Crucial Exams

Microsoft Azure Solutions Architect Expert AZ-305 Practice Question

An Azure Kubernetes Service (AKS) cluster has 40 nodes in two private subnets of a hub-and-spoke virtual network. Pods open tens of thousands of concurrent TCP sessions to partner SaaS endpoints that will whitelist only one public IPv4 address. Corporate policy blocks unsolicited inbound traffic to the node subnets. You must design egress so that:

  • All outbound traffic uses a single static public IP
  • SNAT ports scale automatically to avoid exhaustion
  • No pod changes or operational overhead are required

Which Azure service meets the requirements?

  • Create a Standard Public Load Balancer for the cluster nodes and configure an outbound rule that uses a static front-end IP.

  • Deploy an Azure Application Gateway with Web Application Firewall and route all egress traffic through it.

  • Attach an Azure NAT Gateway to the two AKS node subnets and assign it a single static public IP address.

  • Assign instance-level public IP addresses to every AKS node and restrict inbound NSG rules to outbound-only traffic.

Microsoft Azure Solutions Architect Expert AZ-305
Design infrastructure solutions
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot