Tôi đã qua bài thi az-304 như nào

Mình vừa hoàn thành xong bài thi Az-304 và merge vào Exam 303 để lấy về certificate azure solution experts.

Mục tiêu bài thi của mình là để qualify được khả năng học của mình đến đâu và support cho công việc và làm đẹp cho cái CV. hihi

qua bài thi thì mình có 1 số material để nếu các bạn có hứng thú thì có thể follow theo material này

Yêu cầu: Hiểu về azure concept và các services như nào. Hand-ons trên tối thiểu 6 months. Ngoài ra cần có các exp sau:

• Hiểu về on-premises virtualization technologies, including VMs, Hyper-Vm virtual networking and virtual hard disk
• hiểu về Mô hình OSI hay TCP/IP, DNS, VPNs, firewall và encryption technologies.
• Hiểu về AD bao gồm domains, forests, domain controllers, replication và Kerberos protocol
• Hiểu về Azure AD
• Hiểu về tính sao lưu vào phục hồi, mô hình sao lưu phục hồi hay phòng chống thảm hoạ
• Hiểu về chia sẻ trách nhiệm nghĩa vụ trên cloud. ref Shared responsibility in the cloud - Microsoft Azure | Microsoft Docs

Về material học và hand-ons

• Material chuẩn nhất là của microsoft: Exam AZ-304: Microsoft Azure Architect Design - Learn | Microsoft Docs => cho phép các bạn có cái nhìn tổng quan về bài thi này, forcus những gì 😀 và ngoài ra còn có các module đi kèm để tự train.

• Bài dạy thì ref của: AZ-301/AZ-304 Azure Architect Design Exam Prep 2020 | Udemy | Udemy của Scott Duffy và Microsoft Azure Architect Design (AZ-304) Path | Pluralsight
• Về mindmap để follow các services và feature: Mind Map of the Microsoft Azure Architecture Center image (coggle.it)
• Resource Lab: MicrosoftLearning/AZ-304-Microsoft-Azure-Architect-Design (github.com)

Chi tiết các modules | sections

Design Monitoring (10-15%)

Design for cost optimization

• recommend a solution for cost management and cost reporting
  • Manage Azure costs and usage
  • What is Azure Cost Management and Billing?
  • Quickstart: Explore and analyze costs with cost analysis
• recommend solutions to minimize costs
  • Reduce service costs using Azure Advisor
  • Azure Reserved VM Instances (RIs)
  • What are Azure Reservations?
  • How to reduce the costs of your Azure IaaS VMs (Thomas Maurer)

Design a solution for logging and monitoring

• determine levels and storage locations for logs
  • Logs in Azure Monitor
  • Azure diagnostic logs
  • Enable diagnostics logging for apps in Azure App Service
  • Create diagnostic setting to collect platform logs and metrics in Azure
• plan for integration with monitoring tools including Azure Monitor and Azure Sentinel
  • Azure Monitor overview
  • Tutorial: Collect and analyze resource logs from an Azure resource
  • What is Azure Sentinel?
  • Quickstart: On-board Azure Sentinel
• recommend appropriate monitoring tool(s) for a solution
  • Azure Monitor overview
  • Best practices for monitoring cloud applications
• choose a mechanism for event routing and escalation
  • What is Azure Event Grid?
  • Stream Azure monitoring data to an event hub
  • Create and manage action groups in the Azure portal
• recommend a logging solution for compliance requirements
  • Azure security logging and auditing
  • Azure security management and monitoring overview
  • What is Azure Security Center?

Design Identity and Security (25-30%)

Design authentication

• recommend a solution for single-sign on
  • Azure Active Directory Seamless Single Sign-On
  • Single sign-on to applications in Azure Active Directory
  • Configure SaaS apps for B2B collaboration
  • Azure Active Directory Seamless Single Sign-On: Quick start
  • Azure Active Directory Seamless Single Sign-On: Frequently asked questions
• recommend a solution for authentication
  • Authentication basics
  • Authentication flows and application scenarios
• recommend a solution for Conditional Access, including multi-factor authentication
  • Conditional Access: Require MFA for all users
  • Conditional Access: Risk-based Conditional Access
  • Tutorial: Secure user sign-in events with Azure Multi-Factor Authentication
• recommend a solution for network access authentication
  • Quickstart: Configure named locations in Azure Active Directory
  • What is the location condition in Azure Active Directory Conditional Access?
• recommend a solution for a hybrid identity including Azure AD Connect and Azure AD Connect Health
  • Custom installation of Azure AD Connect
  • Select which installation type to use for Azure AD Connect
  • Azure Active Directory Connect Health operations
  • What is Azure AD Connect?
• recommend a solution for user self-service
  • Plan an Azure Active Directory self-service password reset
• recommend and implement a solution for B2B integration
  • What is guest user access in Azure Active Directory B2B?
  • Compare B2B collaboration and B2C in Azure Active Directory

