AZ-300 Azure Architect Technologies Certification

8 minute read

I took AZ-300 exam today and cleared it :blush: , this was my first-ever official certification ever. Not that I didn’t value them earlier, was never motivated to take one. Even though I have around 5 years of solid experience in developing/architecting solutions on Azure, I hadn’t read or worked on many of the services that Azure has. Studying for the above said certification definitely helped in brushing and also exploring newer services that Azure has to offer.

Exam format was very simple and most of the questions were case study based, hence your experience on the subject do matter. I wanted to share some of the notes that I had made while preparing for the exam topicwise.

A big thanks to Gregor Suttie’s curated list of links to study, I have added a few myself along with some highlights.

Deploy and Configure Infrastructure (25-30%)

Analyze resource utilization and consumption

Configure diagnostic setting on resources

Create baseline for resources - Metrics alerts

Create and raise alerts; analyse alerts across subscription

Monitor for unused resources

Monitor spend; report on spend You have to be account admin to see billing, ways to monitor your costs

  1. Add tags to your resources to group your billing data
  2. Regularly check the portal for cost breakdown and burn rate
  3. Consider enabling cost cutting features like auto shutdown for VMs
  4. Turn on and check on azure advisor recommendations

Utilize Log Search query functions Log queries are used

  • Portals
  • Alert rules
  • Dashboards
  • Views
  • Export
  • Powershell
  • Log Analytics API
  • Application insights portal

Create and configure storage accounts

Create and configure Storage account

Configure network access to storage account

  • Firewall rules and Vnet endpoints
  • SAS token generated for IP address do not grant access beyond the configured Vnet rules
  • Virtual machine disk traffic is not affected by network rules but REST access to blobs are
  • Vnet service endpoint for azure storage
  • Only primary and paired region Vnets are allowed. i.e. A storage account created in central india can have Vnet created in central india and south india, across subscriptions under same tenant id

Monitor activity log by using Log Analytics

Storage account comprising of Diagnostic logs are added by default

Generate shared access signature

Account SAS

Service SAS

Storage Replication

  • Locally-redundant storage (LRS) - 1 instance in datacenter (11 9’s)
  • Zone-redundant storage (ZRS) - 3 instances in same datacenter but different zones (12 9’s)
  • Geo-redundant storage (GRS) - 2 instances in different regions (16 9s)
  • Read-access GRS - 2 instance in different region with read access on secondary regions (16 9’s), In GRS RPO is less than 15 mins

Install and use Azure Storage Explorer

Manage access keys

Create and configure a VM for windows and linux

VMs Important

  • Disks
    • OS Disk - Created by default, can go up to 2 TB, should not be used for applications and data
  • Temporary Disk
    • Created by default, size based on VM size, not for data used by application to process faster. SSD
  • Data Disks
    • Not created by default, should be used to install applications and store data. For each VM’s vCPU 4 data disks can be attached
  • Standard (HDD) disk and Premium (SSD) disks

Deploy and configure scale sets

Configure High availability

Configure monitoring, networking, storage, and virtual machine size

  • Boot diagnostics are not enabled by default must be configured while creating the VM
  • Host Metrics are collected by default and can be viewed from portal
  • Diagnostic extension needs to be enabled (“Enable guest level monitoring” ) to collect VM metrics and can be viewed from portal
  • Updates to VM can be managed using OMS solution and Hybrid worker concept

Automate deployment of Virtual Machines (VMs)

Modify Azure Resource Manager (ARM) template

Configure location of new VMs

Configure VHD template

Deploy from template, Save a deployment as a template

Deploy windows and linux VMs

Create connectivity between virtual networks

Create and configure VNET peering; create and configure VNET to VNET

  • For peering Vnet should be in the same region
  • Should not have overlapping IP Addresses
  • No derived transitive relationship

Verify virtual network connectivity;

Create a virtual network gateway

Implement and manage virtual networking

Configure private and public IP addresses

Network routes

Configure network interfaces

Configure subnets, and virtual network

Manage Azure Active Directory (AD)

Add custom domains

configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming

configure self-service password reset

Implement conditional access policies

Manage multiple directories

Perform an access review

Implement and manage hybrid identities

Install and configure Azure AD Connect

Configure federation and single sign on

Manage AD connect

manage password sync and writeback

Implement Workloads and Security (20-25%)

