Exam AZ-303

What´s in the exam:

Total of 54 Questions and No Labs. Includes 4 Case Studies

TOPICS AND SUBTOPICS (questions I remember)

 Monitoring
o Azure Monitor: Main features (queries and metrics)
o Automation Runbooks
o Alerts (action groups and rules conditions)
o Log analytics Workspace (what data can be monitored in a VM Linux / VM
Windows)

 Access
o RBAC Roles (capabilities of contributor vs owner)
o Implementation of RBAC in case studies

 Cost Management
o Differences between Storage Accounts (costs: which one is cheaper considering
that replicates in a different scope, for example Locally Redundant Storage (LRS)
vs Zone-Redundant Storage (ZRS)
o Azure Advisor blade main features

 Azure AD
o Roles required to implement AD Connect
o Conditional Access (MFA)
o Enterprise State Roaming feature (example in Windows 10 VMs)
o Review Access (email notifications in a group condition)

 VM Management
o Example of Availability Set (You must understand the concepts of fault Domain,
Update domains.
o VMSS (examples, “how many VMs will be available during an outage?”)
o Autoscaling (schedule and conditional)

 Networking
o Detailed configuration of network peering (study the wizard)
o Azure Application Gateway Capabilities on traffic (SSL, web sockets)
 o Internal and External Load Balancers examples use cases (route path, web
header)
o Azure Traffic Manager profiles configuration

 Containers
o Example on how to create a Container Image
o Uses cases, considering costs AKS vs Container Instances vs Web Apps

 Azure Migrate
o Number of Agents to install in a Hyper-V site considering hosts and clusters
o Study Main wizard (step by step)

 NoSQL and Cosmos DB

o Queries on MongoDB to obtain specific results. They ask concepts as consistency
and indexing.

 Azure SQL
o Server-Side Transactions on Managed Instances
o Elastic Pools (when applies)
o Resource Groups and Servers locations association

GREAT preparation KIT:

https://github.com/mowen/az-303-prep-kit

Reference to Microsoft Docs (important to understand the concepts

and build an example):

Implement cloud infrastructure monitoring

 monitor security
o Azure infrastructure monitoring
o Strengthen your security posture with Azure Security Center
o Security Control: Logging and Monitoring
o Tutorial: Visualize and monitor your data
o What is Azure Security Center?
o https://www.skylinesacademy.com/blog/2020/2/5/azure-
security-part-1
o https://www.skylinesacademy.com/blog/2020/3/3/azure-
security-part-2-understanding-azure-policies
 o https://www.skylinesacademy.com/blog/2020/4/15/azure-
security-part-3-security-center-alerts-and-automation-
workflows
 monitor performance
o Create diagnostic setting to collect platform logs and metrics
in Azure
o Create diagnostic setting in Azure using a Resource Manager
template
o Metric Baseline – Get
o Azure Monitor overview
o Quickstart: Monitor an Azure resource with Azure Monitor
o Azure Monitor Workbooks
o Azure Monitor workbook visualizations
o Collect data from an Azure virtual machine with Azure
Monitor
 monitor health and availability
o Azure Service Health
o Resource Health overview
 monitor cost
o Monitoring your cloud costs
o Use cost alerts to monitor usage and spending
o Download or view your Azure billing invoice and daily usage
data
 configure advanced logging
o What is Application Insights?
o Overview of Insights in Azure Monitor
 configure logging for workloads
o Logs in Azure Monitor
 initiate automated responses by using Action Groups
o Create and manage action groups in the Azure portal
 configure and manage advanced alerts
o Create, view, and manage log alerts using Azure Monitor
o Manage alert instances with unified alerts
 o Create diagnostic setting to collect platform logs and metrics
in Azure

