AZ-303 Exam Study Guide (Microsoft Azure Architect Technologies)

AZ-303 Microsoft Azure Architect Technologies Certificate Exam Study Guide

The AZ-303 Azure Architect exam will replace the older AZ-300 exam by end of June 2020. Since I received requests to continue to create study guides for the new Azure exams, I have prepared the AZ-303 Study Guide. This exam is in beta now.

If you haven't read about the exam changes and how they will impact your certification journey, read here

This post contains a curated list of articles from Microsoft documentation for each objective of the AZ-303 exam. Please share the post within your circles so it helps them to prepare for the exam.

AZ-303 Azure Architect Practice Test

Whizlabs Exam QuestionsAZ-303: 3 Practice Tests – 165 questions
Udemy Practice TestsMicrosoft Azure Architect Practice Tests

AZ-303 Azure Architect Other Learning Stuff

In case, if you are looking for the older Azure Architect exam, check out AZ-300 Study Guide. To view other Azure certificate study guides, click here

Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.

Looking for AZ-303 dumps? Read this!

Using az-303 exam dumps can get you permanently banned from taking any future Microsoft certificate exam. Read the FAQ page for more information. However, I strongly suggest you validate your understanding with practice questions.

Implement and Monitor an Azure Infrastructure (50-55%)

Implement Cloud Infrastructure Monitoring

Monitor security (Note: Log Analytics, Azure Security Center, Azure Sentinel)

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-monitor-your-data

https://docs.microsoft.com/bs-latn-ba/azure/security-center/security-center-intro

https://docs.microsoft.com/en-us/azure/sentinel/overview

Monitor performance
o Configure diagnostic settings on resources

Linkedin Learning: Configure Diagnostic Setting (check with a free trial)

o Create a performance baseline for resources

LinkedIn: Performance Baseline (Check with a free trial)

o Monitor for unused resources

https://www.sqlshack.com/finding-unused-resources-impacting-azure-costs/

o Monitor performance capacity

https://docs.microsoft.com/en-us/azure/azure-monitor/insights/vminsights-performance

o Visualize diagnostics data using Azure Monitor

https://docs.microsoft.com/en-us/azure/azure-monitor/visualizations

Monitor health and availability
o Monitor networking

https://docs.microsoft.com/en-us/azure/azure-monitor/insights/network-insights-overview

o Monitor service health

https://docs.microsoft.com/en-us/azure/service-health/service-health-overview

Monitor cost
o Monitor spend

https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/cost-mgt-alerts-monitor-usage-spending

o Report on spend

https://docs.microsoft.com/en-us/azure/billing/billing-download-azure-invoice-daily-usage-date

Configure advanced logging
o Implement and configure Azure Monitor insights, including App Insights, Networks, Containers

https://docs.microsoft.com/en-us/azure/azure-monitor/insights/insights-overview

o Configure a Log Analytics workspace

https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-create-workspace

[Watch Video]: On Log Analytics Workspace

Configure logging for workloads

https://docs.microsoft.com/en-us/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-monitor-workload-portal

Initiate automated responses by using Action Groups

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups-logic-app

Configure and manage advanced alerts
o Collect alerts and metrics across multiple subscriptions

https://azure.microsoft.com/en-in/blog/azure-monitor-alerting-just-got-better/

o View Alerts in Azure Monitor logs

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log

 

Implement storage accounts

Select storage account options based on a use case

https://docs.microsoft.com/en-us/azure/storage/common/storage-decide-blobs-files-disks

Configure Azure Files and blob storage

https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share

Configure network access to the storage account

https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

Implement Shared Access Signatures and access policies

https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview

https://docs.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy

Implement Azure AD authentication for storage

https://azure.microsoft.com/en-in/blog/azure-storage-support-for-azure-ad-based-access-control-now-generally-available/

https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad

Manage access keys

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-manage

Implement Azure storage replication

https://www.skylinesacademy.com/blog/azure-storage-replication

Implement Azure storage account failover

https://docs.microsoft.com/en-us/azure/storage/common/storage-disaster-recovery-guidance

https://docs.microsoft.com/en-us/azure/storage/common/storage-initiate-account-failover

az-303

Amazon link (affiliate)

