🔒 Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided AZ-305 Domain 3
Domain 3 — Module 2 of 5 40%
15 of 30 overall

AZ-305 Study Guide

Domain 1: Design Identity, Governance, and Monitoring Solutions

  • Monitoring & Logging Design
  • Choosing Authentication Methods
  • Designing Identity Management
  • Authorizing Access to Resources
  • Secrets, Keys & Certificates
  • Governance at Scale
  • Compliance & Identity Governance

Domain 2: Design Data Storage Solutions

  • Relational Data: Choosing Your SQL Platform
  • Database Performance & Scalability
  • Database Security & Compliance
  • Cosmos DB & Semi-Structured Data
  • Blob, Data Lake & Azure Files
  • Data Integration & Analytics

Domain 3: Design Business Continuity Solutions

  • Recovery Objectives: RPO, RTO & SLA Free
  • Backup & Recovery for Compute Free
  • Backup for Databases & Unstructured Data Free
  • High Availability for Compute Free
  • High Availability for Data Free

Domain 4: Design Infrastructure Solutions

  • Compute Design: VMs & When to Use Them
  • Container Solutions: AKS, ACI & Container Apps
  • Serverless & Batch Processing
  • Messaging Architecture
  • Event-Driven Architecture
  • API Integration & Caching
  • App Configuration & Automated Deployment
  • Migration Strategy & Assessment
  • Executing Migrations
  • Network Connectivity: Internet & Hybrid
  • Network Security & Performance
  • Load Balancing & Routing

AZ-305 Study Guide

Domain 1: Design Identity, Governance, and Monitoring Solutions

  • Monitoring & Logging Design
  • Choosing Authentication Methods
  • Designing Identity Management
  • Authorizing Access to Resources
  • Secrets, Keys & Certificates
  • Governance at Scale
  • Compliance & Identity Governance

Domain 2: Design Data Storage Solutions

  • Relational Data: Choosing Your SQL Platform
  • Database Performance & Scalability
  • Database Security & Compliance
  • Cosmos DB & Semi-Structured Data
  • Blob, Data Lake & Azure Files
  • Data Integration & Analytics

Domain 3: Design Business Continuity Solutions

  • Recovery Objectives: RPO, RTO & SLA Free
  • Backup & Recovery for Compute Free
  • Backup for Databases & Unstructured Data Free
  • High Availability for Compute Free
  • High Availability for Data Free

Domain 4: Design Infrastructure Solutions

  • Compute Design: VMs & When to Use Them
  • Container Solutions: AKS, ACI & Container Apps
  • Serverless & Batch Processing
  • Messaging Architecture
  • Event-Driven Architecture
  • API Integration & Caching
  • App Configuration & Automated Deployment
  • Migration Strategy & Assessment
  • Executing Migrations
  • Network Connectivity: Internet & Hybrid
  • Network Security & Performance
  • Load Balancing & Routing
Domain 3: Design Business Continuity Solutions Free ⏱ ~15 min read

Backup & Recovery for Compute

Azure Backup, VM snapshots, and Azure Site Recovery — design a compute backup strategy that matches your RPO/RTO requirements without breaking the budget.

Compute backup design

☕ Simple explanation

Backing up a VM is like taking a photo of your desk. Azure Backup takes consistent “photos” (snapshots) of your entire VM — OS, data, applications — so you can restore to that exact point if something breaks.

Three tools: Azure Backup (scheduled, policy-driven backups to a vault), VM snapshots (instant point-in-time copy of disks), and Azure Site Recovery (continuous replication for disaster recovery — different from backup).

Compute backup architecture in AZ-305 covers:

  • Azure Backup: Policy-based backup with retention, cross-region restore, and RBAC-controlled recovery
  • VM snapshots: Instant disk-level copies — faster than backup but no lifecycle management
  • Azure Site Recovery (ASR): Continuous replication to a secondary region for DR (not backup — different purpose)
  • Recovery Services Vault vs Backup Vault: Where backups are stored and managed

Azure Backup vs snapshots vs Site Recovery

Compute Protection Options
FactorAzure BackupVM Disk SnapshotsAzure Site Recovery (ASR)
PurposeScheduled backup with retentionInstant point-in-time disk copyContinuous replication for DR failover
RPOHours (policy-based schedule)Manual — at time of snapshotMinutes (continuous replication)
RTOHours (restore from vault)Minutes (create VM from snapshot)Minutes (orchestrated failover)
RetentionDays to years (configurable policy)Manual management (no auto-delete)Current state only (no historical versions)
Cross-regionYes — cross-region restore from GRS vaultNo — same region onlyYes — replicates to secondary region
Application consistencyYes — VSS integration for Windows, scripts for LinuxCrash-consistent onlyYes — application-consistent recovery points
CostPer-instance + storageSnapshot storage onlyPer-protected instance + compute in target region
Best forOperational recovery (accidental deletion, corruption)Pre-change snapshots (before patching)Regional disaster recovery (region outage)

Critical distinction: Azure Backup and Azure Site Recovery solve different problems. Backup is for “I need yesterday’s data” (operational recovery). ASR is for “the entire region is down, fail over NOW” (disaster recovery). Most production VMs need both.

