Introduction

I was speaking to one of my colleagues who didn't have much understanding of what the cloud was, so I explained it from two perspectives, one being from a consumer perspective and the other commercial. From a consumer perspective, the cloud is mostly based on software as a service (SaaS) where individuals store their files on OneDrive, Google Drive, Dropbox, etc., or consume content not residing on a computer in their house like with Netflix or Spotify. So, from a consumer perspective, the cloud is mostly about the consumption of products that historically required individuals to have compute power and local storage space of their own.

From a commercial perspective, the cloud takes on a whole other meaning, whereby a commercial user of the cloud consumes compute resources for the purpose of providing cloud services to the consumer. Providing these services to consumers requires great compute capacity, because customers have become intolerant and impatient when it comes to receiving cloud services. A small outage, an unexpected pause in a movie, or a latent download of a file can lose customers and sometimes make the news. Having extra or idle compute capacity to scale instantly has become a necessity for companies, but buying and managing this capacity is not cost efficient.

I like to think that the birth of the cloud happened because of the Black Friday event that happens in the United States. Black Friday takes place the day after Thanksgiving and is one of the largest, busiest shopping days of the year. Amazon, wanting to make sure it could withstand the surge of traffic it would receive on this day and through the weekend, added a massive amount of compute power specifically for this day. Once the weekend passed, they had to answer the question, now what shall we do with all these extra computers? Having an entrepreneurial mindset, someone likely thought about how to make some money from the servers and the idea of renting them out to companies popped up. And this was the birth of infrastructure as a service (IaaS) from Amazon Web Services (AWS) and what we call the cloud today.

The cloud, from a commercial perspective, is simply a place for companies or individuals to rent computers hosted in a cloud provider's private data center. Cloud providers such as Microsoft, Amazon, and to some extent Google are in the market to provide a cloud platform for companies that want to, in turn, provide a great performant product experience to their customers. From all of this, we have arrived at the next era of IT and computing, which is the cloud.

In 2013, I wrote a book titled Windows Azure and ASP.NET MVC Migration. In the introduction of that book, I mentioned the retirement of Windows Server 2003. My primary point in that introduction was to avoid moving an application that originally targeted Windows Server 2003 directly to the cloud. Instead, take the opportunity for a reboot, a refreshing rewrite, and a new start for the application. From a coding perspective, I recommended using some new technologies such as REST, LINQ, and ORM; change from XML to JSON; and use a cross-platform coding language like .NET Core. From an operating system and compute resource perspective, I, as one would expect, drove the reader toward the Microsoft Azure and Azure App Service compute products.

At that time, in 2013, I drove the recognition of the emergence of the cloud and how significant this new platform would become. I predicted this because I knew, firsthand, the complexities, time, and effort involved in adding new compute capacities to an existing on-premise IT solution, needless to mention the cost. I saw that it was now possible, in the cloud, to add 1, 10, 20, or 200 new servers to a web farm with a simple click of a button. And a most impressive part is that when I no longer wanted them, I pressed a different button and removed them. I literally just got goose bumps while I wrote this paragraph, by simply remembering my first experience with this autoscaling capability.

The years have passed, and there has been no slowing of cloud progress with the delivery of more capabilities that make the life of an IT professional simpler and the costs of a software product more manageable. That comment doesn't imply, or even hint, that understanding the cloud product and features is by any means simple—not even close. But there should be no doubt that the arrival of the cloud has provided a platform to deliver products to customers who have a new, much more elevated set of expectations. This book will help improve your understanding of the Microsoft Azure platform and features, with an emphasis on the successful completion of your Azure Solutions Architect Expert (AZ-303 and AZ-304) exams.

Who This Book Is For

This book is for anyone who wants to learn about Microsoft Azure products and features and ultimately attain the Azure Solutions Architect Expert certification. This book is not intended for absolute beginners; however, beginners may gain some greater insights into Azure and how to consume and configure its products and services. Gaining the Azure Solutions Architect Expert certification means that you can comprehend, design, and implement technical solutions using the following:

  • Azure Active Directory and security
  • Azure networking
  • IaaS, PaaS, and serverless compute models
  • Azure Storage, Azure SQL, and Cosmos DB
  • Hybrid cloud models, compliance, and messaging services
  • How to design and program applications for the cloud
  • Deploy and migration techniques
  • Monitoring and recovery

That is a broad range of topics, and the number of possible scenarios in which to apply them is equally as great. This book will provide insights into each of those topics, but it is expected that you have some experience with each.

What This Book Covers

This book covers everything you need to know to greatly increase the probability of passing the Azure Solutions Architect Expert exam. But most important, the contents in this book, once you learn them, will result in you being an Azure cloud architect. Which is most important to you? Both for sure, which is the goal and purpose of this book. You will learn about Azure security, Azure networking, Azure compute, Azure data stores and storage, Azure messaging services, Azure migration tools, Azure monitoring tools, and Azure recovery tools. That is a lot to learn about, and in addition to learning about what those products are and do, you will work through some real examples to implement and use them.

How This Book Is Structured

Good design really is everything. Unless you plan before doing, it is highly probable that the result won't quite measure up to the expectations. Really, in many instances, even with good planning, the result could still not measure up or even be successful. There are many priorities and areas to be concerned with when planning a big project. The same is true when you are migrating existing on-premise workloads to Azure or creating new applications and infrastructure directly on Azure. In both scenarios, security, networking, compute, and data storage all come into focus. The chapters are provided in the order of priority, which means when you plan your migration or deployments, make sure each of those phases is part of your plan. The order in which those IT components are analyzed, designed, and implemented is important and is the reason the book is constructed in this way.

  • Security
  • Networking
  • Compute
  • Data and storage
  • Hybrid, compliance, and messaging
  • Developing for the cloud
  • Migrate and deploy
  • Monitor and recover

Security is by far the most important point of concentration. Networking must exist before you place your compute workloads into it, and keep in mind the network needs to be secured before placing your workloads into it. Then your data, compliance and governance, messaging concepts, development concepts, and deploying your application initially and applying updates cannot be ignored or missed. Once deployed, the lifecycle of your application is really just beginning; monitoring it and having a failover and disaster recovery plan designed and tested are musts for production IT solutions.

Following this design pattern laid out by the chapter flow will help you become a great Azure Solutions Architect Expert. Note that when you take the Azure Solutions Architect Expert exam, you sign a nondisclosure agreement (NDA) stating that you will not discuss the questions or any of the content of the exam. That is important, so the credential you gain when passing the exam maintains its integrity and value. This book will help you learn the skills and gain the experience an Azure Solutions Architect Expert should have. By learning and exercising the techniques contained within this book, your probability of passing the exam is greatly increased. The point is, the book is geared toward building your experiences and skills on the Azure platform; with those skills and experiences, you can then master the skillset and gain the certification.

