Browse Exams — Mock Exams & Practice Tests

AZ-305 Syllabus — Objectives by Domain (Solutions Architect)

Blueprint-aligned learning objectives for AZ-305, organized by domain with quick links to targeted practice.

Use this syllabus as your source of truth for AZ-305. Work through each domain in order and drill targeted sets after every section.

What’s covered

Domain 1: Design identity, governance, and monitoring solutions (25-30%)

Practice this topic →

Task 1.1 - Design solutions for logging and monitoring

  • Recommend a logging strategy that separates platform logs, resource logs, and application telemetry.
  • Choose between metrics-based monitoring and log-based monitoring for a given scenario.
  • Design a Log Analytics workspace topology (centralized vs distributed) based on access boundaries, scale, and query requirements.
  • Recommend destinations for diagnostic settings (Log Analytics, Storage, Event Hubs, partner integrations) based on retention and integration needs.
  • Recommend a log routing approach that supports streaming to external tools without tightly coupling producers and consumers.
  • Recommend an archival strategy for logs that require long-term retention at lower cost.
  • Design an Application Insights strategy for distributed tracing across services.
  • Recommend sampling and ingestion controls to balance observability coverage with cost.
  • Design a monitoring approach for compute platforms (VMs, App Service, AKS) including agent and data collection strategy.
  • Recommend when to use data collection rules and scoped collection to reduce noise and cost.
  • Design an alerting strategy that uses the appropriate alert type and notification channel for the scenario.
  • Recommend an operational dashboarding approach using workbooks and standardized views for different stakeholders.
  • Recommend an approach for monitoring Azure service incidents and planned maintenance that may affect workloads.
  • Recommend monitoring and logging controls that support security investigations without enabling advertising features.
  • Design cross-subscription monitoring for enterprise environments and ensure consistent log collection.
  • Define SLO-focused monitoring using availability checks, latency/error-rate signals, and alert thresholds.
  • Recommend retention periods and export strategies that satisfy compliance requirements.
  • Design RBAC for monitoring teams to separate read-only visibility from alert and configuration management.

Task 1.2 - Design authentication and authorization solutions

  • Recommend an identity architecture (single tenant vs multiple tenants) based on organizational and isolation requirements.
  • Recommend a hybrid identity approach and choose an appropriate synchronization strategy.
  • Recommend authentication methods (MFA, passwordless, SSO) aligned to risk and user experience requirements.
  • Design Conditional Access policies based on user risk, device posture, location, and application sensitivity.
  • Recommend an approach for external user access using Entra B2B, federation, or consumer identity patterns.
  • Recommend managed identities for Azure-hosted workloads that need to access other Azure resources.
  • Recommend when to use service principals and certificate-based auth for non-Azure or legacy integration.
  • Design an Azure RBAC model that implements least privilege across subscriptions and shared services.
  • Recommend the use of custom roles only when built-in roles cannot meet requirements.
  • Recommend Privileged Identity Management (PIM) to control and audit privileged access.
  • Recommend a solution for delegated administration across tenants or customers.
  • Recommend an approach for authorizing access to Azure resources from applications and automation.
  • Recommend a solution for authorizing access to on-premises resources from cloud identities.
  • Recommend a solution to manage secrets, certificates, and keys with rotation and auditing.
  • Recommend customer-managed keys (CMK) when regulatory or key ownership requirements demand it.
  • Design certificate management for web workloads, including secure storage and renewal strategy.
  • Recommend workload identity federation for CI/CD systems to avoid long-lived secrets.
  • Recommend access controls for data services that prioritize identity-based auth over shared keys.
  • Recommend identity protection controls to reduce account compromise risk.
  • Recommend identity lifecycle governance (joiner/mover/leaver) using access reviews and entitlement management.