Design authorization

• choose an authorization approach
  • Authentication basics
• recommend a hierarchical structure that includes management groups, subscriptions and resource groups
  • Overview of Management services in Azure
  • Azure Resource Manager overview
  • Organize your resources with Azure management groups
  • Create management groups for resource organization and management
  • Manage Azure Resource Manager resource groups by using the Azure portal
  • Azure subscription and service limits, quotas, and constraints
• recommend an access management solution including RBAC policies, access reviews, role assignments, physical access, Privileged Identity Management (PIM), Azure AD Identity Protection, Just In Time (JIT) access
  • Add or remove role assignments using Azure RBAC and the Azure portal
  • What is role-based access control (RBAC) for Azure resources?
  • Quickstart: View the access a user has to Azure resources
  • What are Azure AD access reviews?
  • What is Azure Active Directory Identity Protection?
  • Secure your management ports with just-in-time access
  • What is Azure AD Privileged Identity Management?

Design governance

• recommend a strategy for tagging
  • Use tags to organize your Azure resources
  • Use Azure Tags to organize Resources (Thomas Maurer)
• recommend a solution for using Azure Policy
  • What is Azure Policy?
  • Tutorial: Create and manage policies to enforce compliance
• recommend a solution for using Azure Blueprint
  • What is Azure Blueprints?
  • Quickstart: Define and assign a blueprint in the portal

Design security for applications

• recommend a solution that includes KeyVault
  • What is Azure Key Vault?
  • About keys, secrets, and certificates
• recommend a solution that includes Azure AD Managed Identities
  • What are managed identities for Azure resources?
  • Use a Windows VM system-assigned managed identity to access Resource Manager
• recommend a solution for integrating applications into Azure AD
  • Tutorial: Register an application in Azure Active Directory B2C

Design Data Storage (15-20%)

Choose the right data store

Design a solution for databases

• select an appropriate data platform based on requirements
  • What is the Azure SQL Database service?
  • Choose the right deployment option in Azure SQL
• recommend database service tier sizing
  • Azure SQL Database service tiers
  • General purpose service tier – Azure SQL Database
• recommend a solution for database scalability
  • Scalability
• recommend a solution for encrypting data at rest, data in transmission, and data in use
  • Azure Data Encryption-at-Rest
  • Azure encryption overview
  • Transparent data encryption for SQL Database and Azure Synapse

Design data integration

• recommend a data flow to meet business requirements
  • Create Azure Data Factory Data Flow
  • Source transformation in mapping data flow
• recommend a solution for data integration, including Azure Data Factory, Azure Data Bricks, Azure Data Lake, Azure Synapse Analytics
  • What is Azure Data Factory?
  • What is Azure Databricks?
  • What is Azure Data Lake Storage Gen1?
  • Introduction to Azure Data Lake Storage Gen2
  • What is Azure Synapse Analytics (formerly SQL DW)?

Select an appropriate storage account

• choose between storage tiers
  • Azure Blob storage: hot, cool, and archive access tiers
• recommend a storage access solution
  • Manage storage account access keys
  • Introduction to Azure Storage
  • Authorize access to blobs and queues using Azure Active Directory
• recommend storage management tools
  • Microsoft client tools for working with Azure Storage
  • Get started with AzCopy

Design Business Continuity (10-15%)

Design a solution for backup and recovery

• recommend a recovery solution for Azure hybrid and on-premises workloads that meets recovery objectives (RTO, RLO, RPO)
  • About Site Recovery
  • General questions about Azure Site Recovery
  • Common questions about VMware to Azure replication
  • Common questions – Hyper-V to Azure disaster recovery
  • What is the Azure Backup service?
  • Azure Backup architecture and components
  • Azure Backup Server protection matrix
• design and Azure Site Recovery solution
  • About Site Recovery
  • General questions about Azure Site Recovery
• recommend a solution for recovery in different regions
  • Set up disaster recovery to a secondary Azure region for an Azure VM
  • Azure Storage redundancy
  • Disaster recovery and account failover (preview)
  • Designing highly available applications using read-access geo-redundant storage
• recommend a solution for Azure Backup management
  • Monitor and manage Recovery Services vaults
  • Azure Backup architecture and components
• design a solution for data archiving and retention
  • Manage the Azure Blob storage lifecycle
  • Azure Blob storage: hot, cool, and archive access tiers

