- Home
- Microsoft Certifications
- AZ-305 Designing Microsoft Azure Infrastructure Solutions Dumps
Pass Microsoft AZ-305 Exam in First Attempt Guaranteed!
Get 100% Latest Exam Questions, Accurate & Verified Answers to Pass the Actual Exam!
30 Days Free Updates, Instant Download!
AZ-305 Premium Bundle
- Premium File 278 Questions & Answers. Last update: Nov 13, 2024
- Training Course 87 Video Lectures
- Study Guide 933 Pages
Last Week Results!
Includes question types found on the actual exam such as drag and drop, simulation, type-in and fill-in-the-blank.
Based on real-life scenarios similar to those encountered in the exam, allowing you to learn by working with real equipment.
Developed by IT experts who have passed the exam in the past. Covers in-depth knowledge required for exam preparation.
All Microsoft AZ-305 certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the AZ-305 Designing Microsoft Azure Infrastructure Solutions practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!
Design a Monitoring Strategy for Identity and Security
1. Using Privileged Identity Management Alerts
The third major section of the exam says design data storage is worth 15% to 20% of the exam score. So it's still a smaller percentage, but not completely insignificant, and worth some of your time. Now under data storage, we've got two major topics: one is databases, and the other is storage accounts. Now we're also going to talk about data integration, which is basically moving data from one solution to another, or data migration. And you can see there are topics related to data factories, data bricks, and data lakes, but these are, I believe, relatively minor topics. So we're going to talk about data storage from a recommendation design perspective.
You can see that none of the topics here say to know how to create a storage account, etc. But we are talking about sizing; we're talking about a database of scalability, particularly around autoscaling and the ability to handle spikes in traffic and encryption on the storage account size. We are also talking about sizing; we're talking about the different storage options within Azure and the various tools that we can use to manage our storage account, including Data Explorer. Thanks a lot for being here. Let's keep going.
2. Other Ways to Monitor the Security of Identity
So in this section of the course, we're going to be talking about designing a data platform solution. A reminder that this course, AZ 301, and the exam related material are about strategy and design. This is the thinking aspect, you know, putting your plans together before you start implementation, the implementation in and the programming and developing that is the Aza 300 course and the Aza 300 exam. So you'll see a lot more of the portal and the actual form fields and slider bars and things like that. So in this lesson, let's talk about the differences between managed and unmanaged data solutions. Why would you choose one over the other? As a reminder, what is unmanaged data? Typically, we're talking about an unmanaged storage account to start.
So if you have a storage account, and by default, an Azure storage account lets you have up to five petabytes of data in the United States and in Europe and 500 terabytes in other places, So that's quite a lot of data. It's very hard to fill five petabytes, but there are other limits on that in terms of operations per second, et cetera. So if you have an account like that, that's an unmanaged storage account, and it's up to you to design your application to work within those fixed limits. Now, a couple of options that you don't think about are that even if your virtual machine is running on a managed storage account, if you have an application installed in that virtual machine and that application has its own file system and its own data file format and logging files, you're going to be subject to the limits of those.
So SQL Server in a VM has limits that need to be managed around, even if the VM is running in a managed storage account. So it's almost like putting a file system on top of a managed file system. There's going to be exposure to some of those issues. Now, if we look at the flip side, that was the unmanaged storage in a managed store situation. From a regular VM, data discs can be mounted in a managed storage account. But then there are all these other database and data options, right? Azure SQL Database, Cosmos DB, and Redis Cache There's even a managed SQL Server offering.
And so in this video, we're going to talk about the advantages of using a managed storage option when it's available compared to an unmanaged storage account. Why would you choose an Azure SQL Database over SQL Server in a VM? Now, to start, a lot of these options have what is called "built-in high availability." So a single SQL Server running in a single virtual machine is subject to that virtual machine needing to be rebooted, that particular server suffering a hardware failure, expected and unexpected changes, operating system security patches, et cetera. And so if you're running a SQL Server in a VM inside of an Azure virtual machine, you're not running a high-availability solution. In my other courses at 300, I defined high availability as being an intentional effort that you make by making an intentional expense for additional components to your solution, designed to add resilience.
