×

Docendo discimus ⛅️

My notes on the AZ-301 certification Exam

The AZ-301 is one of the two required exams to achieve the Azure Solutions Architect Expert certification.

Contrary to the AZ-300 which has lab based exercises on the actual Azure portal this one is scenario based with multiple options questions. Similar to the old MCSE certification exams.

That doesn’t make it easy, again. If the person is not familiar with Azure, no luck. There must be theoretical and practical experience to pass it.

Looking at the official guide which can be found here:  https://www.microsoft.com/en-us/learning/azure-solutions-architect.aspx  – There’s plenty of questions related to, at least in my exam:

  • Identity
  • create and configure storage account
  • manage access keys
  • implement Azure storage replication

Create and configure a Virtual Machine (VM) for Windows and Linux

  • configure high availability
  • configure monitoring, networking, storage, and virtual machine size
  • deploy and configure scale sets

Automate deployment of Virtual Machines (VMs)

  • Modify Azure Resource Manager template
  • configure location of new VMs
  • configure VHD template
  • deploy from template
  • save a deployment as an Azure Resource Manager template
  • deploy Windows and Linux VMs

Implement and manage hybrid identities

  • install and configure Azure AD Connect
  • configure federation and single sign-on
  • manage Azure AD Connect
  • manage password sync and writeback

Manage Azure Active Directory (AD)

  • add custom domains
  • configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming
  • configure self-service password reset
  • implement conditional access policies

Create connectivity between virtual networks

  • create and configure VNET peering
  • create and configure VNET to VNET

Note: Make sure you understand why on-premise IP addressing must be different to the one in an Azure tenant

Migrate servers to Azure

  • migrate by using Azure Site Recovery
  • migrate using P2V
  • configure storage
  • create a backup vault
  • prepare source and target environments
  • backup and restore data
  • deploy Azure Site Recovery agent

Configure serverless computing

  • manage a Logic App resource
  • manage Azure Function app settings
  • manage Event Grid
  • manage Service Bus

Note: Get to understand the differences between the Service Bus and the Event Grid

Design and develop apps that run in containers

  • configure diagnostic settings on resources
  • create a container image by using a Docker file
  • create an Azure Kubernetes Service
  • publish an image to the Azure Container Registry

Note: Make sure to understand well the current container offering in the platform. It’s not a big topic with many questions but when to use which service is fundamental.

Create and deploy apps

Create web apps by using PaaS

Note: Have a clear understanding of what a webjob is and when would you use one.

  • implement OAuth2 authentication

Note: What OAuth2 is and what scenarios have a need of it

Implement secure data solutions

  • encrypt and decrypt data at rest and in transit
  • encrypt data with Always Encrypted

Note: Understand when yo use encryption in storage accounts and SQL PaaS

  • recommend recovery objectives (e.g., Azure, on-prem, hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO), Recovery Point Objective (RPO))

Note: Understand the SLAs of the services covered in the exam: VM’s, Scale Sets, Availability Sets, SQL PaaS, Storage accounts, Traffic Manager, Application Gateway

Also, Understand why the Azure Application Gateway can be used as a reverse proxy

I studied over 6-8 hours a week during a month, 40 hours to prepare this exam on top of the experience worked for me.