Microsoft Azure Solutions Architect Expert
225 practice questions
Last reviewed: April 2026
Personal notes and resource links for your study journey
Filter by Certification
AZ-305 is Microsoft's flagship expert-level Azure architect credential β the successor to the retired AZ-303 / AZ-304 pair. It validates the ability to design, not merely operate, end-to-end Azure solutions: identity and governance, data storage strategy, business continuity, and infrastructure architecture. The audience is senior cloud engineers, lead developers, and architects with significant production Azure experience. Unlike AZ-104 / AZ-204, the exam is design-oriented: scenario-heavy, with multiple case studies and trade-off questions where two answers are technically correct but one is more cost-effective, secure, or aligned to a stated business constraint.
Largest domain at 28%. Microsoft Entra design (tenants, B2B / B2C, Conditional Access, PIM), management-group hierarchies, Azure Policy and Blueprints strategy, and observability with Azure Monitor / Log Analytics / Application Insights at scale.
About 22%. Selecting between Azure SQL family, Cosmos DB, Azure Storage tiers, Azure Data Lake, Synapse, and Microsoft Fabric for given workloads. Heavy on cost / consistency / latency tradeoffs.
About 17%. Backup strategies, Azure Site Recovery, multi-region active-active vs. active-passive, RPO / RTO targets, and disaster-recovery testing. Lower weight but case-study heavy.
Largest weighted domain at 33%. Compute selection (VMs, VMSS, AKS, App Service, Functions, Container Apps), networking topologies (hub-spoke, virtual WAN), application architecture patterns, and migration / IaC strategy.
Services you'll encounter on the exam and why each one matters.
Cloud identity directory with Privileged Identity Management (PIM) for just-in-time elevation, Conditional Access policy, and B2B/B2C external-identity flows.
Why it's on the exam: Domain 1 (Design Identity, Governance, and Monitoring Solutions) leans on Entra ID for tenant design, federation, and the PIM/CA control surface across every architecture.
Declarative governance with policy definitions, initiatives, deny/audit/deployIfNotExists effects, and Blueprints for bundling RBAC + ARM + policy as an environment baseline.
Why it's on the exam: Domain 1 tests Policy + Blueprints as the canonical mechanism for enforcing landing-zone guardrails across subscriptions at scale.
Hierarchy above subscriptions for inherited policy, RBAC, and cost roll-up β the structural scaffolding behind Cloud Adoption Framework landing zones.
Why it's on the exam: Domain 1 design questions around multi-subscription enterprise tenancy expect Management-Group hierarchy as the answer for scope-based governance.
Cross-tenant management surface that delegates scoped Entra roles into customer subscriptions without per-tenant guest accounts.
Why it's on the exam: Domain 1 design scenarios for MSPs or multi-tenant ISVs name Lighthouse as the AZ-305 answer for centralized operations across customer tenants.
Software-defined networking with hub-spoke topology, VNet peering, route tables, plus Virtual WAN as the managed hub for global any-to-any branch/VNet/SaaS connectivity.
Why it's on the exam: Domain 4 (Design Infrastructure Solutions) tests hub-spoke vs. Virtual WAN tradeoffs for enterprise-scale networking β a recurring design pattern.
Global Layer-7 edge (Front Door β anycast PoPs, WAF, caching, multi-region failover) and regional Application Gateway (path-based routing, WAF v2, end-to-end TLS).
Why it's on the exam: Domain 4 contrasts Front Door (global, multi-region active-active) with App Gateway (regional, intra-VNet) β the choice anchors most public-app designs.
Managed Kubernetes with node-pool isolation, Azure CNI/Overlay networking, Workload Identity, AKS-managed Entra integration, and Application Gateway Ingress Controller.
Why it's on the exam: Domain 4 container-platform design questions name AKS β picking node-pool layout, ingress topology, and identity model across multi-region clusters.
Dedicated VMware-on-Azure private cloud (vSphere/vSAN/NSX-T) for lift-and-shift migration of existing VMware estates without app refactor.
Why it's on the exam: Domain 4 migration-design scenarios test AVS as the AZ-305 answer for VMware workloads with hard refactor constraints.
Globally distributed multi-model database with turn-key multi-region writes, five consistency levels, and per-region SLA on availability/throughput/latency.
