Book Image

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond

By : Brett Hargreaves
Book Image

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond

By: Brett Hargreaves

Overview of this book

The AZ-304 exam tests an architect's ability to design scalable, reliable, and secure solutions in Azure based on customer requirements. Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond offers complete, up-to-date coverage of the AZ-304 exam content to help you prepare for it confidently, pass the exam first time, and get ready for real-world challenges. This book will help you to investigate the need for good architectural practices and discover how they address common concerns for cloud-based solutions. You will work through the CloudStack, from identity and access through to infrastructure (IaaS), data, applications, and serverless (PaaS). As you make progress, you will delve into operations including monitoring, resilience, scalability, and disaster recovery. Finally, you'll gain a clear understanding of how these operations fit into the real world with the help of full scenario-based examples throughout the book. By the end of this Azure book, you'll have covered everything you need to pass the AZ-304 certification exam and have a handy desktop reference guide.
Table of Contents (30 chapters)
1
Section 1: Exploring Modern Architecture
4
Section 2: Identity and Security
9
Section 3: Infrastructure and Storage Components
14
Section 4: Applications and Databases
19
Section 5: Operations and Monitoring
23
Section 6: Beyond the Exam
26
Mock Exam
27
Mock Answers

Understanding conditional access, MFA and security defaults

In today's environments that often expand beyond an organization's network into the cloud, controlling access while still enabling users to access their resources becomes more complicated.

An additional complication is the fact that different users may have other requirements. For example, a system's administrators most definitely need the most secure access policies in place. In contrast, an account that will always have more limited access anyway may not need quite as stringent measures because they won't be accessing (or be granted access to) particularly risky systems should they be compromised.

Another example is where a user is signing in from—if a user is on the corporate network, you already have physical boundaries in place; therefore, you don't need to be as concerned as a user accessing from a public network.

You could argue that you should always take the most secure baseline...