Pass Microsoft AZ-305 Exam in First Attempt Guaranteed!
Get 100% Latest Exam Questions, Accurate & Verified Answers to Pass the Actual Exam!
30 Days Free Updates, Instant Download!
AZ-305 Premium Bundle
- Premium File 267 Questions & Answers. Last update: Nov 30, 2023
- Training Course 87 Lectures
- Study Guide 933 Pages
Last Week Results!
|Download Free AZ-305 Exam Questions|
Size: 110.52 KB
Size: 467.64 KB
Microsoft AZ-305 Practice Test Questions and Answers, Microsoft AZ-305 Exam Dumps - PrepAway
All Microsoft AZ-305 certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the AZ-305 Designing Microsoft Azure Infrastructure Solutions practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!
Design a Monitoring Strategy for Identity and Security
1. Using Privileged Identity Management Alerts
The third major section of the exam says design data storage is worth 15% to 20% of the exam score. So it's still a smaller percentage, but not completely insignificant, and worth some of your time. Now under data storage, we've got two major topics: one is databases, and the other is storage accounts. Now we're also going to talk about data integration, which is basically moving data from one solution to another, or data migration. And you can see there are topics related to data factories, data bricks, and data lakes, but these are, I believe, relatively minor topics. So we're going to talk about data storage from a recommendation design perspective.
You can see that none of the topics here say to know how to create a storage account, etc. But we are talking about sizing; we're talking about a database of scalability, particularly around autoscaling and the ability to handle spikes in traffic and encryption on the storage account size. We are also talking about sizing; we're talking about the different storage options within Azure and the various tools that we can use to manage our storage account, including Data Explorer. Thanks a lot for being here. Let's keep going.
2. Other Ways to Monitor the Security of Identity
So in this section of the course, we're going to be talking about designing a data platform solution. A reminder that this course, AZ 301, and the exam related material are about strategy and design. This is the thinking aspect, you know, putting your plans together before you start implementation, the implementation in and the programming and developing that is the Aza 300 course and the Aza 300 exam. So you'll see a lot more of the portal and the actual form fields and slider bars and things like that. So in this lesson, let's talk about the differences between managed and unmanaged data solutions. Why would you choose one over the other? As a reminder, what is unmanaged data? Typically, we're talking about an unmanaged storage account to start.
So if you have a storage account, and by default, an Azure storage account lets you have up to five petabytes of data in the United States and in Europe and 500 terabytes in other places, So that's quite a lot of data. It's very hard to fill five petabytes, but there are other limits on that in terms of operations per second, et cetera. So if you have an account like that, that's an unmanaged storage account, and it's up to you to design your application to work within those fixed limits. Now, a couple of options that you don't think about are that even if your virtual machine is running on a managed storage account, if you have an application installed in that virtual machine and that application has its own file system and its own data file format and logging files, you're going to be subject to the limits of those.
So SQL Server in a VM has limits that need to be managed around, even if the VM is running in a managed storage account. So it's almost like putting a file system on top of a managed file system. There's going to be exposure to some of those issues. Now, if we look at the flip side, that was the unmanaged storage in a managed store situation. From a regular VM, data discs can be mounted in a managed storage account. But then there are all these other database and data options, right? Azure SQL Database, Cosmos DB, and Redis Cache There's even a managed SQL Server offering.
And so in this video, we're going to talk about the advantages of using a managed storage option when it's available compared to an unmanaged storage account. Why would you choose an Azure SQL Database over SQL Server in a VM? Now, to start, a lot of these options have what is called "built-in high availability." So a single SQL Server running in a single virtual machine is subject to that virtual machine needing to be rebooted, that particular server suffering a hardware failure, expected and unexpected changes, operating system security patches, et cetera. And so if you're running a SQL Server in a VM inside of an Azure virtual machine, you're not running a high-availability solution. In my other courses at 300, I defined high availability as being an intentional effort that you make by making an intentional expense for additional components to your solution, designed to add resilience.
If you're just taking the default components, that's not high availability. That might be highly available, but it's not high availability by default. So if you look at SQL Server in a VM compared with Azure SQL Database, Azure SQL Database has high availability built into it. And so Microsoft is going to keep the Azure SQL database up. If a machine needs to be rebooted within that AzureSQL Database of servers, we're never going to know about it because they can just reboot that server and every single customer is still up and available, and we're not even notified when servers need to be rebooted and patches need to be made, et cetera.
So the high availability is provided as part of the solution. In the VM case, you provide it. And so you need multiple VMs. You need availability sets available to zones across regions, Azure Traffic Manager, etc. There's also the ability to do automatic scaling or even easy scaling. So in the case of Azure SQL Database or CosmosDB, you can define that to say, well, you know, during these hours, from Monday to Friday, at 9:00 a.m. By 5:00 p.m., we want our Azure SQL Database to be running on a higher performance tier. And so you can have that set script that basically upgrades the performance of your database. And you may not want to be upgraded because that's disruptive behavior, but it is an easy scaling action.
