/Azure-Solutions-Architect-Expert-Exam

Prep material for AZ-300 and AZ-301 new Microsoft Azure exams

MIT LicenseMIT

Microsoft Certified Azure Solutions Architect Expert

This project is my study guide to Exams AZ-300: Microsoft Azure Architect Technologies and AZ-301: Microsoft Azure Architect Design. Below is a Table of Contents that has links to all different parts of the Exam. Everything on the official site for the exam is found here verbatim. The detailed breakdown of the individual components are in the respective exam directories and are presented in an outline style with links to documentation on each Azure resource in the exams. Enjoy!

Inspired by a similar repo for 70-535 exam and Pixel robots who have put up some addtional links that I am consulting for reference.

STATUS: First section of AZ-300! Patches are welcome. Soon I will try to add more material for each section!

TABLE OF CONTENTS

Analyze resource utilization and consumption

  • configure diagnostic settings on resources
  • create baseline for resources
  • create and rest alerts
  • analyze alerts across subscription
  • analyze metrics across subscription
  • create action groups
  • monitor for unused resources
  • monitor spend
  • report on spend
  • utilize Log Search query functions
  • view alerts in Log Analytics

Create and configure storage accounts

  • configure network access to the storage account
  • create and configure storage account
  • generate shared access signature
  • install and use Azure Storage Explorer
  • manage access keys
  • monitor activity log by using Log Analytics
  • implement Azure storage replication

Create and configure a Virtual Machine (VM) for Windows and Linux

  • configure high availability
  • configure monitoring, networking, storage, and virtual machine size
  • deploy and configure scale sets

Automate deployment of Virtual Machines (VMs)

  • modify Azure Resource Manager (ARM) template
  • configure location of new VMs
  • configure VHD template
  • deploy from template
  • save a deployment as an ARM template
  • deploy Windows and Linux VMs

Create connectivity between virtual networks

  • create and configure VNET peering
  • create and configure VNET to VNET
  • verify virtual network connectivity
  • create virtual network gateway

Implement and manage virtual networking

  • configure private and public IP addresses, network routes, network interface, subnets, and virtual network

Manage Azure Active Directory (AD)

  • add custom domains
  • configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming
  • configure self-service password reset
  • implement conditional access policies
  • manage multiple directories
  • perform an access review

Implement and manage hybrid identities

  • install and configure Azure AD Connect
  • configure federation and single sign-on
  • manage Azure AD Connect
  • manage password sync and writeback

Migrate servers to Azure

  • migrate by using Azure Site Recovery (ASR)
  • migrate using P2V
  • configure storage
  • create a backup vault
  • prepare source and target environments
  • backup and restore data
  • deploy Azure Site Recovery (ASR) agent
  • prepare virtual network

Configure serverless computing

  • create and manage objects
  • manage a Logic App resource
  • manage Azure Function app settings
  • manage Event Grid
  • manage Service Bus

Implement application load balancing

  • configure application gateway and load balancing rules
  • implement front end IP configurations
  • manage application load balancing

Integrate on-premises network with Azure virtual network

  • create and configure Azure VPN Gateway
  • create and configure site to site VPN
  • configure Express Route
  • verify on-premises connectivity
  • manage on-premises connectivity with Azure

Manage role-based access control (RBAC)

  • create a custom role
  • configure access to Azure resources by assigning roles
  • configure management access to Azure
  • troubleshoot RBAC
  • implement RBAC policies
  • assign RBAC roles

Implement Multi-Factor Authentication (MFA)

  • enable MFA for an Azure tenant
  • configure user accounts for MFA
  • configure fraud alerts
  • configure bypass options
  • configure trusted IPs
  • configure verification methods
  • manage role-based access control (RBAC)
  • implement RBAC policies
  • assign RBAC Roles
  • create a custom role
  • configure access to Azure resources by assigning roles
  • configure management access to Azure

Select an appropriate compute solution

  • leverage appropriate design patterns
  • select appropriate network connectivity options
  • design for hybrid topologies

