For IndividualsFor Educators
    ExpertMinds LogoExpertMinds
    HomeAZ-305Cheat Sheet
    Cheat SheetMicrosoftAZ-305

    AZ-305 Cheat Sheet 2026: Azure Solutions Architect Expert Reference

    A structured design reference for AZ-305 candidates — identity, governance, compute, storage, networking, and business continuity patterns with exam trigger phrases.

    ExpertMinds Editorial·14 January 2026·9 min read
    Take the AZ-305 practice exams →

    The AZ-305 tests architectural judgment, not service knowledge. Every question describes a requirement — cost, compliance, availability, scalability, operational overhead — and asks which design best satisfies it. The wrong answers are usually architecturally valid but don't satisfy all the stated constraints. Read every requirement before evaluating answers.

    Key fact:40–60 questions · 120 minutes · Pass score 700/1000. Case study questions appear — read the entire case before answering any question in that set.

    Identity & Access Design

    PatternUse whenKey service
    B2B collaborationPartner organisations need access to your appsEntra ID External Identities (guest users)
    B2C identityCustomers sign in with social or local accountsAzure AD B2C — separate tenant
    Managed IdentityAzure service needs to access other Azure services without credentialsSystem-assigned or user-assigned Managed Identity
    Service PrincipalApplication or script needs Azure resource accessApp registration + client secret or certificate
    Privileged Identity ManagementJust-in-time admin access with approval workflowAzure PIM — reduces standing access
    Conditional AccessGrant/block access based on conditions (location, device, risk)Entra ID Conditional Access policies

    Governance & Compliance Design

    RequirementDesign choiceReason
    Enforce allowed VM sizes across subscriptionsAzure Policy with Deny effectPolicy applies at scope; prevents non-compliant deployments
    Standardise new environment setupAzure Blueprints (or Bicep/Terraform templates)Repeatable, auditable environment scaffolding
    Manage 50+ subscriptions centrallyManagement Groups + Azure Policy at MG levelPolicies and RBAC inherited by child subscriptions
    Audit resource changes over timeAzure Resource Graph + Activity Log + Azure MonitorQueryable change history
    Cost allocation across departmentsResource tags + Azure Cost ManagementTags enable per-department reporting

    Compute Design Decisions

    ScenarioBest compute choiceKey reason
    Migrate existing app with no code changesAzure VMs (IaaS)Lift-and-shift; full OS control
    Web app — no infrastructure managementAzure App ServicePaaS; auto-scale; deployment slots
    Containerised microservices at scaleAKSKubernetes orchestration; complex networking
    Simple container, quick startup, no clusterAzure Container InstancesServerless containers; no cluster management
    Event-driven short tasksAzure Functions (Consumption plan)Pay per execution; auto-scale to zero
    Functions needing VNet integration or premium computeAzure Functions (Premium plan)VNet integration; no cold starts
    High performance computing / GPU workloadsAzure VMs — H-series or N-seriesSpecialised hardware
    Tip:App Service vs Azure Functions: App Service is for continuously running web apps. Functions are for event-triggered, short-lived code. If a question says "runs 24/7" — App Service. If it says "triggered by event, runs briefly" — Functions.

    Test yourself on AZ-305

    Practice questions graded with detailed guidance.

    Sign up freePractice now →

    Storage Design Decisions

    RequirementDesignKey detail
    Highest durability for critical dataGRS or GZRS6 copies across 2 regions; 99.99999999999999% durability
    Archive data accessed once a yearBlob Archive tierLowest cost; retrieval takes hours; min 180-day retention
    Shared file access from multiple VMsAzure Files (SMB)Managed file share; supports AD auth
    High-throughput analytics on structured dataAzure Data Lake Storage Gen2Hierarchical namespace; Parquet/CSV; integrates with Synapse
    Immutable storage for complianceBlob Storage with Immutability Policy (WORM)Write once, read many; cannot be deleted or modified