  • Chapter 1, “Gaining the Azure Solutions Architect Expert Certification” This chapter provides an overview of the path toward the Azure Solutions Architect Expert certification. It describes each of the new AZ-100, AZ-200, AZ-300, and AZ-400 roles and defines the AZ-300 and AZ-301 knowledge requirements in detail. I give a short overview of how I achieved the certification and closes with a brief overview of 12 of the most common Azure products. Knowing the internals of those 12 products, their features, and their dependences are must-learn curricula for the successful completion of the AZ-303 and AZ-304 exams. The products are introduced in this chapter; the internals are covered in the following related chapters.
  • Chapter 2, “Security and Identity” Let's do this! Assuming you already have an Azure subscription, it is time to take the next step and move your company into the cloud. Initially, you need to set up the people who will have access to the subscription and decide what they can and cannot do with it. But there is a whole other world, solar system, and universe when approaching these two topics. Do not under-estimate this chapter; read it fully, because it will touch on the topics necessary to pass the exam, but it doesn't stop there.
  • Chapter 3, “Networking” At this point, you have good knowledge of the Azure security and identity capabilities, especially those around the management of your Azure resources. Now it is time to begin planning and building the infrastructure on which your application will operate. The Azure platform runs within the most sophisticated data centers and in more than 50 regions around the world. Each data center is an isolated network, with secure links to the internet and ultrafast connectivity with Azure resources in its other regions. By setting up your own virtual network inside the Azure data centers, you gain an even greater level of security and flexibility. Making hybrid connections over ExpressRoute and VPNs, or simply using HTTPS, is simple and cost effective. This chapter discusses all these topics and a few more.
  • Chapter 4, “Compute” Now that security and networking are clarified and configured, it's time to jump into the heart of Azure. Compute is at the center of the cloud and is the reason companies move to Azure. Companies need CPUs and memory to run their software applications or process data. Compute is the heart of Azure because it is surrounded by both security and networking products and features. In this chapter, you learn about the many Azure compute products and features, such as Azure virtual machines (VMs). Azure VMs (i.e., IaaS) are the most popular type of compute offering (Azure VMs was one of the first Azure products), but by no means the only or last. Azure App Service, Azure Kubernetes Service (AKS), Azure Functions, Azure Batch, and Service Fabric also provide compute power for specific business case scenarios. In addition to learning those compute products in depth, you will learn which scenario is best for each compute product. Concepts such as PaaS, event-driven, serverless (FaaS), High Performance Computing (HPC), microservices, and containerization (CaaS) will also become clear.
  • Chapter 5, “Data and Storage” If you have made it this far, then you are close to being ready to take the exam. Security, networking, and compute take up a majority of the Azure Solutions Architect Expert exam questions. Those are the concepts that need the most focus and concentration. However, data and storage are quite important. Without them, what does the security procedure you have implemented so far protect? What is the value of the networking capabilities that allow connectivity between nodes, workstations, and clients then provide? Why do you need compute resource to run workloads and application code? The reason is there is some data that needs processing and that data needs to be somewhere for the compute to get the data from. That data needs to be accessible from anywhere in the world and protected from anyone without proper authentication and authorization to do so. Application code is what runs on compute and is something that does work, but if there is nothing to do the work on, then there is no reason for the code. The data, and how and where it gets stored, is the next logical step in your learning and/or migration of your IT solution to the cloud.
  • Chapter 6, “Hybrid, Compliance, and Messaging” Moving right along to some additional important concepts, one advantage Microsoft Azure has over all other cloud server providers is its hybrid cloud capabilities. The concept of running hybrid solutions on the Azure platform was introduced in Chapter 1. There was also a discussion about hybrid Azure Identity solutions in Chapter 2, hybrid networking in Chapter 3, and hybrid compute (aka cloud bursting) in Chapter 4. When you read this chapter, the concept of what a hybrid solution is should already be in your back pocket. In this chapter, you get a refresher and maybe some new insights about hybrid clouds. Compliance is a big deal for companies that want to handle financial transactions, work on government contracts, and comply with GDPR laws. There are numerous Azure features and example models that can help you achieve this when running those kinds of workloads on Azure. Finally, you will learn about a portfolio of Azure products that manage the storage and management of messages from IoT or offline transaction processing. Product services such as Service Bus, Event Hub, and Azure Storage Queues shouldn't at all be something new at this point. Prepare to get much deeper into them and other messaging products in more technical and use case details.
  • Chapter 7, “Developing for the Cloud” You will not find many questions on the exam about development and coding. The Azure Solutions Architect Expert exam is focused more on which tools to use in which scenario and in the most efficient and cost-effective way. Nonetheless, you can design the most sophisticated security, networking, compute, data store, and messaging solutions, but if the code is unstable, is unreliable, or has many bugs, then nothing really works right. You are protecting an application that doesn't really work, and running on highly tuned and precisely targeted compute resources won't compensate for bad code. This chapter will cover some details about best-case cloud coding patterns so that you can at least have some background if you ever get confronted with such a situation.
  • Chapter 8, “Migrate and Deploy” In this chapter, you might begin to recognize that everything is starting to come together. Security, networking, compute, data stores, data storage, messaging services, and your application are all ready to go. Your RBAC controls have been implemented, and those who need access to different Azure products have it. The VNets contain some Azure VMs in numerous subnets protected by NSGs and Azure Firewalls. Your database is idle waiting for some data to process, and your application code is tested, approved, and ready for action. Your heart is pumping with excitement, and all the hard work is ready to pay off. The time has come to move your data and application code to the Azure platform. It is time to reap the benefits of your efforts by watching your customers and employees gain from all the benefits the Azure platform has to offer them. Once you complete this and all previous chapters, you too will experience these events.
  • Chapter 9, “Monitor and Recover” Once you're here, for all intents and purposes you have achieved what most do not. You now have a functional application running on the Azure platform. Whether you migrated it or created it from scratch, your application is secure, you have optimized your compute and data consumption, plus you are certain to be compliant with all regulations in the countries where your company operates. That is something worthy of celebration. Take a second to reflect and celebrate your accomplishments. Take a minute actually, but only a minute, and then recognize that you are not quite finished. Although you have done so much, and a very good job as well, you need to make sure the solutions you have running on Azure continue to work properly. If they stop running, you need to quickly determine why. If it turns out that it will take some serious time to get things back up and running, you need to have a BCDR plan. Although this is the last chapter, after completing it, your journey is really just beginning.

What You Need to Use This Book

The following items are necessary to realize all the benefits of this book and to complete the numerous exercises:

  • A computer/workstation
  • Internet access
  • An Azure subscription
  • Visual Studio 2019 Community edition (free)
  • Azure DevOps free account

Many of the exercises require you to consume Azure resources that have an associated financial cost. Make sure in all cases that you understand the costs you may incur when creating and consuming Azure products. Most of all, once you complete an exercise that required the creation of an Azure product, you'll want to remove it. However, in many cases throughout the book, you rely on the Azure products created in the previous exercises to complete the current one. Those scenarios are called out as much as possible.