Why it's on the exam: Domain 2 (Design Data Storage Solutions) tests Cosmos DB for active-active multi-region designs and consistency-level tradeoffs against RPO/RTO.
Managed SQL Server PaaS with active geo-replication, auto-failover groups, zone-redundant Business Critical tier, and Hyperscale read-scale-out for petabyte sizes.
Why it's on the exam: Domain 2 + Domain 3 (Business Continuity) scenarios test geo-replication vs. failover-groups vs. Always-On tradeoffs for relational HA/DR.
Blob/Files/Tables/Queues with redundancy options (LRS/ZRS/GRS/RA-GZRS), lifecycle policies (hot/cool/cold/archive), and object-replication across regions.
Why it's on the exam: Domain 2 storage designs anchor on picking the right redundancy SKU and lifecycle path against RPO targets and cost β recurring scenario type.
Backup (policy-driven RPO for VMs/Files/SQL/SAP HANA into Recovery Services vaults) plus Site Recovery (cross-region/cross-cloud VM replication with scripted failover plans).
Why it's on the exam: Domain 3 (Design Business Continuity Solutions) is built around picking Backup + ASR combinations to hit specific RPO/RTO targets.
Private peering circuits via ExpressRoute (BGP, FastPath, Global Reach) and IPsec connectivity via VPN Gateway, optionally combined for ExpressRoute-failover-to-VPN.
Why it's on the exam: Domain 4 hybrid-connectivity design tests ExpressRoute SKU sizing, dual-circuit redundancy, and VPN-as-backup against bandwidth/SLA requirements.
Enterprise messaging β Service Bus (FIFO queues + topics, sessions, transactions, dead-lettering) and Event Grid (pub-sub for Azure events with at-least-once delivery).
Why it's on the exam: Domain 4 integration design distinguishes Service Bus (durable commands) from Event Grid (lightweight reactive notifications) β frequently a paired-scenario distractor.
Integrated analytics platform with dedicated SQL pools (MPP warehouse), serverless SQL, Spark pools, and Pipelines for orchestration over Data Lake Storage Gen2.
Why it's on the exam: Domain 2 analytics-storage design scenarios test Synapse pool sizing, distribution keys, and serverless-vs-dedicated tradeoffs for warehouse workloads.
Serverless container runtime built on Kubernetes + KEDA + Dapr, with revision-based deployment, scale-to-zero, and event-driven scale rules.
Why it's on the exam: Domain 4 event-driven design tests Container Apps as the AZ-305 answer for microservice + scale-to-zero workloads that do not need full AKS control.
Unified telemetry β metrics, activity/resource logs, alerts, Log Analytics workspaces queried via KQL, plus workbooks and Application Insights for app-tier traces.
Why it's on the exam: Domain 1 (Monitoring) tests workspace design, diagnostic-setting routing, and cross-subscription log aggregation for enterprise-scale observability.
CSPM + CWPP platform with regulatory-compliance dashboards, secure-score tracking, and per-plan workload protection (servers, AKS, SQL, Storage, Key Vault, etc.).
Why it's on the exam: Domain 1 security-posture design scenarios name Defender for Cloud as the AZ-305 answer for continuous compliance and workload-threat visibility.
Cost analysis, budgets with action-group alerts, scheduled exports to Storage, and Reservation/Savings-Plan recommendations across management-group hierarchies.
Why it's on the exam: Domain 1 governance scenarios test budget design, chargeback/showback via tags, and Reservation strategy as the AZ-305 cost-control surface.
Cloud-native SIEM/SOAR built on Log Analytics β data connectors, analytic rules, hunting queries, and playbooks via Logic Apps for automated response.
Why it's on the exam: Domain 1 SecOps design names Sentinel as the answer for centralized SIEM across multi-cloud + on-prem signal, with automation tied to incident response.
$130kβ$175kβ$240k USD annual
AZ-305 is one of the highest-leverage individual Azure certs for compensation. Range covers US-based senior architects; FAANG / Microsoft-partner principals routinely clear $300k TC. The cert pairs with 5+ years of Azure experience to unlock the high end β credential alone does not.
Source: levels.fyi 2025 architect / principal-engineer roles, U.S. BLS OEWS May 2024 (15-1241 computer network architects, 15-1252 software developers), Glassdoor 2025. Figures are approximate; actual compensation depends on role, region, and experience.
