Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021)

Page 1 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 1 preview image

Page 2 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 2 preview image

Page 3 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 3 preview image

Exam Ref AZ-304Microsoft AzureArchitect DesignCertificationand BeyondDesign secure and reliable solutions for the realworld in Microsoft AzureBrett HargreavesBIRMINGHAM—MUMBAI

Page 4 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 4 preview image

Exam Ref AZ-304 Microsoft Azure ArchitectDesign Certification and BeyondCopyright © 2021 Packt PublishingAll rights reserved. No part of this book may be reproduced, stored in a retrieval system, ortransmitted in any form or by any means, without the prior written permission of the publisher,except in the case of brief quotations embedded in critical articles or reviews.Every effort has been made in the preparation of this book to ensure the accuracy of theinformation presented. However, the information contained in this book is sold withoutwarranty, either express or implied. Neither the author, nor Packt Publishing or its dealers anddistributors, will be held liable for any damages caused or alleged to have been caused directlyor indirectly by this book.Packt Publishing has endeavored to provide trademark information about all of the companiesand products mentioned in this book by the appropriate use of capitals. However, PacktPublishing cannot guarantee the accuracy of this information.Group Product Manager: Wilson D'souzaPublishing Product Manager: Rahul NairSenior Editor: Shazeen IqbalContent Development Editor: Romy DiasTechnical Editor: Nithik CheruvakodanCopy Editor: Safis EditingProject Coordinator: Shagun SainiProofreader: Safis EditingIndexer: Manju ArasanProduction Designer: Shankar KalbhorFirst published: June 2021Production reference: 1230621Published by Packt Publishing Ltd.Livery Place35 Livery StreetBirminghamB3 2PB, UK.ISBN 978-1-80056-693-4www.packt.com

Page 5 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 5 preview image

To the doctors, nurses, public health officials, and first responders who areprotecting us from COVID-19.

Page 6 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 6 preview image

ContributorsAbout the authorBased in the UK,Brett Hargreavesis a lead Azure consultant who has worked forsome of the world's biggest companies for over 25 years, helping them design and buildcutting-edge solutions. With a career spanning infrastructure, development, consulting,and architecture, he has been involved in projects covering the entire solution stack,including hardware, virtualization, databases, storage, software development, andthe cloud.He loves passing on his knowledge to others through books, blogging, and his onlinetraining courses, which have over 20,000 students (and counting!).I want to thank my amazing wife, Cathy, for giving me the space andsupport I've needed to write this book, even while the COVID-19global pandemic was raging around us. I'd also like to thank the manyexperienced professionals who I work with daily and who continuallyprovide exciting challenges that help deepen my knowledge. Finally, I wouldlike to thank the Packt team for giving me this opportunity to put myknowledge down on paper.

Page 7 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 7 preview image

About the reviewersSandeep Soniis an Azure Solutions Architect with expertise in designing, developing,and architecting Azure solutions. He has had experience with all the services offered onthe Azure cloud, including PaaS, IaaS, storage, virtual networking, and so on. He offersexpertise across the whole spectrum of software technology. As a Microsoft CertifiedTrainer with 25 years of IT experience, he is adept at technology training, includingcorporate training, live training, and online webinars. He has trained over 100,000individuals all over the world and delivered over 200 corporate training events acrossIndia and abroad in Microsoft Azure, covering development, infrastructure, security,architecture, Azure DevOps, orchestration microservices using Kubernetes and AzureService Fabric, C#, .NET Core, ASP.NET, and ASP.NET Core, to name a few.I would like to thank my family for their continued support andencouragement in everything that I do, and the team of Deccansoft,who manage background work while I am delivering training, earningcertifications, and making other contributions to the world of IT.Ricardo Cabralis a licensed computer engineer with several Microsoft certifications,and is also aMicrosoft Certified Trainer(MCT). Having worked in both administrationand development roles, with several years' experience in IT management, development,and projects, he now works as an IT consultant and trainer. In his spare time, he activelyparticipates in, volunteers, and speaks at technical community meetings.

