AZ-305

Question 1

What is the PowerShell command to see what version of the Azure CLI you’re using?

Answer 1

az version

Question 2

How do you switch to bash from Azure CLI?

Answer 2

bash

Question 3

How do you switch from bash to PowerShell Azure CLI?

Answer 3

pwsh

Question 4

Which Azure services are non-regional?

Answer 4

• Azure AI Bot Service
• Azure Advisor
• AAD B2C (Entra?)
• App Service Static Web App
• App center

Break into smaller cards like “is x regional?”

https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-product-and-services/azure/documents/pxr/024-Azure-product-availability-Non-Regional-1.pdf

Question 5

How many datacenters are in an Azure region?

Answer 5

1+

Question 6

Some services and VM features are only available in certain __________.

Answer 6

Azure Regions.

Question 7

What are the Azure Global services?

Answer 7

• Azure DNS
• Entra ID
• Azure Traffic Manager
• Azure CDN

Question 8

What are Azure Availability Zones?

Answer 8

Separate datacenters within an Azure Region. There are a minimum of 3 in an availability-zone-enabled Azure Region.

Question 9

What Azure services are availability zones primarily used for?

Answer 9

• VMs
• Managed Disks
• Load Balancers
• SQL DBs

Question 10

What are the three categories for services that support availability zones?

Answer 10

• Zonal services: You pin the resource to a specific zone (for example, VMs, managed disks, IP addresses).
• Zone-redundant services: The platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).
• Non-regional services: Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.

Question 11

What are Azure Region Pairs?

Answer 11

Pairs of regions for redundancy/resilience that are within the same geography (US, Europe, etc), but at least 300 miles apart.

Question 12

What do Azure Region Pairs protect from?

Answer 12

• Power outages
• Natural disasters
• Civil unrest
• Physical network outages
• Azure updates are on one region at a time
• One region in every pair is prioritized in extensive outages

Question 13

What are Azure Sovereign Regions?

Answer 13

Instances of Azure that are isolated from the main instance of Azure. These include China and DoD.

Question 14

What is the hierarchy of Azure management infrastructure?

Answer 14

• Tenant
• Management Group
• Subscription
• Resource Group
• Resource

Question 15

How do access permissions on resource groups work?

Answer 15

They provide the specified access to all resources within the RG. RGs are a good option for separating resources that need different access schemas.

Question 16

What are the two types of boundaries that subscriptions can represent?

Answer 16

• Billing: different types of billing requirements; organize and manage costs.
• Access Control: different permissions based on environment/organizational-structure.

Question 17

How do policies work with inheritance?

Answer 17

All descendant containers and resources inherit the policy.

Question 18

How do contradictions in policies work in Azure?

Answer 18

A contradictory policy cannot be created at lower levels. At higher levels, the “higher” policy takes precedence. (Verify)

Question 19

How can the management of a single user’s permissions across several different subscriptions be simplified?

Answer 19

A management group - if the subscriptions are appropriate for being placed into a management group, or are already in one.

Question 20

What level of depth can a management group tree support?

Answer 20

Six levels of depth, not including the root level or subscription level (nested groups up to six).

Question 21

What are Azure Management Groups used for?

Answer 21

Managing access permissions, policies, and compliance across a group of Azure subscriptions.

Question 22

How many parents can a management group or subscription support?

Answer 22

Only one.

Question 23

What are the security types for VMs in Azure

Answer 23

Standard
Trusted launch
Confidential

Question 24

What is the trusted launch security type for VMs?

Answer 24

It protects against persistent and advanced threats with configurable features like secure boot and virtual TPM (vTPM). Designed to meet security compliance requirements and provide stronger protections.

Question 25

What is the confidential security type for VMs?

Answer 25

Trusted launch features with higher confidentiality and integrity, leveraging hardware-based Trusted Execution Environments (TEEs) to ensure that data is protected from access by cloud operators and other VMs on the same host.

Confidential VMs are ideal for sensitive workloads requiring the highest level of data confidentiality.

Question 26

When are VMs the ideal choice?

Answer 26

When you need:

• Total control over the OS
• To be able to use custom software
• To use custom hosting configurations

Question 27

Are VMs IaaS, PaaS, or SaaS?

Answer 27

IaaS

Question 28

What’s the difference between availability sets and scale sets for VMs?

Answer 28

Availability sets distribute VMs across multiple physical servers in a datacenter, providing resilience and availability. Scale sets are exact duplicates that are load balanced, providing auto-scaling and high availability.

Question 29

How do you handle load balancing for VM scale sets?

Answer 29

Load balancers can be deployed automatically or assigned at the time of creation (portal, CLI, or ARM). Health probes can be added and used as the VM health check for load balancing. After the load balancer is created/associated, it can be managed as a normal Azure resource.

Question 30

By default, how many fault domains will a VM be distributed across in an availability set?

Answer 30

3

Question 31

In what domains are VMs grouped within an availability set?

Answer 31

Update domains and fault domains.

Question 32

What is a VM update domain?

Answer 32

In an availability set, the update domain is a grouping where all VMs contained will be updated together. The number of update domains for an availability set can be set manually. There is a 30 minute recovery window before Azure rolls an update out to the next update domain.

Question 33

What are the max number of update domains and fault domains for availability sets?

Answer 33

Update domains: 20
Fault domains: 3