Managing Azure Identities and Governance: Exam Topics for AZ-104
In the realm of Azure identity management and governance, the AZ-104 exam tests your expertise in handling Azure Active Directory (Azure AD) users, groups, and role-based access control (RBAC). Additionally, it evaluates your proficiency in implementing and managing Azure policies and initiatives to ensure compliance and governance. Here’s a breakdown of the essential exam topics for this area:
First, understanding Azure AD users and groups is crucial. You should be able to create, modify, and delete users and groups, as well as manage their properties and memberships. Furthermore, you need to know how to manage licenses and assign them to users or groups.
Role-based access control (RBAC) is another essential concept in Azure identity management. You should be able to create and manage custom RBAC roles, assign roles to users, groups, or managed identities, and understand the built-in roles available in Azure. Additionally, you need to know how to use Azure Blueprints to deploy Azure resources with specific policies and configurations.
Azure policies and initiatives are vital for ensuring governance and compliance. You should be able to create, assign, and manage policies and initiatives to enforce rules and regulations across your Azure environment. Understanding how to use Azure Policy Guest Configuration and Azure Policy Aliases is also essential for the exam.
Lastly, you should be familiar with Azure AD Privileged Identity Management (PIM) and Azure AD Identity Protection. These features help you manage and monitor privileged access to Azure resources and detect and respond to suspicious activities. Knowing how to configure and use these features is crucial for passing the AZ-104 exam.
Implementing and Managing Azure Storage: Exam Topics for AZ-104
Azure storage is a critical component of the Microsoft Azure platform, offering various services to store and manage data. The AZ-104 exam covers essential topics related to implementing and managing Azure storage solutions. Here’s a breakdown of the key exam topics for this area:
Azure Blob Storage is a popular service for storing unstructured data such as text and binary files. You should be able to create and manage containers, upload and download blobs, and configure access tiers for Blob Storage. Additionally, you need to know how to use Blob Storage lifecycle management policies to manage data over time.
Azure Files is a fully managed file share service in Azure that can be used to lift and shift Windows or Linux applications to the cloud. You should be able to create and manage Azure file shares, connect to file shares from Windows and Linux, and configure share-level access control. Understanding how to use Azure File Sync to centralize file shares across multiple locations is also essential for the exam.
Azure Queue Storage is a service for storing and retrieving messages, which can be used to build scalable and distributed applications. You should be able to create and manage queues, add and retrieve messages, and configure message expiration and visibility.
Azure Table Storage is a NoSQL key-value store suitable for storing large amounts of structured data. You should be able to create and manage tables, insert and query entities, and configure table-level access control. Understanding how to use Table Storage for storing metadata and application data is also essential for the exam.
Lastly, you should be familiar with Azure Storage replication and redundancy options. You should know how to configure geo-redundant storage (GRS), read-access geo-redundant storage (RA-GRS), and zone-redundant storage (ZRS) to ensure data availability and durability.
Deploying and Managing Azure Compute Resources: Exam Topics for AZ-104
Azure compute resources are essential for running applications and services in the cloud. The AZ-104 exam covers essential topics related to deploying and managing Azure compute resources. Here’s a breakdown of the key exam topics for this area:
Virtual machines (VMs) are a popular compute resource in Azure. You should be able to create and manage VMs, configure VM sizes and images, and manage VM availability sets and scale sets. Understanding how to configure monitoring, scaling, and backup for VMs is also essential for the exam.
Azure App Service is a fully managed platform for building, deploying, and scaling web applications. You should be able to create and manage web apps, configure custom domains and SSL certificates, and manage deployment slots. Understanding how to use Azure App Service features such as continuous deployment, staging environments, and traffic management is also essential for the exam.
Azure Kubernetes Service (AKS) is a managed container orchestration service for deploying and managing containerized applications. You should be able to create and manage AKS clusters, deploy and manage containerized applications, and configure networking and monitoring for AKS. Understanding how to use Azure Dev Spaces for developing and debugging applications in AKS is also essential for the exam.
Lastly, you should be familiar with Azure compute resource sizing and scaling options. You should know how to choose the appropriate VM size and type for your workload, as well as how to configure scaling for VMs, App Service, and AKS. Understanding how to use Azure Autoscale and Azure Monitor for scaling and monitoring compute resources is also essential for the exam.