Conventions

To get the most out of this book, certain conventions have been utilized throughout. Exercise I.1 shows an exercise.

Here are the formatting text styles used throughout the book:

  • We use italics to indicate when a new key term is introduced.
  • Keyboard strokes are sometimes represented as Ctrl+Shift+B.
  • Filenames and inline code are represented like the following: string csharpGuitar = String.Empty; .
  • Web addresses are provided in this format: portal.azure.com.
  • Code snippets, PowerShell cmdlets, and Azure CLI commands are presented as follows: Get-AzVM .

Source Code

You can find the source code for this book on GitHub here:

github.com/benperk/ASA

AZ-303 Objective Map

Table I.1 shows where in the book the AZ-303 objectives are covered.

TABLE I.1 AZ-303 Objectives to Chapter Mapping

Exam Objective Chapter
Implement and Monitor an Azure Infrastructure
Implement cloud infrastructure monitoring Chapter 9, “Monitor and Recover”

monitor security

 Chapter 2, “Security and Identity”

monitor performance

 Chapter 9, “Monitor and Recover”

monitor health and availability

 Chapter 9, “Monitor and Recover”

monitor cost

 Chapter 9, “Monitor and Recover”

configure advanced logging

 Chapter 9, “Monitor and Recover”

configure logging for workloads

 Chapter 9, “Monitor and Recover”

initiate automated responses by using Action Groups

 Chapter 9, “Monitor and Recover”

configure and manage advanced alerts

 Chapter 9, “Monitor and Recover”
Implement storage accounts Chapter 5, “Data and Storage”

select storage account options based on a use case

 Chapter 5, “Data and Storage”

configure Azure Files and blob storage

 Chapter 5, “Data and Storage”

configure network access to the storage account

 Chapter 3, “Networking”

implement Shared Access Signatures and access policies

 Chapter 5, “Data and Storage”

implement Azure AD authentication for storage

 Chapter 5, “Data and Storage”

manage access keys

 Chapter 5, “Data and Storage”

implement Azure storage replication

 Chapter 5, “Data and Storage”

implement Azure storage account failover

 Chapter 9, “Monitor and Recover”
Implement VMs for Windows and Linux Chapter 4, “Compute”

configure High Availability

 Chapter 4, “Compute”

configure storage for VMs

 Chapter 4, “Compute”

select virtual machine size

 Chapter 4, “Compute”

implement Azure Dedicated Hosts

 Chapter 4, “Compute”

deploy and configure scale sets

 Chapter 4, “Compute”

configure Azure Disk Encryption

 Chapter 4, “Compute”
Automate deployment and configuration of resources Chapter 8, “Migrate and Deploy”

save a deployment as an Azure Resource Manager template

 Chapter 8, “Migrate and Deploy”

modify Azure Resource Manager template

 Chapter 8, “Migrate and Deploy”

evaluate location of new resources

 Chapter 6, “Hybrid, Compliance, and Messaging”

configure a virtual disk template

 Chapter 8, “Migrate and Deploy”

deploy from a template

 Chapter 8, “Migrate and Deploy”

manage a template library

 Chapter 8, “Migrate and Deploy”

create and execute an automation runbook

 Chapter 8, “Migrate and Deploy”
Implement virtual networking Chapter 3, “Networking”

implement VNet to VNet connections

 Chapter 3, “Networking”

implement VNet peering

 Chapter 3, “Networking”
Implement Azure Active Directory Chapter 2, “Security and Identity”

add custom domains

 Chapter 2, “Security and Identity”

configure Azure AD Identity Protection

 Chapter 2, “Security and Identity”

implement self-service password reset

 Chapter 2, “Security and Identity”

implement Conditional Access including MFA

 Chapter 2, “Security and Identity”

configure user accounts for MFA

 Chapter 2, “Security and Identity”

configure fraud alerts

 Chapter 2, “Security and Identity”

configure bypass options

 Chapter 2, “Security and Identity”

configure Trusted IPs

 Chapter 4, “Compute”

configure verification methods

 Chapter 2, “Security and Identity”

implement and manage guest accounts

 Chapter 2, “Security and Identity”

manage multiple directories

 Chapter 2, “Security and Identity”
Implement and manage hybrid identities Chapter 2, “Security and Identity”

install and configure Azure AD Connect

 Chapter 2, “Security and Identity”

identity synchronization options

 Chapter 2, “Security and Identity”

configure and manage password sync and password writeback

 Chapter 2, “Security and Identity”

configure single sign-on

 Chapter 2, “Security and Identity”

use Azure AD Connect Health

 Chapter 2, “Security and Identity”
Implement Management and Security Solutions
Manage workloads in Azure Chapter 4, “Compute”

