Q: **CASE STUDY: Contoso Manufacturing** **Overview:** Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They currently operate a mix of on-premises infrastructure (500 VMware VMs across 5 data centers) and Azure (20 subscriptions with 100+ VMs and various PaaS services). Their annual IT budget is $50 million, with plans to migrate 70% of workloads to Azure within 2 years. **Business Requirements:** The company needs to reduce IT costs by 30%, improve disaster recovery (current RTO: 24 hours -> target: 2 hours), enhance security posture to meet ISO 27001 and SOC 2 compliance, and enable remote work for 80% of employees. All solutions must support future growth of 20% annually. **Technical Constraints:** Some legacy applications cannot be modified and must run on Windows Server 2012 R2. Network connectivity requires 10 Gbps throughput to Azure with <20ms latency. GDPR compliance mandates that EU customer data must remain in European Azure regions. **Question:** To meet the security and compliance requirements, Contoso wants to ensure that all outbound internet traffic from their Azure Virtual Networks is inspected and filtered centrally. Which network architecture should you implement?

Identify the standard Azure pattern for centralized outbound traffic inspection.

Q: What mistakes do candidates make on this AZ-305 question?

Relying solely on NSGs. NSGs are distributed and lack advanced Layer 7 inspection capabilities required by enterprise security teams.

Question 1

**CASE STUDY: Contoso Manufacturing**

**Overview:** Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They currently operate a mix of on-premises infrastructure (500 VMware VMs across 5 data centers) and Azure (20 subscriptions with 100+ VMs and various PaaS services). Their annual IT budget is $50 million, with plans to migrate 70% of workloads to Azure within 2 years.

**Business Requirements:** The company needs to reduce IT costs by 30%, improve disaster recovery (current RTO: 24 hours -> target: 2 hours), enhance security posture to meet ISO 27001 and SOC 2 compliance, and enable remote work for 80% of employees. All solutions must support future growth of 20% annually.

**Technical Constraints:** Some legacy applications cannot be modified and must run on Windows Server 2012 R2. Network connectivity requires 10 Gbps throughput to Azure with <20ms latency. GDPR compliance mandates that EU customer data must remain in European Azure regions.

**Question:**
To meet the security and compliance requirements, Contoso wants to ensure that all outbound internet traffic from their Azure Virtual Networks is inspected and filtered centrally.

Which network architecture should you implement?

Accepted Answer

Identify the standard Azure pattern for centralized outbound traffic inspection.

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Relying solely on NSGs. NSGs are distributed and lack advanced Layer 7 inspection capabilities required by enterprise security teams.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 2

More questions from this exam