Skills Measured
A candidate for this exam should have advanced experience and knowledge
of IT operations, including networking, virtualization, identity,
security, business continuity, disaster recovery, data platform,
budgeting, and governance–this role should manage how decisions in each
area affect an overall solution. In addition, this role should have
expert-level skills in Azure administration and have experience with
Azure development and DevOps processes.
Design Monitoring (10-15%)
Design for cost optimization
·
Recommend a solution for cost management and cost reporting
·
Recommend solutions to minimize costs
Design a solution for logging and monitoring
·
Determine levels and storage locations for logs
·
Plan for integration with monitoring tools including Azure Monitor and
Azure Sentinel
·
Recommend appropriate monitoring tool(s) for a solution
·
Choose a mechanism for event routing and escalation
·
Recommend a logging solution for compliance requirements
Design Identity and Security (25-30%)
Design authentication
·
Recommend a solution for single-sign on
·
Recommend a solution for authentication
·
Recommend a solution for Conditional Access, including multi-factor
authentication
·
Recommend a solution for network access authentication
·
Recommend a solution for a hybrid identity including Azure AD Connect
and Azure AD
Connect Health
·
Recommend a solution for user self-service
·
Recommend and implement a solution for B2B integration
·
NOT: federation with ADFS or PingFederate
Design authorization
·
Choose an authorization approach
·
Recommend a hierarchical structure that includes management groups,
subscriptions and
resource groups
·
Recommend an access management solution including RBAC policies, access
reviews, role assignments, Privileged Identity Management (PIM), Azure
AD Identity Protection,
·
Recommend a strategy for tagging
·
Recommend a solution for using Azure Policy
·
Recommend a solution for using Azure Blueprint
·
Recommend a solution that leverages Azure Resource Graph
Design security for applications
·
Recommend a solution that includes KeyVault
·
Recommend a solution that includes Managed Identities
·
Recommend a solution for integrating applications into Azure AD
Design Data Storage (15-20%)
Design a solution for databases
·
Select an appropriate data platform based on requirements
·
Recommend database service tier sizing
·
Recommend a solution for database scalability
·
Recommend a solution for encrypting data at rest, data in transmission,
and data in use
Design data integration
·
Recommend a data flow to meet business requirements
·
Recommend a solution for data integration, including Azure Data
Factory, Azure Data
Bricks, Azure Data Lake, Azure Synapse Analytics
Select an appropriate storage account
·
Choose between storage tiers
·
Recommend a storage access solution
·
Recommend storage management tools
Design Business Continuity (10-15%)
Design a solution for backup and recovery
·
Recommend a recovery solution for Azure hybrid and on-premises
workloads that meets recovery objectives (RTO, RLO, RPO)
·
Resign and Azure Site Recovery solution
·
Recommend a solution for recovery in different regions
·
Recommend a solution for geo-redundancy of workloads
·
Recommend a solution for Azure Backup management
·
Resign a solution for data archiving and retention
Design for high availability
·
Recommend a solution for application and workload redundancy, including
compute,
database, and storage
·
Recommend a solution for auto scaling
·
Identify resources that require high availability
·
Identify storage types for high availability
Design Infrastructure (25-30%)
Design a compute solution
·
Recommend a solution for compute provisioning
·
Determine appropriate compute technologies, including virtual machines,
App Services,
·
Service Fabric, Azure Functions, Windows Virtual Desktop, Batch, HPC
and containers
·
Recommend a solution for containers
·
Recommend a solution for automating compute management
Design a network solution
·
Recommend a network architecture (hub and spoke, Virtual WAN)
·
Recommend a solution for network addressing and name resolution
·
Recommend a solution for network provisioning
·
Recommend a solution for network security including private Link,
firewalls, gateways, network segmentation (perimeter
networks/DMZs/NVAs)
·
Recommend a solution for network connectivity to the Internet,
on-premises networks, and other Azure virtual networks
·
Recommend a solution for automating network management
·
Recommend a solution for load balancing and traffic routing
Design an application architecture
·
Recommend a micro services architecture including Event Grid, Event
Hubs, Service Bus,
Storage Queues, Logic Apps, Azure Functions, Service Fabric, AKS, Azure
App
Configuration and webhooks
·
Recommend an orchestration solution for deployment and maintenance of
applications
including ARM templates, Azure Automation, Azure Pipelines, Logic Apps,
or Azure
Functions
·
Recommend a solution for API integration
Design migrations
·
Assess and interpret on-premises servers, data, and applications for
migration
·
Recommend a solution for migrating applications and VMs
·
Recommend a solution for migration of databases
·
Determine migration scope, including redundant, related, trivial, and
outdated data
·
Recommend a solution for migrating data (Storage Migration Service,
Azure Data Box,
Azure File Sync-based migration to hybrid file server)
The exam guide below shows the changes that were implemented on January
27, 2021.
