Question 1

A multinational corporation is designing its Azure landing zone architecture. The company has 5 distinct Business Units (BUs).

Requirements:
1. The Central IT team must enforce baseline security policies (e.g., requiring Microsoft Defender) across ALL subscriptions in the company.
2. Each BU must be able to manage its own resources and apply BU-specific policies.
3. Two of the BUs operate in the healthcare sector and must adhere to strict HIPAA compliance policies that do not apply to the other three BUs.

You need to design a Management Group hierarchy. Which THREE actions should you include in your design? (Select THREE)

Accepted Answer

Follow Azure Landing Zone best practices: Avoid Tenant Root assignments, group similar compliance needs (Healthcare), and provide BU autonomy.

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Assigning policies to the Tenant Root Group is a common anti-pattern. Assigning enterprise compliance policies at the resource group level is unscalable.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 3

More questions from this exam