o Overview of alerts in Microsoft Azure

o Create a Log Analytics workspace in the Azure portal

Implement storage accounts

 select storage account options based on a use case

o Storage account overview
o Storage Options Explained
o Introduction to Azure Storage
 configure Azure Files and blob storage
o Create an Azure file share
o Introduction to Azure Blob storage
 configure network access to the storage account
o Configure Azure Storage firewalls and virtual networks
 implement Shared Access Signatures and access policies
o Delegate access with a shared access signature
o Grant limited access to Azure Storage resources using shared
access signatures (SAS)
 implement Azure AD authentication for storage
o Azure Storage – Data Security and Authentication
o Authorize access to blobs and queues using Azure Active
Directory
 manage access keys
o Manage storage account access keys
 implement Azure storage replication
o Storage Replication Explained
o Azure Storage redundancy
o Disaster recovery and account failover
 implement Azure storage account failover
o Initiate a storage account failover

Implement VMs for Windows and Linux

  configure High Availability
o Availability options for virtual machines in Azure
o Manage the availability of Windows virtual machines in Azure
o Tutorial: Create and deploy highly available virtual machines
with Azure PowerShell
 configure storage for VMs
o Introduction to Azure managed disks
o Attach a managed data disk to a Windows VM by using the
Azure portal
o Attach a data disk to a Windows VM with PowerShell
o What disk types are available in Azure?
 select virtual machine size
o What are virtual machine scale sets?
o Sizes for Windows virtual machines in Azure
o Sizes for Linux virtual machines in Azure
 implement Azure Dedicated Hosts
o Deploy VMs to dedicated hosts using the portal
o Azure Dedicated Hosts
 deploy and configure scale sets
o What are virtual machine scale sets?
 configure Azure Disk Encryption
o Azure Disk Encryption for Linux VMs
o Azure Disk Encryption for Windows VMs
o Azure Disk Encryption for virtual machines and virtual
machine scale sets

Automate deployment and configuration of resources

 Introduction to ARM templates

 save a deployment as an Azure Resource Manager template
o Download the template for a VM
o Single and multi-resource export to a template in Azure
portal
 modify Azure Resource Manager template
 o Extend Azure Resource Manager template functionality
o Azure Resource Manager templates overview
o Tutorial: Create and deploy your first Azure Resource
Manager template
 evaluate location of new resources
o Conditional deployment in Resource Manager templates
o Set resource location in Resource Manager template
 configure a virtual disk template
o Create a VM from a VHD by using the Azure portal
 deploy from a template
o Tutorial: Create and deploy your first ARM template
o Download the template for a VM
 manage a template library
o Azure Resource Manager templates overview
 create and execute an automation runbook
o Start a runbook in Azure Automation
o Create an Azure Automation runbook

Implement virtual networking

 implement VNet to VNet connections

o Configure a VNet-to-VNet VPN gateway connection by using
the Azure portal
 implement VNet peering
o Virtual network peering
o Tutorial: Connect virtual networks with virtual network
peering using the Azure portal
o Create, change, or delete a virtual network peering

Implement Azure Active Directory

 Authentication in Azure/M365
 add custom domains
 o Add your custom domain name using the Azure Active
Directory portal

 configure Azure AD Identity Protection

o What is Azure Active Directory Identity Protection?
 implement self-service password reset
o Plan an Azure Active Directory self-service password reset
o How it works: Azure AD self-service password reset
o Licensing requirements for Azure AD self-service password
reset
 implement Conditional Access including MFA
o Building a Conditional Access policy
o Conditional Access: Require MFA for all users
o Conditional Access: Risk-based Conditional Access
 configure user accounts for MFA
 Tutorial: Secure user sign-in events with Azure Multi-Factor
Authentication
 Enable per-user Azure Multi-Factor Authentication to secure sign-in
events

 configure fraud alerts

o Fraud alert
o Reports in Azure Multi-Factor Authentication
o Configure Azure Multi-Factor Authentication settings
 configure bypass options
o Configure Azure Multi-Factor Authentication settings
 configure Trusted IPs
o Trusted IPs
o Quickstart: Configure named locations in Azure Active
Directory
o What is the location condition in Azure Active Directory
Conditional Access?
 configure verification methods
 o Verification methods
o Change your two-factor verification method and settings
o What is the Additional verification page?
 implement and manage guest accounts
o What is guest user access in Azure Active Directory B2B?
o Manage guest access with Azure AD access reviews
o Quickstart: Add guest users to your directory in the Azure
portal
 manage multiple directories
o Understand how multiple Azure Active Directory tenants
interact

