AZ 900 MS Learn

¡Supera tus tareas y exámenes ahora con Quizwiz!

for a VPN gateway you need to deploy a subnet called

"GatewaySubnet" for the VPN gateway. Use at least a /27 address mask to make sure you have enough IP addresses in the subnet for future growth. You can't use this subnet for any other services.

To connect your datacenter to a VPN gateway, you'll need these on-premises resources:

- A VPN device that supports policy-based or route-based VPN gateways - A public-facing (internet-routable) IPv4 address

With Azure Firewall, you can configure:

- Application rules that define fully qualified domain names (FQDNs) that can be accessed from a subnet. - Network rules that define source address, protocol, destination port, and destination address. - Network Address Translation (NAT) rules that define destination IP addresses and ports to translate inbound requests.

Azure AD provides services such as:

- Authentication: verifying identity to access apps and resources, providing self-service password reset, multi-factor authentication (MFA), a custom banned password list, and smart lockout services. - Single-Sign-On (SSO): A single identity is tied to a user, simplifying the security model. As users change roles or leave an organization, access modifications are tied to that identity, greatly reducing the effort needed to change or disable accounts. - Application management: manage your cloud and on-premises apps using Azure AD Application Proxy, SSO, the My apps portal (also referred to as Access panel), and SaaS apps. - Device Management: Manage how your cloud or on-premises devices access your corporate data.

What services provide provide Azure AD Multi-Factor Authentication capabilities

- Azure Active Directory: free edition has MFA for global admins; premium allows MFA via Conditional Access - Office 365: subset of Azure AD MFA is part of your Office 365 subscription

Azure has two implementations of serverless compute:

- Azure Functions: Functions can execute code in almost any modern language. - Azure Logic Apps: Logic apps are designed in a web-based designer and can execute logic triggered by Azure services without writing any code.

Azure Firewall provides many features, including:

- Azure Monitor logging. - Built-in high availability. - Unrestricted cloud scalability. - Inbound and outbound filtering rules. - Inbound Destination Network Address Translation (DNAT) support.

Azure supports a broad range of technologies and services to provide big data and analytic solutions, including

- Azure Synapse Analytics - Azure HDInsight - Azure Databricks - Azure Data Lake Analytics

Azure Database for PostgreSQL Single Server

- Built-in high availability (99.99 percent SLA) for no additional cost - Predictable performance and inclusive, pay-as-you-go pricing. - Vertical scale as needed, within seconds. - Monitoring and alerting to assess your server. - Enterprise-grade security and compliance. - Ability to protect sensitive data at-rest and in-motion. - Automatic backups and point-in-time-restore for up to 35 days. No extra cost or admin stuff

Azure Database for PostgreSQL delivers the following benefits:

- Built-in high availability (v. on-premises) for no additional cost - Simple and flexible pricing. You have predictable performance based on a selected pricing tier choice that includes software patching, automatic backups, monitoring, and security. - Scale up or down as needed, within seconds. You can scale compute or storage independently as needed, to make sure you adapt your service to match usage. - Adjustable automatic backups and point-in-time-restore for up to 35 days. - Enterprise-grade security and compliance to protect sensitive data at-rest and in-motion. This security covers data encryption on disk and SSL encryption between client and server communication.

Azure Database for MySQL delivers:

- Built-in high availability with no additional cost. - Predictable performance and inclusive, pay-as-you-go pricing. - Scale as needed, within seconds. - Ability to protect sensitive data at-rest and in-motion. - Automatic backups. - Enterprise-grade security and compliance.

The benefits of using Key Vault include:

- Centralized application secrets: so you can control distribution, and reduces chances that secrets are accidentally leaked. - Securely stored secrets and keys: industry-standard algorithms, key lengths, and HSMs. - Access monitoring and access control: monitor and control access to secrets. - Simplified administration of application secrets: esay to enroll and renew certificates from public certificate authorities (CAs). - Integration with other Azure services: integrate with storage accounts, container registries, event hubs, ++. to securely reference the secrets stored in Key Vault.

ExpressRoute supports three models that you can use to connect your on-premises network to the Microsoft cloud:

- CloudExchange colocation - Point-to-point Ethernet connection - Any-to-any connection

Azure Sentinel enables you to:

- Collect cloud data at scale (across users, devices, apps, and infrastructure) both on-premises and from multiple clouds. - Detect previously undetected threats (+ Minimize false positives by using Microsoft's comprehensive analytics and threat intelligence.) - Investigate threats with AI - Respond to incidents rapidly with built-in orchestration and automation of common tasks

With Azure Machine Learning, you can:

- Create a process defining how to get data, handle missing/bad data, split data into a training set or test set, and deliver the data to the training process. - Train and evaluate predictive models by using tools and programming languages familiar to data scientists. - Create pipelines that define where and when to run the compute-intensive experiments that are required to score the algorithms based on the training and test data. - Deploy the best-performing algorithm as an API to an endpoint so it can be consumed in real time by other applications.

