Ian's blog
0%

Passed Microsoft Azure Architect Technologies AZ300 Exam on 23rd July

Posted on Disqus:

The preparation for AZ300 is pretty straight forward to me right after AWS SAP exam. The study path is very identical like storage, computing, security, etc. But there are huge differences in underlying technologies, for example, Azure Cosmos DB vs. AWS DynamoDB. I feel very intrigued to find out how things stack up differently. I like integrated Cloud Shell from Azure portal and it’s very easy to switch between Powershell and Bash.

Also AZ300 is very case study oriented. I like AZ300 official site which provides hands-on labs and case scenarios analysis. Comparing with AWS SAP, I feel AZ300 is more practical and less theory. You need to have intermediate programming skills and understand Microsoft technology stack. The exam has labs and coding related questions to test your real operating skills.

The Azure material at Linux Academy is OK but not as robust as AWS related courses. It breaks up Azure technologies by components unlike the case studies from AZ300 official site which is focusing on real solutions design and how to assemble a combination of Azure technologies.

Azure knowledge site is pretty resourceful as well but topics are a bit scattered all over the place. I tight up everything as below.

Azure Product Documentation

  1. Active Directory (AAD)
  2. App Service
  3. Batch
  4. Cognitive Services
  5. Container Registry
  6. Event Grid
  7. Event Hubs
  8. Function Apps
  9. IoT Hub
  10. Kubernetes Service
  11. Logic Apps
  12. Monitor
  13. Notification Hubs
  14. SendGrid
  15. Service Bus Messaging
  16. Service Bus Relay
  17. Site Recovery
  18. Storage
  19. Virtual Machines
  20. Virtual Network

Some relevant research

  1. Performance Anomaly Detection in Multi-Server Distributed Systems
  2. Azure Architecture Center
  3. Azure Quickstart Templates
  4. Pluralsight course
  5. Splunk with Azure

Ignite 2018 talk on exam

AZ-300 Technologies

AZ300 Exam Objectives

The content of this exam was updated on December 4, 2019
Exam AZ-300: Microsoft Azure Architect Technologies Skills Measured

Deploy and Configure Infrastructure (40-45%)

Analyze resource utilization and consumption

  1. Configure diagnostic settings on resources
  2. Create baseline for resources
  3. Create and rest alerts
  4. Analyze alerts across subscription
  5. Analyze metrics across subscription
  6. Create action groups
  7. Monitor for unused resources
  8. Monitor spend
  9. Report on spend
  10. Utilize Log Search query functions
  11. View alerts in Monitor logs
  12. visualize diagnostics data using Azure Monitor Workbooks

Create and Configure storage accounts

  1. Configure network access to the storage account
  2. Create and configure storage account
  3. Generate shared access signature
  4. implement Azure AD authentication for storage
  5. Install and use Azure Storage Explorer
  6. Manage access keys
  7. Monitor activity log by using Log Analytics
  8. Implement Azure storage replication
  9. implement Azure storage account failover

Create and configure a Virtual Machine (VM) for Windows and Linux

  1. Configure high availability
  2. Configure monitoring
  3. Configure networking
  4. Configure storage
  5. Configure virtual machine size
  6. implement dedicated hosts
  7. Deploy and configure scale sets

Automate deployment of Virtual Machines (VMs)

  1. Modify Azure Resource Manager (ARM) template
  2. Configure location of new VMs
  3. Configure VHD template
  4. Deploy from template
  5. Save a deployment as an ARM template
  6. Deploy Windows and Linux VMs

Create connectivity between virtual networks

  1. Create and configure VNET peering
  2. Create and configure VNET to VNET
  3. Verify virtual network connectivity
  4. create virtual network gateway

Implement and manage virtual networking

  1. Configure private IP addresses
  2. configure public IP addresses
  3. create and configure network routes
  4. create and configure network interface
  5. create and configure subnets
  6. create and configure virtual network
  7. create and configure Network Security Groups and Application Security Groups

Manage Azure Active Directory (AD)

  1. Add custom domains
  2. Configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming
  3. Configure self-service password reset
  4. Implement conditional access policies
  5. Manage multiple directories
  6. Perform an access review

Implement and manage hybrid identities

  1. Install and configure Azure AD Connect
  2. Configure federation and single sign-on
  3. Manage Azure AD Connect
  4. Manage password sync and writeback

Implement Workloads and Security (25-30%)

Migrate servers to Azure

  1. Migrate by using Azure Site Recovery (ASR)
  2. Migrate using P2V
  3. Create a backup vault
  4. Prepare source and target environments
  5. Backup and restore data
  6. Deploy Azure Site Recovery (ASR) agent
  7. Prepare virtual network

Configure serverless computing

  1. Create and manage objects
  2. Manage a Logic App resource
  3. Manage Azure Function app settings
  4. Manage Event Grid
  5. Manage Service Bus

Implement application load balancing

  1. Configure application gateway and load balancing rules
  2. Implement front end IP configurations
  3. Manage application load balancing

Integrate on-premises network with Azure virtual network

  1. Create and configure Azure VPN Gateway
  2. Create and configure site to site VPN
  3. Configure Express Route
  4. Verify on-premises connectivity
  5. Manage on-premise connectivity with Azure

Manage role-based access control (RBAC)

  1. Create a custom role
  2. Configure access to Azure resources by assigning roles
  3. Configure management access to Azure
  4. Troubleshoot RBAC
  5. Implement RBAC policies
  6. Assign RBAC roles

Implement Multi-Factor Authentication (MFA)

  1. Enable MFA for an Azure tenant
  2. Configure user accounts for MFA
  3. Configure fraud alerts
  4. Configure bypass options
  5. Configure trusted IPs
  6. Configure verification methods

Create and Deploy Apps (5-10%)

Create web apps by using PaaS

  1. Create an Azure app service Web App
  2. Create documentation for the API
  3. Create an App Service Web App for containers
  4. Create an App Service background task by using WebJobs
  5. Enable diagnostics logging

Design and develop apps that run in containers

  1. Configure diagnostic settings on resources
  2. Create a container image by using a Docker file
  3. Create an Azure Container Service (ACS/AKS)
  4. Publish an image to the Azure Container Registry
  5. Implement an application that runs on an Azure Container Instance
  6. Manage container settings by using code

Implement Authentication and Secure Data (5-10%)

Implement authentication

  1. Implement authentication by using certificates, forms-based authentication, tokens, or Windows-integrated authentication
  2. Implement multi-factor authentication by using Azure AD options
  3. Implement OAuth2 authentication
  4. Implement Managed Service Identity (MSI) Service Principal authentication

Implement secure data solutions

  1. Encrypt and decrypt data at rest and in transit
  2. Encrypt data with Always Encrypted
  3. Implement Azure Confidential Compute and SSL/TLS communications
  4. Create, read, update, and delete keys, secrets, and certificates by using the KeyVault API

Develop for the Cloud (20-25%)

Configure a message-based integration architecture

  1. Configure an app or service to send emails, Event Grid, and the Azure Relay Service
  2. Create and configure Notification Hub, Event Hub, and Service Bus
  3. Configure queries across multiple products

Develop for autoscaling

  1. Implement autoscaling rules and patterns schedule, operational/system metrics, code that addresses singleton application instances
  2. Implement code that addresses transient state