Book Image

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond

By : Brett Hargreaves
Book Image

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond

By: Brett Hargreaves

Overview of this book

The AZ-304 exam tests an architect's ability to design scalable, reliable, and secure solutions in Azure based on customer requirements. Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond offers complete, up-to-date coverage of the AZ-304 exam content to help you prepare for it confidently, pass the exam first time, and get ready for real-world challenges. This book will help you to investigate the need for good architectural practices and discover how they address common concerns for cloud-based solutions. You will work through the CloudStack, from identity and access through to infrastructure (IaaS), data, applications, and serverless (PaaS). As you make progress, you will delve into operations including monitoring, resilience, scalability, and disaster recovery. Finally, you'll gain a clear understanding of how these operations fit into the real world with the help of full scenario-based examples throughout the book. By the end of this Azure book, you'll have covered everything you need to pass the AZ-304 certification exam and have a handy desktop reference guide.
Table of Contents (30 chapters)
1
Section 1: Exploring Modern Architecture
4
Section 2: Identity and Security
9
Section 3: Infrastructure and Storage Components
14
Section 4: Applications and Databases
19
Section 5: Operations and Monitoring
23
Section 6: Beyond the Exam
26
Mock Exam
27
Mock Answers

Using managed identities

In the previous section, we looked at working with security principals that can provide programmatic access to key vaults from our applications. There are a couple of problems with them – you must generate and provide a client ID and secret, and you must manage the rotation of those secrets yourself.

Managed identities provides a similar access option but is fully managed by Azure – there is no need to generate IDs or passwords; you set the appropriate access through role-based access controls. The managed identity mechanism can also be used to provide access to the following:

  • Azure Data Lake
  • Azure SQL
  • Azure Storage (Blobs and Queues)
  • Azure Analysis Services
  • Azure Event Hubs
  • Azure Service Bus

We have the option of using either a system-assigned or user-assigned identity. System-assigned is the easiest route – and is ideal for simple scenarios – but they are tied to the resource in question – that...