There are three main ways to purchase services on Azure. They are:

- Enterprise Agreement: larger customers agree to spend a predetermined amount over 3 years - paid annually - From the web: purchase services in Azure Portal - billed monthly with credit cards or invoices - Via a Cloud Solution Provider: Your CSP bills you for Azure as they determine and answer support questions

Azure Government services handle data that is subject to certain government regulations and requirements such as

- Federal Risk and Authorization Management Program (FedRAMP) - National Institute of Standards and Technology (NIST) 800.171 Defense Industrial Base (DIB) - International Traffic in Arms Regulations (ITAR) - Internal Revenue Service (IRS) 1075 - Department of Defense (DoD) L4 - Criminal Justice Information Service (CJIS)

Azure free account provides

- Free access to popular Azure products for 12 months. - A credit to spend for the first 30 days. - Access to more than 25 products that are always free.

benefits of Azure Dedicated Host

- Gives visibility and control of the server infrastructure that's running your Azure VMs. - Helps address compliance requirements by deploying your workloads on an isolated server. - Lets you choose the number of processors, server capabilities, VM series, and VM sizes within the same host.

Who uses Azure AD?

- IT admins: to controll access to app and resources - developers: to add single sign on functional to n app etc - users: to change their password w/o IT support - online service subscribers: Microsoft 365, office, azure, etc. all have Azure AD tenants

Microsoft's Trust Center provides:

- In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products. - Additional resources for each topic. - Links to the security, privacy, and compliance blogs and upcoming events.

Azure virtual networks provide the following key networking capabilities:

- Isolation and segmentation between multiple VNets - Internet communications - Communicate between Azure resources - Communicate with on-premises resources - Route/filter network traffic across subnets and networks - Connect virtual networks - set up secure endpoints + protect again sql injects and cross site scripting - allows private IPs

Azure Cognitive Services categories

- Language services: to process natural language with prebuilt scripts, evaluate sentiment, and learn how to recognize what users want. - Speech services: Convert speech into text and text into natural-sounding speech. Translate from one language to another and enable speaker verification and recognition. - Vision services: Add recognition and identification capabilities when you're analyzing pictures, videos, and other visual content. - Decision services: Add personalized recommendations for each user that automatically improve each time they're used, moderate content to monitor and remove offensive or risky content, and detect abnormalities in your time series data.

Pros to using ExpressRoute

- Layer 3 (address level) connectivity between your on-premises network and the Microsoft Cloud through a connectivity provider. - Connectivity to Microsoft cloud services across all regions in the geopolitical region. - Global connectivity to Microsoft services across all regions with the ExpressRoute premium add-on. - Dynamic routing between your network and Microsoft via BGP. - Built-in redundancy in every peering location for higher reliability. - Connection uptime SLA. - QoS support for Skype for Business.

How can you limit network connectivity across all of your resources to allow only what's required (network layer)?

- Limit communication between resources by segmenting your network and configuring access controls - deny by default - Restrict inbound internet access and limit outbound where appropriate - Implement secure connectivity to on-premises networks

Benefits of Azure Resource Manager

- Manage infrastructure w/ templates rather than scripts: a JSON file that defines what you want to deploy to Azure. - Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually. - Redeploy your solution throughout the development life cycle and have confidence your resources are deployed in a consistent state. - Define the dependencies between resources so they're deployed in the correct order. - Apply access control to all services because RBAC is natively integrated into the management platform. - Apply tags to resources to logically organize all the resources in your subscription. - Clarify your organization's billing by viewing costs for a group of resources that share the same tag.

Azure Key Vault can help you:

- Manage secrets: store and tightly control access to tokens, passwords, certificates, API keys, and other secrets. - Manage encryption keys: create and control the encryption keys that are used to encrypt your data. - Manage SSL/TLS certificates: provision, manage, and deploy your public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for both your Azure resources and your internal resources. - Store secrets backed by hardware security modules (HSMs): secrets and keys can be protected by software or by FIPS 140-2 Level 2 validated HSMs.

xpressRoute enables direct access to the following services in all regions:

- Microsoft Office 365 - Microsoft Dynamics 365 - Azure compute services, such as Azure Virtual Machines - Azure cloud services, such as Azure Cosmos DB and Azure Storage

Azure Security Center can

- Monitor security settings across on-premises and cloud workloads. - Automatically apply required security settings to new resources as they come online. - Provide security recommendations based on your current configurations, resources, and networks. - Continuously monitor your resources and perform security assessments to identify potential vulnerabilities - Use machine learning to detect and block malware from being installed on your virtual machines (VMs) and other resources. You can also use adaptive application controls to define rules that list allowed applications to ensure that only applications you allow can run. - Detect and analyze potential inbound attacks and investigate threats and any post-breach activity that might have occurred. - Provide just-in-time access control for network ports to reduces your attack surface by ensuring that the network only allows traffic you require at the time that you need it to.