Configuring and Managing Azure Virtual Networking: Exam Topics for AZ-104
Azure virtual networking is a critical component of the Microsoft Azure platform, enabling you to create and manage virtual networks (VNets), subnets, network security groups (NSGs), and other networking services. The AZ-104 exam covers essential topics related to configuring and managing Azure virtual networking. Here’s a breakdown of the key exam topics for this area:
Virtual networks (VNets) are the foundation of Azure virtual networking. You should be able to create and manage VNets, configure subnets and IP address ranges, and connect VNets to on-premises networks using VPN gateways or Azure ExpressRoute. Understanding how to use VNet peering and service endpoints is also essential for the exam.
Network security groups (NSGs) are a fundamental component of Azure network security. You should be able to create and manage NSGs, configure security rules, and associate NSGs with subnets or individual resources. Understanding how to use NSGs to filter network traffic and secure Azure resources is also essential for the exam.
Azure Application Gateway is a web application firewall and load balancer that enables you to secure and optimize web traffic. You should be able to create and manage Application Gateway instances, configure backend pools and listeners, and implement SSL offloading and end-to-end SSL. Understanding how to use Azure Front Door and Azure Content Delivery Network (CDN) is also essential for the exam.
Lastly, you should be familiar with Azure VPN Gateway and Azure ExpressRoute. You should know how to configure site-to-site and point-to-site VPN connections, as well as how to use Azure ExpressRoute to create private, dedicated connections to Azure. Understanding how to use Azure Virtual WAN and Azure Network Function Manager is also essential for the exam.
Monitoring and Backup of Azure Resources: Exam Topics for AZ-104
Monitoring and backup of Azure resources are critical for ensuring the availability, performance, and security of your Azure environment. The AZ-104 exam covers essential topics related to monitoring Azure resources using Azure Monitor and Azure Log Analytics, as well as configuring backup and disaster recovery for Azure VMs using Azure Backup and Azure Site Recovery. Here’s a breakdown of the key exam topics for this area:
Azure Monitor is a monitoring service that provides a centralized view of your Azure resources. You should be able to create and manage Azure Monitor resources, configure monitoring alerts and metrics, and analyze log data using Azure Log Analytics. Understanding how to use Azure Monitor for containers, Azure Monitor for VMs, and Azure Monitor for App Service is also essential for the exam.
Azure Log Analytics is a log data analysis service that provides insights into your Azure resources. You should be able to create and manage Log Analytics workspaces, collect and analyze log data, and create custom queries and visualizations. Understanding how to use Azure Monitor for containers, Azure Monitor for VMs, and Azure Monitor for App Service is also essential for the exam.
Azure Backup is a backup and disaster recovery service that enables you to protect and recover your Azure VMs. You should be able to create and manage backup policies, configure backup and retention settings, and perform backup and restore operations. Understanding how to use Azure Site Recovery for disaster recovery is also essential for the exam.
Azure Site Recovery is a disaster recovery service that enables you to replicate and recover your Azure VMs. You should be able to create and manage Site Recovery resources, configure replication policies, and perform failover and failback operations. Understanding how to use Azure Backup for backup and recovery is also essential for the exam.
Lastly, you should be familiar with Azure Monitor for containers, Azure Monitor for VMs, and Azure Monitor for App Service. You should know how to use these services to monitor the performance, availability, and security of your containerized applications, VMs, and App Service resources.
Securing Data and Applications in Azure: Exam Topics for AZ-104
Securing data and applications in Azure is critical for ensuring the confidentiality, integrity, and availability of your Azure resources. The AZ-104 exam covers essential topics related to securing data and applications in Azure, including Azure Key Vault, Azure SQL Database, and Azure App Service. Here’s a breakdown of the key exam topics for this area:
Azure Key Vault is a cloud-based service that provides secure storage of keys, secrets, and certificates. You should be able to create and manage Key Vault resources, configure access policies, and use Key Vault to manage encryption keys, secrets, and certificates. Understanding how to use Azure Key Vault with Azure Disk Encryption, Azure Application Gateway, and Azure Virtual Machines is also essential for the exam.
