Microsoft Azure · Advanced · ~40h · Free

Pass the AZ-305 Azure Solutions Architect Expert

Design-focused exam covering identity governance, scalable data storage, BCDR strategies, and end-to-end Azure infrastructure. This free course walks you through all 4 domains with 60 scenario-based practice questions.

AZ-305 60 practice questions 7 modules Advanced ~40h study Free forever
⚡ Start 60 practice questions ▶ Listen on Spotify
Detail Info
Exam codeAZ-305
Full nameDesigning Microsoft Azure Infrastructure Solutions
Questions40–60 questions (case studies, scenario-based, drag-and-drop)
Passing score700 / 1000
Duration120 minutes
Cost$165 USD
PrerequisiteAZ-104 Azure Administrator (required)
RenewalAnnual free online assessment

AZ-305 exam domain weights

Domain 1 — Design Identity, Governance & Monitoring 25–30%
Domain 2 — Design Data Storage Solutions 15–20%
Domain 3 — Design Business Continuity Solutions 10–15%
Domain 4 — Design Infrastructure Solutions 25–30%

Course modules

Module 01
Azure Governance & Identity Design
Management Group hierarchy for enterprise-scale; Azure Policy initiative scopes and effects (Deny, Audit, Modify, Append); RBAC least-privilege patterns with Contributor vs Owner vs custom roles; resource locks (CanNotDelete vs ReadOnly); PIM eligible assignments and approval workflows; Azure Managed Applications for self-service catalogs; Budget action groups with Automation Runbooks.
Module 02
Hybrid Identity & Monitoring
Pass-Through Authentication (PTA) vs Password Hash Sync vs ADFS federation for compliance requirements; Azure Monitor Agent (AMA) with Data Collection Rules (DCRs); Application Insights for APM and distributed tracing; Log Analytics workspace retention tiers (Analytics vs Basic vs Auxiliary); dual-destination Diagnostic Settings pattern for cost-optimized compliance logging; Management Group subscription hierarchy design.
Module 03
Data Storage Solutions
Blob lifecycle management policies (Hot → Cool → Archive tier transitions); Azure SQL Database Serverless auto-pause for dev/test cost optimization; Cosmos DB NoSQL API multi-region write (multi-master) and consistency levels; ADLS Gen2 hierarchical namespace for analytics workloads; Azure Files Premium with SMB and AD DS integration; Azure Cache for Redis Standard vs Premium with geo-replication; IoT Hub + Stream Analytics + Synapse pipeline architecture.
Module 04
Business Continuity & Disaster Recovery
Azure Site Recovery (ASR) for VMware-to-Azure replication: RPO as low as 5 minutes, automated recovery plans; Azure SQL Business Critical tier with Auto-Failover Groups: cross-region automatic failover with DNS listener abstraction; VMSS deployment across 3 Availability Zones with zone-redundant Load Balancer; Azure Backup Center for multi-subscription governance via Azure Policy; RTO/RPO tradeoff comparison: hot standby vs pilot light vs warm standby vs active-active.
Module 05
Network & Connectivity Design
Virtual WAN Secured Hub with Azure Firewall for intent-based routing across all connected spokes; ExpressRoute for SLA-backed private connectivity vs Site-to-Site VPN; Traffic Manager routing methods (Performance, Geographic, Weighted) with endpoint health probes; Application Gateway end-to-end SSL with backend HTTPS settings; NSG outbound rules with service tags + VNet Service Endpoints; Private Endpoints for Key Vault, Storage, and SQL with Azure Private DNS Zone integration.
Module 06
Compute & Integration Services
Azure Batch for HPC scale-to-zero workloads with spot VM pricing; AKS with KEDA + HPA for mixed scaling microservices; Container Apps for serverless containers with sidecar support and scale-to-zero; Azure Migrate Discovery & Assessment appliance for right-sizing and dependency mapping; Azure Database Migration Service (DMS) online mode for minimal-downtime SQL migrations; API Management (APIM) for rate limiting, JWT validation, developer portal, and product subscriptions; Service Bus message sessions for exactly-once ordered financial transaction processing.
Module 07
Advanced Architecture Patterns
Managed Identity (system-assigned vs user-assigned) for zero-credential service-to-service auth; Azure Front Door + Cosmos DB multi-master for active-active global deployments; Azure Blueprints for subscription-level governance scaffolding with versioned artifacts; Data Box / Data Box Heavy for offline petabyte-scale data transfer; App Service HttpQueueLength autoscale for queue-based scaling beyond CPU; Event Grid for event-driven blob processing and pub/sub patterns; Azure Blueprints vs Terraform vs Azure Policy: governance tool selection criteria.

Test your AZ-305 knowledge

60 scenario-based questions covering all 4 domains. No signup required.

