This is a continuation of an article that describes operational considerations for hosting solutions on Azure public cloud.

In this article, the topics that are encountered when taking certification examinations on Azure are discussed. The multiple-choice questions in those examinations are quite costly to make a mistake because they go beyond the cursory knowledge on the Azure resources. We recap just a few of these questions from a recent test.

Organizations deal with compute, storage and networking problems but identity hits home with the employees. Some of the questions ask about how inter-domain trust is established.  The order in which these steps are performed. The techniques by which multi-factor authentication is set up. How applications and services are secured. The scope at which these role-based access control may be overriden. How can the policies be conditionally enforced? These are some of the themes on which the questions from the certification examinations are based.

These questions are not hard to answer per se but they highlight the requirement for deep understanding of the Azure resources for solving those problems. For example, it finds out when password sync and password pass-through are applicable. Similarly, the use of privileged user protection is questioned.

The storage-based questions are somewhat easier to answer because they apply to a lot of common use cases. Some attention to limits imposed on different types of storage, their access polices, tiers, and retention period will go a long way in getting the answers right. Familiarity with hot, cool and archive tiers are tested by their use cases. Access control policy enforcement and cost management apply just as much they do for all Azure resources. Redundancy and availability are special considerations. Geo-replication is a hot topic.

The compute-based questions apply to different size and scale required for small, mid and large usages. They apply to different use cases but a common topic of interest is interoperability or dedicated ecosystems. It is important to know how to use them but it is more important to know how it connects to Azure resources including its hardening. Some examples cited in the questions span container orchestration frameworks, container registries and instances.

The networking questions are heavy on connections and their restrictions. VPN, firewall, Bastion are discussed in examples from threat analysis and mitigation purposes. The way to author policies, rules, routes and circuits are discussed very well.

Lastly. a study of the documentation online on architecture and best practices will round up the preparation.