It's not difficult to change your SQL Database scaling efforts, but there are scaling, easy scaling, and auto scaling options within this managed data solution. Some of these also have threat detection. So a lot of the technology in the Azure SQL Database, for instance, will actually detect a SQL injection attack beforehand and stop it from attempting to work. Or somebody is trying to repeatedly log into the Azure SQL Database. Again, this is something that's built into the front end of some of these systems: being able to stop, detect, and stop malicious or strange activity. Another feature of this would be auto-tuning. If we look at SQL Database, you can go into it, and it can detect that if you had certain indexes added, the performance of your database would be improved. Or there are other tuning options within SQL Database, and these are things that they can offer in this kind of service offering since SQL Server doesn't have this auto tuning feature because, again, it's an unmanaged data solution. Microsoft is not going to be able to provide automated tools to modify the indexes on your table in that kind of solution.
Design a Data Management Strategy
1. Design Data Storage (15-20%)
Now we're just talking about managed and unmanaged data. In this video, we're going to talk a lot about databases, particularly the difference between relational and non-relational databases. So often, non-relational databases are sometimes referred to as "no SQL." A relational database can be queried with the SQL query language, whereas these no relational databases use different document formats. So there are a lot of advantages and a lot of features of a traditional relational database besides the use of SQL query language.
You've got keys like a primary key and a foreign key. That's the whole deal with relational databases—you're setting up relationships between data tables. You're saying this is the child, and this is the master. You cannot insert a child unless it points to an existing master, you cannot delete the master unless the child is deleted, et cetera. Back through the 1990s, we went through this process called "normalization," where we were trying to break down large data tables into smaller components. And so you ended up with a lot of lookuptables; you ended up with order records that ended up requiring multiple joins in order to reconstruct the entire order. So when you see a sequel statement and it's got five chapters attached to it, you realise that person went a little bit big with the normalisation episodes there's.
Also, because of the relational aspects, when you do an insert into a table, it has to go and look up the foreign key relationships and make sure that those exist. When you do a delete, it has to go and verify that there are no foreign keys pointing to it, right? A lot of these relational databases are great for transactions. When you have to start a transaction, you perform two or three tasks, and then you can commit that transaction or roll back that transaction. They feature high consistency and data integrity.
These are the important systems that make sure that if something has been committed to the database, the entire database is in a stable state. It's got SQL Server. came out with the SQL Server reporting services. SQL Server Analytics is one of the integration services. So because we had such a strongly defined table, you can create these graphs and tables and have them have relationships to each other. You could then build systems like reporting systems on top of that. Now, one of the challenges with relational databases is that they are so tightly coupled together that if you wanted to set up a replication where you have a second server that contains a good copy of that relational database and it was such a hassle to create replication, the challenge was to have a second server, locate another area, and get that data in close to real time copied.
Those things remain challenges, but relational databases were particular challenges. If we look at some of the nonrelational database offerings, we have many different kinds of databases now. So it's not just foreign keys, primary keys, and indexing. What we have now are things like key-value pairs. There's GraphDB and Graph data stores; you've got columnar format and even document storage, which store XML or JSON and focus on things like that. Now that we know the advantages, why did these databases even come along? Well, a lot of these databases were invented because of the challenges of the modern internet applications that are available to millions and millions of people.
The SQL servers and the databases were not scalable, right? Once you've got a trillion records in a single database table, you are having some really serious problems with searching, indexing, and things like that. So they invented these non-relational databases to handle Twitter and Facebook and all these sort of big data problems of these large companies. They're designed primarily to be fast, so they're quick to write or to get a particular data element from. So if you know you want ID number three, it'll grab it for you very quickly. They also support flexible schemas a lot of times where it's easy, let's say two years later you have billions of rows and now you want to add another property to this object. Well, in a non-relational database, you just provide the property, which doesn't affect the existing data, and everyone's happy.
In a relational database, if you have to add a column that could take hours, you have to provide a default value for records that don't have that column. And then your application has to understand, "Oh no, the column doesn't exist; this is what we have to do: look for null," et cetera. These are more flexible; they're not as rigid. A lot of them are unique because of it. You can add a lot of interesting things. Graph databases have this concept of nodes and edges, and there are a lot of interesting ways that you can handle data that relational databases tie your hands on. Now, relational databases are really good for what's called "lift and shift" migrations, which are when you have an existing SQL Server or Oracle DB in your environment and you're like, "OK, step one, let's just get that data into the cloud."
And so that's just to back up the database. upload it, restore it in the cloud, and then you have your database running in the cloud. That's the simplest type of data migration. And so relational databases are great for that. Obviously, relational databases are also good for transactional applications, or what they call "OLTP" (online transaction processing) type applications. You're not going to move to another database for your bank, okay? Because there are certain industries where the speed of it is not the primary consideration; it's the integrity of it, right? The no-sequel and the non-relational databases are great for web applications. Modern databases, when you're not tied down by those previous conventions, should be looked at for small bits of data. So there are a lot of great things to do, but what are the sort of pros and cons of using relational databases or not?
