers, Azure Storage technologies (unstructured and database), and general application design concepts such as messaging and high availability. Prior experience with DevOps processes and Azure development workflows also helps candidates contextualize the architecture design scenarios presented on the exam.
The AZ-305 exam is delivered through Pearson VUE and is available both online (proctored) and at testing centers. The exam includes approximately 40–60 questions, which may include multiple-choice, multi-select, drag-and-drop, case study scenarios, and short-answer formats. Case studies present a business scenario requiring candidates to recommend architectural solutions aligned with stated requirements. The time limit is 120 minutes.
The passing score is 700 out of 1000 on Microsoft's scaled scoring system, where raw scores are converted and do not correspond to a simple percentage of correct answers. The exam is available in English, Japanese, Chinese (Simplified), Korean, German, French, Spanish, Portuguese (Brazil), Chinese (Traditional), and Italian. Candidates taking a localized version may request an additional 30 minutes if their preferred language version is not yet updated to match the current English version. The exam has no scheduled retirement date.
The Azure Solutions Architect Expert is consistently ranked among the highest-paying Microsoft certifications. In the United States, certified professionals typically earn between $130,000 and $200,000+ annually, with ZipRecruiter reporting an average of approximately $146,601 and Glassdoor showing median total compensation exceeding $228,000 for Azure Architect roles as of early 2026. Top earners in senior principal and enterprise architect roles can command $215,000 or more. This premium reflects the seniority of the role — architects directly influence infrastructure spend, security posture, and business continuity across entire organizations.
Job titles unlocked include Azure Solutions Architect, Cloud Architect, Senior Cloud Engineer, Principal Cloud Architect, and Technical/Pre-sales Consultant. Compared to the associate-level AZ-104, this expert credential signals readiness for design-leadership roles rather than administrative execution, and it is often a prerequisite for senior or staff-level cloud positions at large enterprises and consulting firms. Organizations heavily invested in Azure — including financial services, healthcare, and government sectors — show consistent demand for this credential. The certification renews annually for free via an online assessment on Microsoft Learn, keeping the credential current without requiring a full re-examination.
5 sample questions with answers and explanations. Start a practice session to test yourself across all 530 questions.
Preview — answers shown1. FinSecure has an Azure SQL database named 'ClientTransactions-DB' in the West Europe region. They've already configured a diagnostic setting called 'ArchiveAndAnalyze' which sends the SQLInsights logs to both a storage account for long-term retention and a Log Analytics workspace for analysis. A new requirement has come from the compliance team to also stream these same SQLInsights logs in real-time to an Event Hub named 'RealTimeAudit-Hub' for immediate anomaly detection. Is it possible to add another diagnostic setting to send the SQLInsights logs to RealTimeAudit-Hub?
Explanation
Yes, this is possible. Azure Monitor allows you to create multiple diagnostic settings for a single resource. Each diagnostic setting can send logs and metrics to different destinations. In this scenario, the existing setting 'ArchiveAndAnalyze' handles the storage and analysis destinations. You can simply create a new diagnostic setting, perhaps named 'RealTimeStream', and configure it to send the same SQLInsights logs to the 'RealTimeAudit-Hub' Event Hub. This is a common pattern for meeting diverse monitoring, auditing, and archival requirements for the same resource.
2. The accounting department at your company needs read-only access to a set of financial reports stored as blobs in an Azure Storage container. This access is required only for the month of April to perform a quarterly audit. What is the most secure and appropriate way to grant this temporary, limited access?
Explanation
A shared access signature (SAS) is the perfect solution. A SAS is a URI that grants restricted access rights to Azure Storage resources. You can create a SAS that is valid only for the month of April, grants only read permissions, and is scoped to just the specific blob container they need. This provides secure, granular, and time-bound access without exposing powerful credentials. A. Access keys grant full administrative control over the entire storage account and should never be shared with end-users. C. Conditional Access policies control user sign-in conditions; they do not grant access to data within a storage account. D. Certificates are not the standard mechanism for granting temporary user access to blob data.