If you're just taking the default components, that's not high availability. That might be highly available, but it's not high availability by default. So if you look at SQL Server in a VM compared with Azure SQL Database, Azure SQL Database has high availability built into it. And so Microsoft is going to keep the Azure SQL database up. If a machine needs to be rebooted within that AzureSQL Database of servers, we're never going to know about it because they can just reboot that server and every single customer is still up and available, and we're not even notified when servers need to be rebooted and patches need to be made, et cetera.
So the high availability is provided as part of the solution. In the VM case, you provide it. And so you need multiple VMs. You need availability sets available to zones across regions, Azure Traffic Manager, etc. There's also the ability to do automatic scaling or even easy scaling. So in the case of Azure SQL Database or CosmosDB, you can define that to say, well, you know, during these hours, from Monday to Friday, at 9:00 a.m. By 5:00 p.m., we want our Azure SQL Database to be running on a higher performance tier. And so you can have that set script that basically upgrades the performance of your database. And you may not want to be upgraded because that's disruptive behavior, but it is an easy scaling action.
It's not difficult to change your SQL Database scaling efforts, but there are scaling, easy scaling, and auto scaling options within this managed data solution. Some of these also have threat detection. So a lot of the technology in the Azure SQL Database, for instance, will actually detect a SQL injection attack beforehand and stop it from attempting to work. Or somebody is trying to repeatedly log into the Azure SQL Database. Again, this is something that's built into the front end of some of these systems: being able to stop, detect, and stop malicious or strange activity. Another feature of this would be auto-tuning. If we look at SQL Database, you can go into it, and it can detect that if you had certain indexes added, the performance of your database would be improved. Or there are other tuning options within SQL Database, and these are things that they can offer in this kind of service offering since SQL Server doesn't have this auto tuning feature because, again, it's an unmanaged data solution. Microsoft is not going to be able to provide automated tools to modify the indexes on your table in that kind of solution.
Design a Data Management Strategy
1. Design Data Storage (15-20%)
Now we're just talking about managed and unmanaged data. In this video, we're going to talk a lot about databases, particularly the difference between relational and non-relational databases. So often, non-relational databases are sometimes referred to as "no SQL." A relational database can be queried with the SQL query language, whereas these no relational databases use different document formats. So there are a lot of advantages and a lot of features of a traditional relational database besides the use of SQL query language.
You've got keys like a primary key and a foreign key. That's the whole deal with relational databases—you're setting up relationships between data tables. You're saying this is the child, and this is the master. You cannot insert a child unless it points to an existing master, you cannot delete the master unless the child is deleted, et cetera. Back through the 1990s, we went through this process called "normalization," where we were trying to break down large data tables into smaller components. And so you ended up with a lot of lookuptables; you ended up with order records that ended up requiring multiple joins in order to reconstruct the entire order. So when you see a sequel statement and it's got five chapters attached to it, you realise that person went a little bit big with the normalisation episodes there's.
Also, because of the relational aspects, when you do an insert into a table, it has to go and look up the foreign key relationships and make sure that those exist. When you do a delete, it has to go and verify that there are no foreign keys pointing to it, right? A lot of these relational databases are great for transactions. When you have to start a transaction, you perform two or three tasks, and then you can commit that transaction or roll back that transaction. They feature high consistency and data integrity.
These are the important systems that make sure that if something has been committed to the database, the entire database is in a stable state. It's got SQL Server. came out with the SQL Server reporting services. SQL Server Analytics is one of the integration services. So because we had such a strongly defined table, you can create these graphs and tables and have them have relationships to each other. You could then build systems like reporting systems on top of that. Now, one of the challenges with relational databases is that they are so tightly coupled together that if you wanted to set up a replication where you have a second server that contains a good copy of that relational database and it was such a hassle to create replication, the challenge was to have a second server, locate another area, and get that data in close to real time copied.
Those things remain challenges, but relational databases were particular challenges. If we look at some of the nonrelational database offerings, we have many different kinds of databases now. So it's not just foreign keys, primary keys, and indexing. What we have now are things like key-value pairs. There's GraphDB and Graph data stores; you've got columnar format and even document storage, which store XML or JSON and focus on things like that. Now that we know the advantages, why did these databases even come along? Well, a lot of these databases were invented because of the challenges of the modern internet applications that are available to millions and millions of people.
The SQL servers and the databases were not scalable, right? Once you've got a trillion records in a single database table, you are having some really serious problems with searching, indexing, and things like that. So they invented these non-relational databases to handle Twitter and Facebook and all these sort of big data problems of these large companies. They're designed primarily to be fast, so they're quick to write or to get a particular data element from. So if you know you want ID number three, it'll grab it for you very quickly. They also support flexible schemas a lot of times where it's easy, let's say two years later you have billions of rows and now you want to add another property to this object. Well, in a non-relational database, you just provide the property, which doesn't affect the existing data, and everyone's happy.
In a relational database, if you have to add a column that could take hours, you have to provide a default value for records that don't have that column. And then your application has to understand, "Oh no, the column doesn't exist; this is what we have to do: look for null," et cetera. These are more flexible; they're not as rigid. A lot of them are unique because of it. You can add a lot of interesting things. Graph databases have this concept of nodes and edges, and there are a lot of interesting ways that you can handle data that relational databases tie your hands on. Now, relational databases are really good for what's called "lift and shift" migrations, which are when you have an existing SQL Server or Oracle DB in your environment and you're like, "OK, step one, let's just get that data into the cloud."
And so that's just to back up the database. upload it, restore it in the cloud, and then you have your database running in the cloud. That's the simplest type of data migration. And so relational databases are great for that. Obviously, relational databases are also good for transactional applications, or what they call "OLTP" (online transaction processing) type applications. You're not going to move to another database for your bank, okay? Because there are certain industries where the speed of it is not the primary consideration; it's the integrity of it, right? The no-sequel and the non-relational databases are great for web applications. Modern databases, when you're not tied down by those previous conventions, should be looked at for small bits of data. So there are a lot of great things to do, but what are the sort of pros and cons of using relational databases or not?
2. Managed and Unmanaged Data Strategy
So let's wrap up the discussion of identity and security with a discussion of monitoring identity and security. Now, monitoring is always going to be a key feature. We'll talk about it; we're talking about data, and we're going to talk about it in other sections of this course. But monitoring identity is something that some people don't even think to do. They set up the security, they make their Azure ad, and they manage the user IDs and passwords. And maybe they use privileged identity management to add an additional layer of security for administrators. They use conditional access to prevent some of those obvious attacks. And it would be good to be able to set up a type of monitoring and reporting for some of these things. Now you can set up alerts.
Azure's privileged identity management module does not have an alert feature. If we go into it, we can see that under PIM, under roles, you can see alerts, and there are some predefined alerts. So you don't even have to sort of dream up what it is that you want to be alerted about. If there are too many administrators, that's an alert. If there are roles that are being assigned outside of privileged identity management, that could be an alert, et cetera. And so we set up the security so that if people are doing things that you want to be notified about, there are five of them on the screen that you've predefined and that you can choose from. Those are basically a predefined set of potential policy violations.
And so you can just sort of choose from that list. Now under each of those, there are, like it says, too many administrators. Well, what is too many? You can go into each of those alerts and there's going to be settings, and you can say, "Okay, I want to be notified if there are more than ten global administrators on my account." And for your organization, that would be like an excessive number for other organizations that might not be. So, for instance, one of the alerts says administrators aren't using their privileged roles. So if you are given administrator permissions, but you haven't actually used an administrator permission in 30 days, well, that could be something that needs to be alerted about. So in this case, you can just set that, and if you see the slider, it looks like it can probably go up to six months or more. So you can just basically choose what is and isn't an appropriate amount.
3. Relational and NoSQL Database Strategy
So we're talking about monitoring identity and security. And what is basically our approach to monitoring identity security? Well, our approach is basically to start from the beginning. You know, if we look at identity, the fact that you've got maybe tens of thousands of users in your organisation and they've all got various levels of permission, it's a very daunting task to try to ensure that everyone's got the right levels of permission and that unauthorized people are not getting in.
And we can really look at identity as being this sort of doorway, right? There are probably other ways to hack into your system that do not relate to identity. But if someone can get that working (administrator, user ID, and password), and that's all they need to get into your application, well, that's like having the key to your house, right? So the identity is the door, and you want to secure that door. What I would suggest is that we start when we're doing auditing and monitoring, and that we want to start from the very beginning. A lot of companies have an on-premises Active Directory and are using a synchronization tool to synchronize that into Azure AD.
