Published: November 30, 2017
Audiences: IT professionals
Technology: Microsoft Azure
Credit toward certification: MCP, MCSA, MCSE, MCSD
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.
Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.
Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.
If you have concerns about specific questions on this exam, please submit an exam challenge.
If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.
IMPORTANT: Significant changes are in progress for Exam 534 and its content. We estimate the amount of change to be 30% compared to 534. As a result, we are retiring 534 on December 31, 2017, and replacing it with Exam 535 that covers the new (but related) objective domain. Exam 535 retains the same exam title as 534, and 535 will be available in English on November 30, 2017, with other languages following soon after. You will no longer be able to register for Exam 534 after November 30, 2017. The Online training and Instructor-led training Preparation options below are for Exam 534. Please use them while we prepare options that are specific to Exam 535.
Design Compute Infrastructure (20-25%)
Design solutions using virtual machines
Design VM deployments by leveraging availability sets, fault domains, and update domains in Azure; use web app for containers; design VM Scale Sets; design for compute-intensive tasks using Azure Batch; define a migration strategy from cloud services; recommend use of Azure Backup and Azure Site Recovery
Design solutions for serverless computing
Use Azure Functions to implement event-driven actions; design for serverless computing using Azure Container Instances; design application solutions by using Azure Logic Apps, Azure Functions, or both; determine when to use API management service
Design microservices-based solutions
Determine when a container-based solution is appropriate; determine when container-orchestration is appropriate; determine when Azure Service Fabric (ASF) is appropriate; determine when Azure Functions is appropriate; determine when to use API management service; determine when Web API is appropriate; determine which platform is appropriate for container orchestration; consider migrating existing assets versus cloud native deployment; design lifecycle management strategies
Design web applications
Design Azure App Service Web Apps; design custom web API; secure Web API; design Web Apps for scalability and performance; design for high availability using Azure Web Apps in multiple regions; determine which App service plan to use; design Web Apps for business continuity; determine when to use Azure App Service Environment (ASE); design for API apps; determine when to use API management service; determine when to use Web Apps on Linux; determine when to use a CDN; determine when to use a cache, including Azure Redis cache
Create compute-intensive application
Design high-performance computing (HPC) and other compute-intensive applications using Azure Services; determine when to use Azure Batch; design stateless components to accommodate scale; design lifecycle strategy for Azure Batch
Design Data Implementation (15-20%)
Design for Azure Storage solutions
Determine when to use Azure Blob Storage, blob tiers, Azure Files, disks, and StorSimple
Design for Azure Data Services
Determine when to use Data Catalog, Azure Data Factory, SQL Data Warehouse, Azure Data Lake Analytics, Azure Analysis Services, and Azure HDInsight
Design for relational database storage
Determine when to use Azure SQL Database and SQL Server Stretch Database; design for scalability and features; determine when to use Azure Database for MySQL and Azure Database for PostgreSQL; design for HA/DR, geo-replication; design a backup and recovery strategy
Design for NoSQL storage
Determine when to use Azure Redis Cache, Azure Table Storage, Azure Data Lake, Azure Search, Time Series Insights
Design for CosmosDB storage
Determine when to use MongoDB API, DocumentDB API, Graph API, Azure Tables API; design for cost, performance, data consistency, availability, and business continuity
Design Networking Implementation (15-20%)
Design Azure virtual networks
Design solutions that use Azure networking services: design for load balancing using Azure Load Balancer and Azure Traffic Manager; define DNS, DHCP, and IP strategies; determine when to use Azure Application Gateway; determine when to use multi-node application gateways, Traffic Manager and load balancers
Design external connectivity for Azure Virtual Networks
Determine when to use Azure VPN, ExpressRoute and Virtual Network Peering architecture and design; determine when to use User Defined Routes (UDRs); determine when to use VPN gateway site-to-site failover for ExpressRoute
Design security strategies
Determine when to use network virtual appliances; design a perimeter network (DMZ); determine when to use a Web Application Firewall (WAF), Network Security Group (NSG), and virtual network service tunneling
Design connectivity for hybrid applications
Design connectivity to on-premises data from Azure applications using Azure Relay Service, Azure Data Management Gateway for Data Factory, Azure On-Premises Data Gateway, Hybrid Connections, or Azure Web App’s virtual private network (VPN) capability; identify constraints for connectivity with VPN; identify options for joining VMs to domains
Design Security and Identity Solutions (20-25%)
Design an identity solution
Design AD Connect synchronization; design federated identities using Active Directory Federation Services (AD FS); design solutions for Multi-Factor Authentication (MFA); design an architecture using Active Directory on-premises and Azure Active Directory (AAD); determine when to use Azure AD Domain Services; design security for Mobile Apps using AAD