migrate workloads using Azure Migrate

 Chapter 8, “Migrate and Deploy”

implement Azure Backup for VMs

 Chapter 9, “Monitor and Recover”

implement disaster recovery

 Chapter 9, “Monitor and Recover”

implement Azure Update Management

 Chapter 4, “Compute”
Implement load balancing and network security Chapter 3, “Networking”

implement Azure Load Balancer

 Chapter 3, “Networking”

implement an application gateway

 Chapter 3, “Networking”

implement a Web Application Firewall

 Chapter 3, “Networking”

implement Azure Firewall

 Chapter 3, “Networking”

implement the Azure Front Door Service

 Chapter 3, “Networking”

implement Azure Traffic Manager

 Chapter 3, “Networking”

implement Network Security Groups and Application Security Groups

 Chapter 3, “Networking”

implement Bastion

 Chapter 4, “Compute”
Implement and manage Azure governance solutions Chapter 6, “Hybrid, Compliance, and Messaging”

create and manage hierarchical structure that contains management groups, subscriptions and resource groups

 Chapter 2, “Security and Identity”

assign RBAC roles

 Chapter 2, “Security and Identity”

create a custom RBAC role

 Chapter 2, “Security and Identity”

configure access to Azure resources by assigning roles

 Chapter 2, “Security and Identity”

configure management access to Azure

 Chapter 2, “Security and Identity”

interpret effective permissions

 Chapter 6, “Hybrid, Compliance, and Messaging”

set up and perform an access review

 Chapter 6, “Hybrid, Compliance, and Messaging”

implement and configure an Azure Policy

 Chapter 6, “Hybrid, Compliance, and Messaging”

implement and configure an Azure Blueprint

 Chapter 6, “Hybrid, Compliance, and Messaging”
Manage security for applications Chapter 2, “Security and Identity”

implement and configure KeyVault

 Chapter 2, “Security and Identity”

implement and configure Azure AD Managed Identities

 Chapter 2, “Security and Identity”

register and manage applications in Azure AD

 Chapter 2, “Security and Identity”
Implement Solutions for Apps
Implement an application infrastructure Chapter 4, “Compute”

create and configure Azure App Service

 Chapter 4, “Compute”

create an App Service Web App for Containers

 Chapter 4, “Compute”

create and configure an App Service plan

 Chapter 4, “Compute”

configure an App Service

 Chapter 4, “Compute”

configure networking for an App Service

 Chapter 4, “Compute”

create and manage deployment slots

 Chapter 4, “Compute”

implement Logic Apps

 Chapter 4, “Compute”

implement Azure Functions

 Chapter 4, “Compute”
Implement container-based applications Chapter 4, “Compute”

create a container image

 Chapter 4, “Compute”

configure Azure Kubernetes Service

 Chapter 4, “Compute”

publish and automate image deployment to the Azure Container Registry

 Chapter 4, “Compute”

publish a solution on an Azure Container Instance

 Chapter 4, “Compute”
Implement and Manage Data Platforms Chapter 5, “Data and Storage”
Implement NoSQL databases Chapter 5, “Data and Storage”

configure storage account tables

 Chapter 5, “Data and Storage”

select appropriate CosmosDB APIs

 Chapter 5, “Data and Storage”

set up replicas in CosmosDB

 Chapter 5, “Data and Storage”
Implement Azure SQL databases Chapter 5, “Data and Storage”

configure Azure SQL database settings

 Chapter 5, “Data and Storage”

implement Azure SQL Database managed instances

 Chapter 5, “Data and Storage”

configure HA for an Azure SQL database

 Chapter 5, “Data and Storage”

publish an Azure SQL database

 Chapter 5, “Data and Storage”

AZ-304 Objective Map

Table I.2 shows where in the book the AZ-304 objectives are covered.

TABLE I.2 AZ-304 Objective to Chapter mapping

Exam Objective Chapter
Design Monitoring
Design for cost optimization Chapter 9, “Monitor and Recovery”

recommend a solution for cost management and cost reporting

 Chapter 9, “Monitor and Recovery”

recommend solutions to minimize costs

 Chapter 9, “Monitor and Recovery”
Design a solution for logging and monitoring Chapter 9, “Monitor and Recovery”

determine levels and storage locations for logs

 Chapter 9, “Monitor and Recovery”

plan for integration with monitoring tools including Azure Monitor and Azure Sentinel