Azure virtual networks enable you to filter traffic between subnets by using

- Network security groups - Network virtual appliances

Advantages of IaaS

- No CapEx - Agility. Applications can be made accessible quickly, and deprovisioned whenever needed. - Management. The shared responsibility model applies; the user manages and maintains the services they have provisioned, and the cloud provider manages and maintains the cloud infrastructure. - Consumption-based model. Organizations pay only for what they use and operate under an Operational Expenditure (OpEx) model. - Skills. No deep technical skills are required to deploy, use, and gain the benefits of a public cloud. Organizations can use the skills and expertise of the cloud provider to ensure workloads are secure, safe, and highly available. - Cloud benefits. Organizations can use the skills and expertise of the cloud provider to ensure workloads are made secure and highly available. - Flexibility. IaaS is the most flexible cloud service because you have control to configure and manage the hardware running your application.

Advantages of PaaS

- No CapEx - Agility. PaaS is more agile than IaaS, and users don't need to configure servers for running applications. - Consumption-based model. Users pay only for what they use, and operate under an OpEx model. - Skills. No deep technical skills are required to deploy, use, and gain the benefits of PaaS. - Cloud benefits. Users can take advantage of the skills and expertise of the cloud provider to ensure that their workloads are made secure and highly available. In addition, users can gain access to more cutting-edge development tools. They can then apply these tools across an application's lifecycle. - Productivity. Users can focus on application development only, because the cloud provider handles all platform management. Working with distributed teams as services is easier because the platform is accessed over the internet. You can make the platform available globally more easily.

Advantages of SaaS

- No CapEx - Agility. Users can provide staff with access to the latest software quickly and easily. -Pay-as-you-go pricing model. Users pay for the software they use on a subscription model, typically monthly or yearly, regardless of how much they use the software. - Skills. No deep technical skills are required to deploy, use, and gain the benefits of SaaS. - Flexibility. Users can access the same application data from anywhere.

A consumption-based model has many benefits, including:

- No upfront costs. - No need to purchase and manage costly infrastructure that users might not use to its fullest. - The ability to pay for additional resources when they are needed. - The ability to stop paying for resources that are no longer needed.

Azure virtual networks enable you to link resources together to create a network that spans both your local and cloud environments How can you do this?

- Point-to-site virtual private networks - Site-to-site virtual private networks - Azure ExpressRoute

Azure Advisor Recommendation types

- Reliability: to ensure and improve the continuity of your business-critical applications. - Security: to detect threats and vulnerabilities that might lead to security breaches. - Performance: to improve the speed of your applications. - Cost: to optimize and reduce your overall Azure spending. - Operational Excellence: to help achieve process and workflow efficiency, resource manageability, and deployment best practices.

Security Score helps you

- Report on the current state of your organization's security posture. - Improve your security posture by providing discoverability, visibility, guidance, and control. - Compare with benchmarks and establish key performance indicators (KPIs).

Azure Cost Management + Billing features include:

- Reporting: Use historical data to generate reports and forecast future expenditure. - Data enrichment: categorize resources with tags that correspond to real-world business and organizational units. - Budgets: Create and manage cost and usage budgets by monitoring resource demand trends, consumption rates, and cost patterns. - Alerting: Get alerts based on your cost and usage budgets. - Recommendations: Receive recommendations to eliminate idle resources and to optimize the Azure resources you provision.

What is tag metadata useful for?

- Resource management: you can locate and act on resources associated with specific workloads, environments, business units, and owners. - Cost management and optimization: you can group resources so you can report on costs, allocate internal cost centers, track budgets, and forecast estimated cost. - Operations management: you can group resources according to how critical their availability is to your business. This grouping helps you formulate service-level agreements (SLAs). - Security: you can classify data by its security level (e.g. public/confidential) - Governance and regulatory compliance: you can identify resources that align with governance or regulatory compliance requirements, or your own requirements like owner and department name - Workload optimization and automation: you can visualize resources that participate in complex deployments. e.g. tag a resource with its app name and use DevOps to perform automated tasks on those resources.

Azure Blueprints orchestrates the deployment of various resource templates and other artifacts, such as:

- Role assignments - Policy assignments - Azure Resource Manager templates - Resource groups

Service Health helps you keep an eye on several event types:

- Service issues: problems in Azure (e.g. outages) that affect you right now. - Planned maintenance: You can see how an event will affect you and what you need to do. Most occur without any impact to you and aren't shown here. If a reboot is required, Service Health allows you to choose when to perform the maintenance to minimize the downtime. - Health advisories: issues that require you to act to avoid service interruption, including service retirements and breaking changes. Health advisories are announced far in advance to allow you to plan.

Blob Storage is ideal for:

- Serving images or documents directly to a browser. - Storing files for distributed access. - Streaming video and audio. - Storing data for backup and restore, disaster recovery, and archiving. - Storing data for analysis by an on-premises or Azure-hosted service. - Storing up to 8 TB of data for virtual machines.

Key features of route-based VPN gateways in Azure include:

- Supports IKEv2 - Uses any-to-any (wildcard) traffic selectors - Can use dynamic routing protocols, where routing/forwarding tables direct traffic to different IPSec tunnels. Data packets are encrypted based on network routing tables that are created dynamically using routing protocols such as Border Gateway Protocol (BGP).

VMs are an ideal choice when you need:

- Total control over the operating system (OS). - The ability to run custom software. - To use custom hosting configurations.