2. Managed and Unmanaged Data Strategy
So let's wrap up the discussion of identity and security with a discussion of monitoring identity and security. Now, monitoring is always going to be a key feature. We'll talk about it; we're talking about data, and we're going to talk about it in other sections of this course. But monitoring identity is something that some people don't even think to do. They set up the security, they make their Azure ad, and they manage the user IDs and passwords. And maybe they use privileged identity management to add an additional layer of security for administrators. They use conditional access to prevent some of those obvious attacks. And it would be good to be able to set up a type of monitoring and reporting for some of these things. Now you can set up alerts.
Azure's privileged identity management module does not have an alert feature. If we go into it, we can see that under PIM, under roles, you can see alerts, and there are some predefined alerts. So you don't even have to sort of dream up what it is that you want to be alerted about. If there are too many administrators, that's an alert. If there are roles that are being assigned outside of privileged identity management, that could be an alert, et cetera. And so we set up the security so that if people are doing things that you want to be notified about, there are five of them on the screen that you've predefined and that you can choose from. Those are basically a predefined set of potential policy violations.
And so you can just sort of choose from that list. Now under each of those, there are, like it says, too many administrators. Well, what is too many? You can go into each of those alerts and there's going to be settings, and you can say, "Okay, I want to be notified if there are more than ten global administrators on my account." And for your organization, that would be like an excessive number for other organizations that might not be. So, for instance, one of the alerts says administrators aren't using their privileged roles. So if you are given administrator permissions, but you haven't actually used an administrator permission in 30 days, well, that could be something that needs to be alerted about. So in this case, you can just set that, and if you see the slider, it looks like it can probably go up to six months or more. So you can just basically choose what is and isn't an appropriate amount.
3. Relational and NoSQL Database Strategy
So we're talking about monitoring identity and security. And what is basically our approach to monitoring identity security? Well, our approach is basically to start from the beginning. You know, if we look at identity, the fact that you've got maybe tens of thousands of users in your organisation and they've all got various levels of permission, it's a very daunting task to try to ensure that everyone's got the right levels of permission and that unauthorized people are not getting in.
And we can really look at identity as being this sort of doorway, right? There are probably other ways to hack into your system that do not relate to identity. But if someone can get that working (administrator, user ID, and password), and that's all they need to get into your application, well, that's like having the key to your house, right? So the identity is the door, and you want to secure that door. What I would suggest is that we start when we're doing auditing and monitoring, and that we want to start from the very beginning. A lot of companies have an on-premises Active Directory and are using a synchronization tool to synchronize that into Azure AD.
Well, if your on-premises ad is not secure, then those people are going to be able to get into your Azure accounts and your Azure ads. So security is going to start with your on-premises advertisement. Who has access to that, and how is that controlled outside of the scope of this course? Obviously, we talk about securing Active Directory on premises, but that's where it starts. Okay? Your security of your entire system is determined by the route—the seed, if you will—of your on-premises Active Directory. We use Ad Connect to get our on-premises Active Directory users into Azure. Active Directory? We already talked about Ad Connect health to make sure it is working and secure and to get various reports about how the synchronization is going. You can monitor Ad Connect in order to monitor the health of the connection. When you go into Azure, you can go into Logan tics. Now, Log Analytics allows you access to various security logs.
Microsoft AZ-305 practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass AZ-305 Designing Microsoft Azure Infrastructure Solutions certification exam dumps & practice test questions and answers are to help students.
Comments * The most recent comment are at the top
IT Certification Tutorials
- Top Career Opportunities for Financial Certified Professionals
- Top Project Management Certifications to Improve Your CV
- Top 10 Computer Job Titles That Will Rule the Future
- Discontinuation of ITIL v3 in 2022 And New Technological Era
- GAQM CSM-001 Certified Scrum Master - Chapter 04 - Meetings in Scrum Part 3
- Python Institute PCAP - Modules; Packages and Object Oriented Programming in Python Part 3
- PMI PMP Project Management Professional - Introducing Project Risk Management Part 3
- CompTIA CASP+ CAS-004 - Chapter 01 - Understanding Risk Management Part 3
- DA-100 Microsoft Power BI - Part 2 Level 2 - Getting Multiple files
- CompTIA CASP+ CAS-004 - Chapter 04 - Implementing Security for Systems; Applications; and Storage Part 3
- IIBA CBAP - Tasks of Business Analysis Planning and Monitoring
- MB-210 Microsoft Dynamics 365 - Create and Manage Product and Product Catalog Part 2
- Salesforce Certified Platform App Builder - 5 - Business Logic and Process Automation Part 3
- Amazon AWS Certified Data Analytics Specialty - Domain 4: Analysis
- Google Professional Cloud Network Engineer - Designing; Planning; and Prototyping a GCP Network Part 3