Languages: English
Audiences: IT professionals
Technology: Microsoft Azure
Skills measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.
Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.
If you have concerns about specific questions on this exam, please submit an exam challenge.
If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.
Determine Workload Requirements (10-15%)
Gather Information and Requirements
May include but not limited to: Identify compliance requirements, identity and access management infrastructure, and service-oriented architectures (e.g., integration patterns, service design, service discoverability); identify accessibility (e.g. Web Content Accessibility Guidelines), availability (e.g. Service Level Agreement), capacity planning and scalability, deploy-ability (e.g., repositories, failback, slot-based deployment), configurability, governance, maintainability (e.g. logging, debugging, troubleshooting, recovery, training), security (e.g. authentication, authorization, attacks), and sizing (e.g. support costs, optimization) requirements; recommend changes during project execution (ongoing); evaluate products and services to align with solution; create testing scenarios
Optimize Consumption Strategy
May include but not limited to: Optimize app service, compute, identity, network, and storage costs
Design an Auditing and Monitoring Strategy
May include but not limited to: Define logical groupings (tags) for resources to be monitored; determine levels and storage locations for logs; plan for integration with monitoring tools; recommend appropriate monitoring tool(s) for a solution; specify mechanism for event routing and escalation; design auditing for compliance requirements; design auditing policies and traceability requirements
Design for Identity and Security (20-25%)
Design Identity Management
May include but not limited to: Choose an identity management approach; design an identity delegation strategy, identity repository (including directory, application, systems, etc.); design self-service identity management and user and persona provisioning; define personas and roles; recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based)
Design Authentication
May include but not limited to: Choose an authentication approach; design a single-sign on approach; design for IPSec, logon, multi-factor, network access, and remote authentication
Design Authorization
May include but not limited to: Choose an authorization approach; define access permissions and privileges; design secure delegated access (e.g., oAuth, OpenID, etc.); recommend when and how to use API Keys.
Design for Risk Prevention for Identity
May include but not limited to: Design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access); evaluate agreements involving services or products from vendors and contractors; update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures
Design a Monitoring Strategy for Identity and Security
May include but not limited to: Design for alert notifications; design an alert and metrics strategy; recommend authentication monitors
Design a Data Platform Solution (15-20%)
Design a Data Management Strategy
May include but not limited to: Choose between managed and unmanaged data store; choose between relational and non-relational databases; design data auditing and caching strategies; identify data attributes (e.g., relevancy, structure, frequency, size, durability, etc.); recommend Database Transaction Unit (DTU) sizing; design a data retention policy; design for data availability, consistency, and durability; design a data warehouse strategy
Design a Data Protection Strategy
May include but not limited to: Recommend geographic data storage; design an encryption strategy for data at rest, for data in transmission, and for data in use; design a scalability strategy for data; design secure access to data; design a data loss prevention (DLP) policy
Design and Document Data Flows
May include but not limited to: Identify data flow requirements; create a data flow diagram; design a data flow to meet business requirements; design a data import and export strategy
Design a Monitoring Strategy for the Data Platform
May include but not limited to: Design for alert notifications; design an alert and metrics strategy
Design a Business Continuity Strategy (15-20%)
Design a Site Recovery Strategy
May include but not limited to: Design a recovery solution; design a site recovery replication policy; design for site recovery capacity and for storage replication; design site failover and failback (planned/unplanned); design the site recovery network; recommend recovery objectives (e.g., Azure, on-prem, hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO), Recovery Point Objective (RPO)); identify resources that require site recovery; identify supported and unsupported workloads; recommend a geographical distribution strategy
Design for High Availability
May include but not limited to: Design for application redundancy, autoscaling, data center and fault domain redundancy, and network redundancy; identify resources that require high availability; identify storage types for high availability
Design a disaster recovery strategy for individual workloads
May include but not limited to: Design failover/failback scenario(s); document recovery requirements; identify resources that require backup; recommend a geographic availability strategy
Design a Data Archiving Strategy
May include but not limited to: Recommend storage types and methodology for data archiving; identify requirements for data archiving and business compliance requirements for data archiving; identify SLA(s) for data archiving
Design for Deployment, Migration, and Integration (10-15%)
Design Deployments
May include but not limited to: Design a compute, container, data platform, messaging solution, storage, and web app and service deployment strategy
Design Migrations
May include but not limited to: Recommend a migration strategy; design data import/export strategies during migration; determine the appropriate application migration, data transfer, and network connectivity method; determine migration scope, including redundant, related, trivial, and outdated data; determine application and data compatibility
Design an API Integration Strategy
May include but not limited to: Design an API gateway strategy; determine policies for internal and external consumption of APIs; recommend a hosting structure for API management
Design an Infrastructure Strategy (15-20%)
Design a Storage Strategy
May include but not limited to: Design a storage provisioning strategy; design storage access strategy; identify storage requirements; recommend a storage solution and storage management tools
Design a Compute Strategy
May include but not limited to: Design compute provisioning and secure compute strategies; determine appropriate compute technologies (e.g., virtual machines, functions, service fabric, container instances, etc.); design an Azure HPC environment; identify compute requirements; recommend management tools for compute
Design a Networking Strategy
May include but not limited to: Design network provisioning and network security strategies; determine appropriate network connectivity technologies; identify networking requirements; recommend network management tools
Design a Monitoring Strategy for Infrastructure
May include but not limited to: Design for alert notifications; design an alert and metrics strategy
Preparation options
Instructor-led training
Who should take this exam?