Page 8 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 8 preview image

Page 9 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 9 preview image

PrefaceSection 1:Exploring Modern Architecture1Architecture for the CloudIntroducing architecture4Exploring the transition frommonolithic to microservices5Mainframe computing5Personal computing6Virtualization8Web apps, mobile apps, and APIs9Cloud computing11Migrating to the cloud fromon-premises13Understanding infrastructureand platform services15IaaS16PaaS16Moving from Waterfall to Agileprojects17Waterfall18Agile19IaC20Summary212Principles of Modern ArchitectureArchitecting for security24Knowing the enemy24How do they hack?25Defining your strategy26Networking and firewalls26Identity management27Patching28Application code28Data encryption29Defense-in-Depth30User education31Table of Contents

Page 10 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 10 preview image

Architecting for resilience andbusiness continuity32Defining requirements33Using architectural best practices34Testing and disaster recovery plans35Architecting for performance35Architecting for deployment37Architecting for monitoring andoperations39Monitoring for security40Monitoring for resilience40Monitoring for performance41Network monitoring41Monitoring for DevOps and applications41Summary42Further reading42Section 2:Identity and Security3Understanding User AuthenticationDifferentiating authenticationfrom authorization46Introducing Azure AD47Why AD?48Azure AD versus AD DS50Azure tenants52Azure AD editions53Integrating AD54Cloud native54Azure AD Connect55Password Hash Synchronization57Azure AD PTA58Password Writeback59Seamless SSO60Federated authentication61Azure AD Connect Health61Understanding conditionalaccess, MFA and securitydefaults63MFA64Security Defaults65Understanding and setting up CA65Using external identities70Multi-tenancy70Consumer applications – B2C71External user collaboration – B2B72Summary73Exam scenario73

Page 11 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 11 preview image

4Managing User AuthorizationTechnical requirements76Understanding Azure roles76Classic roles76Azure roles78Azure AD roles82Managing users with hierarchies84Management groups, subscriptions,and resource groups84Controlling access with PIM87Activating PIM88Just-In-Time elevated access89Managing risk with IdentityProtection97User risk97Sign-in risk98Summary100Exam solution1005Ensuring Platform GovernanceTechnical requirements102Applying tagging102Adding tags manually104Managing tags through AzurePowerShell105Managing tags in ARM templates106Using tags107Understanding Azure policies108Using policies and initiatives109Policy structure109Creating a policy and initiativedefinition112Assigning an initiative115Viewing the compliance dashboard116Creating a remediation task117Using virtual machine guestconfigurations118Best practices119Using Azure Blueprints119Creating a blueprint definition120Publishing and assigning a blueprint122Summary125Exam scenario126Further reading1266Building Application SecurityTechnical requirements128Introducing Azure Key Vault128Creating a key vault131Managing Key Vault secrets132Using Key Vault keys134Using Key Vault certificates136

Page 12 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 12 preview image

Access policies136Working with security principals138Creating the service principal138Setting the access policy139Creating the web app141Integrating applications into AzureActive Directory145Deploying a web app146Enabling AD integration148Using managed identities150Assigning a managed identity152Using managed identities in web apps153Summary154Exam Scenario155Further reading155Section 3:Infrastructure and Storage Components7Designing Compute SolutionsTechnical requirements160Understanding different typesof compute160Comparing compute options164Automating virtual machinemanagement176Architecting forcontainerization andKubernetes180Containerization180Azure Kubernetes Service182Pods185Summary187Exam scenario187Further reading1888Network Connectivity and SecurityTechnical requirements190Understanding Azurenetworking options190Understanding IP addressingand DNS in Azure191Understanding subnets and subnetmasks191Public IP addresses192Private IP addresses192Azure DNS194Azure private DNS zones196Azure public DNS zones196Implementing network security197Network Security Groups198Application Security Groups200

Page 13 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 13 preview image

Azure Firewall202Service endpoints204Private endpoint connections207Connectivity209VNET peering209VPN gateways210ExpressRoute214Routing214Load balancing and advancedtraffic routing216Azure Load Balancer216Azure Traffic Manager218Application Gateway219Azure Front Door222Choosing the right options224Summary225Exam scenario226Further reading2269Exploring Storage SolutionsTechnical requirements228Understanding storage types228Azure Storage accounts228Data classification232Operational decisions234VM disks238Designing storage security240Network protection240Authorization242Encryption246Auditing246Using storage managementtools247Azure Storage REST APIs247AzCopy248Azure Storage Explorer248Summary249Exam scenario250Further reading25010Migrating Workloads to AzureTechnical requirements252Assessing on-premises systems252The discovery phase253Understanding migrationoptions257Migrating virtual machines anddatabases258Migrating virtual machines258Migrating databases260