Implement and manage hybrid identities

 install and configure Azure AD Connect

o What is Azure AD Connect?
o Custom installation of Azure AD Connect
o Select which installation type to use for Azure AD Connect
 identity synchronization options
o Identity synchronization and duplicate attribute resiliency
o Azure AD Connect sync: Understand and customize
synchronization
o Azure Active Directory Hybrid Identity Design Considerations
 configure and manage password sync and password writeback
o Azure AD Connect sync: Understanding the architecture
o Implement password hash synchronization with Azure AD
Connect sync
o Tutorial: Enable Azure Active Directory self-service password
reset writeback to an on-premises environment
o Azure AD Connect: Enabling device writeback
o What is password writeback?
 configure single sign-on
o Azure Active Directory Seamless Single Sign-On: Quick start
o Azure Active Directory Seamless Single Sign-On: Frequently
asked questions
  use Azure AD Connect Health
o What is Azure AD Connect?
o Azure Active Directory Connect Health operations
 Implement management and security solutions (25-30%)

Manage workloads in Azure

 migrate workloads using Azure Migrate

o About Azure Migrate
o Create an Azure VM assessment
o Prepare on-premises machines for migration to Azure
o Prepare VMware VMs for assessment and migration to Azure
o Assess VMware VMs by using Azure Migrate Server
Assessment
o Select a VMware migration option
o Migrate VMware VMs to Azure (agentless)
o Migrate VMware VMs to Azure (agent-based)
 implement Azure Backup for VMs
o An overview of Azure VM backup
o Get improved backup and restore performance with Azure
Backup Instant Restore capability
 implement disaster recovery
o Set up disaster recovery to a secondary Azure region for an
Azure VM
 implement Azure Update Management
o Update Management solution in Azure
o Enable Update Management from the Azure portal
o Enable Update Management, Change Tracking, and Inventory
solutions on multiple VMs
o Manage updates and patches for your Azure VMs

Implement load balancing and network security

 implement Azure Load Balancer

o Azure Load Balancer concepts
 o Tutorial: Balance internal traffic load with a Basic load
balancer in the Azure portal

o Create an internal load balancer by using the Azure

PowerShell module
o Quickstart: Create a Load Balancer to load balance VMs using
the Azure portal
 implement an application gateway
o Application Gateway configuration overview
o How an application gateway works
 implement a Web Application Firewall
o What is Azure Web Application Firewall?
o Azure Web Application Firewall on Azure Application Gateway
 implement Azure Firewall
o Tutorial: Deploy and configure Azure Firewall using the Azure
portal
 implement the Azure Front Door Service
o What is Azure Front Door?
o Quickstart: Create a Front Door for a highly available global
web application
 implement Azure Traffic Manager
o What is Traffic Manager?
o Quickstart: Create a Traffic Manager profile using the Azure
portal
 implement Network Security Groups and Application Security
Groups
o Security groups
o Create, change, or delete a network security group
 implement Bastion
o Create an Azure Bastion host

