Crucial Exams

Microsoft Azure Solutions Architect Expert AZ-305 Practice Question

Your company has 15 spoke virtual networks peered to a central hub in Azure. Each spoke hosts workloads that must access the internet and on-premises networks. The security team requires a single service in the hub that inspects inbound and outbound traffic up to layer 7, blocks malicious IPs using Microsoft threat-intelligence feeds, and automatically scales while remaining available during an availability-zone failure. Which design should you implement?

  • Associate Network Security Groups with every subnet in the spokes and enable adaptive network hardening to block malicious IPs.

  • Enable Azure DDoS Protection Standard on the hub virtual network to mitigate attacks and rely on default system routes for traffic inspection.

  • Provision a regional Application Gateway with Web Application Firewall in the hub and configure the gateway IP as the next hop for all spoke traffic.

  • Deploy Azure Firewall Premium in the hub virtual network, enable zone-redundant deployment, and add user-defined routes in each spoke to send all traffic through the firewall.

Microsoft Azure Solutions Architect Expert AZ-305
Design infrastructure solutions
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot