| Section | Weight |
|---|---|
| Manage Azure identities and governance | 20-25% |
| Implement and manage storage | 15-20% |
| Deploy and manage Azure compute resources | 20-25% |
| Implement and manage virtual networking | 15-20% |
| Monitor and maintain Azure resources | 10-15% |
Manage Azure identities and governance (20-25%)
-
Manage Microsoft Entra users and groups
- Create users and groups
- Manage user and group properties
- Manages licenses in Entra ID
- Manage external users
- Configure self-service password reset (SSPR)
-
Manage access to Azure resources
- Manage built-in Azure roles
- Assign roles at different scopes
- Interpret access assignments
-
Manage Azure subscriptions and governance
- Implement and manage Azure Policy
- Configure resource locks
- Apply and manage tags on resources
- Manage resource groups
- Manage subscriptions
- Manage costs by using alerts, budgets, and Azure Advisor recommendations
- Configure management groups
Implement and manage storage (15-20%)
-
Configure access to storage
- Configure Azure Storage firewalls and virtual networks
- Create and use Shared Access Signature (SAS) tokens
- Configure stored access policies
- Manage access keys
- Configure identity-based access for Azure Files
-
Configure and manage storage accounts
- Create and configure storage accounts
- Configure Azure Storage redundancy
- Configure object replication
- Configure storage account encryption
- Manage data by using Azure Storage Explorer and AZCopy
-
Configure Azure Files and Azure Blob Storage
- Create and configure a file share in Azure Storage
- Create and configure a container in Blob Storage
- Configure storage tiers
- Configure soft delete for blobs and containers
- Configure snapshots and soft delete for Azure Files
- Configure blob lifecycle management
- Configure blob versioning
Deploy and manage Azure compute resources (20-25%)
-
Automate deployment of resources by using Azure Resource Manager templates or Bicep files
- Interpret an ARM template or Bicep file
- Modify an existing ARM template
- Modify an existing Bicep file
- Deploy resources by using ARM template or a Bicep file
- Explort a deployment as an ARM template or convert an ARM template to a Bicep file
-
Create and configure virtual machines
- Create a virtual machine
- Configure Azure Disk Encryption
- Move a virtual machine to an other resource group, subscription, or region
- Manage virtual machine size
- Manage virtual machine disks
- Deploy virtual machines to availability zones and availabitlity sets
- Deploy and configure an Azure Virtual Scale Sets
-
Provision and manage containers in the Azure Portal
- Create and manage an Azure Container registry
- Provision a container by using Azure Container Instances
- Provision a container by using Azure Container Apps
- Manage sizing and scaling for containers, including Azure Container Instances and Azure Container Apps
-
Create and configure Azure App Service
- Provision an App Service plan
- Configure scaling for an App Service plan
- Create an App Service
- Configure certificates and Transport Layer Security (TLS) for an App Service
- Map an existing custom DNS name to an App Service
- Configure backup for an App Service
- Configure networking settings for an App Service
- Configure deployment slots for an App Service
Implement and manage virtual networking (15-20%)
-
Configure and manage virtual networks in Azure
- Create and configure virtual networks and subnets
- Create and configure virtual network peering
- Configure public IP addresses
- Configure user-defined network routes
- Troubleshoot network connectivity
-
Configure secure access to virtual networks
- Create and configure Network Security Groups (NSGs) and Application Security Groups
- Evaluate effective security rules in NSGs
- Implement Azure Bastion
- Configure service endpoints for Azure platform as a service (PaaS)
- Configure private endpoints for Azure PaaS
-
Configure name resolution and load balancing
- Configure Azure DNS
- Configure an internal or public load balancer
- Troubleshoot load balancing
Monitor and maintain resources (10-15)%
-
Monitor resources in Azure
- Interpret metrics in Azure Monitor
- Configure log settings in Azure Monitor
- Query and analyze logs in Azure Monitor
- Set up alerts rules, action groups, and alert processing rules in Azure Monitor
- Configure and interpret monitoring of virtual machines, storage accounts, and networks by using Azure Monitor Insights
- Use Azure Network Watcher and Connection Monitor
-
Implement backup and recovery
- Create a Recovery Services vault
- Create an Azure Backup vault
- Create and configure a backup policy
- Perform backup and restore operations by using Azure Backup
- Configure Azure Site Recovery for Azure resources
- Perform a failover to a secondary region by using Site Recovery
- Configure and interpret reports and alerts for backups