Secure resources by using identity providers
Design solutions that use external or consumer identity providers such as Microsoft account, Facebook, Google, and Yahoo; determine when to use Azure AD B2C and Azure AD B2B; design mobile apps using AAD B2C or AAD B2B
Design a data security solution
Design data security solutions for Azure services; determine when to use Azure Storage encryption, Azure Disk Encryption, Azure SQL Database security capabilities, and Azure Key Vault; design for protecting secrets in ARM templates using Azure Key Vault; design for protecting application secrets using Azure Key Vault; design a solution for managing certificates using Azure Key Vault; design solutions that use Azure AD Managed Service Identity
Design a mechanism of governance and policies for administering Azure resources
Determine when to use Azure RBAC standard roles and custom roles; define an Azure RBAC strategy; determine when to use Azure resource policies; determine when to use Azure AD Privileged Identity Management; design solutions that use Azure AD Managed Service Identity; determine when to use HSM-backed keys
Manage security risks by using an appropriate security solution
Identify, assess, and mitigate security risks by using Azure Security Center, Operations Management Suite Security and Audit solutions, and other services; determine when to use Azure AD Identity Protection; determine when to use Advanced Threat Detection; determine an appropriate endpoint protection strategy
Design Solutions by using Platform Services (10-15%)
Design for Artificial Intelligence Services
Determine when to use the appropriate Cognitive Services, Azure Bot Service, Azure Machine Learning, and other categories that fall under cognitive AI
Design for IoT
Determine when to use Stream Analytics, IoT Hubs, Event Hubs, real-time analytics, Time Series Insights, IoT Edge, Notification Hubs, Event Grid, and other categories that fall under IoT
Design messaging solution architectures
Design a messaging architecture; determine when to use Azure Storage Queues, Azure Service Bus, Azure Event Hubs, Event Grid, Azure Relay, Azure Functions, and Azure Logic Apps; design a push notification strategy for Mobile Apps; design for performance and scale
Design for media service solutions
Define solutions using Azure Media Services, video indexer, video API, computer vision API, preview, and other media related services
Design for Operations (10-15%)
Design an application monitoring and alerting strategy
Determine the appropriate Microsoft products and services for monitoring applications on Azure; define solutions for analyzing logs and enabling alerts using Azure Log Analytics; define solutions for analyzing performance metrics and enabling alerts using Azure Monitor; define a solution for monitoring applications and enabling alerts using Application Insights
Design a platform monitoring and alerting strategy
Determine the appropriate Microsoft products and services for monitoring Azure platform solutions; define a monitoring solution using Azure Health, Azure Advisor, and Activity Log; define a monitoring solution for Azure Networks using Log Analytics and Network Watcher service; monitor security with Azure Security Center
Design an operations automation strategy
Determine when to use Azure Automation, Chef, Puppet, PowerShell, Desired State Configuration (DSC), Event Grid, and Azure Logic Apps; define a strategy for auto-scaling; define a strategy for enabling periodic processes and tasks
You need to configure availability for the virtual machines that the company is migrating to Azure.
What should you implement?
A. Traffic Manager
B. Availability Sets
C. Virtual Machine Autoscaling
D. Cloud Services
Scenario: VanArsdel plans to migrate several virtual machine (VM) workloads into Azure.
You are designing a plan to deploy a new application to Azure.
The solution must provide a single sign-on experience for users.
You need to recommend an authentication type.
Which authentication type should you recommend?
A. SAML credential tokens
B. Azure managed access keys
C. Windows Authentication
A Microsoft cloud service administrator who wants to provide their Azure Active Directory
(AD) users with sign-on validation can use a SAML 2.0 compliant SP-Lite profile based
Identity Provider as their preferred Security Token Service (STS) / identity provider. This is
useful where the solution implementer already has a user directory and password store on premises
that can be accessed using SAML 2.0. This existing user directory can be used
for sign-on to Office 365 and other Azure AD-secured resources.
You need to prepare the implementation of data storage for the contractor information app.
What should you?
A. Create a storage account and implement multiple data partitions.
B. Create a Cloud Service and a Mobile Service. Implement Entity Group transactions.
C. Create a Cloud Service and a Deployment group. Implement Entity Group transactions.
D. Create a Deployment group and a Mobile Service. Implement multiple data partitions.
/ VanArsdel needs a solution to reduce the number of operations on the contractor
information table. Currently, data transfer rates are excessive, and queue length for
read/write operations affects performance.
/ A mobile service that is used to access contractor information must have automatically
scalable, structured storage
* The basic unit of deployment and scale in Azure is the Cloud Service.