TechWithUtsav
advancedAZ-30510-12 weeks prep7 min read

AZ-305: Azure Solutions Architect Expert — Study Guide

Study guide for the AZ-305 Designing Azure Infrastructure Solutions exam. Covers identity, data storage, compute, networking design, and business continuity at architect level.

azureaz-305architectsolutions-architectadvanceddesignexpert

Domains

7

Key concepts

10

Study time

10-12 weeks

Exam Overview

DetailInfo
Exam codeAZ-305
Duration120 minutes
Questions40–60 (scenario-based, case studies)
Passing score700 / 1000
Cost~$165 USD
ValidityRenew annually
PrerequisiteMust hold AZ-104 to earn Expert badge

Domain Weightings

DomainWeight
Design Identity, Governance, and Monitoring25–30%
Design Data Storage Solutions15–20%
Design Business Continuity Solutions15–20%
Design Infrastructure Solutions30–35%

Domain 1: Identity, Governance, and Monitoring (25–30%)

Identity architecture

  • Single tenant vs multi-tenant — enterprise apps use single tenant; ISVs use multi-tenant.
  • Hybrid identity — Microsoft Entra Connect (sync on-prem AD to Entra ID); Password Hash Sync vs Pass-through Auth vs Federation.
  • Entra ID B2B — invite external partners; they authenticate with their own IdP.
  • Entra External ID (B2C) — customer identity; custom branding; OAuth, OIDC, SAML.
  • Entitlement Management — access packages for automated provisioning of groups, apps, and SharePoint sites.

Governance at scale

  • Azure Landing Zones — prescriptive, scalable environment design following CAF.
    • Management subscriptions (Log Analytics, Automation)
    • Platform subscriptions (Identity, Connectivity/Hub)
    • Landing zone subscriptions (workloads)
  • Azure Policy + Management Groups — enforce compliance top-down.
  • Tagging strategy — mandatory tags enforced by Policy (Modify/Deny effect).
  • Naming conventions — consistent resource naming for large environments.

Monitoring architecture

  • Centralised Log Analytics — single workspace aggregating logs from all subscriptions.
  • Azure Monitor — unified monitoring: metrics, alerts, dashboards.
  • Application Insights — per-application APM; linked to central workspace.
  • Diagnostic settings at scale — deploy via Azure Policy (DeployIfNotExists).

Domain 2: Data Storage Solutions (15–20%)

Storage service selection

RequirementService
Unstructured blobs (images, video)Azure Blob Storage
Shared file access (SMB/NFS)Azure Files
Relational data, OLTPAzure SQL Database or SQL Managed Instance
PostgreSQL, MySQLAzure DB for PostgreSQL/MySQL
Globally distributed NoSQLAzure Cosmos DB
Data warehouse, analyticsAzure Synapse Analytics
Real-time analyticsAzure Data Explorer
Message queueAzure Queue Storage or Service Bus
Event streamingAzure Event Hubs

Cosmos DB design

  • API choice — NoSQL API (documents), MongoDB API, Cassandra API, Gremlin (graphs), Table.
  • Consistency levels — Strong → Bounded Staleness → Session → Consistent Prefix → Eventual.
  • Partitioning — choose partition key carefully; high cardinality, even distribution.
  • RU/s capacity — provision or autoscale; design for peak with auto-scale.
  • Global distribution — add regions for low-latency reads; multi-write for active-active.

Data protection

  • Geo-redundant storage — 6 copies across paired regions (GRS/GZRS).
  • Soft delete — for blobs (1–365 days), containers, file shares, VMs.
  • Point-in-time restore — roll back blob storage to a previous point.
  • Immutable storage — WORM for compliance.

Domain 3: Business Continuity Solutions (15–20%)

Azure SLAs and composite SLA

  • Availability = product of individual service SLAs.
  • Improve availability: multi-instance (Availability Zones), active-active multi-region.
  • RPO / RTO targets drive service selection (ASR, Backup, Geo-replication).