Design for high availability

• recommend a solution for application and workload redundancy, including compute, database, and storage
  • What are Availability Zones in Azure?
  • Tutorial: Create and deploy highly available virtual machines with Azure PowerShell
  • Azure Storage redundancy
  • High-availability and Azure SQL Database
  • Overview of business continuity with Azure SQL Database
• recommend a solution for autoscaling
  • What are virtual machine scale sets?
  • Autoscaling
  • Overview of autoscale in Microsoft Azure Virtual Machines, Cloud Services, and Web Apps
  • Dynamically scale database resources with minimal downtime
  • Scaling out with Azure SQL Database
• identify resources that require high availability
  • Review your data options
  • Achieving Compliant Data Residency and Security with Azure (White Paper)
• identify storage types for high availability
  • Disaster recovery and account failover (preview)
• recommend a solution for geo-redundancy of workloads
  • Azure Storage redundancy
  • What is Traffic Manager?

Design Infrastructure (25-30%)

Design a compute solution

• recommend a solution for compute provisioning
  • Choose an Azure compute service for your application
• determine appropriate compute technologies, including virtual machines, App Services, Service Fabric, Azure Functions, Windows Virtual Desktop, and containers
  • Choose an Azure compute service for your application
  • App Service
  • Azure Kubernetes Service (AKS)
  • Batch
  • Container Instances
  • Functions
  • Service Fabric
  • Virtual machines
  • What is Windows Virtual Desktop?
• recommend a solution for containers
  • Azure Kubernetes Service (AKS)
  • What is Azure Container Instances?
  • Introduction to private Docker container registries in Azure
• recommend a solution for automating compute management
  • An introduction to Azure Automation
  • Overview – What is Azure Logic Apps?

Design a network solution

• recommend a solution for network addressing and name resolution
  • Name resolution for resources in Azure virtual networks
  • Use Azure DNS to provide custom domain settings for an Azure service
  • Tutorial: Host your domain in Azure DNS
  • Quickstart: Create an Azure private DNS zone using the Azure portal
• recommend a solution for network provisioning
  • What is Azure Virtual Network?
  • Virtual network service endpoint policies for Azure Storage
  • Virtual Network service endpoints
• recommend a solution for network security
  • Network security groups
  • Application security groups
  • Virtual network service endpoints
  • Virtual network security FAQ
  • What is Azure Firewall?
• recommend a solution for network connectivity to the Internet, on-premises networks, and other Azure virtual networks
  • What is VPN Gateway?
  • ExpressRoute overview
• recommend a solution for automating network management
  • What is Azure Virtual Network?
• recommend a solution for load balancing and traffic routing
  • Overview of load-balancing options in Azure
  • Front Door
  • Traffic Manager
  • Application Gateway
  • Azure Load Balancer

Design an application architecture

• recommend a microservices architecture including Event Grid, Event Hubs, Service Bus, Storage Queues, Logic Apps, Azure Functions, and webhooks
  • Microservices architecture style
  • Event Grid
  • Event Hub
  • Service Bus
  • Storage Queues
  • Logic Apps
  • Azure Functions
  • webhooks
• recommend an orchestration solution for deployment of applications including ARM templates, Logic Apps, or Azure Functions
  • Extend Azure Resource Manager template functionality
  • Azure Resource Manager templates overview
  • Tutorial: Create and deploy your first Azure Resource Manager template
  • Logic Apps
  • Azure Functions
• recommend a solution for API integration
  • Basic enterprise integration on Azure
  • API Management
  • Integration Services

Design migrations

• assess and interpret on-premises servers, data, and applications for migration
  • Azure migration center
  • About Azure Migrate
  • Prepare VMware VMs for assessment and migration to Azure
  • Assess VMware VMs by using Azure Migrate Server Assessment
  • About assessments in Azure Migrate
  • Assess the readiness of a SQL Server data estate migrating to Azure SQL Database using the Data Migration Assistant
• recommend a solution for migrating applications and VMs
  • About Azure Migrate
  • Select a VMware migration option
• recommend a solution for migration of databases
  • Assess the readiness of a SQL Server data estate migrating to Azure SQL Database using the Data Migration Assistant
  • SQL Server Migration Assistant