You'll want to enable Azure resources to communicate securely with each other. You can do that in one of two ways:

- Virtual networks to connect to VMs/App Services & other Azure resources - Service endpoints to connect to other Azure resource types, such as Azure SQL databases and storage accounts. This approach enables you to link multiple Azure resources to virtual networks to improve security and provide optimal routing between resources.

What kinds of attacks can DDoS Protection Standard tier help prevent?

- Volumetric attacks: flood network layer with a substantial amount of seemingly legitimate traffic. - Protocol attacks: render a target inaccessible by exploiting a weakness in the layer 3 and layer 4 protocol stack. - Resource-layer (application-layer) attacks (only with web application firewall): target web app packets to disrupt the transmission of data between hosts (layer 7)

With App Service, you can host most common app service styles like:

- Web apps; ASP.NET Core, Java, Ruby, PHP, Python etc - API apps; REST based web apis w/ swagger - WebJobs; run programs or scripts often by trigger - Mobile apps; quickly build backend stuff and support for front-end

DDoS Protection service tiers

- basic; automatically enabled/free, traffic monitoring and mitigation of network-level attacks ensuring Azure infrastructure is not affected, Azure global network distributes and mitigates attack traffic across Azure regions - standard: extra capabilities for Virtual Network resources, protection is tuned via dedicated traffic monitoring and machine learning algorithms. policies are applied to resources in virtual networks like Azure Load Balancer and Application Gateway

Why should you use Azure virtual desktop?

- best user experience: use any device; have VMs near apps and services for faster loading; login is fast - enhance security; MFA and role-based access controls can be used; separated from hardware protecting confidential info; reverse connect technology doesn't use inbound ports = more secure

There are three main aspects to consider when you create and manage subscriptions:

- billing (maybe break up with subscriptions) - access control (maybe use subscriptions and RBAC) - subscription limit (spread resources across subscriptions if you hit limits)

How to start with machine learning

- collect your data and analyze it to check for biases, accuracy, and validity - split the data into training data and evaluation data - choose a model for you data (text-based, visual, other data) - train model on training data and let it create an algorithm - use evaluation data to test the model for accuracy - tweak algorithm manually if needed & retest - deploy

STAR Certification demonstrates that the CSP (Cloud service provider):

- conforms to application requirements of ISO/IEC 27001 - Has addressed issues critical to cloud security as outlined in the CCM - Has been assessed against the STAR Combability Maturity Model for the mgmt of activities in CCM control areas

To build a SLA for your app you should

- determine workload (what resource you must use to create your app) - combine SLAs to computer the composite SLA of those resources - consider customization options to meet your SLA goal e.g. different tiers, backup storages, deploy 2+ in diff availability zones, duplicate components (redundancy)

migration process flow

- discover: the features you use/need - assess: which on-prem dbs can be migrated - migrate: move data - cutover: change connection strings - optimize: optimize

When to use VMs

- during testing and development - when running apps in the cloud - when extending you datacenter to the cloud - during disaster recovery

How does the TCO Calculator work?

- enter details of your on prem workloads - review suggested industry average cost (adjust if needed) for OpEx (include electricity, network maintenance, IT labor) - review the side by side report to compare on premise cost breakdown with Azure cost breakdown

key features of Azure Virtual Desktop

- familiar to Azure admins bc uses Azure AD, RBAC (role based access controls), Azure Monitor etc - load balancing uses on VM host pools (collections of VMs with the same configuration assigned to multiple users) - Windows 10 Enterprise multi-session can be used to allow multiple concurrent users on a single VM

Types of Azure subscriptions

- free trial: 12 months of popular free services, a credit to explore any Azure service for 30 days, and more than 25 services that are always free - pay-as-you-go: pay for what you use - member offers: certain Microsoft products may come with Azure credits or reduced rates in Azure (e.g. Visual Studio subscribers)

What four compliance categories does Azure support?

- global (e.g. ISO stuff) - US Gov (e.g. DoD stuff; CJIS) - Industry (e.g. PCI DSS- Payment Card Industry Data Security Standard) - Regional (e.g. Canada Privacy Laws)

What are three ways to organize related resources?

- group them by subscription - group them by resource group - group them using tags

Three Azure storage tiers

- hot; frequently accessed data - cool; infrequently access and stored for at least 30 days - archive; rarely accessed data and stored for at least 180 days

What's in a typical SLA

- intro: explains expectations like its scope, and how subscription renewals can affect terms - general terms: defining words like downtime, and how to submit claims and get credits - SLA details: guarantees of the service as a %, focuses on uptime and may address latency (speed), what happens if Azure fails to meet specifications -- typically a credit

Organize the four levels of Azure's management structure in a top-down hierarchy or organization - subscriptions - resources - resource groups - management groups.