Azure SQL Database is a fully managed database service that provides secure storage and management of relational data. You should be able to create and manage SQL databases, configure firewall rules and network security, and implement encryption, authentication, and authorization for SQL databases. Understanding how to use Azure SQL Database with Azure Active Directory, Azure AD Conditional Access, and Azure AD Identity Protection is also essential for the exam.
Azure App Service is a fully managed platform for building, deploying, and scaling web applications. You should be able to create and manage App Service resources, configure monitoring, scaling, and backup, and implement encryption, authentication, and authorization for App Service. Understanding how to use Azure App Service with Azure Active Directory, Azure AD Conditional Access, and Azure AD Identity Protection is also essential for the exam.
Lastly, you should be familiar with Azure Security Center, Azure Network Security Groups, and Azure Firewall. You should know how to use these services to monitor the security of your Azure resources, configure network security policies and rules, and implement firewall rules and policies to protect your Azure resources.
Azure Network Security: Exam Topics for AZ-104
Azure network security is a critical aspect of managing Azure resources, ensuring the confidentiality, integrity, and availability of your network traffic and data. The AZ-104 exam covers essential topics related to Azure network security, including Azure Firewall, Azure Security Center, and Azure Network Security Groups. Here’s a breakdown of the key exam topics for this area:
Azure Firewall is a cloud-based network security service that provides secure ingress and egress traffic filtering. You should be able to create and manage Azure Firewall resources, configure firewall rules, and implement Azure Firewall Manager to manage and monitor your Azure Firewall instances. Understanding how to use Azure Firewall with Azure Virtual WAN, Azure ExpressRoute, and Azure Load Balancer is also essential for the exam.
Azure Security Center is a cloud-based security management service that provides unified security management and advanced threat protection across your Azure and hybrid cloud workloads. You should be able to create and manage Security Center resources, configure security policies, and implement Azure Defender to provide advanced threat protection for your Azure resources. Understanding how to use Security Center with Azure Monitor, Azure Log Analytics, and Azure Policy is also essential for the exam.
Azure Network Security Groups (NSGs) are a fundamental component of Azure network security, providing network-level security for your Azure resources. You should be able to create and manage NSGs, configure security rules, and associate NSGs with subnets or individual resources. Understanding how to use NSGs with Azure Application Gateway, Azure Load Balancer, and Azure Virtual Machines is also essential for the exam.
Lastly, you should be familiar with Azure Virtual Network (VNet) peering, Azure ExpressRoute, and Azure Load Balancer. You should know how to use these services to connect your Azure virtual networks, connect your on-premises networks to Azure, and distribute network traffic across multiple virtual machines or services.
Azure Identity Security: Exam Topics for AZ-104
Azure identity security is a critical aspect of managing Azure resources, ensuring the confidentiality, integrity, and availability of your Azure identities and access control. The AZ-104 exam covers essential topics related to Azure identity security, including Azure AD Identity Protection, Azure AD Conditional Access, and Multi-Factor Authentication (MFA). Here’s a breakdown of the key exam topics for this area:
Azure AD Identity Protection is a cloud-based service that provides risk-based conditional access and identity protection for your Azure AD identities. You should be able to create and manage Identity Protection policies, configure risk detection and response, and integrate Identity Protection with Azure AD Conditional Access. Understanding how to use Identity Protection with Azure Monitor, Azure Log Analytics, and Azure Policy is also essential for the exam.
Azure AD Conditional Access is a cloud-based service that provides conditional access control for your Azure AD identities. You should be able to create and manage Conditional Access policies, configure access controls based on user location, device, and application, and integrate Conditional Access with Azure AD Identity Protection. Understanding how to use Conditional Access with Azure Monitor, Azure Log Analytics, and Azure Policy is also essential for the exam.
Multi-Factor Authentication (MFA) is a cloud-based service that provides secure authentication for your Azure AD identities. You should be able to create and manage MFA policies, configure authentication methods, and integrate MFA with Azure AD Identity Protection and Azure AD Conditional Access. Understanding how to use MFA with Azure Monitor, Azure Log Analytics, and Azure Policy is also essential for the exam.
Lastly, you should be familiar with Azure AD Privileged Identity Management (PIM), Azure AD Identity Governance, and Azure AD entitlement management. You should know how to use these services to manage and monitor privileged access, implement identity governance and access control, and manage entitlements and access reviews for your Azure AD identities.