Q: CASE STUDY: Global Enterprise Network Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They currently operate a mix of on-premises infrastructure (500 servers across 5 data centers) and Azure (20 subscriptions with 100+ VMs and various PaaS services). Their annual IT budget is $10 million, with plans to migrate 70% of workloads to Azure within 2 years. The company needs to reduce IT costs by 30%, improve disaster recovery (current RTO: 24 hours -> target: 2 hours), enhance security posture to meet ISO 27001 and SOC 2 compliance, and enable remote work for 80% of employees. All solutions must support future growth of 20% annually. Some legacy applications cannot be modified and must run on Windows Server 2012. Network connectivity requires 10 Gbps throughput to Azure with <20ms latency. GDPR compliance mandates that EU customer data must remain in European Azure regions. QUESTION 4 OF 5: Contoso deploys an Azure SQL Database to store sensitive EU customer data. To meet GDPR and internal security policies, the database must not be accessible via the public internet. Furthermore, on-premises servers connected via ExpressRoute must be able to connect to the database using a private IP address from the Azure Virtual Network space. Which feature should you configure for the Azure SQL Database?

Differentiate between Service Endpoints (keeps public IP, routes optimally) and Private Endpoints (assigns a private VNet IP). On-prem access requires Private Endpoints.

Q: What mistakes do candidates make on this AZ-305 question?

Confusing Service Endpoints with Private Endpoints. Service Endpoints are an older technology that optimizes routing but doesn't provide a private IP.

Question 1

CASE STUDY: Global Enterprise Network

Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They currently operate a mix of on-premises infrastructure (500 servers across 5 data centers) and Azure (20 subscriptions with 100+ VMs and various PaaS services). Their annual IT budget is $10 million, with plans to migrate 70% of workloads to Azure within 2 years.

The company needs to reduce IT costs by 30%, improve disaster recovery (current RTO: 24 hours -> target: 2 hours), enhance security posture to meet ISO 27001 and SOC 2 compliance, and enable remote work for 80% of employees. All solutions must support future growth of 20% annually.

Some legacy applications cannot be modified and must run on Windows Server 2012. Network connectivity requires 10 Gbps throughput to Azure with <20ms latency. GDPR compliance mandates that EU customer data must remain in European Azure regions.

QUESTION 4 OF 5:
Contoso deploys an Azure SQL Database to store sensitive EU customer data.

To meet GDPR and internal security policies, the database must not be accessible via the public internet. Furthermore, on-premises servers connected via ExpressRoute must be able to connect to the database using a private IP address from the Azure Virtual Network space.

Which feature should you configure for the Azure SQL Database?

Accepted Answer

Differentiate between Service Endpoints (keeps public IP, routes optimally) and Private Endpoints (assigns a private VNet IP). On-prem access requires Private Endpoints.

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Confusing Service Endpoints with Private Endpoints. Service Endpoints are an older technology that optimizes routing but doesn't provide a private IP.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 1

More questions from this exam