Select an appropriate integration solution

  • address computational bottlenecks, state management, and OS requirements
  • provide for web hosting if applicable
  • evaluate minimum number of nodes

Select an appropriate storage solution

  • validate data storage technology capacity limitations
  • address durability of data
  • provide for appropriate throughput of data access
  • evaluate structure of data storage
  • provide for data archiving, retention, and compliance

Create web applications by using PaaS

  • create an Azure app service web app by using Azure CLI, PowerShell, and other tools
  • create documentation for the API by using open source and other tools
  • create an App Service Web App for containers
  • create an App Service background task by using WebJobs

Create app or service that runs on Service Fabric

  • develop a stateful Reliable Service and a stateless Reliable Service
  • develop an actor-based Reliable Service
  • write code to consume Reliable Collections in your service

Design and develop applications that run in containers

  • configure diagnostic settings on resources
  • create a container image by using a Docker file
  • create an Azure Container Service (ACS/AKS) cluster by using the Azure CLI and Azure Portal
  • publish an image to the Azure Container Registry
  • implement an application that runs on an Azure Container Instance
  • implement container instances by using Azure Container Service (ACS/AKS), Azure Service Fabric, and other tools
  • manage container settings by using code

Implement authentication

  • implement authentication by using certificates, forms-based authentication, tokens, Windows-integrated authentication
  • implement multi-factor authentication by using Azure AD options

Implement secure data solutions

  • encrypt and decrypt data at rest
  • encrypt data with Always Encrypted
  • implement Azure Confidential Compute and SSL/TLS communications
  • manage cryptographic keys in the Azure Key Vault

Develop long-running tasks

  • implement large-scale, parallel, and high-performance apps by using batches
  • implement resilient apps by using queues
  • implement code to address application events by using web hooks
  • address continuous processing tasks by using web jobs

Configure a message-based integration architecture

  • configure an app or service to send emails, Event Grid, and the Azure Relay Service
  • create and configure a Notification Hub, an Event Hub, and a Service Bus
  • configure queries across multiple products
  • configure an app or service with Microsoft Graph

Develop for asynchronous processing

  • implement parallelism, multithreading, processing, durable functions, Azure logic apps, interfaces with storage, interfaces to data access, and appropriate asynchronous compute models

Develop for autoscaling

  • implement autoscaling rules and patterns (schedule, operational/system metrics, code that addresses singleton application instances, and code that addresses transient state

Implement distributed transactions

  • identify tools to implement distributed transactions (e.g., ADO.NET, elastic transactions, multi-database transactions)
  • manage transaction scope
  • manage transactions across multiple databases and servers

Develop advanced cloud workloads

  • develop solutions by using intelligent algorithms that identify items from images and videos
  • develop solutions by using intelligent algorithms related to speech, natural language processing, Bing Search, and recommendations and decision making
  • create and integrate bots
  • integrate machine learning solutions in an app
  • create and implement IoT solutions

Determine Workload Requirements

Gather Information and Requirements

  • identify compliance requirements, identity and access management infrastructure, and service-oriented architectures (e.g., integration patterns, service design, service discoverability)
  • identify accessibility (e.g. Web Content Accessibility Guidelines), availability (e.g. Service Level Agreement), capacity planning and scalability, deploy-ability (e.g., repositories, failback, slot-based deployment), configurability, governance, maintainability (e.g. logging, debugging, troubleshooting, recovery, training), security (e.g. authentication, authorization, attacks), and sizing (e.g. support costs, optimization) requirements
  • recommend changes during project execution (ongoing)
  • evaluate products and services to align with solution
  • create testing scenarios

Optimize Consumption Strategy

  • optimize app service, compute, identity, network, and storage costs

Design an Auditing and Monitoring Strategy

  • define logical groupings (tags) for resources to be monitored
  • determine levels and storage locations for logs
  • plan for integration with monitoring tools
  • recommend appropriate monitoring tool(s) for a solution
  • specify mechanism for event routing and escalation
  • design auditing for compliance requirements
  • design auditing policies and traceability requirements

