Tag Archives: Microsoft Certified: Azure Solutions Architect Expert

Microsoft 365, Microsoft Azure

AZ-305 Designing Microsoft Azure Infrastructure Solutions (beta) Exam

Candidates for this exam should have advanced experience and knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platforms, and governance. A professional in this role should manage how decisions in each area affect an overall solution. In addition, they should have experience in Azure administration, Azure development, and DevOps processes.

The Microsoft Certified: Azure Solutions Architect Expert certification will be earned by completing the following requirements:

Earn the Microsoft Certified: Azure Administrator Associate certification and pass Exam AZ-305
or
Pass Exam AZ-303 (before it retires on March 31, 2022) and Exam AZ-305

NOTE: Passing score: 700. Learn more about exam scores here. Beta exams are not scored immediately because we are gathering data on the quality of the questions and the exam. Learn more about the value and importance of beta exams.

Part of the requirements for: Microsoft Certified: Azure Solutions Architect Expert

Related exams: none
Important: See details

Skills measured

Design identity, governance, and monitoring solutions (25-30%)
Design data storage solutions (25-30%)
Design business continuity solutions (10-15%)
Design infrastructure solutions (25-30%)

NOTE: Passing score: 700. Learn more about exam scores here.

Audience Profile
Candidates for the Azure Solutions Architect Expert certification should have subject matter expertise in designing cloud and hybrid solutions that run on Microsoft Azure, including compute, network, storage, monitoring, and security.
Responsibilities for this role include advising stakeholders and translating business requirements into designs for secure, scalable, and reliable Azure solutions.

An Azure Solutions Architect partners with developers, administrators, and other roles responsible for implementing solutions on Azure.

A candidate for this certification should have advanced experience and knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platforms, and governance. A professional in this role should manage how decisions in each area affect an overall solution. In addition, they should have experience in Azure administration, Azure development, and DevOps processes.

Skills Measured
NOTE: The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. This list is not definitive or exhaustive.
NOTE: Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Design Identity, Governance, and Monitoring Solutions (25-30%)
Design a solution for logging and monitoring
 design a log routing solution
 recommend an appropriate level of logging
 recommend monitoring tools for a solution

Design authentication and authorization solutions
 recommend a solution for securing resources with role-based access control
 recommend an identity management solution
 recommend a solution for securing identities

Design governance
 recommend an organizational and hierarchical structure for Azure resources
 recommend a solution for enforcing and auditing compliance

Design identities and access for applications
 recommend solutions to allow applications to access Azure resources
 recommend a solution that securely stores passwords and secrets
 recommend a solution for integrating applications into Azure Active Directory (Azure AD)
 recommend a user consent solution for applications

Design Data Storage Solutions (25-30%)
Design a data storage solution for relational data
 recommend database service tier sizing
 recommend a solution for database scalability
 recommend a solution for encrypting data at rest, data in transmission, and data in use

Design data integration
 recommend a solution for data integration
 recommend a solution for data analysis

Recommend a data storage solution
 recommend a solution for storing relational data
 recommend a solution for storing semi-structured data
 recommend a solution for storing non-relational data

Design a data storage solution for non-relational data
 recommend access control solutions to data storage
 recommend a data storage solution to balance features, performance, and cost
 design a data solution for protection and durability

Design Business Continuity Solutions (10-15%)
Design a solution for backup and disaster recovery
 recommend a recovery solution for Azure, hybrid, and on-premises workloads that meets recovery objectives (Recovery Time Objective [RTO], Recovery Level Objective [RLO],

Recovery Point Objective [RPO])
 understand the recovery solutions for containers
 recommend a backup and recovery solution for compute
 recommend a backup and recovery solution for databases
 recommend a backup and recovery solution for unstructured data

Design for high availability
 identify the availability requirements of Azure resources
 recommend a high availability solution for compute
 recommend a high availability solution for non-relational data storage
 recommend a high availability solution for relational data storage

Design Infrastructure Solutions (25-30%)
Design a compute solution
 recommend a virtual machine-based compute solution
 recommend an appropriately sized compute solution based on workload requirements
 recommend a container-based compute solution
 recommend a serverless-based compute solution

Design an application architecture
 recommend a caching solution for applications
 recommend a messaging architecture
 recommend an event-driven architecture
 recommend an automated deployment solution for your applications
 recommend an application configuration management solution
 recommend a solution for API integration

Design migrations
 evaluate a migration solution that leverages the Cloud Adoption Framework for Azure
 assess and interpret on-premises servers, data, and applications for migration
 recommend a solution for migrating applications and virtual machines
 recommend a solution for migrating databases
 recommend a solution for migrating unstructured data

Design network solutions
 recommend a network architecture solution based on workload requirements
 recommend a connectivity solution that connects Azure resources to the internet
 recommend a connectivity solution that connects Azure resources to on-premises networks
 optimize network performance for applications
 recommend a solution to optimize network security
 recommend a load balancing and routing solution

QUESTION 1
After you migrate App1 to Azure, you need to enforce the data modification requirements to meet the security and compliance requirements.
What should you do?

