ExpertThis question is part of a case study — click to read the full scenario(Case 51)
CASE STUDY: Global Enterprise Network
Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They currently operate a mix of on-premises infrastructure (500 servers across 5 data centers) and Azure (20 subscriptions with 100+ VMs and various PaaS services). Their annual IT budget is $10 million, with plans to migrate 70% of workloads to Azure within 2 years.
The company needs to reduce IT costs by 30%, improve disaster recovery (current RTO: 24 hours -> target: 2 hours), enhance security posture to meet ISO 27001 and SOC 2 compliance, and enable remote work for 80% of employees. All solutions must support future growth of 20% annually.
Some legacy applications cannot be modified and must run on Windows Server 2012. Network connectivity requires 10 Gbps throughput to Azure with <20ms latency. GDPR compliance mandates that EU customer data must remain in European Azure regions.
QUESTION 1 OF 5:
Contoso needs to connect their 5 global data centers to Azure and provide any-to-any connectivity (e.g., Data Center 1 can talk to Data Center 2 via the Azure backbone). They also need to connect 20 different Azure VNets across 3 regions. They want a managed service that minimizes routing complexity.
Which network topology should you recommend?
AZ-305 · Question 53 · Domain 4.4: Design network solutions
CASE STUDY: Global Enterprise Network
Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They currently operate a mix of on-premises infrastructure (500 servers across 5 data centers) and Azure (20 subscriptions with 100+ VMs and various PaaS services). Their annual IT budget is $10 million, with plans to migrate 70% of workloads to Azure within 2 years.
The company needs to reduce IT costs by 30%, improve disaster recovery (current RTO: 24 hours -> target: 2 hours), enhance security posture to meet ISO 27001 and SOC 2 compliance, and enable remote work for 80% of employees. All solutions must support future growth of 20% annually.
Some legacy applications cannot be modified and must run on Windows Server 2012. Network connectivity requires 10 Gbps throughput to Azure with <20ms latency. GDPR compliance mandates that EU customer data must remain in European Azure regions.
QUESTION 3 OF 5:
To meet the strict ISO 27001 and SOC 2 compliance requirements, the CISO mandates that all outbound internet traffic from Azure VMs must be inspected.
The inspection engine must be able to decrypt outbound HTTPS traffic, inspect the payload for malware, and block access to known malicious domains using an Intrusion Detection and Prevention System (IDPS).
Which Azure service should you deploy in the hub virtual network?
CASE STUDY: Global Enterprise Network
Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They currently operate a mix of on-premises infrastructure (500 servers across 5 data centers) and Azure (20 subscriptions with 100+ VMs and various PaaS services). Their annual IT budget is $10 million, with plans to migrate 70% of workloads to Azure within 2 years.
The company needs to reduce IT costs by 30%, improve disaster recovery (current RTO: 24 hours -> target: 2 hours), enhance security posture to meet ISO 27001 and SOC 2 compliance, and enable remote work for 80% of employees. All solutions must support future growth of 20% annually.
Some legacy applications cannot be modified and must run on Windows Server 2012. Network connectivity requires 10 Gbps throughput to Azure with <20ms latency. GDPR compliance mandates that EU customer data must remain in European Azure regions.
QUESTION 3 OF 5:
To meet the strict ISO 27001 and SOC 2 compliance requirements, the CISO mandates that all outbound internet traffic from Azure VMs must be inspected.
The inspection engine must be able to decrypt outbound HTTPS traffic, inspect the payload for malware, and block access to known malicious domains using an Intrusion Detection and Prevention System (IDPS).
Which Azure service should you deploy in the hub virtual network?
Answer options:
Azure Firewall Premium
Azure Firewall Standard
Network Security Groups (NSGs)
Azure Web Application Firewall (WAF)
How to approach this question
Full Answer
Common mistakes
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 1
55 questions · hints · full answers · grading