- management groups - subscriptions - resource groups - resources

When to use Azure Files

- migrate on prem file shares to cloud with few changes needed in app - store config and other developer files files to access from multiple VMs - write data to a file share and processing/analyze it later -- diagnostic logs, metrics, or crash dumps

Configurable settings for basic virtual network

- network name (unique to subscription) - address space in CIDR (unique to subscription and any other networks you connect to) - subscription and location of vNet - subnet to partition vNet - DDoS protection: basic or standard - Service endpoints: select endpoints you want to enable including Azure Cosmos DB, Service Bus, Key Vault, etc

3 big benefits of serverless computing

- no infrastructure management - automatic scalability - only pay for what you use

If you explore the azure compliance document for a specific standards page you will see

- overview of standard - cloud services in scope - overview of audit cycle and links to audit reports - answers to FAQs - additional resources

options that you can configure in the Pricing calculator can include

- region - tier - billing options (like enterprise exceptions) - support options - programs and offers (like licensing stuff) - Azure Dev/Test pricing (for Dev/Test stuff)

Azure VPN Gateway instances are deployed in Azure Virtual Network instances and enable the following connectivity

- site-to-site - point-to-site - network-to-network

Three categories of sign ons for MFA

- something the user knows: email addr and password - something the user has: code on a phone - something the user is: biometric property like fingerprint

Azure resources you need to deploy an operational VPN gateway

- virtual network - gateway subnet - public ip addr - local network gateway - virtual network gateway - connection

advantages of region pairs:

- you can use them to provide reliable services and data redundancy - If an extensive Azure outage occurs, one region out of every pair is prioritized to make sure at least one is restored as quickly as possible for applications hosted in that region pair. - Planned Azure updates are rolled out to paired regions one region at a time to minimize downtime and risk of application outage. - Data continues to reside within the same geography as its pair (except for Brazil South) for tax- and law-enforcement jurisdiction purposes.

How many datacenters do availability zones have?

1 or more

Azure Sphere comes in three parts:

1. Azure Sphere micro-controller unit (MCU): to process OS and sensor signals 2. customized Linux OS: to communicate with security service and run vendor's software 3. Azure Sphere Security Service (AS3): ensure device is not maliciously compromised by authenticating each device via certificates and checking for tampering

Implementing a policy in Azure Policy involves three tasks:

1. Create a policy definition 2. Assign the definition to resources 3. Review the evaluation results

Implementing a blueprint in Azure Blueprints involves these three steps:

1. Create an Azure blueprint. 2. Assign the blueprint. 3. Track the blueprint assignments.

Cloud Adoption Framework consists of tools, documentation, and proven practices. What are the 5 stages it includes?

1. Define your strategy 2. Make a plan 3. Ready your organization 4. Adopt the cloud 5. Govern and manage your cloud environments

Working with the TCO Calculator involves three steps:

1. Define your workload 2. adjust assumptions 3. view report

There are two basic approaches to AI:

1. deep learning: system that's modeled on the neural network of the human mind, enabling it to discover, learn, and grow through experience 2. machine learning: data science technique that uses existing data to train a model, test it, and then apply it to new dat to forecast future behaviors, outcomes, and trends

What is included in most CI/CD pipelines

1. get most recent code from source code mgmt system & update dependencies/packages 2. compile source code into binary executable 3. remove compiled binary to location where it can be deployed to a test environment for further testing 4. binary and other files get deployed to prod

he maximum number of network Azure ExpressRoute circuits per subscription is

10

how may management groups can be supported in a single directory

10,000

99.9% availability means how much downtime per week?

10.1 minutes

, if you reduce the VM's size from Standard_D4_v4 to Standard_D2_v4, which is the next size lower, you reduce your compute cost by

50% 5esizing a VM requires it to be stopped, resized, and then restarted -- but saves money if its underutilized

You have a current composite SLA of 99.78, you want to add 2 new services each with a SLA of 99.9, what is your new composite?

99.58%

SQL Database provides _______ percent availability.

99.99

Billing zones

A geographical grouping of Azure Regions for billing purposes. Zone 1: Australia Central, West US, East US, Canada West, West Europe, France Central, ++ Zone 2: Australia East, Japan West, Central India, Korea South, ++ Zone 3: Brazil South, South Africa North, South Africa West, UAE Central, UAE North DE Zone 1: Germany Central, Germany Northeast

Hybrid cloud

A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them.

Azure Machine Learning

A platform for making predictions. It consists of tools and services that allow you to connect to data to train and test models to find one that will most accurately predict a future result. After you've run experiments to test the model, you can deploy and use it in real time via a web API endpoint.

Private cloud

A private cloud consists of computing resources used exclusively by users from one business or organization. A private cloud can be physically located at your organization's on-site (on-premises) datacenter, or it can be hosted by a third-party service provider.

Site-to-site virtual private networks

A site-to-site VPN links your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network. In effect, the devices in Azure can appear as being on the local network. The connection is encrypted and works over the internet.

Subscriptions

A subscription groups together user accounts and the resources that have been created by those user accounts. For each subscription, there are limits or quotas on the amount of resources that you can create and use. Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects.

serverless computing

A type of cloud computing that allows companies to focus on building a business function using code without worrying about how to deploy - enables developers to build applications faster by eliminating the need for them to manage infrastructure (like Paas) Azure executes your code based on triggers and handles the servers and running of code for you; can autoscale for demand; don't need to worry about outages; only pay for what you use

you can use existing data to forecast future behaviors; build use and deploy machine learning models in the cloud using this service category

AI

What is the best infrastructure-as-code option for quickly and reliably setting up your entire cloud infrastructure declaratively?