AZ-305 is the most-requested Azure certification in senior architect job postings, frequently named explicitly in JDs at financial services, healthcare, government contracting, and Microsoft-partner consultancies. Recruiters treat it as the canonical proof of architect-level design competence. It pairs naturally with AZ-400 for DevOps-leaning architects, with AZ-500 for security-leaning architects, and increasingly with AZ-700 for hybrid-network architects. Many candidates who pass AZ-104 + AZ-204 add AZ-305 within 12β24 months to make the architect-track jump.
AZ-305 has no hard prerequisite, but Microsoft strongly recommends candidates already hold AZ-104 (Administrator). The exam outline assumes practical familiarity with virtually every service AZ-104 covers, plus equivalent depth in development concepts (App Service, Functions, Cosmos DB) typically picked up via AZ-204. Microsoft positions AZ-305 as appropriate after 4β5 years of broad cloud-engineering experience including significant time on Azure.
The official Microsoft Learn path covers all four design domains in roughly 40β50 hours. Real preparation requires significantly more: case-study practice (Microsoft's sample case studies and the official practice assessment are essential), reading the Azure Well-Architected Framework end-to-end, and reviewing the Cloud Adoption Framework. Without prior production Azure experience, the design tradeoff questions are very difficult to reason through cold.
AZ-305 sits in the Expert tier β Microsoft's top difficulty band, alongside AZ-400 and SC-100. Plan on 100β150 hours of study over 10β14 weeks for candidates with AZ-104 and 2β3 years of Azure experience; substantially longer without that background. The exam runs about 120 minutes with 40β60 questions across multiple-choice, multiple-response, drag-and-drop, hot-area, and two or more case studies. Case studies are timed separately and cannot be revisited once you move past them.
The most common stumbling block is the design-tradeoff format itself: AZ-305 questions often have multiple technically correct answers and reward the one that best fits a business constraint embedded in the case study (cost ceiling, RPO target, sovereignty requirement). Candidates strong on AZ-104 facts but light on architecture-pattern thinking frequently fail their first attempt.
Most recent skills-measured update. Refreshed Microsoft Entra design coverage, added Microsoft Fabric and Azure Container Apps content, modernized hub-spoke and Virtual WAN guidance. Microsoft refreshes AZ-305 approximately every 12β18 months without changing the exam code.
Renamed Azure AD references to Microsoft Entra ID, expanded Conditional Access and PIM design depth, and added Bicep / IaC framing.
Initial GA, replacing the retired AZ-303 / AZ-304 pair as a single architect exam aligned to design-only competencies.
AZ-305 (Microsoft Azure Solutions Architect Expert) is a a challenging, scenario-heavy exam that requires deep hands-on experience and the ability to make architectural trade-off decisions Expert-level exam. Most candidates need 150β300 hours of study spread over 3β6 months for professional and expert-level exams. These exams typically expect prior associate-level proficiency. Most candidates who score consistently above the passing threshold on practice exams pass on their first attempt.
Most candidates need 150β300 hours of study spread over 3β6 months for professional and expert-level exams. These exams typically expect prior associate-level proficiency. Time-to-pass varies widely by prior experience. Engineers with hands-on production experience in the underlying technology typically need less; candidates new to the platform should plan toward the upper end of that range.
AZ-305 is a recognized credential in the Azure ecosystem and signals validated knowledge to employers, recruiters, and clients. Whether it is worth the time and fee for you depends on your role and goals β it tends to pay off most for cloud engineers, architects, and consultants who work with Azure day-to-day or want to move into roles that do.
The passing score for AZ-305 is 700 / 1000. The exam contains 50 questions and lasts 2 hr.
The AZ-305 exam fee is $165 USD. Fees are set by Azure and may vary by region; always confirm the current price on the official Azure certification page before booking.
Microsoft role-based certifications expire after 1 year but can be renewed for free via an unproctored online assessment on Microsoft Learn, starting 6 months before expiration.
Yes. You can take the exam online (proctored via the provider's secure browser, available 24/7 in most regions) or at an in-person Pearson VUE test center during business hours. Both formats use the same questions, time limit, and passing score.
CertLabPro provides 15 study modes across the practice question bank for AZ-305. The exam-simulation mode mirrors the real exam: 50 questions in 2 hr, with the same passing threshold of 700 / 1000. Browse mode lets you read every Q&A statically.