A. Create an access policy for the blob service.
B. Implement Azure resource locks.
C. Create Azure RBAC assignments.
D. Modify the access level of the blob service.

Answer: B

QUESTION 2
You need to recommend a solution to meet the database retention requirements.
What should you recommend?

A. Configure a long-term retention policy for the database.
B. Configure Azure Site Recovery.
C. Use automatic Azure SQL Database backups.
D. Configure geo-replication of the database.

Answer: A

QUESTION 3
You have an Azure subscription that contains a custom application named Application1. Application1 was
developed by an external company named Fabrikam, Ltd. Developers at Fabrikam were assigned role-based
access control (RBAC) permissions to the Application1 components. All users are licensed for the Microsoft 365 E5 plan.
You need to recommend a solution to verify whether the Fabrikam developers still require permissions to
Application1. The solution must meet the following requirements:
To the manager of the developers, send a monthly email message that lists the access permissions to Application1.
If the manager does not verify an access permission, automatically revoke that permission.
Minimize development effort.
What should you recommend?

A. In Azure Active Directory (Azure AD), create an access review of Application1.
B. Create an Azure Automation runbook that runs the Get-AzRoleAssignment cmdlet.
C. In Azure Active Directory (Azure AD) Privileged Identity Management, create a custom role assignment for the Application1 resources.
D. Create an Azure Automation runbook that runs the Get-AzureADUserAppRoleAssignment cmdlet.

Answer: A

Examkingdom Microsoft AZ-305 Exam pdf, Certkingdom Microsoft AZ-305 PDF

MCTS Training, MCITP Trainnig

Best Microsoft AZ-305 Certification, Microsoft AZ-305 Training at certkingdom.com

Microsoft Azure

AZ-304 Microsoft Azure Architect Design (beta) Exam

Skills measured
Design monitoring (10-15%)
Design identity and security (25-30%)
Design data storage (15-20%)
Design business continuity (10-15%)
Design infrastructure (25-30%)

Audience Profile
Candidates for this exam should have subject matter expertise in designing and implementing solutions that run on Microsoft Azure, including aspects like compute, network, storage, and security.
Responsibilities for an Azure Solution Architect include advising stakeholders and translating business requirements into secure, scalable, and reliable cloud solutions.
An Azure Solution Architect partners with cloud administrators, cloud DBAs, and clients to implement solutions.
A candidate for this exam should have advanced experience and knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance–this role should manage how decisions in each area affect an overall solution. In addition, this role should have expert-level skills in Azure administration and have experience with Azure development and DevOps processes.

Skills Measured
NOTE: The bullets that appear below each of the skills measured are intended to illustrate how we are assessing that skill. This list is not definitive or exhaustive.
NOTE: In most cases, exams do NOT cover preview features, and some features will only be added to an exam when they are GA (General Availability).

Design Monitoring (10-15%)
Design for cost optimization
• recommend a solution for cost management and cost reporting
• recommend solutions to minimize costs

Design a solution for logging and monitoring
• determine levels and storage locations for logs
• plan for integration with monitoring tools including Azure Monitor and Azure Sentinel
• recommend appropriate monitoring tool(s) for a solution
• choose a mechanism for event routing and escalation
• recommend a logging solution for compliance requirements

Design Identity and Security (25-30%)
Design authentication
• recommend a solution for single-sign on
• recommend a solution for authentication
• recommend a solution for Conditional Access, including multi-factor authentication
• recommend a solution for network access authentication
• recommend a solution for a hybrid identity including Azure AD Connect and Azure AD Connect Health
• recommend a solution for user self-service
• recommend and implement a solution for B2B integration

Design authorization
• choose an authorization approach
• recommend a hierarchical structure that includes management groups, subscriptions and resource groups
• recommend an access management solution including RBAC policies, access reviews, role assignments, physical access, Privileged Identity Management (PIM), Azure AD Identity Protection, Just In Time (JIT) access

