Languages: English
Audiences: IT professionals
Technology: Microsoft Azure
Skills measured
This exam measures your ability to accomplish the technical tasks listed below.
The percentages indicate the relative weight of each major topic area on the
exam. The higher the percentage, the more questions you are likely to see on
that content area on the exam. View video tutorials about the variety of
question types on Microsoft exams.
Do you have feedback about the relevance of the skills measured on this exam?
Please send Microsoft your comments. All feedback will be reviewed and
incorporated as appropriate while still maintaining the validity and reliability
of the certification process. Note that Microsoft will not respond directly to
your feedback. We appreciate your input in ensuring the quality of the Microsoft
Certification program.
If you have concerns about specific questions on this exam, please submit an
exam challenge.
If you have other questions or feedback about Microsoft Certification exams or
about the certification program, registration, or promotions, please contact
your Regional Service Center.
Determine Workload Requirements (10-15%)
Gather Information and Requirements
May include but not limited to: Identify compliance requirements, identity and
access management infrastructure, and service-oriented architectures (e.g.,
integration patterns, service design, service discoverability); identify
accessibility (e.g. Web Content Accessibility Guidelines), availability (e.g.
Service Level Agreement), capacity planning and scalability, deploy-ability
(e.g., repositories, failback, slot-based deployment), configurability,
governance, maintainability (e.g. logging, debugging, troubleshooting, recovery,
training), security (e.g. authentication, authorization, attacks), and sizing
(e.g. support costs, optimization) requirements; recommend changes during
project execution (ongoing); evaluate products and services to align with
solution; create testing scenarios
Optimize Consumption Strategy
May include but not limited to: Optimize app service, compute, identity,
network, and storage costs
Design an Auditing and Monitoring Strategy
May include but not limited to: Define logical groupings (tags) for resources to
be monitored; determine levels and storage locations for logs; plan for
integration with monitoring tools; recommend appropriate monitoring tool(s) for
a solution; specify mechanism for event routing and escalation; design auditing
for compliance requirements; design auditing policies and traceability
requirements
Design for Identity and Security (20-25%)
Design Identity Management
May include but not limited to: Choose an identity management approach; design
an identity delegation strategy, identity repository (including directory,
application, systems, etc.); design self-service identity management and user
and persona provisioning; define personas and roles; recommend appropriate
access control strategy (e.g., attribute-based, discretionary access,
history-based, identity-based, mandatory, organization-based, role-based,
rule-based, responsibility-based)
Design Authentication
May include but not limited to: Choose an authentication approach; design a
single-sign on approach; design for IPSec, logon, multi-factor, network access,
and remote authentication
Design Authorization
May include but not limited to: Choose an authorization approach; define access
permissions and privileges; design secure delegated access (e.g., oAuth, OpenID,
etc.); recommend when and how to use API Keys.
Design for Risk Prevention for Identity
May include but not limited to: Design a risk assessment strategy (e.g., access
reviews, RBAC policies, physical access); evaluate agreements involving services
or products from vendors and contractors; update solution design to address and
mitigate changes to existing security policies, standards, guidelines and
procedures
Design a Monitoring Strategy for Identity and Security
May include but not limited to: Design for alert notifications; design an alert
and metrics strategy; recommend authentication monitors
Design a Data Platform Solution (15-20%)
Design a Data Management Strategy
May include but not limited to: Choose between managed and unmanaged data store;
choose between relational and non-relational databases; design data auditing and
caching strategies; identify data attributes (e.g., relevancy, structure,
frequency, size, durability, etc.); recommend Database Transaction Unit (DTU)
sizing; design a data retention policy; design for data availability,
consistency, and durability; design a data warehouse strategy
Design a Data Protection Strategy
May include but not limited to: Recommend geographic data storage; design an
encryption strategy for data at rest, for data in transmission, and for data in
use; design a scalability strategy for data; design secure access to data;
design a data loss prevention (DLP) policy
Design and Document Data Flows
May include but not limited to: Identify data flow requirements; create a data
flow diagram; design a data flow to meet business requirements; design a data
import and export strategy
Design a Monitoring Strategy for the Data Platform
May include but not limited to: Design for alert notifications; design an alert
and metrics strategy
Design a Business Continuity Strategy (15-20%)
Design a Site Recovery Strategy
May include but not limited to: Design a recovery solution; design a site
recovery replication policy; design for site recovery capacity and for storage
replication; design site failover and failback (planned/unplanned); design the
site recovery network; recommend recovery objectives (e.g., Azure, on-prem,
hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO), Recovery
Point Objective (RPO)); identify resources that require site recovery; identify
supported and unsupported workloads; recommend a geographical distribution
strategy
Design for High Availability
May include but not limited to: Design for application redundancy, autoscaling,
data center and fault domain redundancy, and network redundancy; identify