ARM Templates

used when you need a highly reliable means of deploying a complex set of services that perform different roles in your app architecture

ARM Templates

What should you use to manage resources if you need to repeatedly set up one or more resources and ensure that all the dependencies are created in the proper order

ARM templates PowerShell and Azure CLI could be used, but there'd be no validation, hard to rollback if there's an error, and more difficult to save previous scripts

The company needs a repeatable, reliable way to scale its operations during peak sales periods. - it should be efficient and maybe parallel - create dependencies in the correct order - and not fail in the middle of deployment What can you use?

ARM templates - we're basically deploying an entire cloud infrastructure and we want to repeat this during peak times PowerShell or Azure CLI could be used, but less efficient an could fail in the middle etc

Azure VPN Gateway

Accesses Azure Virtual Networks through high-performance VPN gateways.

Active Directory v. Azure AD

Active Directory = on prem resource run on a Windows server to provide identity and access mgmt that is managed by your org Azure AD = cloud based identity and access mgmt, you control the accounts but Microsoft ensures the service is globally available and can monitor and detect suspicious sign-in attempts (unexpected location/device, etc)

Bing Search

Add Bing Search APIs to your apps and harness the ability to comb billions of webpages, images, videos, and news with a single API call.

Azure SignalR Service

Add real-time web functionalities easily.

Natural Language processing

Allow your apps to process natural language with prebuilt scripts, evaluate sentiment, and learn how to recognize what users want.

Web API

An API that's accessible from servers that accept requests via HTTP

Azure Functions

An event-driven, serverless compute service.

How can VMs be used when extending your datacenter to the cloud?

An organization can extend the capabilities of its own on-premises network by creating a virtual network in Azure and adding VMs to that virtual network. e.g. run SharePoint on an Azure VM instead of locally

you can quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform. You can meet rigorous performance, scalability, security, and compliance requirements while using a fully managed platform to perform infrastructure maintenance. What is this?

App Service

What is likely the best way for you to identify which billing department each Azure resource belongs to?

Apply a tag to each resource that include the billing department (could split by subscriptions too - but less good)

Resources in the Dev and Test environments are each paid for by different departments. What's the best way to categorize costs by department?

Apply a tag to resources to identify the appropriate billing department

What's the best way to ensure that the development team doesn't provision too many virtual machines at the same time?

Apply spending limits to the team's Azure subscription

What blob storage tier should you use for long-term backups or disaster recovery

Archive access tier - for data that is rarely accessed and stored for at least 180 day

AuthN

Authentication

How can you connect Active Directory with Azure AD in order to provide a consistent identity experience to your users?

Azure AD Connect

synchronizes user identities between on-premises Active Directory and Azure AD so you can support SSO, MFA, and self-service password changes

Azure AD Connect

To monitor your actual costs and get recommendations around unused resources and ways to optimize services you can use

Azure Advisor

What dashboard in Portal displays personalized recommendations for all your subscriptions, and you can use filters to select recommendations for specific subscriptions, resource groups, or services

Azure Advisor

What should you use to get recommendation on how to optimize your cloud environment?

Azure Advisor

What should you use to get recommendations on how to cut costs?

Azure Advisor

You want to be alerted when new recommendations to improve your cloud environment are available. Which service will do this?

Azure Advisor

You need to analyze how you're using Azure to reduce costs, improve resilience, and harden your security. What should you use?

Azure Advisory - for an analysis of your deployed resources

This platform as a service (PaaS) environment allows you to focus on the website and API logic while Azure handles the infrastructure to run and scale your web applications.

Azure App Service

scalable hosting platform for web based apps where you can easily deploy, operate, and scale apps

Azure App Services

service for sending telemetry information from application source code to Azure

Azure Application Insights

- Starts a pool of compute VMs for you. - Installs applications and staging data. - Runs jobs with as many tasks as you have. - Identifies failures. - Requeues work. - Scales down the pool as work completes. What am I?

Azure Batch

this type of storage can manage thousands of simultaneous uploads, massive amounts of video data, constantly growing log files, and can be reached from anywhere with an internet connection.

Azure Blob Storage

Which Azure Storage option is better for storing data for backup and restore, disaster recovery, and archiving

Azure Blob Storage (Question asked for Azure Storage type, not access tier)

You need to create a human-computer interface that uses natural language to answer customer questions. Which product option should you select as a candidate?

Azure Bot Service

you need to create a virtual agent to interact with humans by using natural language which AI service should you use

Azure Bot Service

The Customer Service team has long asked for a virtual agent to handle the vast majority of questions it gets asked. No matter how prominent it makes the answers to the most frequently asked questions on the website, shoppers are impatient and perceive contact in a chat window as saving them time. The team wants shoppers to feel as though they're interacting with a real human. When it becomes clear that the virtual agent can't provide an answer, the chat session should be transferred to a human. Providing a virtual agent would decrease the amount of time it takes for all shoppers to receive answers. The virtual agent could answer most questions, which would free up human customer service agents to provide support for more difficult questions or thorny account-related issues. What service should you use?

