Microsoft Certified: Azure Solutions Architect Expert (AZ-305)

What you will practice: Gathering requirements • Functional vs non-functional requirements (NFRs): availability, scalability, performance, security, compliance, cost, maintainability

• Gathering requirements
• Functional vs non-functional requirements (NFRs): availability, scalability, performance, security, compliance, cost, maintainability
• Workload characteristics: bursty vs steady, stateful vs stateless, latency-sensitive vs throughput-heavy
• Constraints: region requirements, data residency, regulatory constraints, legacy dependencies, timeline and skills constraints
• Design trade-offs
• CAP-style tradeoffs in distributed systems (consistency vs availability vs partition tolerance) at an applied level
• RPO/RTO targets and their cost implications
• Performance vs cost vs operational complexity
• Reference frameworks (commonly referenced in prep + scenarios)
• Azure Well-Architected Framework pillars (reliability, security, cost optimization, operational excellence, performance efficiency)
• Cloud Adoption Framework concepts (landing zones, governance, management, migration planning)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: What you need to collect • Platform logs vs resource logs vs activity logs vs audit logs

• What you need to collect
• Platform logs vs resource logs vs activity logs vs audit logs
• Workload telemetry: application, OS, container, and network signals
• Security-relevant logs: sign-in, audit, key vault access, NSG flow logs, firewall logs
• Log destinations and routing patterns
• Log Analytics workspace patterns (centralized vs per-subscription/per-workload)
• Diagnostic settings routing: to Log Analytics, Storage account, Event Hub
• Event Hub as log streaming backbone (SIEM/SOAR, third-party tools)
• Retention and cost design
• Retention policies, tiering (hot/cold), archive patterns
• Data volume estimation and cost control (sampling, filtering, table selection)
• Design for scale

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Monitoring layers • Platform metrics (near real-time), logs (query-driven), traces (distributed)

• Monitoring layers
• Platform metrics (near real-time), logs (query-driven), traces (distributed)
• Health signals: Resource Health vs Service Health design usage
• Azure Monitor design
• Metrics and log-based alerting strategy
• Action Groups design (email/SMS/webhook/ITSM), alert routing
• Workbooks/dashboards for role-based views (ops vs sec vs management)
• Application performance monitoring design
• Application Insights patterns (instrumentation, distributed tracing, dependency tracking)
• SLO/SLA alerting mapped to customer impact
• Security monitoring integration
• Sentinel design rationale (when SIEM is required, what data sources feed it)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Identity models • Cloud-only vs hybrid identity patterns

• Identity models
• Cloud-only vs hybrid identity patterns
• Tenant strategy (single tenant vs multi-tenant) and isolation needs
• Sign-in security design
• MFA strategy by risk/user group
• Conditional Access policy design patterns (location/device risk/app sensitivity)
• Legacy authentication blocking strategy
• External identities
• B2B collaboration design (guest access controls, invitation governance)
• Customer identity direction (when a separate identity system is required conceptually)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Azure authorization (RBAC) • Role assignment strategy by scope: management group vs subscription vs resource group vs resource

• Azure authorization (RBAC)
• Role assignment strategy by scope: management group vs subscription vs resource group vs resource
• Custom roles vs built-in roles (when each is appropriate)
• Least privilege models for platform teams, app teams, and auditors
• Privileged access design
• Privileged Identity Management (JIT activation, approval, access reviews conceptually)
• Break-glass admin account strategy
• On-premises authorization considerations
• Access patterns for hybrid resources (identity source, trust boundaries, secure access paths)
• When to use managed identities/service principals vs shared credentials (design-level reasoning)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Key Vault architecture • Vault design: separation by environment (dev/test/prod), region, and application boundary

• Key Vault architecture
• Vault design: separation by environment (dev/test/prod), region, and application boundary
• Access control model: RBAC vs vault access policies (design decision rationale)
• Key and certificate lifecycle
• Rotation strategy, expiration management, automated renewal patterns
• HSM-backed keys vs software keys (when required)
• Using secrets safely
• App configuration patterns: managed identity + Key Vault references
• Avoiding secrets in code and pipelines; secure deployment patterns

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Management group/subscription/resource group design • Enterprise-scale hierarchy patterns

• Management group/subscription/resource group design
• Enterprise-scale hierarchy patterns
• Subscription strategy by environment, business unit, workload, or compliance boundary
• Resource group strategy by lifecycle and ownership
• Tagging and cost governance
• Tag taxonomy: owner, cost center, environment, data classification, criticality
• Enforcement approach (policy-driven tagging)
• Compliance management design
• Azure Policy: initiatives, assignments, effects (deny/audit/append/deployIfNotExists)
• Blueprint-style governance thinking (even if implementation uses policy + templates)
• Identity governance
• Access reviews and lifecycle controls (high-level)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Selecting the right relational service • Azure SQL Database vs SQL Managed Instance vs SQL Server on Azure VMs (decision criteria)

• Selecting the right relational service
• Azure SQL Database vs SQL Managed Instance vs SQL Server on Azure VMs (decision criteria)
• Managed PostgreSQL/MySQL (when appropriate)
• Service tier and compute tier design
• Provisioned vs serverless patterns (where applicable)
• Compute sizing and cost model considerations
• Scalability design
• Vertical vs horizontal scale approaches (read replicas, sharding patterns conceptually)
• Elastic pools patterns (multi-DB cost optimization concept)
• Data protection
• Backup strategy and retention requirements
• Encryption at rest and in transit

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Semi-structured storage choices • Cosmos DB-style patterns (global distribution, partitioning, consistency choices at a high level)

• Semi-structured storage choices
• Cosmos DB-style patterns (global distribution, partitioning, consistency choices at a high level)
• Document vs key-value vs wide-column style reasoning
• Unstructured storage choices
• Blob Storage vs Data Lake Storage Gen2 (analytics + hierarchical namespace use cases)
• Azure Files for SMB-style lifts and shared storage requirements
• Storage redundancy selection (LRS/ZRS/GRS/GZRS) tied to durability and recovery needs
• Balancing features, performance, and costs
• Hot/cool/archive tiering strategy and lifecycle policies
• Throughput and latency considerations (IOPS vs bandwidth vs request rate)
• Protection and durability
• Soft delete, versioning, immutability concepts

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: This section consolidates the remaining two official areas: business continuity and infrastructure solutions (compute/app architecture/migrations/network).

• This section consolidates the remaining two official areas: business continuity and infrastructure solutions (compute/app architecture/migrations/network).
• A) Business continuity design (backup, DR, high availability)
• Backup and disaster recovery
• Design to meet RPO/RTO (translate objectives into architecture)
• Backup strategy by workload type: compute, databases, unstructured data
• Hybrid recovery patterns (on-prem + Azure recovery alignment)
• High availability
• Compute HA patterns (zones, sets, scale-out)
• Relational HA patterns (replication/failover designs)
• Semi/unstructured durability designs (ZRS/GZRS, multi-region patterns)
• B) Compute solutions design
• VM-based solutions, container-based solutions, serverless solutions, batch processing compute
• Selection criteria: operational control vs velocity vs scaling needs
• Stateless vs stateful placement decisions

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.