Well, if your on-premises ad is not secure, then those people are going to be able to get into your Azure accounts and your Azure ads. So security is going to start with your on-premises advertisement. Who has access to that, and how is that controlled outside of the scope of this course? Obviously, we talk about securing Active Directory on premises, but that's where it starts. Okay? Your security of your entire system is determined by the route—the seed, if you will—of your on-premises Active Directory. We use Ad Connect to get our on-premises Active Directory users into Azure. Active Directory? We already talked about Ad Connect health to make sure it is working and secure and to get various reports about how the synchronization is going. You can monitor Ad Connect in order to monitor the health of the connection. When you go into Azure, you can go into Logan tics. Now, Log Analytics allows you access to various security logs.
So Log Analytics has a back-end connection to subscriptions, resource groups, and IAM itself. And so if you want to see who's getting access and who's being denied access, you can setup and run reports within Log Analytics. Another policy and strategy, of course, is to make sure your systems are up-to-date. We've seen examples in the past few years of companies that didn't have a patching strategy or let some of their JavaScript drug versions get out of date, and there became a known exploit and those systems could basically be hacked. And so, make sure that you're running firewalls, antivirus software, and all of your OS, and make sure that all of the software that you're using is up-to-date in terms of the latest patches. Pay attention to when the companies are coming out with saying patch. Now we've got a vulnerability that is now a zero-day exploit. Get that updated. That's part of the policy. And you're going to have to ensure the security part. Make sure the people who are running those systems are not falling.
Microsoft AZ-305 practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass AZ-305 Designing Microsoft Azure Infrastructure Solutions certification exam dumps & practice test questions and answers are to help students.
Exam Comments * The most recent comment are on top
Purchase AZ-305 Exam Training Products Individually
Why customers love us?
What do our customers say?
The resources provided for the Microsoft certification exam were exceptional. The exam dumps and video courses offered clear and concise explanations of each topic. I felt thoroughly prepared for the AZ-305 test and passed with ease.
Studying for the Microsoft certification exam was a breeze with the comprehensive materials from this site. The detailed study guides and accurate exam dumps helped me understand every concept. I aced the AZ-305 exam on my first try!
I was impressed with the quality of the AZ-305 preparation materials for the Microsoft certification exam. The video courses were engaging, and the study guides covered all the essential topics. These resources made a significant difference in my study routine and overall performance. I went into the exam feeling confident and well-prepared.
The AZ-305 materials for the Microsoft certification exam were invaluable. They provided detailed, concise explanations for each topic, helping me grasp the entire syllabus. After studying with these resources, I was able to tackle the final test questions confidently and successfully.
Thanks to the comprehensive study guides and video courses, I aced the AZ-305 exam. The exam dumps were spot on and helped me understand the types of questions to expect. The certification exam was much less intimidating thanks to their excellent prep materials. So, I highly recommend their services for anyone preparing for this certification exam.
Achieving my Microsoft certification was a seamless experience. The detailed study guide and practice questions ensured I was fully prepared for AZ-305. The customer support was responsive and helpful throughout my journey. Highly recommend their services for anyone preparing for their certification test.
I couldn't be happier with my certification results! The study materials were comprehensive and easy to understand, making my preparation for the AZ-305 stress-free. Using these resources, I was able to pass my exam on the first attempt. They are a must-have for anyone serious about advancing their career.
The practice exams were incredibly helpful in familiarizing me with the actual test format. I felt confident and well-prepared going into my AZ-305 certification exam. The support and guidance provided were top-notch. I couldn't have obtained my Microsoft certification without these amazing tools!
The materials provided for the AZ-305 were comprehensive and very well-structured. The practice tests were particularly useful in building my confidence and understanding the exam format. After using these materials, I felt well-prepared and was able to solve all the questions on the final test with ease. Passing the certification exam was a huge relief! I feel much more competent in my role. Thank you!
The certification prep was excellent. The content was up-to-date and aligned perfectly with the exam requirements. I appreciated the clear explanations and real-world examples that made complex topics easier to grasp. I passed AZ-305 successfully. It was a game-changer for my career in IT!