resources that require high availability; identify storage types for high
availability
Design a disaster recovery strategy for individual workloads
May include but not limited to: Design failover/failback scenario(s); document
recovery requirements; identify resources that require backup; recommend a
geographic availability strategy
Design a Data Archiving Strategy
May include but not limited to: Recommend storage types and methodology for data
archiving; identify requirements for data archiving and business compliance
requirements for data archiving; identify SLA(s) for data archiving
Design for Deployment, Migration, and Integration (10-15%)
Design Deployments
May include but not limited to: Design a compute, container, data platform,
messaging solution, storage, and web app and service deployment strategy
Design Migrations
May include but not limited to: Recommend a migration strategy; design data
import/export strategies during migration; determine the appropriate application
migration, data transfer, and network connectivity method; determine migration
scope, including redundant, related, trivial, and outdated data; determine
application and data compatibility
Design an API Integration Strategy
May include but not limited to: Design an API gateway strategy; determine
policies for internal and external consumption of APIs; recommend a hosting
structure for API management
Design an Infrastructure Strategy (15-20%)
Design a Storage Strategy
May include but not limited to: Design a storage provisioning strategy; design
storage access strategy; identify storage requirements; recommend a storage
solution and storage management tools
Design a Compute Strategy
May include but not limited to: Design compute provisioning and secure compute
strategies; determine appropriate compute technologies (e.g., virtual machines,
functions, service fabric, container instances, etc.); design an Azure HPC
environment; identify compute requirements; recommend management tools for
compute
Design a Networking Strategy
May include but not limited to: Design network provisioning and network security
strategies; determine appropriate network connectivity technologies; identify
networking requirements; recommend network management tools
Design a Monitoring Strategy for Infrastructure
May include but not limited to: Design for alert notifications; design an alert
and metrics strategy
Preparation options
Instructor-led training
Who should take this exam?
Candidates for this exam are Azure Solution Architects who advise
stakeholders and translates business requirements into secure, scalable, and
reliable solutions.
Candidates should have advanced experience and knowledge across various aspects
of IT operations, including networking, virtualization, identity, security,
business continuity, disaster recovery, data management, budgeting, and
governance. This role requires managing how decisions in each area affects an
overall solution.
Candidates must be proficient in Azure administration, Azure development, and
DevOps, and have expert-level skills in at least one of those domains.
QUESTION: 1
You need to deploy resources to host a stateless web app in an Azure
subscription. The solution must meet the following requirements:
• Provide access to the full .NET framework.
• Provide redundancy if an Azure region fails.
• Grant administrators access to the operating system to install custom
application dependencies.
Solution: You deploy a web app in an Isolated App Service plan.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION: 2
You need to deploy resources to host a stateless web app in an Azure
subscription. The solution must meet the following requirements:
• Provide access to the full .NET framework.
• Provide redundancy if an Azure region fails.
• Grant administrators access to the operating system to install custom
application dependencies.
Solution: You deploy a virtual machine scale set that uses autoscaling.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION: 3
You need to deploy resources to host a stateless web app in an Azure
subscription. The solution must meet the following requirements:
• Provide access to the full .NET framework.
• Provide redundancy if an Azure region fails.
• Grant administrators access to the operating system to install custom
application dependencies.
Solution: You deploy an Azure virtual machine to two Azure regions, and you
deploy an Azure
Application Gateway.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION: 4
You are designing an Azure solution for a company that wants to move a .NET
Core web application
an on-premises data center to Azure. The web application relies on a Microsoft
SQL Server 2016
database on Windows Server 2016. The database server will not move to Azure.
A separate networking team is responsible for configuring network permissions.
The company uses Azure ExpressRoute and has an ExpressRoute gateway connected to
an Azure
virtual network named VNET1.
You need to recommend a solution for deploying the web application.
Solution: Deploy the web application to a web app hosted in a Premium App
Service plan. Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION: 5
You are designing an Azure solution for a company that wants to move a .NET
Core web application
an on-premises data center to Azure. The web application relies on a Microsoft
SQL Server 2016
database on Windows Server 2016. The database server will not move to Azure.
A separate networking team is responsible for configuring network permissions.
The company uses Azure ExpressRoute and has an ExpressRoute gateway connected to
an Azure
virtual network named VNET1.
You need to recommend a solution for deploying the web application.
Solution: Deploy the web application to a web app hosted in an Isolated App
Service plan on VNET1.
Does this meet the goal?
A. Yes
B. No
Answer: B
Click here to view
complete Q&A of AZ-301 exam
Certkingdom Review,
Certkingdom PDF Torrents
Best Microsoft AZ-301 Certification, Microsoft AZ-301 Training at certkingdom.com