Q: **CASE STUDY: Contoso Manufacturing** **Overview:** Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They currently operate a mix of on-premises infrastructure (500 VMware VMs across 5 data centers) and Azure (20 subscriptions with 100+ VMs and various PaaS services). Their annual IT budget is $50 million, with plans to migrate 70% of workloads to Azure within 2 years. **Business Requirements:** The company needs to reduce IT costs by 30%, improve disaster recovery (current RTO: 24 hours -> target: 2 hours), enhance security posture to meet ISO 27001 and SOC 2 compliance, and enable remote work for 80% of employees. All solutions must support future growth of 20% annually. **Technical Constraints:** Some legacy applications cannot be modified and must run on Windows Server 2012 R2. Network connectivity requires 10 Gbps throughput to Azure with <20ms latency. GDPR compliance mandates that EU customer data must remain in European Azure regions. **Question:** Contoso is modernizing a subset of their applications using Azure Kubernetes Service (AKS). These new microservices must communicate directly with the legacy Windows Server 2012 R2 VMs residing in a peered Azure VNet. Which AKS networking plugin must you use to ensure the pods get IP addresses from the VNet, allowing direct routing to the legacy VMs?

Differentiate between Kubenet (NAT) and Azure CNI (direct VNet IPs).

Q: What mistakes do candidates make on this AZ-305 question?

Confusing Calico with Azure CNI. Calico handles security policies (firewalling between pods), while Azure CNI handles the IP addressing and routing.

Question 1

**CASE STUDY: Contoso Manufacturing**

**Overview:** Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They currently operate a mix of on-premises infrastructure (500 VMware VMs across 5 data centers) and Azure (20 subscriptions with 100+ VMs and various PaaS services). Their annual IT budget is $50 million, with plans to migrate 70% of workloads to Azure within 2 years.

**Business Requirements:** The company needs to reduce IT costs by 30%, improve disaster recovery (current RTO: 24 hours -> target: 2 hours), enhance security posture to meet ISO 27001 and SOC 2 compliance, and enable remote work for 80% of employees. All solutions must support future growth of 20% annually.

**Technical Constraints:** Some legacy applications cannot be modified and must run on Windows Server 2012 R2. Network connectivity requires 10 Gbps throughput to Azure with <20ms latency. GDPR compliance mandates that EU customer data must remain in European Azure regions.

**Question:**
Contoso is modernizing a subset of their applications using Azure Kubernetes Service (AKS). These new microservices must communicate directly with the legacy Windows Server 2012 R2 VMs residing in a peered Azure VNet.

Which AKS networking plugin must you use to ensure the pods get IP addresses from the VNet, allowing direct routing to the legacy VMs?

Accepted Answer

Differentiate between Kubenet (NAT) and Azure CNI (direct VNet IPs).

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Confusing Calico with Azure CNI. Calico handles security policies (firewalling between pods), while Azure CNI handles the IP addressing and routing.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 2

More questions from this exam