Design for Identity and Security

Design Identity Management

  • choose an identity management approach
  • design an identity delegation strategy, identity repository (including directory, application, systems, etc.)
  • design self-service identity management and user and persona provisioning
  • define personas and roles
  • recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based)

Design Authentication

  • choose an authentication approach
  • design a single-sign on approach
  • design for IPSec, logon, multi-factor, network access, and remote authentication

Design Authorization

  • choose an authorization approach
  • define access permissions and privileges
  • design secure delegated access (e.g., oAuth, OpenID, etc.)
  • recommend when and how to use API Keys

Design for Risk Prevention for Identity

  • design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access)
  • evaluate agreements involving services or products from vendors and contractors
  • update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures

Design a Monitoring Strategy for Identity and Security

  • design for alert notifications
  • design an alert and metrics strategy
  • recommend authentication monitors

Design a Data Platform Solution

Design a Data Management Strategy

  • choose between managed and unmanaged data store
  • choose between relational and non-relational databases
  • design data auditing and caching strategies
  • identify data attributes (e.g., relevancy, structure, frequency, size, durability, etc.)
  • recommend Database Transaction Unit (DTU) sizing
  • design a data retention policy
  • design for data availability, consistency, and durability
  • design a data warehouse strategy

Design a Data Protection Strategy

  • recommend geographic data storage
  • design an encryption strategy for data at rest, for data in transmission, and for data in use
  • design a scalability strategy for data
  • design secure access to data
  • design a data loss prevention (DLP) policy

Design and Document Data Flows

  • identify data flow requirements
  • create a data flow diagram
  • design a data flow to meet business requirements
  • design a data import and export strategy

Design a Monitoring Strategy for the Data Platform

  • design for alert notifications
  • design an alert and metrics strategy

Design a Business Continuity Strategy

Design a Site Recovery Strategy

  • design a recovery solution
  • design a site recovery replication policy
  • design for site recovery capacity and for storage replication
  • design site failover and failback (planned/unplanned)
  • design the site recovery network
  • recommend recovery objectives (e.g., Azure, on-prem, hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO), Recovery Point Objective (RPO))
  • identify resources that require site recovery
  • identify supported and unsupported workloads
  • recommend a geographical distribution strategy

Design for High Availability

  • design for application redundancy, autoscaling, data center and fault domain redundancy, and network redundancy
  • identify resources that require high availability
  • identify storage types for high availability

Design a disaster recovery strategy for individual workloads

  • design failover/failback scenarios
  • document recovery requirements
  • identify resources that require backup
  • recommend a geographic availability strategy

Design a Data Archiving Strategy

  • recommend storage types and methodology for data archiving
  • identify requirements for data archiving and business compliance requirements for data archiving
  • identify SLA(s) for data archiving

Design for Deployment, Migration, and Integration

Design Deployments

  • design a compute, container, data platform, messaging solution, storage, and web app and service deployment strategy

Design Migrations

  • recommend a migration strategy
  • design data import/export strategies during migration
  • determine the appropriate application migration, data transfer, and network connectivity method
  • determine migration scope, including redundant, related, trivial, and outdated data
  • determine application and data compatibility

Design an API Integration Strategy

  • design an API gateway strategy
  • determine policies for internal and external consumption of APIs
  • recommend a hosting structure for API management

Design an Infrastructure Strategy

Design a Storage Strategy

  • design a storage provisioning strategy
  • design storage access strategy
  • identify storage requirements
  • recommend a storage solution and storage management tools

Design a Compute Strategy

  • design compute provisioning and secure compute strategies
  • determine appropriate compute technologies (e.g., virtual machines, functions, service fabric, container instances, etc.)
  • design an Azure HPC environment
  • identify compute requirements
  • recommend management tools for compute

Design a Networking Strategy

  • design network provisioning and network security strategies
  • determine appropriate network connectivity technologies
  • identify networking requirements
  • recommend network management tools

Design a Monitoring Strategy for Infrastructure

  • design for alert notifications
  • design an alert and metrics strategy