AZ-305 Practice Questions (Q84–Q100)

Migration & Modernization

Q84: Branch office file server migration?

A) Azure Files only
B) Azure Files + Azure File Sync
C) Blob Storage
D) NetApp Files

Answer: B — Local cache via File Sync + central Azure storage.

Q85: Reduce Oracle licensing cost?

A) Rehost
B) PostgreSQL
C) Pay-as-you-go
D) On-prem

Answer: B — Eliminates licensing cost long-term.

Q86: .NET Framework with IIS modules?

A) App Service
B) Windows VM
C) AKS Windows Container
D) Both B & C

Answer: D — VM (simple) or container (modern).

Q87: SQL migration cutover?

A) Stop + wait
B) Stop → final log → apply → switch
C) Just switch
D) Restore backup

Answer: B — Ensures minimal downtime.

Q88: VMware to Azure migration tool?

A) ASR
B) Azure Migrate
C) Manual
D) DevOps

Answer: B — Full migration + assessment.

Q89: First post-migration step?

A) RI
B) Right-size
C) PaaS
D) Zero-trust

Answer: B — Needs 30-day usage data.

Q90: Manage non-migrated workloads?

A) Ignore
B) Azure Arc
C) Azure Migrate
D) Lighthouse

Answer: B — Extends Azure management.

Security & Compliance

Q91: Zero-trust most critical step?

A) Firewall
B) Private Endpoints
C) NSG
D) WAF

Answer: B — Remove public exposure.

Q92: Detect impossible travel?

A) CA policies
B) Identity Protection
C) Firewall
D) NSG

Answer: B — Risk-based detection.

Q93: Encrypt SQL columns (no plaintext)?

A) TDE
B) Always Encrypted
C) Masking
D) Column encryption

Answer: B — Client-side encryption.

Q94: Central security monitoring?

A) Monitor
B) Sentinel
C) Log Analytics
D) Event Hubs

Answer: B — Full SIEM solution.

Q95: Secure Key Vault access?

A) App settings
B) Managed Identity
C) Service principal
D) SAS

Answer: B — No credentials needed.

Q96: Enforce CMK encryption?

A) Manual
B) Azure Policy
C) Blueprint
D) Locks

Answer: B — Deny non-compliant resources.

Q97: Reduce VM attack surface?

A) VA
B) JIT
C) AAC
D) Secure Score

Answer: B — Opens ports only when needed.

Q98: WAF deployment?

A) App Gateway
B) Front Door
C) Both
D) Firewall

Answer: C — Regional + global.

Q99: Prevent data exfiltration?

A) NSG
B) Firewall + Private Endpoints
C) Policy
D) DDoS

Answer: B — Controls outbound + PaaS access.

Q100: Alert on Owner role assignment?

A) Policy
B) PIM alert
C) Activity Log alert
D) Both

Answer: D — Full coverage.