Implement and manage Azure governance solutions

 create and manage hierarchical structure that contains

management groups, subscriptions and resource groups
o Azure Resource Manager overview
 o Organize your Azure resources
o Create management groups for resource organization and
management
o Manage Azure Resource Manager resource groups by using
the Azure portal
o Azure subscription and service limits, quotas, and constraints
 assign RBAC roles
o Role-based Access Control and Azure Policies
o What is Azure role-based access control (Azure RBAC)?
o Add or remove role assignments using Azure RBAC and the
Azure portal
o Best practices for Azure RBAC
 create a custom RBAC role
o Azure custom roles
o Tutorial: Create a custom role for Azure resources using
Azure PowerShell
 configure access to Azure resources by assigning roles
o Tutorial: Grant a user access to Azure resources using the
Azure portal
 configure management access to Azure
o Manage access to Azure management with Conditional
Access
o Manage access to Azure resources with Azure AD Privileged
Identity Management
o Add or remove role assignments using Azure RBAC and the
Azure portal
 interpret effective permissions
o What is role-based access control (RBAC) for Azure
resources?
o Quickstart: View the access a user has to Azure resources
 set up and perform an access review
o What are Azure AD access reviews?
 implement and configure an Azure Policy
o What is Azure Policy?
 o Quickstart: Create a policy assignment to identify non-
compliant resources

o Tutorial: Create and manage policies to enforce compliance

 implement and configure an Azure Blueprint
o What is Azure Blueprints?
o Quickstart: Define and assign a blueprint in the portal

Manage security for applications

 implement and configure KeyVault

o What is Azure Key Vault?
o Azure Key Vault basic concepts
o About keys, secrets, and certificates
 implement and configure Azure AD Managed Identities
o What are managed identities for Azure resources?
 register and manage applications in Azure AD
o Tutorial: Register an application in Azure Active Directory
B2C

 Implement solutions for apps (10-15%)

Implement an application infrastructure

 create and configure Azure App Service

o App Service overview
o Introduction to the App Service Environments
o Custom configuration and application settings in Azure Web
Sites
o Configure an App Service app in the Azure portal
o Buy a custom domain name for Azure App Service
o Create an ASP.NET Core web app in Azure
 create an App Service Web App for Containers
o Deploy a custom Linux container to Azure App Service
o Run a custom Windows container in Azure (Preview)
  create and configure an App Service plan
o Azure App Service plan overview
o Manage an App Service plan in Azure
o Configure an App Service app in the Azure portal

 configure an App Service

o Custom configuration and application settings in Azure Web
Sites
o Configure an App Service app in the Azure portal
o Buy a custom domain name for Azure App Service
 configure networking for an App Service
o Integrate your app with an Azure Virtual Network
o Networking considerations for an App Service Environment
o App Service networking features
 create and manage deployment slots
o Set up staging environments in Azure App Service
 implement Logic Apps
o Overview – What is Azure Logic Apps?
o Quickstart: Create your first workflow by using Azure Logic
Apps – Azure portal
o Quickstart: Create automated tasks, processes, and
workflows with Azure Logic Apps – Visual Studio
o Quickstart: Create and manage logic app workflow definitions
by using Visual Studio Code
 implement Azure Functions
o An introduction to Azure Functions
o Azure Functions HTTP triggers and bindings overview
o What are Durable Functions?

Implement container-based applications

 create a container image

o Tutorial: Build and deploy container images in the cloud with
Azure Container Registry Tasks
 o Tutorial: Create container images on a Linux Service Fabric
cluster
o Tutorial: Create a container image for deployment to Azure
Container Instances
 configure Azure Kubernetes Service
o What is Azure Kubernetes Service?
o Azure Kubernetes Service (AKS)
o Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster
using the Azure portal
o Tutorial: Prepare an application for Azure Kubernetes Service
(AKS)
 publish and automate image deployment to the Azure Container
Registry
o Push your first image to a private Docker container registry
using the Docker CLI
o Tutorial: Build and deploy container images in the cloud with
Azure Container Registry Tasks
 publish a solution on an Azure Container Instance
o What is Azure Container Instances?
o Tutorial: Create a container image for deployment to Azure
Container Instances
o Quickstart: Deploy a container instance in Azure using the
Azure portal
o Quickstart: Deploy a container instance in Azure using the
Azure CLI
 Implement and manage data platforms (10-15%)

Implement NoSQL databases

 configure storage account tables

o Azure Table storage overview
o Understanding the Table service data model
 select appropriate CosmosDB APIs
o Welcome to Azure Cosmos DB
o Introduction to the Azure Cosmos DB Cassandra API
 set up replicas in CosmosDB
 o Choose the right consistency level
o Consistency levels and Azure Cosmos DB APIs
o Consistency, availability, and performance tradeoffs
o Global data distribution with Azure Cosmos DB - overview