Candidates for this exam are Azure Solution Architects who advise stakeholders and translates business requirements into secure, scalable, and reliable solutions.
Candidates should have advanced experience and knowledge across various aspects of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data management, budgeting, and governance. This role requires managing how decisions in each area affects an overall solution.
Candidates must be proficient in Azure administration, Azure development, and DevOps, and have expert-level skills in at least one of those domains.
Audiences: IT professionals
Technology: Microsoft Azure
Skills measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.
Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.
If you have concerns about specific questions on this exam, please submit an exam challenge.
If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.
Determine Workload Requirements (10-15%)
Gather Information and Requirements
May include but not limited to: Identify compliance requirements, identity and access management infrastructure, and service-oriented architectures (e.g., integration patterns, service design, service discoverability); identify accessibility (e.g. Web Content Accessibility Guidelines), availability (e.g. Service Level Agreement), capacity planning and scalability, deploy-ability (e.g., repositories, failback, slot-based deployment), configurability, governance, maintainability (e.g. logging, debugging, troubleshooting, recovery, training), security (e.g. authentication, authorization, attacks), and sizing (e.g. support costs, optimization) requirements; recommend changes during project execution (ongoing); evaluate products and services to align with solution; create testing scenarios
Optimize Consumption Strategy
May include but not limited to: Optimize app service, compute, identity, network, and storage costs
Design an Auditing and Monitoring Strategy
May include but not limited to: Define logical groupings (tags) for resources to be monitored; determine levels and storage locations for logs; plan for integration with monitoring tools; recommend appropriate monitoring tool(s) for a solution; specify mechanism for event routing and escalation; design auditing for compliance requirements; design auditing policies and traceability requirements
Design for Identity and Security (20-25%)
Design Identity Management
May include but not limited to: Choose an identity management approach; design an identity delegation strategy, identity repository (including directory, application, systems, etc.); design self-service identity management and user and persona provisioning; define personas and roles; recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based)
Design Authentication
May include but not limited to: Choose an authentication approach; design a single-sign on approach; design for IPSec, logon, multi-factor, network access, and remote authentication
Design Authorization
May include but not limited to: Choose an authorization approach; define access permissions and privileges; design secure delegated access (e.g., oAuth, OpenID, etc.); recommend when and how to use API Keys.
Design for Risk Prevention for Identity
May include but not limited to: Design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access); evaluate agreements involving services or products from vendors and contractors; update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures
Design a Monitoring Strategy for Identity and Security
May include but not limited to: Design for alert notifications; design an alert and metrics strategy; recommend authentication monitors
Design a Data Platform Solution (15-20%)
Design a Data Management Strategy
May include but not limited to: Choose between managed and unmanaged data store; choose between relational and non-relational databases; design data auditing and caching strategies; identify data attributes (e.g., relevancy, structure, frequency, size, durability, etc.); recommend Database Transaction Unit (DTU) sizing; design a data retention policy; design for data availability, consistency, and durability; design a data warehouse strategy
Design a Data Protection Strategy
May include but not limited to: Recommend geographic data storage; design an encryption strategy for data at rest, for data in transmission, and for data in use; design a scalability strategy for data; design secure access to data; design a data loss prevention (DLP) policy
Design and Document Data Flows
May include but not limited to: Identify data flow requirements; create a data flow diagram; design a data flow to meet business requirements; design a data import and export strategy
Design a Monitoring Strategy for the Data Platform
May include but not limited to: Design for alert notifications; design an alert and metrics strategy
Design a Business Continuity Strategy (15-20%)
Design a Site Recovery Strategy
May include but not limited to: Design a recovery solution; design a site recovery replication policy; design for site recovery capacity and for storage replication; design site failover and failback (planned/unplanned); design the site recovery network; recommend recovery objectives (e.g., Azure, on-prem, hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO), Recovery Point Objective (RPO)); identify resources that require site recovery; identify supported and unsupported workloads; recommend a geographical distribution strategy
Design for High Availability
May include but not limited to: Design for application redundancy, autoscaling, data center and fault domain redundancy, and network redundancy; identify resources that require high availability; identify storage types for high availability
Design a disaster recovery strategy for individual workloads
May include but not limited to: Design failover/failback scenario(s); document recovery requirements; identify resources that require backup; recommend a geographic availability strategy
Design a Data Archiving Strategy
May include but not limited to: Recommend storage types and methodology for data archiving; identify requirements for data archiving and business compliance requirements for data archiving; identify SLA(s) for data archiving
Design for Deployment, Migration, and Integration (10-15%)
Design Deployments
May include but not limited to: Design a compute, container, data platform, messaging solution, storage, and web app and service deployment strategy
Design Migrations
May include but not limited to: Recommend a migration strategy; design data import/export strategies during migration; determine the appropriate application migration, data transfer, and network connectivity method; determine migration scope, including redundant, related, trivial, and outdated data; determine application and data compatibility
Design an API Integration Strategy
May include but not limited to: Design an API gateway strategy; determine policies for internal and external consumption of APIs; recommend a hosting structure for API management
Design an Infrastructure Strategy (15-20%)
Design a Storage Strategy
May include but not limited to: Design a storage provisioning strategy; design storage access strategy; identify storage requirements; recommend a storage solution and storage management tools
Design a Compute Strategy
May include but not limited to: Design compute provisioning and secure compute strategies; determine appropriate compute technologies (e.g., virtual machines, functions, service fabric, container instances, etc.); design an Azure HPC environment; identify compute requirements; recommend management tools for compute
Design a Networking Strategy
May include but not limited to: Design network provisioning and network security strategies; determine appropriate network connectivity technologies; identify networking requirements; recommend network management tools
Design a Monitoring Strategy for Infrastructure
May include but not limited to: Design for alert notifications; design an alert and metrics strategy
Preparation options
Instructor-led training
Who should take this exam?