Design governance
• recommend a strategy for tagging
• recommend a solution for using Azure Policy
• recommend a solution for using Azure Blueprint

Design security for applications
• recommend a solution that includes KeyVault
o What can be stored in KeyVault
o KeyVault operations
o KeyVault regions
• recommend a solution that includes Azure AD Managed Identities
• recommend a solution for integrating applications into Azure AD

Design Data Storage (15-20%)
Design a solution for databases
• select an appropriate data platform based on requirements
• recommend database service tier sizing
• recommend a solution for database scalability
• recommend a solution for encrypting data at rest, data in transmission, and data in use

Design data integration
• recommend a data flow to meet business requirements
• recommend a solution for data integration, including Azure Data Factory, Azure Data Bricks, Azure Data Lake, Azure Synapse Analytics

Select an appropriate storage account
• choose between storage tiers
• recommend a storage access solution
• recommend storage management tools

Design Business Continuity (10-15%)
Design a solution for backup and recovery
• recommend a recovery solution for Azure hybrid and on-premises workloads that meets recovery objectives (RTO, RLO, RPO)
• design and Azure Site Recovery solution
o recommend a site recovery replication policy
o recommend a solution for site recovery capacity
o recommend a solution for site failover and failback (planned/unplanned)
o recommend a solution for the site recovery network
• recommend a solution for recovery in different regions
• recommend a solution for Azure Backup management
• design a solution for data archiving and retention
o recommend storage types and methodology for data archiving
o identify business compliance requirements for data archiving
o identify requirements for data archiving
o identify SLA(s) for data archiving
o recommend a data retention policy

Design for high availability
• recommend a solution for application and workload redundancy, including compute, database, and storage
• recommend a solution for autoscaling
• identify resources that require high availability
• identify storage types for high availability
• recommend a solution for geo-redundancy of workloads

Design Infrastructure (25-30%)
Design a compute solution
• recommend a solution for compute provisioning
• determine appropriate compute technologies, including virtual machines, App Services, Service Fabric, Azure Functions, Windows Virtual Desktop, and containers
• recommend a solution for containers
o AKS versus ACI and the configuration of each one
• recommend a solution for automating compute management

Design a network solution
• recommend a solution for network addressing and name resolution
• recommend a solution for network provisioning
• recommend a solution for network security
o private endpoints
o Firewalls
o Gateways
• recommend a solution for network connectivity to the Internet, on-premises networks, and other Azure virtual networks
• recommend a solution for automating network management
• recommend a solution for load balancing and traffic routing

Design an application architecture
• recommend a microservices architecture including Event Grid, Event Hubs, Service Bus, Storage Queues, Logic Apps, Azure Functions, and webhooks
• recommend an orchestration solution for deployment of applications including ARM templates, Logic Apps, or Azure Functions
o select an automation method
o choose which resources or lifecycle steps will be automated
o design integration with other sources such as an ITSM solution
o recommend a solution for monitoring automation
• recommend a solution for API integration
o design an API gateway strategy
o determine policies for internal and external consumption of APIs
o recommend a hosting structure for API management
o recommend when and how to use API Keys

Design migrations
• assess and interpret on-premises servers, data, and applications for migration
• recommend a solution for migrating applications and VMs
• recommend a solution for migration of databases
o determine migration scope, including redundant, related, trivial, and outdated data


QUESTION 1
You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager
resource deployments in your subscription.
What should you include in the recommendation?

A. the Change Tracking management solution
B. Application Insights
C. Azure Monitor action groups
D. Azure Activity Log

Correct Answer: D

QUESTION 2
You have an Azure subscription that contains an Azure SQL database named DB1.
Several queries that query the data in DB1 take a long time to execute.
You need to recommend a solution to identify the queries that take the longest to execute.
What should you include in the recommendation?