 Chapter 9, “Monitor and Recovery”

recommend appropriate monitoring tool(s) for a solution

 Chapter 9, “Monitor and Recovery”

choose a mechanism for event routing and escalation

 Chapter 9, “Monitor and Recovery”

recommend a logging solution for compliance requirements

 Chapter 6, “Hybrid, Compliance, and Messaging”
Design Identity and Security
Design authentication Chapter 2, “Security and Identity”

recommend a solution for single-sign on

 Chapter 2, “Security and Identity”

recommend a solution for authentication

 Chapter 2, “Security and Identity”

recommend a solution for Conditional Access, including multi-factor authentication

 Chapter 2, “Security and Identity”

recommend a solution for network access authentication

 Chapter 2, “Security and Identity”

recommend a solution for a hybrid identity including Azure AD Connect and Azure AD Connect Health

 Chapter 2, “Security and Identity”

recommend a solution for user self-service

 Chapter 2, “Security and Identity”

recommend and implement a solution for B2B integration

 Chapter 2, “Security and Identity”
Design authorization Chapter 2, “Security and Identity”

choose an authorization approach

 Chapter 2, “Security and Identity”

recommend a hierarchical structure that includes management groups, subscriptions and resource groups

 Chapter 2, “Security and Identity”

recommend an access management solution including RBAC policies, access reviews, role assignments, physical access, Privileged Identity Management (PIM), Azure AD Identity Protection, Just In Time (JIT) access

 Chapter 2, “Security and Identity”
Design governance Chapter 6, “Hybrid, Compliance, and Messaging”

recommend a strategy for tagging

 Chapter 6, “Hybrid, Compliance, and Messaging”

recommend a solution for using Azure Policy

 Chapter 6, “Hybrid, Compliance, and Messaging”

recommend a solution for using Azure Blueprint

 Chapter 6, “Hybrid, Compliance, and Messaging”
Design security for applications Chapter 2, “Security and Identity”

recommend a solution that includes KeyVault

 Chapter 2, “Security and Identity”

recommend a solution that includes Azure AD Managed Identities

 Chapter 2, “Security and Identity”

recommend a solution for integrating applications into Azure AD

 Chapter 2, “Security and Identity”
Design Data Storage
Design a solution for databases Chapter 5, “Data and Storage”

select an appropriate data platform based on requirements

 Chapter 5, “Data and Storage”

recommend database service tier sizing

 Chapter 5, “Data and Storage”

recommend a solution for database scalability

 Chapter 5, “Data and Storage”

recommend a solution for encrypting data at rest, data in transmission, and data in use

 Chapter 2, “Security”
Design data integration Chapter 5, “Data and Storage”

recommend a data flow to meet business requirements

 Chapter 5, “Data and Storage”

recommend a solution for data integration, including Azure Data Factory, Azure Data Bricks, Azure Data Lake, Azure Synapse Analytics

 Chapter 5, “Data and Storage”
Select an appropriate storage account Chapter 5, “Data and Storage”

choose between storage tiers

 Chapter 5, “Data and Storage”

recommend a storage access solution

 Chapter 5, “Data and Storage”

recommend storage management tools

 Chapter 5, “Data and Storage”
Design Business Continuity
Design a solution for backup and recovery Chapter 9, “Monitor and Recovery”

recommend a recovery solution for Azure hybrid and on-premises workloads that meets recovery objectives (RTO, RLO, RPO)

 Chapter 9, “Monitor and Recovery”

design and Azure Site Recovery solution

 Chapter 9, “Monitor and Recovery”

recommend a solution for recovery in different regions

 Chapter 9, “Monitor and Recovery”

recommend a solution for Azure Backup management

 Chapter 9, “Monitor and Recovery”

design a solution for data archiving and retention

 Chapter 9, “Monitor and Recovery”
Design for high availability Chapter 9, “Monitor and Recovery”

recommend a solution for application and workload redundancy, including compute, database, and storage

 Chapter 9, “Monitor and Recovery”

recommend a solution for autoscaling

 Chapter 4, “Compute”

identify resources that require high availability

 Chapter 4, “Compute”

identify storage types for high availability

 Chapter 5, “Data and Storage”

recommend a solution for geo-redundancy of workloads

 Chapter 4, “Compute”
Design Infrastructure
Design a compute solution Chapter 4, “Compute”

recommend a solution for compute provisioning

 Chapter 4, “Compute”

determine appropriate compute technologies, including virtual machines, App Services, Service Fabric, Azure Functions, Windows Virtual Desktop, and containers

 Chapter 4, “Compute”

recommend a solution for containers

 Chapter 4, “Compute”

recommend a solution for automating compute management

 Chapter 4, “Compute”
Design a network solution Chapter 3, “Networking”

recommend a solution for network addressing and name resolution

 Chapter 3, “Networking”

recommend a solution for network provisioning

 Chapter 3, “Networking”

recommend a solution for network security

 Chapter 3, “Networking”

recommend a solution for network connectivity to the Internet, on-premises networks, and other Azure virtual networks