    Database Design Decisions

    RequirementBest choiceKey differentiator
    Relational workload, minimal managementAzure SQL DatabaseFully managed; vCore or DTU pricing
    SQL with instance-level features (CLR, linked servers)Azure SQL Managed InstanceNear 100% SQL Server compatibility
    Relational + global distribution + horizontal scaleAzure Cosmos DB (API for PostgreSQL / Citus)Distributed Postgres — not single-node Cosmos DB
    Multi-model NoSQL — global, low latency, any scaleAzure Cosmos DBChoose API: SQL, Mongo, Cassandra, Gremlin, Table
    Cosmos DB consistency: strong vs eventualStrong = highest consistency, higher latency/cost; Eventual = lowest latency, may see stale readsBounded Staleness and Session are the most commonly used
    In-memory caching layerAzure Cache for Redis"reduce database load", "session cache", "leaderboard"

    Practice AZ-305 architecture scenarios

    Design questions have no single right answer until you apply all stated constraints. Practice choosing between architecturally valid options.

    Sign up freePractice now →

    Networking Design Patterns

    PatternDesignUse case
    Hub-and-spoke topologyCentral hub VNet (shared services) + spoke VNets (workloads) connected via peeringEnterprise network with centralised security and routing
    Private connectivity to PaaSPrivate Endpoint + Private DNS ZoneAccess Storage, SQL, Key Vault over VNet; no public internet
    Hybrid connectivity — internetAzure VPN Gateway (site-to-site or point-to-site)On-premises to Azure over encrypted tunnel
    Hybrid connectivity — dedicatedExpressRoutePrivate circuit; consistent bandwidth; compliance-driven
    Centralised firewall inspectionAzure Firewall in hub VNet + UDR to force traffic through itAll east-west and internet-bound traffic inspected
    Global HTTP load balancing with WAFAzure Front DoorGlobal anycast; SSL offload; WAF; caching

    Business Continuity & Disaster Recovery

    RequirementDesignKey metric
    RTO minutes, RPO near-zeroAvailability Zones — active-active in same regionAzure SLA 99.99%; synchronous replication
    RTO hours, cross-region failoverAzure Site RecoveryReplication to secondary region; orchestrated failover
    VM backup with retentionAzure Backup (Recovery Services Vault)Daily/weekly/monthly/yearly retention; soft delete
    SQL DB point-in-time restoreAzure SQL built-in backup — 1–35 days PITRNo separate Backup service needed for SQL
    Zero-downtime deploymentsApp Service Deployment Slots + swapBlue-green deployment; instant rollback
    Key fact:RTO = Recovery Time Objective (how long to restore service). RPO = Recovery Point Objective (how much data loss is acceptable). Lower both = higher cost. The exam will give you RTO/RPO targets — design to meet them exactly, not to over-engineer.

    Ready to Practice the full AZ-305?

    Graded results, exam simulation, and detailed guidance on every question.

    Sign up freePractice now

    About this exam

    40–60 questions · 120 minutes · pass 700/1000
    Pass mark: 700 / 1000

    Quick links

    Practice examsBrowse topicsOfficial exam page

    Exam topics

    Identity, Governance & Monitoring25–30%Data Storage Solutions25–30%Business Continuity10–15%Infrastructure Solutions25–30%

    Related reading

    AZ-305 Gets Its Biggest Overhaul in Years — New Prerequisite, New AI Content, and a Higher Bar

    4 min read

    AZ-305 Walkthrough: Designing a Hub-and-Spoke Virtual Network Architecture

    6 min read

    ExpertMinds

    Ace your certifications with Practice Exams and AI assistance.

    • Browse Exams
    • For Educators
    • Blog
    • Privacy Policy
    • Terms of Service
    • Cookie Policy
    • Support
    • AWS SAA Exam Prep
    • PMI PMP Exam Prep
    • CPA Exam Prep
    • GCP PCA Exam Prep

    © 2026 TinyHive Labs. Company number 16262776.