Published: February 26, 2015
Audiences: IT professionals
Technology: Microsoft Azure
Credit toward certification: MCP, Microsoft Specialist
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.
Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.
Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.
If you have concerns about specific questions on this exam, please submit an exam challenge.
If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.
The Microsoft Azure environment is constantly evolving. To maximize relevance, this exam is regularly updated to reflect both deprecated and new technologies and processes. As of March 10, 2016, this exam reflects an update. To learn more about these changes and how they affect the skills measured, please download and review the Exam 70-534 changes document.
Note To ensure that they are aware of the latest updates, it is recommended that all individuals registering for this exam review this page several times before their scheduled exam.
Design Microsoft Azure infrastructure and networking (15–20%)
Describe how Azure uses Global Foundation Services (GFS) datacenters
Understand Azure datacenter architecture, regional availability, and high availability
Design Azure virtual networks, networking services, DNS, DHCP, and IP addressing configuration
Extend on-premises Active Directory, deploy Active Directory, define static IP reservations, understand ACLs and Network Security Groups, design resource groups
Design Azure Compute
Design Azure virtual machines (VMs) and VM architecture for IaaS and PaaS; understand availability sets, fault domains, and update domains in Azure; differentiate between machine classifications
Describe Azure virtual private network (VPN) and ExpressRoute architecture and design
Describe Azure point-to-site (P2S) and site-to-site (S2S) VPN, understand the architectural differences between Azure VPN and ExpressRoute
Describe Azure services
Understand, at a high level, Azure load balancing options, including Traffic Manager, Azure Media Services, CDN, Azure Active Directory (Azure AD), Azure Cache, Multi-Factor Authentication, and Service Bus
Secure resources (15–20%)
Secure resources by using managed identities
Describe the differences between Active Directory on-premises and Azure AD, programmatically access Azure AD using Graph API, secure access to resources from Azure AD applications using OAuth and OpenID Connect
Secure resources by using hybrid identities
Use SAML claims to authenticate to on-premises resources, describe DirSync synchronization, implement federated identities using Azure Access Control service (ACS) and Active Directory Federation Services (ADFS)
Secure resources by using identity providers
Provide access to resources using identity providers, such as Microsoft account, Facebook, Google, and Yahoo!; manage identity and access by using Azure Active Directory B2C
Identify an appropriate data security solution
Use the appropriate Access Control List (ACL), identify security requirements for data in transit and data at rest; identify, assess, and mitigate security risks by using Azure Operations Management Suite
Design a role-based access control strategy
Secure resource scopes, such as the ability to create VMs and Azure Web Apps
Design an application storage and data access strategy (15–20%)
Design data storage
Design storage options for data, including Table Storage, SQL Database, DocumentDB, Blob Storage, MongoDB, and MySQL; design security options for SQL Database or Azure Storage; identify the appropriate VM type and size for a solution
Design applications that use Mobile Apps
Create Azure Mobile Services, consume Mobile Apps from cross-platform clients, integrate offline sync capabilities into an application, extend Mobile Apps using custom code, implement Mobile Apps using Microsoft .NET or Node.js, secure Mobile Apps using Azure AD
Design applications that use notifications
Implement push notification services in Mobile Apps, send push notifications to all subscribers, specific subscribers, or a segment of subscribers
Design applications that use a web API
Implement a custom web API, scale using Azure Web Apps, offload long-running applications using WebJobs, secure a web API using Azure AD
Design a data access strategy for hybrid applications
Connect to on-premises data from Azure applications using Service Bus Relay, Hybrid Connections, or the VPN capability of Websites, identify constraints for connectivity with VPN, identify options for joining VMs to domains or cloud services
Design a media solution
Describe Media Services, understand key components of Media Services, including streaming capabilities, video on-demand capabilities, and monitoring services
Design an advanced application (15–20%)
Create compute-intensive applications
Design high-performance computing (HPC) and other compute-intensive applications using Azure Services
Create long-running applications
Implement worker roles for scalable processing, design stateless components to accommodate scale
Select the appropriate storage option
Use a queue-centric pattern for development, select the appropriate storage for performance, identify storage options for cloud services and hybrid scenarios with compute on-premises and storage on Azure, differentiate between cloud services and VMs interacting with storage service and SQL Database
Integrate Azure services in a solution
Identify the appropriate use of Azure Machine Learning, big data, Azure Media Services, and Azure Search services
Design Azure Web Apps (15–20%)
Design Azure Web Apps for scalability and performance