Implement Azure SQL databases

 configure Azure SQL database settings

o What is the Azure SQL Database service?
o Getting started with single databases in Azure SQL Database
o Quickstart: Create a single database in Azure SQL Database
using the Azure portal, PowerShell, and Azure CLI
o Choose the right deployment option in Azure SQL
 implement Azure SQL Database managed instances
o SQL managed instance
o What is Azure SQL Database managed instance?
o Getting started with Azure SQL Managed Instance
o Quickstart: Create an Azure SQL Database managed instance
 configure HA for an Azure SQL database
o High-availability and Azure SQL Database
 publish an Azure SQL database
o Azure SQL database deployment

TIP: on this site, some of the real questions and answers are included, but also
some of them are outdated, so I will recommend reading the documents above
and then trying to answer the questions following the discussions:

https://www.examtopics.com/exams/microsoft/az-303/
 Exam AZ-304
What´s in the exam:
Total of 56 Questions and No Labs. Includes 5 Case Studies

TOPICS AND SUBTOPICS (questions I remember)

 Application Monitoring and Orchestration

o Azure Application Logging Main features (when to monitor from JSON data,
when to monitor from logs)
o Azure Application Insights Main features
o Azure Monitor Logs configuration
o How to set up a Log Analytics Workspace (storage account, enable data
collection on elements, the retention period of data, and create queries)
o Network Watcher (i.e. and how to setup)
o Azure Notification Hubs (when they apply, how to setup)
o ITSM (How to push notifications)
o Monitoring Agent on VMs (use case)

 Azure Security
o Azure Sentinel main features
o Azure Security Center screenshots (configurations, options in the configuration
blades), notifications thru Hubs, alert actions, and alert rules.

 Azure Database
o Query Performance Insight and Automatic Tune features (examples)
o vCore vs DTU vs vCPU (Cost optimization for hybrid clouds)

 Azure Networking
o Load Balancing
 When to use Azure Front Door
 When to use Traffic Manager
 When to use External Load balancer
 Internal Load Balancer config
 Probes,
 Port forwarding
 Main differences in pricing

 Azure AD
o Implement Protection Identity Management (policies to manage, what allows
you to do)
o Permissions to apply at least privilege to configure Azure AD Connect, or IT Staff
 o Self-Reset Passwords and Smart Lock policies example (to reduce support
overhead)

 Azure Key Vault

o Deployments prevented by using Key Vault secrets (access policies)
o High Availability cases (how many vaults per region = just 1)
o Examples of Azure Vault with Web App Service

 Azure App Service

o Implementation wizard
o Scale-up vs Scale-Out Service Plan, understand costs

 Azure Cost Optimization

o How to Cost Management Budgets alerts
o
 Authentication
o Difference between Authentication (i.e. AD) and Authorization (i.e. managed
identity)
o Password Hash Sync vs Password Pass—through

 Authorization
o Please study the main difference of system managed identity vs user managed
identity. I.E: Why user managed identity reduces administrative effort
o Depending on the service: when to use RBAC, HMAC, Azure Managed Identity or
HTTPS Encryption

Recommended and “light” course:

https://courses.skylinesacademy.com/p/az304-microsoft-azure-architect-design/?
affcode=180879_-abbcgm9

Microsoft Learn AZ-304 Exam Study Guide resources

 Architect great solutions in Azure
 Architect network infrastructure in Azure
 Architect a data platform in Azure
 Architect storage infrastructure in Azure
 Architect compute infrastructure in Azure
 Architect infrastructure operations in Azure
 Architect migration, business continuity, and disaster recovery in Azure
 Architect modern applications in Azure
 Architect secure infrastructure in Azure
Microsoft Docs AZ-304 study guide resources

Design Monitoring (10-15%)