3. A security operations team needs a central service to collect, correlate, and analyze security data from a wide range of sources, including Azure resources, Microsoft 365, and on-premises systems. The solution must use AI to detect threats, enable proactive threat hunting with a powerful query language, and orchestrate automated responses to security incidents. Which Azure service provides these Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) capabilities?
Explanation
Microsoft Sentinel is the Azure-native service that provides both SIEM and SOAR capabilities. It is designed to ingest security data from virtually any source using its data connectors. It then uses built-in analytics rules and machine learning to detect threats across the enterprise. It provides the powerful Kusto Query Language (KQL) for threat hunting and uses playbooks (based on Logic Apps) to orchestrate automated responses to incidents. This makes it the comprehensive security operations platform for this scenario. Azure Monitor collects the log data, but Sentinel provides the security intelligence layer on top. Defender for Cloud provides security posture management and threat protection, but Sentinel is the full SIEM/SOAR solution. Azure Policy is for governance.
4. A junior administrator at DataSafe Solutions accidentally deleted an important configuration file, 'app_settings.json', from the C:\data directory on an Azure VM named 'app-server-01'. The entire VM is backed up daily to an Azure Recovery Services vault. The senior administrator needs to restore only this single file as quickly as possible without taking the VM offline. What is the most efficient method to achieve this?
Explanation
The key here is restoring a *single file* quickly and without significant disruption. Azure Backup has a feature specifically for this. The 'File Recovery' feature is the purpose-built solution for this scenario. It creates a secure iSCSI connection from the VM to the recovery point in the vault, presenting the backed-up disks as locally mounted volumes. The administrator can then simply use File Explorer or the command line to copy the specific file they need from the mounted volume to its original location. It is fast, efficient, and does not require a full VM or disk restore. Let's look at why the other approaches are inefficient: - Initiating a full 'VM Restore' to create a new VM involves restoring an entire VM, which is very slow and resource-intensive, just to get one file. - Browsing snapshots associated with the VM's managed disk and creating a new managed disk from it is a manual and complex process. While technically possible, it involves many more steps than the streamlined 'File Recovery' feature. - Using the 'Restore disk' option to restore the OS disk and then swapping it with the current OS disk is a highly disruptive process that involves taking the VM offline and swapping its OS disk, which would cause significant downtime, all for a single file.
5. The architects at AeroSpace Corp are designing a hub-and-spoke network topology in Azure. They have a central hub VNet and several spoke VNets for different departments. They need to ensure that all spoke VNets can communicate with each other, with the traffic being routed through a central network virtual appliance (NVA) in the hub for inspection. What is the key component that enables this transitive routing between spokes?
Explanation
To achieve transitive routing through a central hub, you need VNet peering configured with gateway transit and user-defined routes. By peering each spoke to the hub and enabling 'Allow Gateway Transit' on the hub side and 'Use Remote Gateways' on the spoke side, you allow spokes to use the hub's gateway. To force traffic between spokes to go through the hub's NVA, you would then apply a User-Defined Route (UDR) to each spoke subnet that directs traffic destined for other spokes to the internal IP address of the NVA in the hub. Directly peering all spokes to each other would create a complex full-mesh network and bypass the central inspection point. A VPN Gateway in each spoke is unnecessary and inefficient. A NAT Gateway is for outbound internet connectivity, not for internal routing.
Microsoft Dynamics 365 Supply Chain Management Functional Consultant Expert (MB-335)
MB-335 · 2039 questions
Microsoft Dynamics 365 Business Central Functional Consultant (MB-800)
MB-800 · 1899 questions
Microsoft Certified: Azure AI Engineer Associate (AI-102)
AI-102 · 1392 questions
Microsoft Certified: Windows Server Hybrid Administrator Associate (AZ-801)
AZ-801 · 1376 questions
Microsoft Dynamics 365 Finance Functional Consultant (MB-310)
MB-310 · 1299 questions
Microsoft 365 Certified: Fundamentals (MS-900)
MS-900 · 1201 questions
$17.99
One-time access to this exam