Azure Bot Service we want to chat with a person-like thing = bot we have FAQs and other data to train it with = bot We could also use QnA Maker or other tools alongside this solution

As an administrator, you need to retrieve the IP address from a particular VM by using Bash, what tool should you use?

Azure CLI - Bash = Azure CLI

A team of Linux developers needs to check on the health of Azure resources and keep everything up and running via a variety of tasks, and Portal is too slow, what can they use?

Azure CLI - one off tasks with Linux background

Is PowerShell or Azure CLI better for people familiar with Linux?

Azure CLI for Linux people PowerShell for Windows people but either can be used on either OS - just preferance

You need to identify the content of product images to automatically create alt tags for images formatted properly. Which product option is the best candidate?

Azure Cognitive Service

only 80 percent of potential customers speak English. In some neighborhoods, that number falls to 50 percent. The team sees the addition of multiple languages as a wonderful opportunity to serve non-English speakers with the same online e-commerce experience as English speakers. What service should you use?

Azure Cognitive Services We want to translate and understand text = cognitive service

You need a service that can understand the content and meaning of images, video, or audio, and translate text into a different language What should you use?

Azure Cognitive Services speech to text; analyzing text; etc.

to solve general problems, such as analyzing text for emotional sentiment or analyzing images to recognize objects or faces, you can use

Azure Cognitive Services (via APIs to include in your code)

you need to predict user behavior and provide users with personalized recommendations in your app What should you use?

Azure Cognitive Services Personalizer watches your users' actions within an application. You can use Personalizer to predict their behavior and provide relevant experiences as it identifies usage patterns. Azure Machine Learning could also be used

these two services allow you to deploy containerized apps with fully managed services

Azure Container Instances and Azure Kubernetes Service

Allows developers to create apps fast with their choice of APIs, such as MongoDB, Cassandra, Gremlin, and more.

Azure Cosmos DB

Your development team is interested in writing Graph-based applications that take advantage of the Gremlin API. Which db option would be ideal for that scenario?

Azure Cosmos DB

________ supports schema-less data, which lets you build highly responsive and "Always On" applications to support constantly changing data. You can use this feature to store data that's updated and maintained by users around the world.

Azure Cosmos DB

An attacker can bring down your website by sending a large volume of network traffic to your servers. Which Azure service can help protect your App Service instance from this kind of attack?

Azure DDoS Protection

You can migrate your existing SQL Server databases with minimal downtime by using

Azure Database Migration Service - it performs all of the required steps. You just change the connection string in your apps.

_____________ offers several service tiers, and each tier provides different performance and capabilities to support lightweight to heavyweight database workloads. Dynamic scalability enables your database to transparently respond to rapidly changing resource requirements. You only pay for the resources you need, and only when you need them.

Azure Database for MySQL

a company uses the LAMP (Linux, Apache, MySQL, and PHP) stack for several of its websites. Which option would be ideal for migration?

Azure Database for MySQL

a suite of services that address every stage of the software development lifecycle

Azure DevOp

Is DevOps or GitHub more sophisticated for project management and reporting?

Azure DevOps

The team needs to give project sponsors and managers executive level reporting, including burndown charts, track progress against epics, and track custom information that's specific to the company in each work item and bug report. upper management team wants to ensure that contractors only have access to the information they need to do their work What should be used to do this?

Azure DevOps - its not open source and needs robust permissions and project mgmt = DevOps

Should you use Azure DevOps or GitHub for more complex permissions

Azure DevOps, bc GitHub works on a simple model of read/write permissions to every feature while DevOps has a much more granular set of permissions

Which service could help you manage the VMs that your developers and testers need to ensure that your new app works across various operating systems?

Azure DevTest Labs

provides an automated means of managing the process of building, setting up, and tearing down virtual machines (VMs) that contain builds of your software projects so developers and testers can perform tests across a variety of environments and builds

Azure DevTest Labs

Typical usage scenarios of this storage type would be to share files anywhere in the world, diagnostic data, or application data sharing.

Azure Files

You need to process messages from a queue, parse them by using some existing imperative logic written in Java, and then send them to a third-party API. Which serverless option should you choose?

Azure Functions

create vent driven serverless apps (with no coding required) using

Azure Functions

host a single method or function by using a popular programming language in the cloud that runs in response to an event. An example of an event might be an HTTP request, a new message on a queue, or a message on a timer. What service does this

Azure Functions

ideal when you're concerned only about the code running your service and not the underlying platform or infrastructure. They're commonly used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less. What are these

Azure Functions

If you need to use build complex algorithms, or data lookup and parsing operations then you should use this serverless compute option

Azure Functions if you have a logic-intensive orchestration that requires a complex algorithm, implementing that algorithm might be more verbose and visually overwhelming in Logic Apps --> Functions is better

Data about each product that's sold is packaged as a JSON message and sent to an event hub. The event hub distributes the JSON message to subscribers, which allows various systems to be notified. upgrade its e-commerce site to include real-time inventory tracking, but currently does so one a day using a Windows service on a VM in Azure that is written in C# to retrieve messages, parse JSON, perform lookups of db info, and send notifications as necessary. Which serverless option should be used?