Design for cost optimization
 recommend a solution for cost management and cost reporting
 Manage Azure costs and usage
 What is Azure Cost Management and Billing?
 Quickstart: Explore and analyze costs with cost analysis
 recommend solutions to minimize costs
 Reduce service costs using Azure Advisor
 Azure Reserved VM Instances (RIs)
 What are Azure Reservations?
 How to reduce the costs of your Azure IaaS VMs (Thomas Maurer)
Design a solution for logging and monitoring
 determine levels and storage locations for logs
 Logs in Azure Monitor
 Azure diagnostic logs
 Enable diagnostics logging for apps in Azure App Service
 Create diagnostic setting to collect platform logs and metrics in Azure
 plan for integration with monitoring tools including Azure Monitor and Azure
Sentinel
 Azure Monitor overview
 Tutorial: Collect and analyze resource logs from an Azure resource
 What is Azure Sentinel?
 Quickstart: On-board Azure Sentinel
 recommend appropriate monitoring tool(s) for a solution
 Azure Monitor overview
 Best practices for monitoring cloud applications
 choose a mechanism for event routing and escalation
 What is Azure Event Grid?
 Stream Azure monitoring data to an event hub
 Create and manage action groups in the Azure portal
 recommend a logging solution for compliance requirements
 Azure security logging and auditing
 Azure security management and monitoring overview
 What is Azure Security Center?

Design Identity and Security (25-30%)

Design authentication
 recommend a solution for single-sign on
 Azure Active Directory Seamless Single Sign-On
  Single sign-on to applications in Azure Active Directory
 Configure SaaS apps for B2B collaboration
 Azure Active Directory Seamless Single Sign-On: Quick start
 Azure Active Directory Seamless Single Sign-On: Frequently asked
questions
 recommend a solution for authentication
 Authentication basics
 Authentication flows and application scenarios
 recommend a solution for Conditional Access, including multi-factor authentication
 Conditional Access: Require MFA for all users
 Conditional Access: Risk-based Conditional Access
 Tutorial: Secure user sign-in events with Azure Multi-Factor
Authentication
 recommend a solution for network access authentication
 Quickstart: Configure named locations in Azure Active Directory
 What is the location condition in Azure Active Directory Conditional
Access?
 recommend a solution for a hybrid identity including Azure AD Connect, Azure AD
Connect cloud sync and Azure AD Connect Health
 Custom installation of Azure AD Connect
 Select which installation type to use for Azure AD Connect
 Azure Active Directory Connect Health operations
 What is Azure AD Connect?
 What is Azure AD Connect cloud sync?
 recommend a solution for user self-service
 Plan an Azure Active Directory self-service password reset
 recommend and implement a solution for B2B integration
 What is guest user access in Azure Active Directory B2B?
 Compare B2B collaboration and B2C in Azure Active Directory
Design authorization
 choose an authorization approach
 Authentication basics
 recommend a hierarchical structure that includes management groups,
subscriptions and resource groups
 Overview of Management services in Azure
 Azure Resource Manager overview
 Organize your resources with Azure management groups
 Create management groups for resource organization and
management
 Manage Azure Resource Manager resource groups by using the Azure
portal
 Azure subscription and service limits, quotas, and constraints
  recommend an access management solution including RBAC policies, access
reviews, role assignments, physical access, Privileged Identity Management (PIM),
Azure AD Identity Protection, Just In Time (JIT) access
 Add or remove role assignments using Azure RBAC and the Azure portal
 What is role-based access control (RBAC) for Azure resources?
 Quickstart: View the access a user has to Azure resources
 What are Azure AD access reviews?
 What is Azure Active Directory Identity Protection?
 Secure your management ports with just-in-time access
 What is Azure AD Privileged Identity Management?
Design governance
 recommend a strategy for tagging
 Use tags to organize your Azure resources
 Use Azure Tags to organize Resources (Thomas Maurer)
 recommend a solution for using Azure Policy
 What is Azure Policy?
 Tutorial: Create and manage policies to enforce compliance
 recommend a solution for using Azure Blueprint
 What is Azure Blueprints?
 Quickstart: Define and assign a blueprint in the portal
 recommend a solution that leverages Azure Resource Graph
 What is Azure Resource Graph?
Design security for applications
 recommend a solution that includes KeyVault
 What is Azure Key Vault?
 About keys, secrets, and certificates
 recommend a solution that includes Azure AD Managed Identities
 What are managed identities for Azure resources?
 Use a Windows VM system-assigned managed identity to access
Resource Manager
 recommend a solution for integrating applications into Azure AD
 Tutorial: Register an application in Azure Active Directory B2C