Implement VMs for Windows and Linux

Check out this course on Azure VM

Configure High Availability

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets

Configure storage for VMs

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview

Select virtual machine size

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes

Implement Azure Dedicated Hosts

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/dedicated-hosts-portal

Deploy and configure scale sets

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/quick-create-portal

Configure Azure Disk Encryption

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-portal-quickstart

 

Automate deployment and configuration of resources

Save a deployment as an Azure Resource Manager template

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/download-template

Modify Azure Resource Manager template

https://docs.microsoft.com/en-us/azure/architecture/building-blocks/extending-templates/update-resource

Evaluate location of new resources

https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/resource-location

Configure a virtual disk template

https://docs.microsoft.com/en-us/azure/marketplace/cloud-partner-portal/virtual-machine/cpp-deploy-vm-user-image

https://docs.microsoft.com/en-us/azure/marketplace/cloud-partner-portal/virtual-machine/cpp-deploy-json-template

Deploy from a template

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/ps-template

Manage a template library

https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview

Create and execute an automation runbook

https://docs.microsoft.com/en-us/azure/automation/automation-deploy-template-runbook

 

Implement virtual networking

Implement VNet to VNet connections

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vnet-vnet-rm-ps

Implement VNet peering

YouTube video: VNet Peering demo

 

Implement Azure Active Directory

Add custom domains

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain

Configure Azure AD Identity Protection

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/enable

Implement self-service password reset

https://docs.microsoft.com/en-us/azure/active-directory/authentication/quickstart-sspr

Implement Conditional Access including MFA

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa

Configure user accounts for MFA

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates#enable-azure-mfa-by-changing-user-state

Configure fraud alerts

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#fraud-alert

Configure bypass options

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#one-time-bypass

Configure Trusted IPs

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips

Configure verification methods

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#verification-methods

Implement and manage guest accounts

https://docs.microsoft.com/en-us/azure/active-directory/b2b/b2b-quickstart-add-guest-users-portal

https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-guest-access-with-access-reviews

Manage multiple directories

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-directory-independence

 

Implement and manage hybrid identities

Install and configure Azure AD Connect

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-express

Identity synchronization options

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization

Configure and manage password sync and password writeback

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback

Configure single sign-on

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-portal

Use Azure AD Connect Health

https://azure.microsoft.com/en-in/resources/videos/azure-active-directory-connect-health-monitoring-the-sync-engine/

az-303

Amazon link (affiliate)

Implement Management and Security Solutions (25-30%)

Manage workloads in Azure

Migrate workloads using Azure Migrate
o Assess infrastructure

https://docs.microsoft.com/bs-latn-ba/azure/migrate/tutorial-assess-vmware

o Select a migration method

https://docs.microsoft.com/bs-latn-ba/azure/migrate/server-migrate-overview

o Prepare the on-premises for migration

https://docs.microsoft.com/bs-latn-ba/azure/migrate/prepare-for-migration

o Recommend target infrastructure

Pluralsight: Target environment (Check with a free trial)

Implement Azure Backup for VMs

https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm

Implement disaster recovery

https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication

Implement Azure Update Management

https://docs.microsoft.com/en-us/azure/automation/automation-onboard-solutions-from-browse

 

Implement load balancing and network security

Implement Azure Load Balancer

https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-manage-portal

Implement an application gateway

https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-powershell

Implement a Web Application Firewall

https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-web-application-firewall-portal

Implement Azure Firewall

https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal

Implement the Azure Front Door Service

https://docs.microsoft.com/bs-latn-ba/azure/frontdoor/front-door-how-to-redirect-https