 Chapter 3, “Networking”

recommend a solution for automating network management

 Chapter 3, “Networking”

recommend a solution for load balancing and traffic routing

 Chapter 3, “Networking”
Design an application architecture Chapter 4, “Compute”

recommend a microservices architecture including Event Grid, Event Hubs, Service Bus, Storage Queues, Logic Apps, Azure Functions, and webhooks

 Chapter 6, “Hybrid, Compliance, and Messaging”

recommend an orchestration solution for deployment of applications including ARM templates, Logic Apps, or Azure Functions

 Chapter 8, “Migrate and Deploy”

recommend a solution for API integration

 Chapter 7, “Developing for the Cloud”
Design migrations Chapter 8, “Migrate and Deploy”

assess and interpret on-premises servers, data, and applications for migration

 Chapter 8, “Migrate and Deploy”

recommend a solution for migrating applications and VMs

 Chapter 8, “Migrate and Deploy”

recommend a solution for migration of databases

 Chapter 8, “Migrate and Deploy”

Assessment Test

  1. Which of the following protocols are commonly used for making a remote connection to administer an Azure virtual machine? (Choose all that apply.)
    1. SSH
    2. Remote Desktop Protocol (RDP)
    3. FTP
    4. Azure Bastian
  2. Which of the following Azure Database products are specifically designed to provide a key/value pair data store? (Choose all that apply.)
    1. Azure SQL
    2. Azure Cosmos DB
    3. Azure Table Storage
    4. SQL managed instances
  3. If you wanted to make sure that any person creating an Azure Storage container allowed HTTPS only, which of the following Azure products would you use to achieve that?
    1. Azure Blueprint
    2. Azure Resource Manager
    3. Role-based access control
    4. Azure Policy
  4. Which of the following products are available on Azure?
    1. Azure Delta
    2. Azure Attack Vector
    3. Azure Cluster Services (ACS)
    4. All of the above
    5. None of the above
  5. Which of the following inbound NSGs will prevent resources from being accessed from the internet?
    1. Priority: 65000, Name: AllowVnetInBound, Port: Any, Protocol: Any, Source: VirtualNetwork, Destination: VirtualNetwork, Action: Allow
    2. Priority: 65001, Name: AllowAzureLoadBalancerInBound, Port: Any, Protocol: Any, Source: AzureLoadBalancer, Destination: Any, Action: Allow
    3. Priority: 65500, Name: DenyAllInBound, Port: Any, Protocol: Any, Source: Any, Destination: Any, Action: Allow
    4. Priority: 65501, Name: DenyAllInternet, Port: Any, Protocol: Any, Source: Any, Destination: Any, Action: Deny
  6. Which of the following outbound NSGs will prevent connectivity between the subnets in the same virtual network?
    1. Priority: 65000, Name: AllowVnetOutBound, Port: Any, Protocol: Any, Source: VirtualNetwork, Destination: VirtualNetwork, Action: Allow
    2. Priority: 65001, Name: AllowInternetOutBound, Port: Any, Protocol: Any, Source: Any, Destination: Internet, Action: Allow
    3. Priority: 65500, Name: DenyAllOutBound, Port: Any, Protocol: Any, Source: VirtualNetwork, Destination: VirtualNetwork, Action: Deny
    4. Priority: 65501, Name: DenyVnetOutBound, Port: Any, Protocol: Any, Source: VirtualNetwork, Destination: VirtualNetwork, Action: Allow
  7. Which of the following are Azure resources where you can apply an NSG? (Choose all that apply.)
    1. A network interface
    2. An Azure virtual machine (VM)
    3. An Azure subnet
    4. An Azure virtual network (VNet)
  8. Which of the following is true when you have a matched value of None for NextHopType in an Azure route table?
    1. The data transmission is dropped.
    2. Traffic is routed to the Internet.
    3. The data packet is routed within the virtual network.
    4. No action is taken.
  9. Which of the following is true when you have a value of Internet for NextHopType in an Azure route table?
    1. The data transmission is dropped.
    2. Traffic is routed to the Internet.
    3. The data packet is routed within the virtual network.
    4. No action is taken.
  10. Which of the following is true when you have a value of VirtualNetwork for NextHopType in an Azure route table?
    1. The data transmission is dropped.
    2. Traffic is routed to the Internet.
    3. The data packet is routed within the virtual network.
    4. No action is taken.
  11. Which of the following is true in regard to an address prefix of 0.0.0.0/0 in your routing table?
    1. The data transmission is dropped if matched.
    2. It depends on the value of the NextHopType bound to 0.0.0.0/0.
    3. The address prefix of 0.0.0.0/0 only supports the NextHopType value of VirtualNetworkGateway.
    4. The default address prefix of 0.0.0.0/0 cannot be customized.
  12. How many IP addresses would you get with this CIDR prefix: 172.19.3.0/27?
    1. 62
    2. 1,022
    3. 14
    4. 30
  13. Which of the following are true given the CIDR prefix? (Choose all that apply.)