Design Data Storage (15-20%)

Choose the right data store
Design a solution for databases
 select an appropriate data platform based on requirements
 What is the Azure SQL Database service?
 Choose the right deployment option in Azure SQL
 recommend database service tier sizing
 Azure SQL Database service tiers
 General purpose service tier – Azure SQL Database
  recommend a solution for database scalability
 Scalability
 recommend a solution for encrypting data at rest, data in transmission, and data in
use
 Azure Data Encryption-at-Rest
 Azure encryption overview
 Transparent data encryption for SQL Database and Azure Synapse
Design data integration
 recommend a data flow to meet business requirements
 Create Azure Data Factory Data Flow
 Source transformation in mapping data flow
 recommend a solution for data integration, including Azure Data Factory, Azure
Data Bricks, Azure Data Lake, Azure Synapse Analytics
 What is Azure Data Factory?
 What is Azure Databricks?
 What is Azure Data Lake Storage Gen1?
 Introduction to Azure Data Lake Storage Gen2
 What is Azure Synapse Analytics (formerly SQL DW)?
Select an appropriate storage account
 choose between storage tiers
 Azure Blob storage: hot, cool, and archive access tiers
 recommend a storage access solution
 Manage storage account access keys
 Introduction to Azure Storage
 Authorize access to blobs and queues using Azure Active Directory
 recommend storage management tools
 Microsoft client tools for working with Azure Storage
 Get started with AzCopy

Design Business Continuity (10-15%)

Design a solution for backup and recovery
 recommend a recovery solution for Azure hybrid and on-premises workloads that
meets recovery objectives (RTO, RLO, RPO)
 About Site Recovery
 General questions about Azure Site Recovery
 Common questions about VMware to Azure replication
 Common questions – Hyper-V to Azure disaster recovery
 What is the Azure Backup service?
 Azure Backup architecture and components
 Azure Backup Server protection matrix
 design and Azure Site Recovery solution
 About Site Recovery
  General questions about Azure Site Recovery
 recommend a solution for recovery in different regions
 Set up disaster recovery to a secondary Azure region for an Azure VM
 Azure Storage redundancy
 Disaster recovery and account failover (preview)
 Designing highly available applications using read-access geo-
redundant storage
 recommend a solution for geo-redundancy of workloads
 Use geo-redundancy to design highly available applications
 Azure Storage redundancy
 What is Traffic Manager?
 recommend a solution for Azure Backup management
 Monitor and manage Recovery Services vaults
 Azure Backup architecture and components
 design a solution for data archiving and retention
 Manage the Azure Blob storage lifecycle
 Azure Blob storage: hot, cool, and archive access tiers
Design for high availability
 recommend a solution for application and workload redundancy, including
compute, database, and storage
 What are Availability Zones in Azure?
 Tutorial: Create and deploy highly available virtual machines with Azure
PowerShell
 Azure Storage redundancy
 High-availability and Azure SQL Database
 Overview of business continuity with Azure SQL Database
 recommend a solution for autoscaling
 What are virtual machine scale sets?
 Autoscaling
 Overview of autoscale in Microsoft Azure Virtual Machines, Cloud
Services, and Web Apps
 Dynamically scale database resources with minimal downtime
 Scaling out with Azure SQL Database
 identify resources that require high availability
 Review your data options
 Achieving Compliant Data Residency and Security with Azure (White
Paper)
 identify storage types for high availability
 Disaster recovery and account failover (preview)

