Practice Security Questions Now
Start a timed practice session focusing on Security Architecture Design topics from the AZ-305 question bank.
Start AZ-305 Practice Quiz →AZ-305 Security Question Bank (3 Questions)
Browse all 3 practice questions covering Security Architecture Design for the AZ-305 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.
- Question 1Design data storage solutions
A company must ensure that all data written to an Azure Storage account is encrypted and that the encryption keys are managed by the customer and stored in Azure Key Vault. Which feature enables this?
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start AZ-305 Quiz - Question 2Design identity, governance, and monitoring solutions
An architect evaluates options for storing encryption keys for Azure Disk Encryption (customer-managed). The keys must be stored in HSM-protected hardware. Which Key Vault option provides this?
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start AZ-305 Quiz - Question 3Design infrastructure solutions
An architect designs an API gateway solution that must handle millions of requests per second globally with DDoS protection, WAF, and intelligent routing to the nearest healthy backend. Which Azure service is most appropriate?
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start AZ-305 Quiz
Key Security Concepts for AZ-305
AZ-305 Security Exam Tips
Security Architecture Design questions in AZ-305 are typically scenario-based. Focus on solution architecture design, resilience, governance, and data platform trade-offs. Priority concepts: zero trust, microsoft defender, key vault, encryption, private endpoint, nsg.
What AZ-305 Expects
- Anchor your answer in select architecture decisions that balance business continuity, performance, and governance.
- Security scenarios for AZ-305 are frequently mapped to Domain 1 (25-30%), Domain 4 (25-30%), so read the objective carefully before picking controls or architecture.
- Expect multi-topic scenarios where Security interacts with identity, networking, governance, or monitoring patterns rather than appearing as an isolated question.
- When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Expert) and vendor best practices.
High-Value Security Concepts
- Know the core Security building blocks cold: zero trust, microsoft defender, key vault, encryption.
- Review the edge-case features and limits for private endpoint, nsg; these details are commonly used to differentiate answer choices.
- Practice service-integration reasoning: how Security pairs with Identity, Networking in real deployment patterns.
- For AZ-305, explain why the chosen Security design meets reliability, security, and cost expectations better than the alternatives.
Common AZ-305 Traps
- Watch for designing for feature completeness but not for resilience.
- Questions in Design Identity, Governance, and Monitoring Solutions often include distractors that look correct for Security but violate least-privilege, compliance, or availability requirements.
- Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
- If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.
Fast Review Checklist
- Can you compare at least two Security implementation paths and justify which one best fits the scenario?
- Can you map the chosen answer back to Design Identity, Governance, and Monitoring Solutions (25-30%) outcomes for AZ-305?
- Can you explain security and access boundaries for Security without relying on default-open assumptions?
- Can you describe how Security integrates with Identity and Networking during failure, scaling, and monitoring events?