Page 14 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 14 preview image

Monitoring and optimizing yourmigration262Azure Monitor263Azure Cost Management264Azure Advisor264Summary266Exam scenario266Section 4:Applications and Databases11Comparing Application ComponentsTechnical requirements272Working with web applications272Using deployment slots273App services VNet Integration274Managing APIs with Azure APIGateway275Using API policies277Securing your APIs with subscriptionkeys278Client certificates279OAuth 2.0 and OpenID Connect279Understanding microservices281Using messaging and events283Azure Event Grid284Event Hubs287Storage queues288Azure Service Bus288Summary290Exam scenario290Further reading29112Creating Scalable and Secure DatabasesTechnical requirements294Selecting a database platform294Understanding SQL databases294NoSQL databases296Understanding databaseservice tiers298SQL Database tiers298Designing scalable databases306Using read replicas307Using database sharding309Securing databases withencryption311Summary314Exam scenario314Further reading315

Page 15 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 15 preview image

13Options for Data IntegrationTechnical requirements318Understanding data flows318Comparing integration tools319ADLS Gen2320Azure Data Factory323Exploring data analytics328Azure Databricks329Azure Synapse Analytics330Putting it all together332Summary332Exam scenario333Further reading33314High Availability and Redundancy ConceptsTechnical requirements336Understanding virtual machineavailability336Fault domains and update domains337Availability Zones338Azure virtual machine scale sets340Understanding Azure storageresiliency options342Understanding SQL databaseavailability342Understanding Cosmos DBavailability347Consistency levels349Summary350Exam scenario351Further reading352Section 5:Operations and Monitoring15Designing for Logging and MonitoringTechnical requirements356Understanding logs and storageoptions356Understanding data types and sources357Understanding log use cases358VM logging and monitoring363Understanding deployment options365Exploring monitoring tools367Activity logs368Azure Metrics369Azure alerts371

Page 16 of 16

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 16 preview image

Log Analytics workspaces374Understanding security andcompliance376Azure Security Center377Azure Defender378Azure Sentinel379Using cost management andreporting382Summary385Exam scenario386Further reading38616Developing Business ContinuityTechnical requirements388Understanding recoverysolutions388Understanding the Recovery TimeObjective (RTO)388Understanding the Recovery PointObjective (RPO)389Understanding Azure Backup options389Planning for Azure Backup390Understanding backup policies392Planning for Site Recovery394Understanding recovery plans396Planning for database backups398Understanding Azure SQL backups398Understanding Cosmos DB backups400Understanding the dataarchiving options402Summary404Exam scenario404Further reading40517Scripted Deployments and DevOps AutomationTechnical requirements408Exploring provisioning options408Looking at the Azure REST API409Choosing between PowerShelland the Azure CLI411Signing in to Azure412Selecting a subscription412Listing resource groups412Understanding ARM templates413Looking at Azure DevOps419Azure Repos420Azure Pipelines422Azure Artifacts426Summary426Exam scenario427Further reading427

Preview Mode

This document has 520 pages. Sign in to access the full document!

Report

Learning Tools

Writing Tools

Browse Resources

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond (2021) - Page 1

Study Now!

Document Details

Related Documents

Microsoft Azure Architect Technologies Study Companion: Exam AZ-300 and AZ-303 (2020)

Designing and Implementing Cloud-native Applications Using Microsoft Azure Cosmos DB: Study Companion for the DP-420 Exam (2023)

Microsoft Azure AI Fundamentals Certification Companion: AI-900 Exam (2023)

MCE Microsoft Certified Expert Cybersecurity Architect Study Guide: Exam SC-100 (2023)

Renewal assessment for Microsoft Certified: Azure Practice Exam with Answers (40 Solved Questions)

Azure Data Scientist Associate Certification Guide: DP-100 exam (2021)

Microsoft Azure Security Technologies Certification and Beyond: AZ-500 exam (2021)

Study Guide Exam 1Z0-816 and Exam 1Z0-817 (2020)

MCA Microsoft Certified Associate Azure Security Engineer Study Guide: Exam AZ-500 (2022)

MCA Microsoft Certified Associate Azure Administrator Study Guide: Exam AZ-104 (2022)

Company

Explore

Study Tools