Unlike AZ-104, AZ-305 rarely asks "how do you configure X." It asks "given these requirements — cost, SLA, RPO/RTO, scale, compliance — which design is BEST?" This cheat sheet gives you the decision shortcuts to answer those questions fast. Use it alongside scenario practice; recognizing the deciding keyword in a question is half the battle.
Exam Snapshot
Level
Expert
Passing Score
700 / 1000
Cost
$165 USD
Recommended
AZ-104 experience
Identity, Governance & Monitoring
25–30%
Data Storage
20–25%
Business Continuity
15–20%
Infrastructure
25–30%
1. Identity, Governance & Monitoring
| Requirement | Choose |
|---|---|
| External partners sign in with their own org credentials | Entra ID B2B (guest) |
| Millions of consumers, social/email sign-up | Entra External ID / B2C |
| App needs to access Azure resources with no stored secrets | Managed Identity |
| Same identity reused across multiple resources | User-assigned managed identity |
| Identity tied to one resource's lifecycle | System-assigned managed identity |
| Consistent policy/RBAC across many subscriptions | Management Groups (inherit downward) |
| Enforce rules on what resources can be created | Azure Policy |
| Manage who can do what | RBAC (least privilege) |
| Just-in-time elevated admin access with approval | Entra ID PIM |
| Centralized logs across subscriptions + SIEM | Central Log Analytics workspace + Microsoft Sentinel |
| Enforce spending limit with alerts/automation | Azure Budgets + action groups |
RBAC role recap: Owner = full + manage access · Contributor = full except access · Reader = view only · User Access Administrator = manage access only. Assign Reader at a Management Group for cross-subscription auditing.
Practice the design trade-offs
Try 25 Free AZ-305 Scenario Questions
Multi-requirement architecture questions with detailed explanations — the real Expert format.
Open Practice Questions →2. Data Storage
Relational database target
| Requirement | Choose |
|---|---|
| Cloud-native app, no instance-level features needed | Azure SQL Database |
| Lift-and-shift needing SQL Agent, CLR, linked servers, cross-DB queries | Azure SQL Managed Instance |
| Full OS/SQL control, custom configuration | SQL Server on Azure VM (IaaS) |
| Very large DB (up to 100 TB), fast scaling | Azure SQL Database Hyperscale |
| Lowest-latency OLTP + free readable replica | SQL Database Business Critical |
Non-relational & analytics
| Globally distributed, low-latency, schema-flexible NoSQL, 99.999% SLA | Azure Cosmos DB (multi-region writes) |
| Big-data analytics, 500 TB+ with folder-level ACLs | Data Lake Storage Gen2 (hierarchical namespace) |
| Unstructured objects, tiers, lifecycle policies | Blob Storage |
| Enterprise data warehouse / MPP | Azure Synapse / Fabric |
Storage redundancy (cheapest → most durable)
LRS (1 datacenter) → ZRS (zones in 1 region) → GRS (2 regions, secondary not readable) → RA-GRS (read access to secondary) → GZRS / RA-GZRS (zone + geo).
Deciding keywords: "survive a region failure" → GRS family · "read the secondary before failover" → RA-GRS · "survive a datacenter/zone failure" → ZRS.
3. Business Continuity (BCDR)
RPO = max acceptable data loss (how far back). RTO = max acceptable downtime (how long to recover). Lower RPO → more frequent replication. Lower RTO → faster failover.
| Requirement | Choose |
|---|---|
| Replicate on-prem/VMs to Azure for DR, low RPO, test failover | Azure Site Recovery (ASR) |
| Periodic data protection / point-in-time restore | Azure Backup (Recovery Services Vault, soft-delete) |
| VM HA within a region (survive datacenter failure) | Availability Zones |
| VM HA within a single datacenter (against hardware/maintenance) | Availability Set |
| Azure SQL automatic regional failover, readable secondary | Auto-failover group |
| Global HTTP(S) failover with fastest RTO (anycast, health probes) | Azure Front Door |
| DNS-based multi-region routing (any protocol) | Traffic Manager |
4. Infrastructure
Compute selection
| Requirement | Choose |
|---|---|
| Single web app/API, no container skills, deploy fast | App Service |
| Event-driven, pay-per-execution, short tasks | Azure Functions (Consumption) |
| Microservices/containers, autoscale, no Kubernetes expertise, KEDA | Azure Container Apps |
| Full container orchestration and control at scale | Azure Kubernetes Service (AKS) |
| Full OS control / legacy workloads | Virtual Machines |
Load balancing / traffic routing
| Load Balancer | Layer 4 (TCP/UDP), regional, non-HTTP traffic across VMs. |
| Application Gateway | Layer 7, regional web traffic, with WAF and SSL offload. |
| Front Door | Global Layer 7, CDN + WAF, fast multi-region failover. |
| Traffic Manager | DNS-based global routing for any protocol. |
Messaging & integration
| Service Bus | Enterprise messaging, ordering, transactions, queues/topics. |
| Event Grid | Reactive event routing (discrete events, pub/sub). |
| Event Hubs | High-throughput streaming/telemetry ingestion (big data). |
Migration & governance
- Azure Migrate: Assess + migrate VMs, databases, apps (discovery, dependency mapping, cost estimates).
- Database Migration Service: Online/offline DB migrations with minimal downtime.
- Azure Landing Zone (ALZ): Enterprise-scale baseline — Management Groups, hub-spoke networking, central policy.
- Well-Architected Framework pillars: Reliability, Security, Cost Optimization, Operational Excellence, Performance Efficiency.
5. "If You See X, Choose Y" Shortcuts
| If the question says… | Lean toward… |
|---|---|
| "no stored credentials / no secrets" | Managed identity |
| "minimal administrative effort" + web app | App Service / PaaS |
| "globally distributed, single-digit ms" | Cosmos DB |
| "read the secondary region copy" | RA-GRS |
| "survive a full region outage" | GRS / multi-region + Front Door |
| "test failover without impacting production" | Azure Site Recovery |
| "consistent governance across subscriptions" | Management Groups + Azure Policy |
| "SQL Agent / linked servers / CLR" | SQL Managed Instance |
| "high-throughput telemetry / IoT stream" | Event Hubs |
| "just-in-time admin with approval" | Entra ID PIM |
Memorized the decisions? Now apply them.
AZ-305 is won on multi-requirement scenarios. MSCertQuiz has a full AZ-305 question bank with practice and timed exam modes, calibrated harder than the real exam. Start with 40 free questions — no credit card required.
Common Questions
How is AZ-305 different from AZ-104?
AZ-104 tests how to configure and operate resources. AZ-305 tests how to design solutions — choosing the right service given requirements like cost, SLA, RPO/RTO, scalability, and compliance. AZ-305 questions are design trade-offs, not configuration steps.
Do I need AZ-104 before AZ-305?
Microsoft recommends AZ-104-level experience but no longer enforces it as a hard prerequisite. Be comfortable with Azure administration, networking, identity, and storage before attempting the Expert design exam.
When do I choose SQL Managed Instance over Azure SQL Database?
Choose Managed Instance when you need near-full SQL Server compatibility — SQL Agent, CLR, cross-database queries, linked servers — typically for lift-and-shift. Choose Azure SQL Database for new cloud-native apps without those instance-level needs.
What is the passing score for AZ-305?
700 out of 1000 on a scaled scoring system. The exam costs $165 USD and includes scenario and case-study style questions.
About MSCertQuiz
MSCertQuiz provides 500 practice questions per certification, calibrated harder than the real exam so test day feels easier. Questions are built by certified professionals and updated for 2026 exam objectives. Start with 40 free questions — no credit card required.