Skip to content

Latest commit

 

History

History
124 lines (103 loc) · 4.8 KB

az104-skills-measured-nov-2024.md

File metadata and controls

124 lines (103 loc) · 4.8 KB

Exam AZ-104: Microsoft Azure Administrator

Skills Measured

Manage Azure Identities and Governance (20–25%)

  • Manage Microsoft Entra users and groups

    • Create users and groups
    • Manage user and group properties
    • Manage licenses in Microsoft Entra ID
    • Manage external users
    • Configure self-service password reset (SSPR)

  • Manage access to Azure resources

    • Manage built-in Azure roles
    • Assign roles at different scopes
    • Interpret access assignments

  • Manage Azure subscriptions and governance

    • Implement and manage Azure Policy
    • Configure resource locks
    • Apply and manage tags on resources
    • Manage resource groups
    • Manage subscriptions
    • Manage costs using alerts, budgets, and Azure Advisor recommendations
    • Configure management groups

Implement and Manage Storage (15–20%)

  • Configure access to storage

    • Configure Azure Storage firewalls and virtual networks
    • Create and use shared access signature (SAS) tokens
    • Configure stored access policies
    • Manage access keys
    • Configure identity-based access for Azure Files

  • Configure and manage storage accounts

    • Create and configure storage accounts
    • Configure Azure Storage redundancy
    • Configure object replication
    • Configure storage account encryption
    • Manage data using Azure Storage Explorer and AzCopy

  • Configure Azure Files and Azure Blob Storage

    • Create and configure a file share in Azure Storage
    • Create and configure a container in Blob Storage
    • Configure storage tiers
    • Configure snapshots and soft delete for Azure Files
    • Configure blob lifecycle management
    • Configure blob versioning

Deploy and Manage Azure Compute Resources (20–25%)

  • Automate deployment of resources using Azure Resource Manager (ARM) templates or Bicep files

    • Interpret an ARM template or a Bicep file
    • Modify an existing ARM template
    • Modify an existing Bicep file
    • Deploy resources using an ARM template or a Bicep file
    • Export a deployment as an ARM template or convert an ARM template to a Bicep file

  • Create and configure virtual machines

    • Create a virtual machine
    • Configure Azure Disk Encryption
    • Move a virtual machine to another resource group, subscription, or region
    • Manage virtual machine sizes
    • Manage virtual machine disks
    • Deploy virtual machines to availability zones and availability sets
    • Deploy and configure an Azure Virtual Machine Scale Set

  • Provision and manage containers in the Azure portal

    • Create and manage an Azure container registry
    • Provision a container using Azure Container Instances
    • Provision a container using Azure Container Apps
    • Manage sizing and scaling for containers, including Azure Container Instances and Azure Container Apps

  • Create and configure Azure App Service

    • Provision an App Service plan
    • Configure scaling for an App Service plan
    • Create an App Service
    • Configure certificates and Transport Layer Security (TLS) for an App Service
    • Map an existing custom DNS name to an App Service
    • Configure backup for an App Service
    • Configure networking settings for an App Service
    • Configure deployment slots for an App Service

Implement and Manage Virtual Networking (15–20%)

  • Configure and manage virtual networks in Azure

    • Create and configure virtual networks and subnets
    • Create and configure virtual network peering
    • Configure public IP addresses
    • Configure user-defined network routes
    • Troubleshoot network connectivity

  • Configure secure access to virtual networks

    • Create and configure network security groups (NSGs) and application security groups
    • Evaluate effective security rules in NSGs
    • Implement Azure Bastion
    • Configure service endpoints for Azure platform as a service (PaaS)
    • Configure private endpoints for Azure PaaS

  • Configure name resolution and load balancing

    • Configure Azure DNS
    • Configure an internal or public load balancer
    • Troubleshoot load balancing

Monitor and Maintain Azure Resources (10–15%)

  • Monitor resources in Azure

    • Interpret metrics in Azure Monitor
    • Configure log settings in Azure Monitor
    • Query and analyze logs in Azure Monitor
    • Set up alert rules, action groups, and alert processing rules in Azure Monitor
    • Configure and interpret monitoring of virtual machines, storage accounts, and networks using Azure Monitor Insights
    • Use Azure Network Watcher and Connection Monitor

  • Implement backup and recovery

    • Create a Recovery Services vault
    • Create an Azure Backup vault
    • Create and configure a backup policy
    • Perform backup and restore operations using Azure Backup
    • Configure Azure Site Recovery for Azure resources
    • Perform a failover to a secondary region using Site Recovery
    • Configure and interpret reports and alerts for backups