Compute resilience

OptionAvailabilitySLA
Single VM (Premium SSD)Single instance99.9%
Availability SetFault domains, update domains99.95%
Availability ZonesPhysically separate datacentres99.99%
Multi-region active-activeTwo+ regions99.99%+

Database business continuity

  • Azure SQL — Active Geo-Replication (up to 4 readable secondaries), auto-failover groups.
  • Cosmos DB — global distribution; automatic failover; multi-master for active-active.
  • Azure SQL Managed Instance — failover groups across regions; automatic DNS switch.

Backup and DR architecture

  • Azure Backup + Recovery Services Vault — per-workload RPO/RTO.
  • Azure Site Recovery — replicate VMs to secondary region; test failover quarterly.
  • Recovery plans — orchestrate failover order across tiers (DB first, app second, web last).

Domain 4: Infrastructure Solutions (30–35%)

Compute service selection

WorkloadServiceReason
Lift-and-shift legacy appAzure VMsFull OS control
Containerised microservicesAKSKubernetes at scale
Simple container (no cluster)ACIQuick, no management overhead
Event-driven, short functionsAzure FunctionsServerless, pay-per-execution
Long-running web appApp ServicePaaS, easy scaling
High-performance computingAzure CycleCloudHPC clusters on demand
Mainframe migrationAzure Mainframe MigrationSpecialised workloads

Network architecture patterns

Hub-and-spoke topology

Hub VNet (connectivity subscription)
├── Azure Firewall (centralised inspection)
├── VPN Gateway / ExpressRoute
└── Azure Bastion

Spoke VNets (peered to hub)
├── Spoke-Production
├── Spoke-Dev
└── Spoke-DMZ

Benefits: centralised security, shared services, cost optimisation.

Azure Virtual WAN

  • Managed hub-and-spoke at scale; automated routing; SD-WAN integration.
  • Supports: VPN, ExpressRoute, P2S, Firewall, Route Manager.

Connectivity options decision tree

On-premises to Azure:
  Low bandwidth, internet OK → VPN Gateway (up to 10 Gbps)
  High bandwidth, private, consistent latency → ExpressRoute
  ExpressRoute + fallback → S2S VPN as backup

Inter-VNet connectivity:
  Same region, few VNets → VNet Peering
  Many VNets, cross-region, complex routing → Azure Virtual WAN or Transit Gateway

Migration architecture

  • Azure Migrate — discover, assess, and migrate VMs, databases, web apps.
  • Azure Database Migration Service — migrate on-prem SQL to Azure SQL with minimal downtime.
  • Lift and shift — Rehost (VMs → Azure VMs); fast but not cloud-optimised.
  • Refactor — Replatform (move to App Service or managed DB); moderate effort.
  • Rearchitect — Rebuild as cloud-native (containers, functions); highest benefit, most effort.

Well-Architected Framework review

Every architecture decision in AZ-305 should reference the 5 pillars:

PillarKey questions
ReliabilityWhat is the SLO? How many 9s? What is RTO/RPO?
SecurityHow is identity managed? Is data encrypted? What is the blast radius?
Cost OptimisationIs the right SKU chosen? Are reserved instances used for steady workloads?
Performance EfficiencyCan it scale? Are caches used appropriately?
Operational ExcellenceIs IaC used? Are deployments automated? Is monitoring in place?

Study Plan (10–12 Weeks)

WeeksFocus
1–2Identity architecture — hybrid identity, B2B/B2C, entitlement management
3–4Governance — landing zones, Azure Policy, tagging, Management Groups
5Storage design — service selection, Cosmos DB, data protection
6Business continuity — SLAs, ASR, Backup, failover groups
7–8Compute design — service selection, AKS, Functions, App Service
9–10Network design — hub-and-spoke, VWAN, hybrid connectivity
11–12Practice exams + case study walkthroughs

Key Resources

ResourceNotes
John Savill's AZ-305 CourseFree YouTube — best for conceptual understanding
Microsoft Learn AZ-305Free official path; heavy on WAF and CAF
Scott Duffy on UdemySolid video course
Azure Architecture CenterReference architectures for every pattern
Tutorials Dojo AZ-305Practice exams with case studies