Azure Backup policies

Policy SettingOptionsDesign Guidance
FrequencyDaily, hourly (Enhanced policy)Daily for most; hourly for databases or critical apps
RetentionDays, weeks, months, years30 days operational + monthly/yearly for compliance
Instant restore1-5 days (snapshot tier)Enables fast restore from local snapshot before vault
Cross-region restoreEnabled on GRS vaultsEnable for workloads needing regional DR from backup
Soft delete14-day default recovery window (configurable up to 180 days)Always enable — protects against ransomware deleting backups

🏗️ Priya’s backup design: GlobalTech’s production VMs:

  • Daily backup at 2 AM (off-peak), retain 30 days
  • Weekly checkpoint retained for 12 weeks
  • Monthly checkpoint retained for 12 months
  • Yearly checkpoint retained for 7 years (regulatory compliance)
  • GRS vault with cross-region restore enabled
  • Soft delete enabled — ransomware can’t delete backups

Azure Site Recovery for DR

ASR continuously replicates VMs to a secondary region:

FeatureDetail
ReplicationContinuous — changes replicated every few minutes
FailoverOrchestrated — run a recovery plan that starts VMs in sequence
FailbackReverse replication back to primary after recovery
Recovery plansDefine VM startup order, pre/post scripts, manual steps
Test failoverValidate DR without affecting production (isolated network)

🏦 Elena’s DR architecture: FinSecure Bank’s critical VMs:

  • ASR replicates to the paired region (West Europe → North Europe)
  • Recovery plan starts databases first, then application servers, then web frontends
  • Monthly DR drill — test failover to validate the plan works
  • Azure Backup runs alongside ASR — backup for operational recovery, ASR for regional DR
💡 Exam tip: Backup ≠ DR — you often need both

A common exam question pattern: “The company needs to recover from accidental data deletion AND survive a regional outage.” The answer is Azure Backup (data recovery) PLUS Azure Site Recovery (regional DR). Neither alone covers both scenarios. Backup doesn’t keep VMs running during an outage. ASR doesn’t let you restore to a point 3 days ago.

Knowledge check

Question

What's the difference between Azure Backup and Azure Site Recovery?

Click or press Enter to reveal answer

Answer

Azure Backup: scheduled point-in-time backups for operational recovery (data loss, corruption, accidental deletion). RPO: hours. RTO: hours. Azure Site Recovery: continuous replication for disaster recovery (regional failure). RPO: minutes. RTO: minutes. Use both for comprehensive protection.

Click to flip back
Question

What does soft delete protect against in Azure Backup?

Click or press Enter to reveal answer

Answer

Soft delete prevents backup data from being permanently deleted for a configurable period (default 14 days, up to 180 days). This protects against ransomware attacks that attempt to delete backups before encrypting production data. Always enable soft delete on Recovery Services vaults.

Click to flip back
Question

What is multi-user authorization (MUA) for Azure Backup?

Click or press Enter to reveal answer

Answer

MUA requires approval from a Resource Guard in a separate subscription before anyone can disable soft delete, reduce retention, or stop backup. Even a compromised admin account can't destroy backups alone — a second identity must approve. Essential for ransomware protection in high-security environments.

Click to flip back
Knowledge Check

🏗️ GlobalTech needs their production VMs to survive a regional outage (RTO: 15 minutes) AND be recoverable from accidental data corruption (recover to any point in the last 30 days). Which combination should Priya recommend?
Knowledge Check

🏛️ David's government agency needs to protect VM backups from a compromised admin account. Even a global administrator should not be able to delete or disable backups without a second authorisation. Which Azure Backup feature should David enable?

🎬 Video coming soon

Next up: Compute is protected — now let’s back up databases and unstructured data — Backup for Databases & Unstructured Data.

← Previous

Recovery Objectives: RPO, RTO & SLA

Next →

Backup for Databases & Unstructured Data

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.