| Disclaimer: This guide is updated during the preparation for Exam 70-535. Now that I have passed the exam, I have stopped updating the contents. All the content referred here are available in public domain and not my creation. This is just a collection for easy reference. Use it with your own discretion. |
|---|
Architecting Microsoft Azure Solutions (70-535)^
1. Design Compute Infrastructure (20-25%)^
1.1 Design solutions using virtual machines^
- Design VM deployments by leveraging availability sets, fault domains, and update domains in Azure^
- Use web app for containers^
- Design VM Scale Sets^
- Design for compute-intensive tasks using Azure Batch^
- Define a migration strategy from cloud services^
- Recommend use of Azure Backup and Azure Site Recovery^
1.2 Design solutions for serverless computing^
- Use Azure Functions to implement event-driven actions^
- Design for serverless computing using Azure Container Instances^
- Design application solutions by using Azure Logic Apps, Azure Functions, or both^^^
- Determine when to use API management service^
- Determine when a container-based solution is appropriate^
- Determine when container-orchestration is appropriate^
- Determine when Azure Service Fabric (ASF) is appropriate^
- Determine when Azure Functions is appropriate^
- Determine when to use API management service^
- Determine when Web API is appropriate^
- Determine which platform is appropriate for container orchestration^
- Consider migrating existing assets versus cloud native deployment^
- Design lifecycle management strategies
- Design Azure App Service Web Apps^^
- Design custom web API ^
- Secure Web API^
- Design Web Apps for scalability and performance^
- Design for high availability using Azure Web Apps in multiple regions^
- Determine which App service plan to use^
- Design Web Apps for business continuity^
- Determine when to use Azure App Service Environment (ASE)^
- Design for API apps^
- Determine when to use API management service^
- Determine when to use Web Apps on Linux^
- Determine when to use a CDN^
- Determine when to use a cache, including Azure Redis cache^
- Design high-performance computing (HPC) and other compute-intensive applications using Azure Services^^
- Determine when to use Azure Batch^
- Design stateless components to accommodate scale^
- Design lifecycle strategy for Azure Batch^
Determine when to use
Determine when to use
- Data Catalog^ ^
- Azure Data Factory^ ^
- SQL Data Warehouse^ ^
- Azure Data Lake Analytics^ ^
- Azure Analysis Services^ ^ and
- Azure HDInsight^ ^
- Determine when to use
- Design for scalability^ and features^
- Determine when to use
- Design for HA/DR, geo-replication; design a backup and recovery strategy^
- Database Notes
- SQL Database Automated Backups
- Long-term backup retension upto 10 years using Azure Recovery Services vault
- Business continuity overview
- Designing highly available services using Azure SQL Database
- Disaster recovery strategies for applications using SQL Database elastic pools
Determine when to use
- Azure Redis Cache^^,
- Azure Table Storage^ ^,
- Azure Data Lake^ ^,
- Azure Search^^,
- Time Series Insights^ ^
2.5 Design for CosmosDB storage ^
- Determine when to use
- Design for cost ^, performance ^, data consistency ^, availability ^, and business continuity ^
3. Design Networking Implementation (15-20%)^
- Design solutions that use Azure networking services^
- Design for load balancing using Azure Load Balancer^ and Azure Traffic Manager^
- Define DNS^, DHCP, and IP strategies
- Determine when to use Azure Application Gateway^
- Determine when to use multi-node application gateways, Traffic Manager and load balancers
- Determine when to use Azure VPN, ExpressRoute^ and Virtual Network Peering architecture and design
- Determine when to use User Defined Routes (UDRs)^
- Determine when to use VPN gateway site-to-site failover for ExpressRoute^
- Determine when to use network virtual appliances^^^
- Design a perimeter network (DMZ)^^^
- Determine when to use a Web Application Firewall (WAF)^, Network Security Group (NSG)^, and virtual network service tunneling^
- Design connectivity to on-premises data from Azure applications using Azure Relay Service^, Azure Data Management Gateway for Data Factory^, Azure On-Premises Data Gateway^, Hybrid Connections^, or Azure Web App’s virtual private network (VPN) capability^
- Identify constraints for connectivity with VPN^
- Identify options for joining VMs to domains^
4. Design Security and Identity Solutions (20-25%)^
- Design AD Connect synchronization^;
- Design federated identities using Active Directory Federation Services (AD FS)^;
- Design solutions for Multi-Factor Authentication (MFA)^;
- Design an architecture using Active Directory on-premises and Azure Active Directory (AAD)^;
- Determine when to use Azure AD Domain Services^;
- Design security for Mobile Apps using AAD^^
- Design solutions that use external or consumer identity providers such as Microsoft account, Facebook, Google, and Yahoo;^
- Determine when to use Azure AD B2C and Azure AD B2B^;
- Design mobile apps using AAD B2C or AAD B2B ^
- Design data security solutions for Azure services^;
- Determine when to use Azure Storage encryption^, Azure Disk Encryption^, Azure SQL Database security capabilities^, and Azure Key Vault^;
- Design for protecting secrets in ARM templates using Azure Key Vault^;
- Design for protecting application secrets using Azure Key Vault^;
- Design a solution for managing certificates using Azure Key Vault^^;
- Design solutions that use Azure AD Managed Service Identity^
- Determine when to use Azure RBAC standard roles and custom roles^;
- Define an Azure RBAC strategy^;
- Determine when to use Azure resource policies^;
- Determine when to use Azure AD Privileged Identity Management^;
- Design solutions that use Azure AD Managed Service Identity^;
- Determine when to use HSM-backed keys^^
- Identify, assess, and mitigate security risks by using Azure Security Center^, Operations Management Suite Security and Audit solutions, and other services^;
- Determine when to use Azure AD Identity Protection^;
- Determine when to use Advanced Threat Detection^;
- Determine an appropriate endpoint protection strategy^^
Determine when to use the appropriate
and other categories that fall under cognitive AI
5.2 Design for IoT^
Determine when to use
- Stream Analytics^^
- IoT Hubs^^
- Event Hubs^^
- real-time analytics^
- Time Series Insights^^
- IoT Edge^^
- Notification Hubs^^
- Event Grid^^
and other categories that fall under IoT^
- Design a messaging architecture ^
- determine when to use
- design a push notification strategy for Mobile Apps ^
- design for performance^ and scale^
Define solutions using Azure Media Services^, video indexer^, video API, computer vision API^, preview, and other media related services
6. Design for Operations (10-15%)^
- Determine the appropriate Microsoft products and services for monitoring applications on Azure ^
- Define solutions for analyzing logs and enabling alerts using Azure Log Analytics^
- Define solutions for analyzing performance metrics and enabling alerts using Azure Monitor^
- Define a solution for monitoring applications and enabling alerts using Application Insights^
- Determine the appropriate Microsoft products and services for monitoring Azure platform solutions; define a monitoring solution using Azure Health^, Azure Advisor^, and Activity Log^
- Define a monitoring solution for Azure Networks using Log Analytics^ and Network Watcher service^
- Monitor security with Azure Security Center^