⚡ Start practice test ▶ Podcast

Key AZ-305 concepts to master

Governance trap

Management Groups vs Azure Policy scope

Azure Policy assigned at the Management Group root cascades to ALL subscriptions underneath — including future subscriptions. Many candidates confuse Azure Policy (enforcement/compliance) with Azure Blueprints (deployment scaffolding) and Azure RBAC (access control). These are three distinct tools. A single Azure Policy at the root MG replaces the need to configure identical policies in each of 80+ subscriptions manually.

HA design trap

Availability Sets vs Availability Zones

Availability Sets protect against rack/hardware failure within a single datacenter — useful when a zone-redundant SKU isn't available. Availability Zones are physically separate datacenters with independent power and networking — they protect against full datacenter failure. The AZ-305 exam frequently tests this distinction. For new greenfield deployments, Availability Zones (with zone-redundant Load Balancer + VMSS) is always the preferred answer over Availability Sets.

Data storage trap

Cosmos DB consistency levels & multi-master write

For active-active global deployments, Cosmos DB with multi-region write enabled allows writes to any region. The consistency level selection matters: Strong guarantees linearizability but incurs cross-region latency. Bounded Staleness or Session is preferred for global apps. SQL Database Active Geo-Replication creates read-only secondaries — you cannot write to secondary regions, making it unsuitable for true active-active patterns.

6-week study plan

Week 1
Governance & Identity foundations. Management Groups, Azure Policy effects (Deny/Audit/Modify), RBAC roles (Owner vs Contributor), PIM eligible assignments, resource locks. Do the 15 identity/governance practice questions, review wrong answers.
Week 2
Hybrid identity & monitoring. PTA vs PHS vs ADFS scenarios. Azure Monitor Agent, DCRs, Application Insights. Log Analytics retention tiers and cost optimization. Study dual-destination Diagnostic Settings pattern.
Week 3
Data storage design. Blob lifecycle tiering policies. Cosmos DB consistency + multi-master. SQL Serverless auto-pause. ADLS Gen2 vs Blob Storage. Azure Files Premium with AD auth. Do all storage practice questions.
Week 4
BCDR strategies. Azure Site Recovery (RPO/RTO numbers). SQL Auto-Failover Groups + Business Critical tier. VMSS across 3 AZs. Backup Center + Azure Policy. Memorize the RTO/RPO tier comparison table.
Week 5
Infrastructure & networking. Virtual WAN Secured Hub vs hub-and-spoke with UDRs. ExpressRoute vs VPN scenarios. Traffic Manager routing methods. App Gateway end-to-end SSL. Private Endpoints vs Service Endpoints. Complete full 60-question mock.
Week 6
Weak spot review & exam readiness. Re-do missed questions. Review compute choices (AKS vs Container Apps vs Functions vs VMs). Practice case study format. Focus on cost optimization answers. Take the full mock twice and aim 85%+.

Top 4 reasons candidates fail AZ-305

  1. Confusing governance tools: Azure Policy (enforce standards), Blueprints (subscription scaffolding), RBAC (access), and Locks (deletion prevention) — all serve different purposes. The exam writes scenarios where using the wrong tool compiles correctly but doesn't meet the stated requirement.
  2. Mixing up HA tiers: Availability Sets ≠ Availability Zones. Geo-Replication ≠ Auto-Failover Groups. Active-active ≠ active-passive. Memorize what each provides (datacenter, region-level) and its RTO/RPO characteristics.
  3. Cost optimization blind spots: Overlooking Blob lifecycle policies, Log Analytics Basic plan, SQL Serverless auto-pause, and Azure Batch scale-to-zero. AZ-305 has a dedicated cost optimization thread woven through every domain.
  4. Weak on Managed Identity: Many candidates default to connection strings and SAS tokens when Managed Identity is the zero-credential, least-privilege answer. The exam explicitly rewards this pattern for VM→Key Vault, ADF→ADLS Gen2, and AML→Storage scenarios.

AZ-305 vs AZ-104: What’s different?

AZ-104 (Azure Administrator) tests how to configure Azure services — deploying VMs, setting RBAC assignments, configuring storage. AZ-305 (Azure Solutions Architect Expert) tests how to design — which service combination best meets business requirements, cost constraints, and SLA targets.

AZ-104 is required before taking AZ-305. The architect exam assumes you can implement; it focuses on justifying architectural decisions under constraints: budget, compliance, RTO/RPO targets, team skill sets, and existing investments. Case study questions test multi-service design holistically.

Related certifications

Microsoft Azure
AZ-104 Administrator
Required prerequisite · 60q
Microsoft Azure
AZ-500 Security Engineer
Advanced security · 60q
Amazon AWS
AWS SAA-C03 Architect
Multi-cloud path · 60q
CNCF
CKA Kubernetes Admin
Container architecture · 60q

Ready to design Azure solutions?

60 scenario-based questions, no signup, instant results. Start where exam architects start.

⚡ Start practice test ▶ Listen on Spotify
← Back to Microsoft Azure certifications