The AZ-101 Microsoft Azure Integration and Security certification exam tests and validates your expertise managing and securing cloud services that span storage, security, networking, and compute capabilities within the Microsoft Azure cloud. This is the second in a set of exams that make up the new Azure Administrator certification track.
The AZ-100, AZ-101, and AZ-102 certification exams are all being retired May 1, 2019. The newer AZ-103 Azure Administrator certification exam is being made available on May 1, 2019 as a consolidated replacement. This is being done to improve the certification path towards the Microsoft Certified: Azure Administrator Associate certification.
Certification Target Audience
The AZ-101 Microsoft Azure Integration and Security certification exam is geared towards Azure Security Administrators who manage and secure cloud services that span storage, security, networking, and compute capabilities within the Microsoft Azure cloud. Exam candidates should have a deep understanding of each service across the full IT lifecyle, and take requests for infrastructure services, applications, and environments. They also make recommendations on services to use for optimal performance and scale, as well as provision, size, monitor, and adjust resources as appropriate.
Here’s a very high level list of the skills and objectives measured on this AZ-100 Microsoft Azure Infrastructure and Deployment certification exam. The percentages next to each objective area represents the number of questions on the exam in that objective area.
Evaluate and perform server migration to Azure (15-20%)
- Evaluate migration scenarios by using Azure Migrate
- May include but not limited to: Discover and assess environment; identify workloads that can and cannot be deployed; identify ports to open; identify changes to network; identify if target environment is supported; setup domain accounts and credentials
- Migrate servers to Azure
- May include but not limited to: Migrate by using Azure Site Recovery (ASR); migrate using P2V; configure storage; create a backup vault; prepare source and target environments; backup and restore data; deploy Azure Site Recovery (ASR) agent; prepare virtual network
Implement and manage application services (20-25%)
- Configure serverless computing
- May include but not limited to: Create and manage objects; manage a Logic App resource; manage Azure Function app settings; manage Event Grid; manage Service Bus
- Manage App Service plans
- May include but not limited to: Configure application for scaling; enable monitoring and diagnostics; configure App Service plans
- Manage App services
- May include but not limited to: Assign SSL certificates; configure application settings; configure deployment slots; configure Azure content delivery network (CDN) integration; manage App Service protection; manage roles for an App service; create and manage App Service environment
Implement advanced virtual networking (30-35%)
- Implement application load balancing
- May include but not limited to: Configure application gateway and load balancing rules; implement front end IP configurations; manage application load balancing
- Implement Azure load balancer
- May include but not limited to: Configure internal load balancer, load balancing rules, and public load balancer; manage Azure load balancing
- Monitor and manage networking
- May include but not limited to: Monitor on-premises connectivity; use network resource monitoring and Network Watcher; manage external networking and virtual network connectivity
- Integrate on premises network with Azure virtual network
- May include but not limited to: Create and configure Azure VPN Gateway; create and configure site to site VPN; configure Express Route; verify on premises connectivity; manage on-premise connectivity with Azure
Secure identities (25-30%)
- Implement Multi-Factor Authentication (MFA)
- May include but not limited to: Enable MFA for an Azure tenant; configure user accounts for MFA; configure fraud alerts; configure bypass options; configure trusted IPs; configure verification methods; manage role-based access control (RBAC); implement RBAC policies; assign RBAC Roles; create a custom role; configure access to Azure resources by assigning roles; configure management access to Azure
- Manage role-based access control (RBAC)
- May include but not limited to: Create a custom role; configure access to Azure resources by assigning roles; configure management access to Azure; troubleshoot RBAC; implement RBAC policies; assign RBAC roles
- Implement Azure Active Director (AD) Privileged Identity Management (PIM)
- May include but not limited to: Activate a PIM role; configure just-in-time access, permanent access, PIM management access, and time-bound access; create a Delegated Approver account; enable PIM; process pending approval requests
To view the most up-to-date list of these exam objectives, please reference the official AZ-101 exam page.