Candidates for this exam are Azure Solution Architects who advise stakeholders and translates business requirements into secure, scalable, and reliable solutions.
Candidates should have advanced experience and knowledge across various aspects of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data management, budgeting, and governance. This role requires managing how decisions in each area affects an overall solution.
Candidates must be proficient in Azure administration, Azure development, and DevOps, and have expert-level skills in at least one of those domains.
QUESTION: 1
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
• Provide access to the full .NET framework.
• Provide redundancy if an Azure region fails.
• Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy a web app in an Isolated App Service plan.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION: 2
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
• Provide access to the full .NET framework.
• Provide redundancy if an Azure region fails.
• Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy a virtual machine scale set that uses autoscaling.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION: 3
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
• Provide access to the full .NET framework.
• Provide redundancy if an Azure region fails.
• Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy an Azure virtual machine to two Azure regions, and you deploy an Azure
Application Gateway.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION: 4
You are designing an Azure solution for a company that wants to move a .NET Core web application
an on-premises data center to Azure. The web application relies on a Microsoft SQL Server 2016
database on Windows Server 2016. The database server will not move to Azure.
A separate networking team is responsible for configuring network permissions.
The company uses Azure ExpressRoute and has an ExpressRoute gateway connected to an Azure
virtual network named VNET1.
You need to recommend a solution for deploying the web application.
Solution: Deploy the web application to a web app hosted in a Premium App Service plan. Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION: 5
You are designing an Azure solution for a company that wants to move a .NET Core web application
an on-premises data center to Azure. The web application relies on a Microsoft SQL Server 2016
database on Windows Server 2016. The database server will not move to Azure.
A separate networking team is responsible for configuring network permissions.
The company uses Azure ExpressRoute and has an ExpressRoute gateway connected to an Azure
virtual network named VNET1.
You need to recommend a solution for deploying the web application.
Solution: Deploy the web application to a web app hosted in an Isolated App Service plan on VNET1.
Does this meet the goal?
A. Yes
B. No
Answer: B
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
• Provide access to the full .NET framework.
• Provide redundancy if an Azure region fails.
• Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy a web app in an Isolated App Service plan.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION: 2
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
• Provide access to the full .NET framework.
• Provide redundancy if an Azure region fails.
• Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy a virtual machine scale set that uses autoscaling.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION: 3
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
• Provide access to the full .NET framework.
• Provide redundancy if an Azure region fails.
• Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy an Azure virtual machine to two Azure regions, and you deploy an Azure
Application Gateway.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION: 4
You are designing an Azure solution for a company that wants to move a .NET Core web application
an on-premises data center to Azure. The web application relies on a Microsoft SQL Server 2016
database on Windows Server 2016. The database server will not move to Azure.
A separate networking team is responsible for configuring network permissions.
The company uses Azure ExpressRoute and has an ExpressRoute gateway connected to an Azure
virtual network named VNET1.
You need to recommend a solution for deploying the web application.
Solution: Deploy the web application to a web app hosted in a Premium App Service plan. Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION: 5
You are designing an Azure solution for a company that wants to move a .NET Core web application
an on-premises data center to Azure. The web application relies on a Microsoft SQL Server 2016
database on Windows Server 2016. The database server will not move to Azure.
A separate networking team is responsible for configuring network permissions.
The company uses Azure ExpressRoute and has an ExpressRoute gateway connected to an Azure
virtual network named VNET1.
You need to recommend a solution for deploying the web application.
Solution: Deploy the web application to a web app hosted in an Isolated App Service plan on VNET1.
Does this meet the goal?
A. Yes
B. No
Answer: B
No comments:
Post a Comment