    1. 10.0.0.0/16 provides 65,534 IP addresses.
    2. 10.0.0.0/32 provides 32,766 IP addresses.
    3. 10.0.0.0/32 provides 1 IP address.
    4. 10.0.0.0/64 provides 16 IP addresses.
  14. Which of the following are true? (Choose all that apply.)
    1. By default all resources within a virtual network can access each other on any port.
    2. By default all resources within a virtual network can access each other using any protocol.
    3. By default all resources within a virtual network can access the internet.
    4. By default all resources within a virtual network can access each other on ports 22, 80, 443, and 3389.
  15. Which tool is helpful for managing your Azure costs?
    1. Azure Spending Control
    2. Azure Cost Management
    3. Azure Monitor
    4. Azure Spending Throttler
  16. Which of the following statements are true? (Choose all that apply.)
    1. You can have multiple virtual networks in a single subnet.
    2. You can have multiple subnets in a single virtual network.
    3. You can have multiple virtual networks in a single resource group.
    4. The same virtual network can be placed into multiple resource groups.
  17. Which one of the following Azure products is intended for detecting and diagnosing application problems?
    1. Azure Monitor
    2. Application Insights
    3. Log Analytics
    4. Azure Automation
  18. Which one of the following Azure products is intended for detecting Azure infrastructure problems?
    1. Azure Monitor
    2. Application Insights
    3. Log Analytics
    4. Azure Sentinel
  19. Which ARM template element is used to define a dependency between resources?
    1. contingentUpon
    2. dependentResource
    3. childDependency
    4. dependsOn
  20. Which of the following can be used to provision an Azure resource using ARM? (Choose all that apply.)
    1. Azure Portal
    2. PowerShell
    3. Azure CLI
    4. Visual Studio
  21. You want to package your application code, dependencies, and operating system into a single deployable unit. This concept is often referred to as which of the following?
    1. Container
    2. Docker
    3. Azure Kubernetes Service (AKS)
    4. Autonomous Deployable Unit (ADU)
  22. Which of the following technical concepts apply to a relational database? (Choose all that apply.)
    1. NoSQL
    2. SQL
    3. JSON
    4. Foreign key
  23. Which of the following technical concepts apply to unstructured (aka nonrelational) data store products? (Choose all that apply.)
    1. Documents
    2. JSON
    3. Foreign key
    4. NoSQL
  24. The term used to describe the process of ensuring you are who you say you are is most commonly called which one of the following?
    1. Authentication
    2. Identity validation
    3. Authorization
    4. Managed identity
  25. The term used to describe the process of ensuring you are allowed to access a specific restricted resource is most commonly called which one of the following?
    1. Authentication
    2. Access control verification
    3. Conditional access
    4. Authorization
  26. Which of the following correctly describes the hierarchical structure of the management of Azure resources, from top to bottom?
    1. Resource, resource group, subscription, management group
    2. Management group, resource group, subscription, resource
    3. Management group, subscription, resource group, resource
    4. Subscription, resource group, management group, resource
  27. What is the purpose of a service tag?
    1. Logical grouping of resources similar to a resource group
    2. Used with NSGs so you don't need to know IP addresses of dependent Azure resources
    3. A marker used with Update Manager that notifies the administrator of missing updates
    4. A notification mechanism for your customers when you are down for maintenance
  28. What is an Azure region?
    1. The organizing of Azure data centers per continent (North America, South America, Europe, Asia, etc.)
    2. The organizing of Azure data centers into geographical locations (West Europe, East US, South Central US, etc.)
    3. A highly redundant location within a data center for applications that require very high availability solutions
    4. A geographical location with two or more Azure data centers
  29. Which of the following is true in regard to a private endpoint and a service endpoint?
    1. A private endpoint is not discoverable.
    2. By default, a service endpoint is not discoverable.
    3. It is possible to make a service endpoint nondiscoverable.
    4. It is possible to make a private endpoint discoverable.
  30. Which of the following Azure products support a microservice-based solution? (Choose all that apply.)
    1. Azure Kubernetes Service (AKS)
    2. Azure Container Instances (ACI)
    3. Azure Microservice for Virtual Machines
    4. Azure Service Fabric
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.116.36.192