Task 1.3 - Design governance

  • Recommend a management group hierarchy that supports enterprise policy assignment and reporting.
  • Recommend a subscription strategy to balance isolation, quotas, and billing boundaries.
  • Recommend a resource group strategy that matches lifecycle boundaries and ownership.
  • Design naming and tagging standards that enable cost allocation and operational clarity.
  • Recommend compliance controls using Azure Policy assignments and initiatives.
  • Recommend policy effects (deny, audit, deploy-if-not-exists) appropriate to the compliance goal.
  • Recommend a strategy for enforcing a standard logging baseline across landing zones.
  • Recommend a solution for identity governance such as access reviews and entitlement workflows.
  • Recommend a cost governance approach using budgets, alerts, and tagging for cost attribution.
  • Recommend when to use resource locks and how to avoid breaking automation.
  • Recommend a landing zone approach aligned to the Cloud Adoption Framework.
  • Recommend governance-as-code practices for repeatable policy and role deployment.
  • Identify deprecated or legacy governance tooling and recommend modern alternatives.
  • Recommend governance for shared networking and platform services across subscriptions.
  • Recommend a solution for managing compliance reporting and audit evidence collection.
  • Recommend data governance tooling to catalog, classify, and track data lineage when required.
  • Recommend a strategy for separating duties between platform admins, security, and application teams.
  • Recommend a tenant and subscription governance approach for mergers, acquisitions, or multi-org environments.

Domain 2: Design data storage solutions (20-25%)

Practice this topic →

Task 2.1 - Design data storage solutions for relational data

  • Recommend an appropriate relational database service based on compatibility, operational responsibility, and feature requirements.
  • Recommend a compute model (DTU vs vCore, provisioned vs serverless) aligned to workload usage patterns.
  • Recommend a SQL Database service tier based on latency, IO needs, and availability requirements.
  • Recommend elastic pools for multi-tenant or many small databases when appropriate.
  • Design a scalability approach for relational workloads including vertical scaling, read scaling, or sharding.
  • Recommend high availability options for relational databases within a region.
  • Recommend multi-region disaster recovery for relational databases based on RTO/RPO.
  • Recommend a backup and retention strategy for relational data including point-in-time and long-term retention.
  • Recommend network isolation for databases using private connectivity patterns.
  • Recommend authentication and authorization for databases using identity-based access.
  • Recommend encryption options for data at rest and in use based on sensitivity requirements.
  • Recommend auditing and threat detection controls for relational databases.
  • Recommend performance design considerations such as indexing strategy and connection management.
  • Select an appropriate migration target for existing SQL Server workloads based on required instance features.
  • Recommend connectivity considerations for SQL Managed Instance including VNet injection and routing.
  • Recommend a strategy for global read scaling and read-only replicas when required.
  • Recommend cost optimization approaches for relational services.
  • Recommend monitoring and operational management for relational databases.

Task 2.2 - Design data storage solutions for semi-structured and unstructured data

  • Recommend a storage solution for semi-structured data based on query patterns and scalability requirements.
  • Select an appropriate Cosmos DB API model based on application compatibility requirements.
  • Design a Cosmos DB partitioning strategy that supports scale and avoids hot partitions.
  • Recommend a Cosmos DB consistency level aligned to correctness and latency requirements.
  • Recommend multi-region design for Cosmos DB including read/write distribution and failover.
  • Recommend a storage solution for unstructured data such as blobs, data lake, or file shares.
  • Recommend the appropriate storage redundancy option based on availability and durability requirements.
  • Recommend access tiers and lifecycle management for blob data to optimize cost.
  • Recommend data protection features for unstructured data such as versioning, soft delete, and immutability.
  • Recommend access control approaches for storage that minimize the use of shared keys.
  • Design private access to storage using private endpoints and appropriate DNS configuration.
  • Recommend encryption and key management options for storage based on compliance requirements.
  • Recommend performance options for unstructured storage such as premium tiers and caching patterns.
  • Recommend when to use Azure Files with SMB/NFS and identity-based access.
  • Recommend durability and disaster recovery patterns for unstructured data.
  • Recommend backup approaches for file and blob data where needed.
  • Recommend data cataloging and classification when governance requirements apply.
  • Recommend cost optimization approaches for storage including reserved capacity and lifecycle policies.

Task 2.3 - Design data integration

  • Recommend a batch data integration solution based on sources, transformations, and operational requirements.
  • Recommend a streaming ingestion solution based on throughput, ordering, and latency needs.
  • Recommend an enterprise messaging solution for decoupling services and handling delivery guarantees.
  • Recommend an event-driven integration pattern using publishers, subscriptions, and handlers.
  • Recommend ETL vs ELT and where transformations should execute.
  • Design a data lake architecture including zones (raw/curated) and access controls.
  • Recommend an analytics solution based on query style and scale.
  • Recommend a data warehousing approach and scaling strategy for analytical workloads.
  • Recommend orchestration and scheduling features for pipelines.
  • Recommend integration with on-premises data sources using appropriate connectivity.
  • Recommend governance tooling for data cataloging, classification, and lineage.
  • Recommend the appropriate serving layer for analytics outputs.
  • Recommend a strategy for data quality validation and monitoring in data pipelines.
  • Design security for data integration using managed identities and least privilege.
  • Recommend private connectivity for data services used in integration pipelines.
  • Recommend cost optimization approaches for analytics and integration workloads.
  • Recommend retention and archival strategies for analytical datasets.
  • Recommend a resiliency strategy for data pipelines including restartability and failure isolation.

