AZ-300 study guide materials

Skills measured:

• Deploy and configure infrastructure
• Implement workloads and security
• Create and deploy apps
• Implement authentication and secure data
• Develop for the cloud and for Azure storage

Additional Links:

• Study Notes for the AZ-300 exam
• Pluralsight course
• A Cloud Guru course
• Udemy course

Deploy and configure infrastructure (25-30%)

Hands-on Training:

• OPENedX Course:Deploy and Configure Infrastructure
• Packt Exam Guide

Analyze resource utilization and consumption

• configure diagnostic settings on resources
• create baseline for resources
• create and test alerts
• analyze alerts across subscription
• analyze metrics across subscription
• create action groups
• monitor for unused resources
• monitor spend
• report on spend
• utilize Log Search query functions
• view alerts in Azure Monitor logs
• visualize diagnostics data using Azure Monitor Workbooks

Create and configure storage accounts

• configure network access to the storage account
• create and configure storage account
• generate shared access signature
• implement Azure AD authentication for storage
• install and use Azure Storage Explorer
• manage access keys
• monitor activity log by using Azure Monitor logs
• implement Azure storage replication
• implement Azure storage account failover

Create and configure a Virtual Machine (VM) for Windows and Linux (Windows,Linux)

• configure high availability (Windows,Linux)
• configure monitoring, networking, storage, and virtual machine size
  • Windows
    • Monitoring
    • Networking
    • Storage
    • VM size
  • Linux
    • Monitoring
    • Networking (Virtual Network creation for Linux VM, Manage Networking)
    • Storage (Create/Manage Disks, Manage Storage)
    • VM size
• implement dedicated hosts (https://docs.microsoft.com/en-us/azure/virtual-machines/windows/dedicated-hosts)
• deploy and configure scale sets (Windows, Linux)

Automate deployment of Virtual Machines (VMs)

• modify Azure Resource Manager template (Portal, VS Code, Visual Studio)
• configure location of new VMs
• configure VHD template
• deploy from template (Portal, CLI, Powershell)
• save a deployment as an Azure Resource Manager template
• deploy Windows and Linux VMs (Windows, Linux)

Create connectivity between virtual networks

• create and configure VNET peering
• create and configure VNET to VNET (Portal, Powershell, CLI)
• verify virtual network connectivity
• create virtual network gateway (Portal, Powershell, CLI)

Implement and manage virtual networking

• configure private and public IP addresses, network routes, network interface, subnets, and virtual network
• create and configure Network Security Groups and Application Security Groups

Manage Azure Active Directory (AD)

• add custom domains
• configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming
• configure self-service password reset
• implement conditional access policies
• manage multiple directories
• perform an access review

Implement and manage hybrid identities

• install and configure Azure AD Connect
• configure federation and single sign-on
• manage Azure AD Connect
• troubleshoot password sync and writeback

Implement solutions that use virtual machines (VM)

• Provision VMs
  • Windows (Portal, Powershell, CLI)
  • Linux (Portal, Powershell, CLI)
• create Azure Resource Manager templates (Portal, VS Code, Visual Studio)
• configure Azure Disk Encryption for VMs (Windows, Linux)
• implement Azure Backup for VMs

Implement workloads and security (20-25%)

Migrate servers to Azure

• ~~migrate using P2V~~
• migrate servers using Azure Migrate
• ~~configure storage~~
• ~~create a recovery services vault~~
• ~~prepare source~~
• backup and restore data
• ~~deploy Azure Site Recovery agent~~
• ~~prepare virtual network~~

Configure serverless computing

• create and manage objects
• manage a Logic App resource
• manage Azure Function app settings
• manage Event Grid
• manage Service Bus

Implement application load balancing

• configure application gateway
• ~~configure application gateway and load balancing rules~~
• ~~implement application gateway front end IP configurations~~
• ~~troubleshoot application gateway loadbalancing~~
• configure Azure Front Door service
• configure Azure Traffic Manager

Integrate on-premises network with Azure virtual network

• create and configure Azure VPN Gateway (Portal, CLI, PowerShell)
• create and configure site to site VPN (Portal, CLI, PowerShell)
• configure Express Route
• configure Virtual WAN
• verify on-premises connectivity
• manage on-premises connectivity with Azure

Implement Multi-Factor Authentication (MFA)

• enable MFA for an Azure tenant
• configure user accounts for MFA
• configure fraud alerts
• configure bypass options
• configure trusted IPs
• configure verification methods

Manage role-based access control (RBAC)

• create a custom role
• configure access to Azure resources by assigning roles (Portal, CLI, PowerShell, REST))
• configure management access to Azure
• troubleshoot RBAC
• implement RBAC policies
• assign RBAC roles

Create and deploy apps (5-10%)

Create web apps by using PaaS

• create an Azure App Service Web App
• create documentation for the API
• create an App Service Web App for containers
• create an App Service background task by using WebJobs
• enable diagnostics logging

Design and develop apps that run in containers

• configure diagnostic settings on resources
• create a container image by using a Docker file
• create an Azure Kubernetes Service
• publish an image to the Azure Container Registry
• implement an application that runs on an Azure Container Instance
• manage container settings by using code

Implement authentication and secure data (5-10%)

Implement authentication

• implement authentication by using certificates, forms-based authentication, tokens, or Windows-integrated authentication
  • Certificates
  • Forms-Based
  • Tokens
  • Windows-integrated
• implement multi-factor authentication by using Azure AD
• implement OAuth2 authentication
• implement Managed identities for Azure resources Service Principal authentication

Implement secure data solutions

• encrypt and decrypt data at rest and in transit(best practices,encryption at rest)
• encrypt data with Always Encrypted
• implement Azure Confidential Compute and SSL/TLS communications(confidential compute)
• create, read, update, and delete keys, secrets, and certificates by using the KeyVault API(client samples,api reference,key vault learning module)

Develop for the cloud and for Azure storage (20-25%)

Develop solutions that use Cosmos DB storage

• create, read, update, and delete data by using appropriate APIs(local emulator, microsoft learn)
• implement partitioning schemes
• set the appropriate consistency level for operations

Develop solutions that use a relational database

• provision and configure relational database(.NET,SSMS
• configure elastic pools for Azure SQL Database
• implement Azure SQL Database managed instances
• create, read, update, and delete data tables by using code

Configure a message-based integration architecture

• configure an app or service to send emails, Event Grid, and the Azure Relay Service
• create and configure Notification Hub, Event Hub, and Service Bus
• configure queries across multiple products

Develop for autoscaling

• implement autoscaling rules and patterns(schedule and operational/system metrics, code that addresses singleton application instance)
• implement code that addresses transient state