ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 1.3: GovernanceDomain 1GovernanceLanding ZonesBicep

AZ-305 · Question 13 · Domain 1.3: Governance

You are designing an Azure Landing Zone architecture for a multinational corporation. The company uses a 'Subscription Vending Machine' process to automatically provision new subscriptions for application teams.

The security team requires that every new subscription automatically has Microsoft Defender for Cloud enabled, specific Azure Policies assigned, and a standard VNet deployed and peered to the central Hub VNet.

Which Azure native approach provides the most scalable and declarative way to achieve this during the subscription creation process?

Answer options:

A.

Azure Blueprints

B.

Azure Bicep with Management Group scope deployments.

C.

Azure Automation Runbooks triggered by an Event Grid subscription.

D.

Azure Policy with 'DeployIfNotExists' effects for the VNet peering.

How to approach this question

Identify the modern, recommended Infrastructure-as-Code tool for Azure Landing Zones. Note that Blueprints are deprecated.

Full Answer

B.Azure Bicep with Management Group scope deployments.✓ Correct
Azure Bicep with Management Group scope deployments.
For enterprise-scale Landing Zones and subscription vending, Microsoft recommends using Infrastructure-as-Code (IaC) tools like Azure Bicep or Terraform. Bicep supports deploying resources at various scopes, including Tenant, Management Group, and Subscription levels. This allows you to declaratively define the subscription, move it to the correct Management Group (which inherits Policies), and deploy the required networking components in a single, repeatable pipeline. Azure Blueprints is deprecated.

Common mistakes

Choosing Azure Blueprints. While it historically did exactly this, it is now deprecated and not the correct answer for modern AZ-305 designs.
12All questions14

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 5

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd has 50 subscriptions across 3 business units. Each business unit manages its own IT o...EasyQ02You are designing a monitoring solution for a hybrid environment. The environment consists of 200...MediumQ03Your company uses Microsoft Sentinel integrated with a Log Analytics workspace. The workspace ing...HardQ04You are designing an application monitoring strategy using Application Insights. The application ...MediumQ05A highly regulated financial institution is migrating to Microsoft 365 and Azure. They currently ...Hard
View all 55 questions →