Implement Azure Traffic Manager

https://docs.microsoft.com/en-us/azure/traffic-manager/quickstart-create-traffic-manager-profile

Implement Network Security Groups and Application Security Groups

https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group

https://docs.microsoft.com/en-us/azure/virtual-network/application-security-groups

Implement Bastion

https://docs.microsoft.com/en-us/azure/bastion/quickstart-host-portal

 

Implement and manage Azure governance solutions

Create and manage hierarchical structure that contains management groups, subscriptions and resource groups

https://docs.microsoft.com/en-in/azure/governance/management-groups/create

Assign RBAC roles

https://docs.microsoft.com/en-us/azure/role-based-access-control/quickstart-assign-role-user-portal

Create a custom RBAC role

https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell

Configure access to Azure resources by assigning roles

https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal#add-a-role-assignment

Configure management access to Azure

https://docs.microsoft.com/en-us/azure/role-based-access-control/pim-azure-resource

Interpret effective permissions

https://docs.microsoft.com/en-us/azure/role-based-access-control/check-access

Set up and perform an access review

https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

Implement and configure an Azure Policy

https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage

Implement and configure an Azure Blueprint

https://microsoft.github.io/AzureTips/blog/tip210

 

Manage security for applications

Implement and configure Key Vault

Pluralsight course on Azure Key Vault (Free trial)

Implement and configure Azure AD Managed Identities

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm

Register and manage applications in Azure AD

https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

az-303

Amazon link (affiliate)

Implement Solutions for Apps (10-15%)

Implement an application infrastructure

Create and configure Azure App Service

https://docs.microsoft.com/en-us/azure/app-service/app-service-web-get-started-dotnet

Create an App Service Web App for Containers

https://docs.microsoft.com/en-us/azure/app-service/app-service-web-get-started-windows-container

Create and configure an App Service plan

https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans

Configure an App Service

https://docs.microsoft.com/en-us/azure/app-service/configure-common

Configure networking for an App Service

https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet

Create and manage deployment slots

https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots

YouTube video: Deployment slots

Implement Logic Apps

https://docs.microsoft.com/en-us/azure/logic-apps/tutorial-build-schedule-recurring-logic-app-workflow

Implement Azure Functions

https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-storage-blob-triggered-function

 

Implement container-based applications

Create a container image

https://docs.microsoft.com/en-us/azure/container-registry/container-registry-tutorial-quick-task

Configure Azure Kubernetes Service

https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal

Publish and automate image deployment to the Azure Container Registry

https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-docker-cli

https://docs.microsoft.com/en-us/azure/container-registry/container-registry-tasks-overview

Publish a solution on an Azure Container Instance

https://docs.microsoft.com/en-us/azure/container-instances/container-instances-quickstart-portal

Check the FAQs on Azure Certification

Implement and Manage Data Platforms (10-15%)

Implement NoSQL databases

Configure storage account tables

Create an Azure Storage table in the Azure portal

Create a table dynamically with the .NET SDK (Table API)

Notes:

Don't get confused with the Table API in Cosmos DB and Azure Table storage. They both share the same data model and expose similar query operations through their SDKs. But, Table API in Cosmos DB has premium capabilities like global distribution, throughput & high availability. So, you should look to migrate your existing app to Table API, given a chance.

Select appropriate CosmosDB APIs

Review the Learning Path: Choose the appropriate API for Azure Cosmos DB

Notes:

Cosmos DB is a Multi-Model Database Service. It means that you can build any of the NoSQL database models with the following APIs:

1. Gremlin (Graph) API – To describe the relationship between entities.

2. Azure Table API – use only to migrate applications using Azure Table Storage to Cosmos DB. Else just avoid.

3. MongoDB API – If your project is already using MongoDB, use this API. Migration is as simple as just updating the connection string.