Domain 3: Design business continuity solutions (15-20%)

Practice this topic →

Task 3.1 - Design solutions for backup and disaster recovery

  • Translate business requirements into concrete RTO and RPO targets for different workload tiers.
  • Recommend a disaster recovery strategy (multi-zone vs multi-region) aligned to failure domains and recovery objectives.
  • Recommend a recovery solution for hybrid workloads that spans on-premises and Azure.
  • Recommend a backup solution for compute that meets recovery requirements.
  • Recommend a disaster recovery solution for compute that enables fast failover.
  • Recommend a backup and recovery strategy for relational databases.
  • Recommend a multi-region recovery strategy for Azure SQL workloads based on RTO/RPO.
  • Recommend recovery strategies for managed open-source databases.
  • Recommend disaster recovery patterns for Cosmos DB.
  • Recommend a backup and recovery solution for unstructured data.
  • Recommend backup for file shares when workloads require point-in-time recovery.
  • Recommend protection for secrets and keys used by workloads.
  • Recommend a global traffic failover approach to route users to a healthy region.
  • Design a DNS strategy that supports DR failover for public and private endpoints.
  • Recommend a backup vault and policy segmentation approach for different compliance requirements.
  • Recommend encryption and access controls for backup data to prevent insider and attacker abuse.
  • Recommend retention and legal hold approaches for regulated workloads.
  • Design monitoring and alerting for backup and DR operations.
  • Design DR testing and validation practices to ensure recoverability.
  • Evaluate cost and operational overhead of DR options and select an appropriate tiered approach.

Task 3.2 - Design for high availability

  • Recommend high availability for compute within a region using zones, scale-out, and health-based routing.
  • Recommend high availability design for AKS workloads.
  • Recommend high availability for App Service-based workloads.
  • Recommend high availability solutions for relational databases.
  • Recommend high availability solutions for semi-structured data stores.
  • Recommend high availability solutions for unstructured data.
  • Recommend application-level resiliency patterns that reduce downtime during failures.
  • Recommend caching strategies that improve performance and resilience.
  • Recommend global availability patterns using edge routing and health probes.
  • Recommend high availability for hybrid connectivity using redundant gateways and circuits.
  • Recommend DNS and name resolution designs that avoid single points of failure.
  • Recommend high availability for shared network services such as firewalls or NVAs.
  • Identify and remove single points of failure across dependencies such as identity, DNS, and shared services.
  • Recommend health probing and automatic failover mechanisms for application tiers.
  • Recommend multi-region data replication aligned with availability objectives.
  • Estimate and communicate availability using SLO/SLA reasoning and failure-domain awareness.
  • Recommend testing practices that validate HA behavior during failures and maintenance.
  • Recommend deployment strategies that minimize downtime during releases.

Domain 4: Design infrastructure solutions (30-35%)

Practice this topic →

Task 4.1 - Design compute solutions

  • Specify compute requirements such as scaling, latency, statefulness, and operational constraints.
  • Recommend a virtual machine-based solution when OS control or legacy requirements demand it.
  • Recommend a VM scale-out approach using scale sets and autoscale.
  • Recommend container-based compute and choose an appropriate hosting option.
  • Recommend a container registry strategy that supports secure deployments.
  • Recommend serverless compute for event-driven workloads.
  • Recommend orchestration for workflows and integration scenarios.
  • Recommend a compute solution for batch processing workloads.
  • Recommend specialized compute approaches for high performance and technical workloads.
  • Recommend application hosting options based on deployment model and operational responsibility.
  • Design compute resiliency using zones, scale-out, and region-level strategies.
  • Recommend secure access patterns for compute resources using managed identities and secretless auth.
  • Recommend patching and configuration management strategies for VM-based workloads.
  • Recommend an image management strategy for consistent VM deployments.
  • Recommend monitoring signals and autoscale triggers for compute workloads.
  • Recommend cost optimization approaches for compute.
  • Recommend region placement and data residency considerations for compute.
  • Recommend strategies to minimize downtime during deployments for compute-hosted apps.