Design Monitoring (10-15%)
Design for cost optimization
·
Recommend a solution for cost management and cost reporting
·
Recommend solutions to minimize costs
Design a solution for logging and monitoring
·
Determine levels and storage locations for logs
·
Plan for integration with monitoring tools including Azure Monitor and
Azure Sentinel
·
Recommend appropriate monitoring tool(s) for a solution
·
Choose a mechanism for event routing and escalation
·
Recommend a logging solution for compliance requirements
Design Identity and Security (25-30%)
Design authentication
·
Recommend a solution for single-sign on
·
Recommend a solution for authentication
·
Recommend a solution for Conditional Access, including multi-factor
authentication
·
Recommend a solution for network access authentication
·
Recommend a solution for a hybrid identity including Azure AD Connect
and Azure AD
·
Connect Health
·
Recommend a solution for user self-service
·
Recommend and implement a solution for B2B integration
·
NOT: federation with ADFS or PingFederate
Design authorization
·
Choose an authorization approach
·
Recommend a hierarchical structure that includes management groups,
subscriptions and
resource groups
·
Recommend an access management solution including RBAC policies, access
reviews,
role assignments, physical access, Privileged Identity Management
(PIM), Azure AD
Identity Protection, Just In Time (JIT) access
Design governance
·
Recommend a strategy for tagging
·
Recommend a solution for using Azure Policy
·
Recommend a solution for using Azure Blueprint
·
Recommend a solution that leverages Azure Resource Graph
Design security for applications
·
Recommend a solution that includes KeyVault
·
Recommend a solution that includes Azure AD Managed Identities
·
Recommend a solution for integrating applications into Azure AD
Design Data Storage (15-20%)
Design a solution for databases
·
Select an appropriate data platform based on requirements
·
Recommend database service tier sizing
·
Recommend a solution for database scalability
·
Recommend a solution for encrypting data at rest, data in transmission,
and data in use
Design data integration
·
Recommend a data flow to meet business requirements
·
Recommend a solution for data integration, including Azure Data
Factory, Azure Data
Bricks, Azure Data Lake, Azure Synapse Analytics
Select an appropriate storage account
·
Choose between storage tiers
·
Recommend a storage access solution
·
Recommend storage management tools
Design Business Continuity (10-15%)
Design a solution for backup and recovery
·
Recommend a recovery solution for Azure hybrid and on-premises
workloads that meets, recovery objectives (RTO, RLO, RPO)
·
Design and Azure Site Recovery solution
·
Recommend a solution for recovery in different regions
·
Recommend a solution for geo-redundancy of workloads
·
Recommend a solution for Azure Backup management
·
Design a solution for data archiving and retention
Design for high availability
·
Recommend a solution for application and workload redundancy, including
compute,
database, and storage
·
Recommend a solution for auto scaling
·
Identify resources that require high availability
·
Identify storage types for high availability
Design Infrastructure (25-30%)
Design a compute solution
·
Recommend a solution for compute provisioning
·
Determine appropriate compute technologies, including virtual machines,
App Services,
·
Service Fabric, Azure Functions, Windows Virtual Desktop, Batch, HPC
and containers
·
Recommend a solution for containers
·
Recommend a solution for automating compute management
Design a network solution
·
Recommend a network architecture (hub and spoke, Virtual WAN)
·
Recommend a solution for network addressing and name resolution
·
Recommend a solution for network provisioning
·
Recommend a solution for network security including private Link,
firewalls, gateways,
network segmentation (perimeter networks/DMZs/NVAs)
·
Recommend a solution for network connectivity to the Internet,
on-premises networks,
and other Azure virtual networks
·
Recommend a solution for automating network management
·
Recommend a solution for load balancing and traffic routing
Design an application architecture
·
Recommend a micro services architecture including Event Grid, Event
Hubs, Service Bus,
Storage Queues, Logic Apps, Azure Functions, Service Fabric, AKS, Azure
App
Configuration and webhooks
·
Recommend an orchestration solution for deployment and maintenance of
applications
Including ARM templates, Azure Automation, Azure Pipelines, Logic Apps,
or Azure
Functions
·
Recommend a solution for API integration
Design migrations
·
Assess and interpret on-premises servers, data, and applications for
migration
·
Recommend a solution for migrating applications and VMs
·
Recommend a solution for migration of databases
·
Determine migration scope, including redundant, related, trivial, and
outdated data
·
Recommend a solution for migrating data (Storage Migration Service,
Azure Data Box,
Azure File Sync-based migration to hybrid file server)
No comments:
Post a Comment