AZ-303 Azure Architect Technologies : Study Guide
--
I passed my AZ-303 exam in June 2021. The exam consisted of around MCQs and 1 case study. You can find my badge here :
What follows is the study guide I created based on the exam skills outline to help me prepare. Hope this helps you too. Cheers!
Implement and Monitor an Azure Infrastructure (50–55%)
Implement cloud infrastructure monitoring
Basics
- https://docs.microsoft.com/en-us/azure/azure-monitor/overview
- https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
- https://docs.microsoft.com/en-us/learn/modules/design-monitoring-strategy-on-azure/
- https://docs.microsoft.com/en-us/learn/modules/incident-response-with-alerting-on-azure/
Monitor security
- https://docs.microsoft.com/en-us/learn/modules/secure-vms-with-azure-security-center/
- https://docs.microsoft.com/en-us/learn/modules/identify-threats-with-azure-security-center/
- https://docs.microsoft.com/en-us/learn/modules/resolve-threats-with-azure-security-center/
- https://docs.microsoft.com/en-us/learn/modules/monitor-report-aad-security-events/
Monitor performance
- https://docs.microsoft.com/en-us/azure/azure-monitor/app/azure-web-apps?tabs=net
- https://docs.microsoft.com/en-us/learn/modules/instrument-web-app-code-with-application-insights/
- https://docs.microsoft.com/en-us/learn/modules/capture-page-load-times-application-insights/
Monitor health and availability
- https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability
- https://docs.microsoft.com/en-us/learn/modules/app-service-autoscale-rules/
Monitor cost
- https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/quick-acm-cost-analysis?tabs=azure-portal
- https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/cost-mgt-alerts-monitor-usage-spending
- https://docs.microsoft.com/en-us/learn/modules/analyze-costs-create-budgets-azure-cost-management/
Configure advanced logging
- https://docs.microsoft.com/en-us/learn/modules/capture-application-logs-app-service/
- https://docs.microsoft.com/en-us/learn/modules/aspnet-logging/
- https://docs.microsoft.com/en-us/learn/modules/analyze-infrastructure-with-azure-monitor-logs/
Initiate automated responses by using Action Groups
Configure and manage advanced alerts
Implement storage accounts
Select storage account options based on a use case
- https://docs.microsoft.com/en-us/learn/modules/choose-storage-approach-in-azure/
- https://docs.microsoft.com/en-us/learn/modules/create-azure-storage-account/
Configure Azure Files and Azure Blob storage
Configure network access to the storage account
Implement Shared Access Signatures and access policies
- https://husseinsalman.com/securing-access-to-azure-storage-part-4-shared-access-signature/
- https://husseinsalman.com/securing-access-to-azure-storage-part-5-stored-access-policy/
Implement Azure AD authentication for storage
Manage access keys
Implement Azure storage replication | Implement Azure storage account failover
Implement VMs for Windows and Linux
Configure High Availability
- https://docs.microsoft.com/en-us/azure/virtual-machines/availability-set-overview
- https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets
- https://docs.microsoft.com/en-us/azure/availability-zones/az-overview?context=/azure/virtual-machines/context/context
Configure storage for VMs
Select virtual machine size
- https://docs.microsoft.com/en-us/learn/modules/create-linux-virtual-machine-in-azure/
- https://docs.microsoft.com/en-us/learn/modules/create-windows-virtual-machine-in-azure/
- https://docs.microsoft.com/en-us/learn/modules/manage-virtual-machines-with-azure-cli/
Implement Azure Dedicated Hosts
- https://www.altaro.com/hyper-v/azure-dedicated-host/
- https://www.vembu.com/blog/an-overview-of-creating-azure-dedicated-hosts/
Deploy and configure scale sets
Configure Azure Disk Encryption
Automate deployment and configuration of resources
Save a deployment as an Azure Resource Manager template
Modify Azure Resource Manager template
- https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview
- https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-first-template?tabs=azure-powershell
- https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/quickstart-create-templates-use-the-portal
- https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-cli
- https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-powershell
- https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/quickstart-create-templates-use-visual-studio-code?tabs=CLI
Evaluate location of new resources
Configure a VHD template
Deploy from a template
- https://docs.microsoft.com/en-us/learn/modules/build-azure-vm-templates/
Manage an image library
- https://docs.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries
- https://azure.microsoft.com/en-us/blog/azure-shared-image-gallery-now-generally-available/
Create and execute an automation runbook
Implement virtual networking
Implement VNet to VNet connections
- https://docs.microsoft.com/en-us/learn/modules/connect-on-premises-network-with-vpn-gateway/
- https://docs.microsoft.com/en-us/learn/modules/connect-on-premises-network-with-expressroute/
- https://docs.microsoft.com/en-us/learn/modules/control-network-traffic-flow-with-routes/
- https://docs.microsoft.com/en-us/learn/modules/design-ip-addressing-for-azure/
Implement VNet peering
Implement Azure Active Directory
Basics
- https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-ad/
- https://docs.microsoft.com/en-us/learn/modules/create-users-and-groups-in-azure-active-directory/
Add custom domains
Configure Azure AD Identity Protection
- https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
- https://docs.microsoft.com/en-us/learn/modules/protect-identities-with-aad-idp/
- https://docs.microsoft.com/en-us/learn/modules/m365-identity-cultural-shift/
Implement self-service password reset
Implement conditional access including MFA
- https://docs.microsoft.com/en-us/learn/modules/secure-aad-users-with-mfa/
- https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Configure fraud alerts
Configure verification methods
Implement and manage guest accounts
Manage multiple directories
Implement and manage hybrid identities
Install and configure Azure AD Connect
Identity synchronization options
- https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity
- https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
Configure and manage password sync and password writeback
- https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback
- https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback
Configure single sign-on
- https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso
- https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
Configure Azure AD Connect cloud sync
- https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/what-is-cloud-sync
- https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/tutorial-pilot-aadc-aadccp
Use Azure AD Connect Health
Implement Management and Security Solutions (25%-30%)
Manage workloads in Azure
Migrate workloads using Azure Migrate
Implement Azure Backup for VMS
Implement disaster recovery
- https://docs.microsoft.com/en-us/learn/modules/protect-on-premises-infrastructure-with-azure-site-recovery/
- https://docs.microsoft.com/en-us/learn/modules/protect-infrastructure-with-site-recovery/
Implement Azure Automation Update Management
Implement load balancing and network security
Implement Azure Load Balancer
Implement an Azure application Gateway
Implement Web Application Firewall
- https://docs.microsoft.com/en-us/learn/modules/introduction-azure-web-application-firewall/
- https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
Implement Azure Firewall
Implement Azure Firewall Manager
- https://docs.microsoft.com/en-us/azure/firewall-manager/overview
- https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview
- https://docs.microsoft.com/en-us/azure/firewall-manager/deployment-overview
- https://docs.microsoft.com/en-us/azure/firewall-manager/secure-cloud-network
Implement Azure Front Door
- https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-front-door/
- https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overview
- https://docs.microsoft.com/en-us/azure/frontdoor/quickstart-create-front-door
- https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview
Implement Azure Traffic Manager
Implement Network Security Groups | Implement Application Security Groups
Implement Bastion
Implement and manage Azure governance solutions
Create and manage hierarchical structure that contains management groups, subscriptions and resource groups
- https://docs.microsoft.com/en-us/learn/modules/build-cloud-governance-strategy-azure/
- https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
- https://docs.microsoft.com/en-us/azure/governance/management-groups/create-management-group-portal
- https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription
Assign RBAC roles
Create a custom RBAC role | Configure access to Azure resources by assigning roles
Configure management access to Azure
- https://docs.microsoft.com/en-us/learn/modules/control-and-organize-with-azure-resource-manager/
- https://docs.microsoft.com/en-us/learn/modules/manage-subscription-access-azure-rbac/
Interpret effective permissions
- https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions
- https://docs.microsoft.com/en-us/azure/role-based-access-control/check-access
Set up and perform an access review
- https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-start-security-review
- https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-perform-security-review
Implement and configure Azure Policy
Implement and configure Azure Blueprints
Manage Security for applications
Implement and configure key vault
- https://docs.microsoft.com/en-us/learn/modules/configure-and-manage-azure-key-vault/
- https://docs.microsoft.com/en-us/learn/modules/manage-secrets-with-azure-key-vault/
- https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-key-vault?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&tabs=portal
- https://docs.microsoft.com/en-us/azure/key-vault/general/backup?tabs=azure-cli
- https://docs.microsoft.com/en-us/learn/modules/protect-against-security-threats-azure/
Implement and configure Managed Identities
- https://docs.microsoft.com/en-us/learn/modules/authenticate-apps-with-managed-identities/
- https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm
Register and manage applications in Azure AD
- https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad
- https://docs.microsoft.com/en-us/azure/app-service/tutorial-auth-aad?pivots=platform-windows
- https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
- https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-expose-web-apis
- https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis
- https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest#configure-the-app-manifest
Implement Solutions for Apps (10%-15%)
Implement an application infrastructure
Create and configure Azure App Service
- https://docs.microsoft.com/en-us/learn/modules/host-a-web-app-with-azure-app-service/
- https://docs.microsoft.com/en-us/learn/modules/design-a-geographically-distributed-application/
Create an App Service Web app for containers
Create and configure an App Service Plan
- https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans
- https://docs.microsoft.com/en-us/learn/modules/app-service-scale-up-scale-out/
Configure App Service
Configure networking for App Service
- https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions
- https://docs.microsoft.com/en-us/azure/app-service/networking-features
- https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet
Create and manage deployment slots
Implement Logic Apps
Implement Azure Functions
Implement container-based applications
Create a container image
Configure Azure Kubernetes Service
Publish and automate image management by using the Azure Container Registry
Deploy a solution on an Azure Container Instance
Implement and Manage Data Platforms (10%-15%)
Implement NoSQL databases
Configure Azure Storage account tables
- https://docs.microsoft.com/en-us/azure/storage/tables/table-storage-overview
- https://docs.microsoft.com/en-us/azure/storage/tables/table-storage-quickstart-portal
Select appropriate Cosmos DB APIs | Set up replicas in Cosmos DB
Implement Azure SQL databases
Configure Azure SQL database settings
- https://docs.microsoft.com/en-us/learn/modules/azure-database-fundamentals/
- https://docs.microsoft.com/en-us/learn/modules/provision-azure-sql-db/
- https://docs.microsoft.com/en-us/learn/modules/scale-sql-databases-elastic-pools/
- https://docs.microsoft.com/en-us/learn/modules/migrate-sql-server-relational-data/
- https://docs.microsoft.com/en-us/learn/modules/develop-app-that-queries-azure-sql/
- https://docs.microsoft.com/en-us/learn/modules/azure-sql-intro/
- https://docs.microsoft.com/en-us/learn/modules/azure-sql-performance/
Implement Azure SQL managed instances
- https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/sql-managed-instance-paas-overview
- https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/instance-create-quickstart
Configure HA for an Azure SQL database
Deploy an Azure SQL database