Task 4.2 - Design an application architecture

  • Recommend a messaging architecture that decouples services and supports required delivery semantics.
  • Choose the correct integration service for the scenario (Service Bus, Event Grid, Event Hubs).
  • Recommend an event-driven architecture pattern for reactive workloads.
  • Recommend an API integration solution including gateway, policies, and versioning strategy.
  • Recommend a caching strategy appropriate to latency, consistency, and scale requirements.
  • Recommend an application configuration management solution that supports feature flags and safe rollouts.
  • Recommend secret and certificate usage patterns within application architectures.
  • Recommend microservices architecture considerations and service communication patterns.
  • Recommend synchronous vs asynchronous communication patterns based on coupling and reliability needs.
  • Recommend resiliency patterns such as retries, circuit breakers, and bulkheads.
  • Recommend an automated deployment solution for applications.
  • Recommend deployment strategies that support safe releases and rapid rollback.
  • Recommend container deployment architectures including image promotion and security scanning.
  • Design application observability with end-to-end correlation and actionable telemetry.
  • Recommend authentication and authorization patterns for APIs and services.
  • Recommend a multi-region application architecture for global user bases.
  • Recommend data handling and compliance controls in application architectures.
  • Recommend an architecture for background processing and long-running jobs.

Task 4.3 - Design migrations

  • Evaluate migration approaches using the Cloud Adoption Framework phases and guidance.
  • Recommend a migration strategy (rehost, refactor, rearchitect, replace) aligned to constraints.
  • Recommend assessment tooling to inventory on-premises servers and dependencies.
  • Recommend a migration solution for on-premises servers and virtualized workloads.
  • Recommend an application migration approach to PaaS when operational simplicity is a priority.
  • Recommend a database migration approach that meets downtime constraints.
  • Recommend a database migration target based on required features and compatibility.
  • Recommend a migration approach for unstructured data based on data volume and network constraints.
  • Recommend network connectivity for migration waves and data transfer.
  • Recommend identity and access considerations during migration to avoid operational disruption.
  • Design a cutover plan that reduces risk using pilots, phased waves, and rollback strategies.
  • Identify modernization opportunities during migration that reduce long-term operational burden.
  • Recommend validation and testing activities for migrated workloads.
  • Recommend cost and licensing optimization strategies during and after migration.
  • Recommend post-migration governance and decommissioning practices.
  • Recommend documentation and change management practices for migration programs.

Task 4.4 - Design network solutions

  • Recommend a connectivity solution that connects Azure resources to the internet with secure outbound control.
  • Recommend a secure inbound connectivity solution based on application layer and global reach requirements.
  • Recommend a network topology such as hub-and-spoke or virtual WAN based on scale and connectivity requirements.
  • Design VNet peering and shared services connectivity while avoiding unintended transitive routing.
  • Recommend connectivity from Azure to on-premises networks using VPN or ExpressRoute.
  • Design redundancy for hybrid connectivity including active-active gateways and multiple circuits.
  • Recommend a branch connectivity strategy for many sites.
  • Design public DNS for internet-facing apps and private DNS for internal name resolution.
  • Recommend a private connectivity solution for PaaS services and design required DNS components.
  • Compare private endpoints and service endpoints and choose the right pattern.
  • Recommend network security controls to optimize security without unnecessary complexity.
  • Recommend DDoS protection when internet-facing workloads require resilience against volumetric attacks.
  • Design network segmentation to isolate workloads and reduce blast radius.
  • Recommend routing design using user-defined routes, forced tunneling, and inspection patterns.
  • Recommend performance optimization options for networking.
  • Recommend load balancing and routing for internal and external applications.
  • Recommend TLS termination placement and certificate management approach.
  • Recommend secure remote access patterns for administrators.
  • Recommend monitoring tools for network diagnostics and connectivity validation.
  • Design multi-region network and routing strategy for global applications.
  • Recommend cost-aware network designs that minimize unnecessary egress and data transfer.
  • Design resiliency for critical network dependencies such as DNS, firewalls, and gateways.

Tip: After each domain, do a 20–30 question timed drill and review every miss until you can explain the trade-off (security, availability, cost, or operability) that drove the correct answer.

Overview
Cheat Sheet