4. Cassandra API – If your team already uses Cassandra DB / skillful of Cassandra Query Language (CQL), use this API.

5. Core SQL API – For all other cases & for new projects, use SQL API. Superior in functionality to other APIs. When in doubt, use Core SQL.

Set up replicas in CosmosDB

A Pluralsight module on understanding global distribution & replication

Add/remove regions from your Cosmos DB account

Configure Multiple write-regions

Configure Multi-master in your app (To write to the nearest write location)

Notes:

a. Why data replication is important in Azure Cosmos DB?

1. To reduce the latency of your application. If you have a global audience, then the users farther from the database may experience high latency (time duration between request & response). By enabling Cosmos DB replication, you direct the request to the nearest data center. The SDK will make sure of that.

2. Replication enables Business Continuity. If there is a natural disaster in a data center, you know the data is safe elsewhere.

b. In addition, to read replication, you can set up multi-region writes. But why? Same reason! To reduce write latency. But, this may cause conflicts as the data is updated in different regions.

Implement Azure SQL databases

Configure Azure SQL database settings

Configure Server-level IP firewall rules

Configure security features of Azure SQL Database like:

a. Advanced data security (Detects security threats like SQL injection)

b. Auditing (Tracks & logs database events to gain insights into discrepancies)

c. Dynamic data masking (Hides sensitive data in your DB)

d. Transparent Data Encryption [TDE] (Encryption at rest)

Notes:

You need to open port 1433 if you try to connect the Azure SQL database from your system (with a client tool like SSMS).

You can create Server-level firewall rules in the Azure portal and T-SQL (with SSMS). Database-level firewall rules can be configured with only T-SQL statements.

Server-level firewall rules apply to all the databases in the server & they are created in the master database. The rules for the database-level firewall are stored in the individual database making them easily portable.

Implement Azure SQL Database managed instances

Getting started with Azure SQL Managed Instance

Creating an Azure SQL Database Managed Instance

Notes:

Best used for migrating existing on-premises applications with minimal effort (lift-and-shift). Provides the latest stable DB engine version.

Azure SQL Managed Instance = Best of Azure SQL Database + Best of SQL Server on Azure VM

AZ-303 MICROSOFT AZURE ARCHITECT TECHNOLOGIES Managed Instance (MI)
Configure HA for an Azure SQL database

High-availability for Azure SQL Database

Notes:

What High Availability ensures for Azure SQL Database?

        • That data is immune to failures.
        • SQL, Windows maintenance operations do not impact the workload.
Az-303 Azure Architect Tech - High Availability Azure SQL Database

High-availability models available:

Standard: Basic, Standard & General Purpose tiers use the standard model: Two layers – a stateless compute layer & a stateful data layer (the .mdf & .ldf files) stored in Azure premium storage (built-in high availability). In the case of failure, Azure Service Fabric kickstarts another stateless compute node. Not suitable for a heavy workload, as the new compute node does not have any files (cold cache).

Premium (leveraged by Premium & Business Critical service tiers): Unlike the previous model, both the compute and the storage is in the same node. This node is replicated 3-4 times (others are secondary nodes) to provide high availability (implemented with Always On availability groups). 

Additional benefits of Premium availability model: 

Read Scale-Out: You can redirect read operations to the secondary nodes

Availability Zones: You can place the databases in availability zones so the data is replicated across data centers in a region. Although the data is immune to data center-specific failures, you may observe network latency (due to distance between data centers) as transactions are committed across availability zones.

This brings us to the end of AZ-303 Study Guide

What do you think? Let me know in the Comments section if I have missed out on anything. Also, I love to hear from you how your preparation is going on!

In case you are looking for other Azure certification exams check out this page

Follow/Like ravikirans.com to receive updates

Sign up for Newsletter

Want to be notified as soon as I post? Subscribe to RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.

Sharing is Caring

  • 2
  •  
  •  
  •  
  •  
    2
    Shares

You may also like

Leave a Reply

Your e-mail address will not be published. Required fields are marked *