A. SQL Database Advisor
B. Azure Monitor
C. Performance Recommendations
D. Query Performance Insight

Correct Answer: D

QUESTION 3
You have an on-premises Hyper-V cluster. The cluster contains Hyper-V hosts that run Windows Server 2016
Datacenter. The hosts are licensed under a Microsoft Enterprise Agreement that has Software Assurance.
The Hyper-V cluster contains 30 virtual machines that run Windows Server 2012 R2. Each virtual machine
runs a different workload. The workloads have predictable consumption patterns.
You plan to replace the virtual machines with Azure virtual machines that run Windows Server 2016. The
virtual machines will be sized according to the consumption pattern of each workload.
You need to recommend a solution to minimize the compute costs of the Azure virtual machines.
Which two recommendations should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Configure a spending limit in the Azure account center.
B. Create a virtual machine scale set that uses autoscaling.
C. Activate Azure Hybrid Benefit for the Azure virtual machines.
D. Purchase Azure Reserved Virtual Machine Instances for the Azure virtual machines.
E. Create a lab in Azure DevTest Labs and place the Azure virtual machines in the lab.

Correct Answer: CD

QUESTION 4
A company has a hybrid ASP.NET Web API application that is based on a software as a service (SaaS) offering.
Users report general issues with the data. You advise the company to implement live monitoring and use ad
hoc queries on stored JSON data. You also advise the company to set up smart alerting to detect anomalies in the data.
You need to recommend a solution to set up smart alerting.
What should you recommend?

A. Azure Site Recovery and Azure Monitor Logs
B. Azure Data Lake Analytics and Azure Monitor Logs
C. Azure Application Insights and Azure Monitor Logs
D. Azure Security Center and Azure Data Lake Store

Correct Answer: B

Actualkey Microsoft Azure AZ-304 exam pdf, Certkingdom Microsoft Azure AZ-304 PDF

MCTS Training, MCITP Trainnig

Best Microsoft Azure AZ-304 Certification, Microsoft Azure AZ-304 Training at certkingdom.com

Microsoft Azure

AZ-303 Microsoft Azure Architect Technologies (beta)

Candidates for this exam should have subject matter expertise in designing and implementing solutions that run on Microsoft Azure, including aspects like compute, network, storage, and security.

Responsibilities for an Azure Solution Architect include advising stakeholders and translating business requirements into secure, scalable, and reliable cloud solutions.

An Azure Solution Architect partners with cloud administrators, cloud DBAs, and clients to implement solutions.

A candidate for this exam should have advanced experience and knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance–this role should manage how decisions in each area affect an overall solution. In addition, this role should have expert-level skills in Azure administration and have experience with Azure development and DevOps processes.

Beta exams are not scored immediately because we are gathering data on the quality of the questions and the exam. Learn more about the value and importance of beta exams.
Part of the requirements for: Microsoft Certified: Azure Solutions Architect Expert
Related exams: 1 related exam

Skills measured
Implement and monitor an Azure infrastructure (50-55%)
Implement management and security solutions (25-30%)
Implement solutions for apps (10-15%)
Implement and manage data platforms (10-15%)

Audience Profile
Candidates for this exam should have subject matter expertise in designing and implementing solutions that run on Microsoft Azure, including aspects like compute, network, storage, and security.
Responsibilities for an Azure Solution Architect include advising stakeholders and translating business requirements into secure, scalable, and reliable cloud solutions.
An Azure Solution Architect partners with cloud administrators, cloud DBAs, and clients to implement solutions.

A candidate for this exam should have advanced experience and knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance–this role should manage how decisions in each area affect an overall solution. In addition, this role should have expert-level skills in Azure administration and have experience with Azure development and DevOps processes.

Skills Measured
NOTE: The bullets that appear below each of the skills measured are intended to illustrate how we are assessing that skill. This list is not definitive or exhaustive.
NOTE: In most cases, exams do NOT cover preview features, and some features will only be added to an exam when they are GA (General Availability).

Implement and Monitor an Azure Infrastructure (50-55%)
Implement cloud infrastructure monitoring
• monitor security
• monitor performance
o configure diagnostic settings on resources
o create a performance baseline for resources
o monitor for unused resources
o monitor performance capacity
o visualize diagnostics data using Azure Monitor

• monitor health and availability
o monitor networking
o monitor service health

• monitor cost
o monitor spend
o report on spend

• configure advanced logging
o implement and configure Azure Monitor insights, including App Insights, Networks, Containers
o configure a Log Analytics workspace

• configure logging for workloads
• initiate automated responses by using Action Groups
• configure and manage advanced alerts
o collect alerts and metrics across multiple subscriptions
o view Alerts in Azure Monitor logs
o NOT: create Log Analytics query

Implement storage accounts
• select storage account options based on a use case
• configure Azure Files and blob storage
• configure network access to the storage account
• implement Shared Access Signatures and access policies
• implement Azure AD authentication for storage
• manage access keys
• implement Azure storage replication
• implement Azure storage account failover