Migrate servers to Azure

Migrate by using ASR, Migrate using P2V, configure storage account

Create a backup vault

Prepare source and target environments

Backup and restore  data

Deploy Azure Site Recovery (ASR) agent

Prepare virtual network

Configure Serverless Computing

Create and manage objects

Manage a logic app resource Do a little bit of hands-on

Manage Azure function app settings

Manage Eventgrid Webhook triggers need validation for custom endpoints through validation code or ValidationURL

Manage Servicebus

  • Namespaces
  • Queues
  • Topics
  • Message sessions
  • Auto-forwarding
  • Dead-Lettering
  • Scheduled-delivery
  • Message deferral
  • Batching
  • Transactions
  • Filtering and actions
  • Auto-delete on idle
  • Duplication detection
  • SAS, RBAC and MSI

Implement application load balancing

Configure application gateway and load balancing rules

Level 7 Load balancer

  • Autoscaling
  • Static Virtual IP
  • SSL Termination
  • AKS Ingress
  • Connection draining - Graceful removal of backend pools
  • Custom error pages
  • Web application firewall - OWASP
  • URL Based routing
  • Multiple Site hosting
  • Redirection (http - https)
  • Session affinity
  • Websocket and HTTP/2 traffic
  • Rewrite HTTP Headers

Implement front end ip configurations

Level 4 load balancer

Two types

  • Internal Load balancer
  • Public load balancer

Manage application load balancing

Integrate on premises network with Azure virtual network

Create and configure Azure VPN Gateway

Create and configure Site to Site VPN

Configure Express Route

Verify On-Premises connectivity

Manage on premise connectivity with azure

Manage role-based access control (RBAC)

Create a custom role

Configure access to Azure resources by assigning roles

Configure management access to Azure; Implement RBAC policies

Troubleshoot RBAC

Implement Multi-Factor authentication

Enable MFA for an Azure Tenant; configure user accounts for MFA

Disabled, Enabled and Enforced

configure fraud alerts

configure bypass options

Configure trusted Ips Trusted Ips only work on ipv4

Two types

  • Managed : Specific range of IP address
  • Federated : All federated users

Configure verification methods

  • Phone call
  • SMS
  • Notification APP
  • Verification code from mobile app or hardware token

Repeated topics

  • manage role-based access control (RBAC)
  • implement RBAC policies
  • assign RBAC Roles
  • configure access to Azure resources by assigning roles
  • configure management access to Azure

Create and Deploy Apps (5-10%)

Create web applications by using PaaS

This would definitely needs some hands-on experience.

Create an Azure app service web app by using Azure CLI, PowerShell, and other tools

create documentation for the API by using open source and other tools

create an App Service Web App for containers

create an App Service background task by using WebJobs

Create app or service that runs on Service Fabric

I didn’t go through much here as I have more than 2 years experience on service fabric.

  • Develop a stateful Reliable Service and a stateless Reliable Service
  • Develop an actor-based Reliable Service
  • Write code to consume Reliable Collections in your service

Design and develop applications that run in containers

Configure diagnostic settings on resources

create a container image by using a Docker file

create an Azure Container Service (ACS/AKS) cluster by using the Azure CLI and Azure Portal

publish an image to the Azure Container Registry

implement an application that runs on an Azure Container Instance

implement container instances by using Azure Container Service (ACS/AKS), Azure Service Fabric, and other tools; manage container settings by using code

Implement Authentication and Secure data (5-10%)

Implement authentication

Implement authentication by using certificates, forms-based authentication, tokens, Windows-integrated authentication

Implement multi-factor authentication by using Azure AD options

Implement secure data solutions

Encrypt and decrypt data at rest

Disk backup is not enabled by default.

Encrypt data with Always Encrypted

Implement Azure Confidential Compute and SSL/TLS communications

Manage cryptographic keys in the Azure Key Vault

Develop for Cloud (20-25%)

Again, I had skim through this topic as its mostly experienced based.

Configure a message-based integration architecture

Configure an app or service to send emails, Event Grid, and the Azure Relay Service

Create and configure Notification Hub, Event Hub, and Service Bus

configure queries across multiple products

Develop for autoscaling

Implement autoscaling rules and patterns (schedule, operational/system metrics, code that addresses singleton application instances)

Implement code that addresses transient state

Happy Coding !!!

Leave a comment