Globally scale Azure Web Apps, create Azure Web Apps using Visual Studio, debug Azure Web Apps, understand supported languages, differentiate between Azure Web Apps to VMs and cloud services
Deploy Azure Web Apps
Implement Azure Site Extensions, create packages, App service plans, deployment slots, resource groups, publishing options, Web Deploy, and FTP locations and settings
Design Azure Web Apps for business continuity
Scale up and scale out using Azure Web Apps and SQL Database, configure data replication patterns, update Azure Web Apps with minimal downtime, back up and restore data, design for disaster recovery, deploy Azure Web Apps to multiple regions for high availability, design the data tier
Design a management, monitoring, and business continuity strategy (15–20%)
Evaluate hybrid and Azure-hosted architectures for Microsoft System Center deployment
Understand, at an architectural level, which components are supported in Azure; describe design considerations for managing Azure resources with System Center; understand which scenarios would dictate a hybrid scenario
Design a monitoring strategy
Identify the Microsoft products and services for monitoring Azure solutions; understand the capabilities of System Center for monitoring an Azure solution; understand built-in Azure capabilities; identify third-party monitoring tools, including open source; describe use cases for Operations Manager, Global Service Monitor, and Application Insights; describe the use cases for Windows Software Update Services (WSUS), Configuration Manager, and custom solutions; describe the Azure architecture constructs, such as availability sets and update domains, and how they impact a patching strategy; analyze logs by using the Azure Operations Management Suite
Describe Azure business continuity/disaster recovery (BC/DR) capabilities
Understand the architectural capabilities of BC/DR, describe Hyper-V Replica and Azure Site Recovery (ASR), describe use cases for Hyper-V Replica and ASR
Design a disaster recovery strategy
Design and deploy Azure Backup and other Microsoft backup solutions for Azure, understand use cases when StorSimple and System Center Data Protection Manager would be appropriate, design and deploy Azure Site recovery
Design Azure Automation and PowerShell workflows
Create a PowerShell script specific to Azure, automate tasks by using the Azure Operations Management Suite
Describe the use cases for Azure Automation configuration
Understand when to use Azure Automation, Chef, Puppet, PowerShell, or Desired State Configuration (DSC)z`
You are designing a plan to deploy a new application to Azure. The solution must provide a single sign-on experience for users.
You need to recommend an authentication type.
Which authentication type should you recommend?
A. SAML credential tokens
B. Azure managed access keys
C. Windows Authentication
Explanation: A Microsoft cloud service administrator who wants to provide their Azure Active Directory (AD) users with sign-on validation can use a SAML 2.0 compliant SP-Lite profile based Identity Provider as their preferred Security Token Service (STS) / identity provider. This is useful where the solution implementer already has a user directory and password store on-premises that can be accessed using SAML 2.0. This existing user directory can be used for sign-on to Office 365 and other Azure AD-secured resources.
Reference: Use a SAML 2.0 identity provider to implement single sign-on
You need to design the system that alerts project managers to data changes in the contractor information app.
Which service should you use?
A. Azure Mobile Service
B. Azure Service Bus Message Queueing
C. Azure Queue Messaging
D. Azure Notification Hub
Explanation: * Scenario:
/ Mobile Apps: Event-triggered alerts must be pushed to mobile apps by using a custom Node.js script.
/ The service level agreement (SLA) for the solution requires an uptime of 99.9%
* If you are already using Azure Storage Blobs or Tables and you start using queues, you are guaranteed 99.9% availability. If you use Blobs or Tables with Service Bus queues, you will have lower availability.
Note: Microsoft Azure supports two types of queue mechanisms: Azure Queues and Service Bus Queues.
/ Azure Queues, which are part of the Azure storage infrastructure, feature a simple REST-based Get/Put/Peek interface, providing reliable, persistent messaging within and between services.
/ Service Bus queues are part of a broader Azure messaging infrastructure that supports queuing as well as publish/subscribe, Web service remoting, and integration patterns.
: Azure Queues and Service Bus Queues – Compared and Contrasted
You need to recommend a solution that allows partners to authenticate.
Which solution should you recommend?
A. Configure the federation provider to trust social identity providers.
B. Configure the federation provider to use the Azure Access Control service.
C. Create a new directory in Azure Active Directory and create a user account for the partner.
D. Create an account on the VanArsdel domain for the partner and send an email message that contains the password to the partner.
Explanation: * Scenario: The partners all use Hotmail.com email addresses.
* In Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS), an identity provider is a service that authenticates user or client identities and issues security tokens that ACS consumes.
The ACS Management Portal provides built-in support for configuring Windows Live ID as an ACS Identity Provider.
Not C, not D: Scenario: VanArsdel management does NOT want to create and manage user accounts for partners.
Reference: Identity Providers