Implement VMs for Windows and Linux
• configure High Availability
• configure storage for VMs
• select virtual machine size
• implement Azure Dedicated Hosts
• deploy and configure scale sets
• configure Azure Disk Encryption

Automate deployment and configuration of resources
• save a deployment as an Azure Resource Manager template
• modify Azure Resource Manager template
• evaluate location of new resources
• configure a virtual disk template
• deploy from a template
• manage a template library
• create and execute an automation runbook

Implement virtual networking
• implement VNet to VNet connections
• implement VNet peering

Implement Azure Active Directory
• add custom domains
• configure Azure AD Identity Protection
• implement self-service password reset
• implement Conditional Access including MFA
• configure user accounts for MFA
• configure fraud alerts
• configure bypass options
• configure Trusted IPs
• configure verification methods
• implement and manage guest accounts
• manage multiple directories

Implement and manage hybrid identities
• install and configure Azure AD Connect
• identity synchronization options
• configure and manage password sync and password writeback
• configure single sign-on
• use Azure AD Connect Health

Implement Management and Security Solutions (25-30%)
Manage workloads in Azure
• migrate workloads using Azure Migrate
o assess infrastructure
o select a migration method
o prepare the on-premises for migration
o recommend target infrastructure
• implement Azure Backup for VMs
• implement disaster recovery
• implement Azure Update Management

Implement load balancing and network security
• implement Azure Load Balancer
• implement an application gateway
• implement a Web Application Firewall
• implement Azure Firewall
• implement the Azure Front Door Service
• implement Azure Traffic Manager
• implement Network Security Groups and Application Security Groups
• implement Bastion

Implement and manage Azure governance solutions
• create and manage hierarchical structure that contains management groups, subscriptions and resource groups
• assign RBAC roles
• create a custom RBAC role
• configure access to Azure resources by assigning roles
• configure management access to Azure
• interpret effective permissions
• set up and perform an access review
• implement and configure an Azure Policy
• implement and configure an Azure Blueprint

Manage security for applications
• implement and configure KeyVault
• implement and configure Azure AD Managed Identities
• register and manage applications in Azure AD

Implement Solutions for Apps (10-15%)
Implement an application infrastructure
• create and configure Azure App Service
• create an App Service Web App for Containers
• create and configure an App Service plan
• configure an App Service
• configure networking for an App Service
• create and manage deployment slots
• implement Logic Apps
• implement Azure Functions

Implement container-based applications
• create a container image
• configure Azure Kubernetes Service
• publish and automate image deployment to the Azure Container Registry
• publish a solution on an Azure Container Instance
o NOT: Service Fabric

Implement and Manage Data Platforms (10-15%)
Implement NoSQL databases
• configure storage account tables
• select appropriate CosmosDB APIs
• set up replicas in CosmosDB

Implement Azure SQL databases
• configure Azure SQL database settings
• implement Azure SQL Database managed instances
• configure HA for an Azure SQL database
• publish an Azure SQL database

QUESTION 1
You have an Azure subscription that contains 10 virtual machines on a virtual network.
You need to create a graph visualization to display the traffic flow between the virtual machines.
What should you do from Azure Monitor?

A. From Activity log, use quick insights.
B. From Metrics, create a chart.
C. From Logs, create a new query.
D. From Workbooks, create a workbook.

Correct Answer: C

QUESTION 2
You have an Azure subscription that contains 100 virtual machines.
You have a set of Pester tests in PowerShell that validate the virtual machine environment.
You need to run the tests whenever there is an operating system update on the virtual machines. The solution
must minimize implementation time and recurring costs.
Which three resources should you use to implement the tests? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Azure Automation runbook
B. an alert rule
C. an Azure Monitor query
D. a virtual machine that has network access to the 100 virtual machines
E. an alert action group

Correct Answer: A,B,E

QUESTION 3
You have an Azure subscription that contains an Azure Log Analytics workspace.
You have a resource group that contains 100 virtual machines. The virtual machines run Linux.
You need to collect events from the virtual machines to the Log Analytics workspace.
Which type of data source should you configure in the workspace?

A. Syslog
B. Linux performance counters
C. custom fields

Correct Answer: A

Actualkey AZ-303 exam pdf, Certkingdom Microsoft Certified AZ-303 PDF

MCTS Training, MCITP Trainnig

Best Microsoft Certified AZ-303 Certification, Microsoft Certified AZ-303 Training at certkingdom.com