Design Infrastructure (25-30%)

Design a compute solution
  recommend a solution for compute provisioning
 Choose an Azure compute service for your application
 determine appropriate compute technologies, including virtual machines, App
Services, Service Fabric, Azure Functions, Windows Virtual Desktop, and containers
 Choose an Azure compute service for your application
 App Service
 Azure Kubernetes Service (AKS)
 Batch
 Container Instances
 Functions
 Service Fabric
 Virtual machines
 What is Windows Virtual Desktop?
 recommend a solution for containers
 Azure Kubernetes Service (AKS)
 What is Azure Container Instances?
 Introduction to private Docker container registries in Azure
 recommend a solution for automating compute management
 An introduction to Azure Automation
 Overview – What is Azure Logic Apps?
Design a network solution
 recommend a network architecture (hub and spoke, Virtual WAN)
 Hub-spoke network topology with Azure Virtual WAN
 recommend a solution for network addressing and name resolution
 Name resolution for resources in Azure virtual networks
 Use Azure DNS to provide custom domain settings for an Azure service
 Tutorial: Host your domain in Azure DNS
 Quickstart: Create an Azure private DNS zone using the Azure portal
 recommend a solution for network provisioning
 What is Azure Virtual Network?
 Virtual network service endpoint policies for Azure Storage
 Virtual Network service endpoints
 recommend a solution for network security including Private Link, firewalls,
gateways,
network segmentation (perimeter networks/DMZs/NVAs)
 Network security groups
 Application security groups
 Virtual network service endpoints
 Virtual network security FAQ
 What is Azure Firewall?
 Deploy highly available NVAs
 recommend a solution for network connectivity to the Internet, on-premises
networks, and other Azure virtual networks
  What is VPN Gateway?
 ExpressRoute overview
 recommend a solution for automating network management
 What is Azure Virtual Network?
 recommend a solution for load balancing and traffic routing
 Overview of load-balancing options in Azure
 Front Door
 Traffic Manager
 Application Gateway
 Azure Load Balancer
Design an application architecture
 recommend a microservices architecture including Event Grid, Event Hubs, Service
Bus, Storage Queues, Logic Apps, Azure Functions, and webhooks
 Microservices architecture style
 Event Grid
 Event Hub
 Service Bus
 Storage Queues
 Logic Apps
 Azure Functions
 webhooks
 recommend an orchestration solution for deployment of applications including
ARM templates, Logic Apps, or Azure Functions
 Extend Azure Resource Manager template functionality
 Azure Resource Manager templates overview
 Tutorial: Create and deploy your first Azure Resource Manager
template
 Logic Apps
 Azure Functions
 recommend a solution for API integration
 Basic enterprise integration on Azure
 API Management
 Integration Services
Design migrations
 assess and interpret on-premises servers, data, and applications for migration
 Azure migration center
 About Azure Migrate
 Prepare VMware VMs for assessment and migration to Azure
 Assess VMware VMs by using Azure Migrate Server Assessment
 About assessments in Azure Migrate
 Assess the readiness of a SQL Server data estate migrating to Azure SQL
Database using the Data Migration Assistant
 recommend a solution for migrating applications and VMs
  About Azure Migrate
 Select a VMware migration option
 recommend a solution for migration of databases
 Assess the readiness of a SQL Server data estate migrating to Azure SQL
Database using the Data Migration Assistant
 SQL Server Migration Assistant
 determine migration scope, including redundant, related, trivial, and outdated data
 How to migrate
 recommend a solution for migrating data (Storage Migration Service, Azure Data
Box,
Azure File Sync-based migration to hybrid file server)
 Storage Migration Service overview
 What is Azure Data Box?
 What is Azure File Sync?

TIP: This site contains MOST of the real questions and answers. But most of them are also
wrong answered!! So please be careful to go over the discussions, you will see the real and
correct answer there
https://www.examtopics.com/exams/microsoft/az-304/