Azure Functions port the Windows Service code into an Azure Function and make the necessary changes bind the function to a trigger so it runs whenever a new message is on the queue

Azure Functions v. Logic Apps pricing

Azure Functions pricing is based on the number of executions and the running time of each execution. Logic Apps pricing is based on the number of executions and the type of connectors that it utilizes.

With this IoT service, the visual user interface (UI) makes it easy to quickly connect new devices and watch as they begin sending telemetry or error messages. You can watch the overall performance across all devices in aggregate, and you can set up alerts that send notifications when a specific device needs maintenance. Finally, you can push firmware updates to the device.

Azure IoT Central

If you primarily want to send messages with your IoT devices and occasionally push updates, and don't need further reporting features, you should use

Azure IoT Hub

By using this service, devices that are equipped with sensors and that can connect to the internet could send their sensor readings to a specific endpoint in Azure via a message. The message's data is then collected and aggregated. Devices could also be updated with new firmware to fix issues or add functionality by sending software updates from this services to each device.

Azure IoT services

What is the best way for your company to safely store its certificates so that they're accessible to cloud VMs?

Azure Key Value

You want to orchestrate a workflow by using APIs from several well-known services. Which is the best option for this scenario?

Azure Logic Apps

Your team has limited experience with writing custom code, but it sees tremendous value in automating several important business processes. Which of the following options is your team's best option?

Azure Logic Apps

low-code/no-code development platform hosted as a cloud service. The service helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. simplifies how you design and build scalable solutions, whether in the cloud, on-premises, or both. This solution covers app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) integration.

Azure Logic Apps

A store sends out surveys for customer satisfaction. Ideally, negative customer satisfaction scores would trigger a customer retention workflow. First, a sentiment analysis would be generated based on the free-form comments, an email would be sent to the customer with an apology and a coupon code, and the message would be routed to the Dynamics 365 customer service team so that it could schedule a follow-up email. No developers are available to work on this, but IT staff are. What serverless solution should be used?

Azure Logic Apps A cloud or IT professional could use existing connectors to perform a sentiment analysis by using the Azure Cognitive Services connector, send an email by using the Office 365 Outlook connector, and create a new record and follow-up email by using the Dynamics 365 customer service connector. Because Azure Logic Apps is a low-code/no-code service, no developers are needed. A cloud or IT professional should be able to build and support this workflow.

You need to build a model based on historical data, what AI service should you use?

Azure Machine Learning

when your data scientists need complete control over the design and training of an algorithm using your own data you should use

Azure Machine Learning

The Marketing team is convinced that it can increase sales dramatically by suggesting add-on products that complement the items in a shopper's cart at the point of checkout. The team could hard-code these suggestions, but it feels that a more organic approach would be to use its years' worth of sales data as well as new shopping trends to decide what products to display to the shopper. Additionally, the suggestions could be influenced by product availability, product profitability, and other factors. What service should you use?

Azure Machine Learning Azure Cognitive Services Personalizer could play a role as it deals with predicting users, but we need a more complex model with historical data sets so this leads us to something more flexible that can still predict future outcomes = machine learning

You need to predict future behavior based on previous actions. Which product option should you select as a candidate?

Azure Machine Learning (potentially Azure Cognitive Service Personalizer if we were given more info)

You need to build a model by using your own data, what AI service should you use?

Azure Machine Learning as it is maximumly flexible

If you want to track how your Azure services are performing and diagnose issues, you should use

Azure Monitor

Which service is a platform that powers Application Insights, monitoring for VMs, containers, and Kubernetes?

Azure Monitor

You want to measure custom events alongside other usage metrics and telemetry, what should you use?

Azure Monitor

You want to keep track of the performance or issues related to your specific VM or container instances, databases, your applications, and so on, what should you use?

Azure Monitor to create reports and notifications to help you understand how your services are performing or diagnose issues related to your Azure usage

Your e-commerce website is experiencing intermittent errors, and the team is unsure of the cause. Because of the nature of the errors, the team suspects that it's either a database or caching issue. What are the circumstances surrounding the errors? Does it happen only during peak usage times? What is the state of the team's Azure SQL instance? What is the state of its Redis caching server? How can it trace the issues to a root cause? What service should you use to answer these questions?

Azure Monitor - to gain insight on performance and specific issues additional information about the state of the web application can be sent to Application Insights to help locate the root cause of the issue as well

Where can you create custom views by using Power BI and Kusto queries.

Azure Monitor Dashboard

what lets you use data to help you react to critical events in real time, through alerts delivered to teams via SMS, email, and so on. Or use thresholds to trigger autoscaling functionality to scale up or down to meet the demand.

Azure Monitor Dashboard

What can be used to automate CI/CD processes?

Azure Pipelines & GitHub Actions

If all resources in a certain resource group should be tagged with AppName tag and a value of "SpecialOrders," and one is created without this tag under Azure Policies, what happens?

Azure Polices will automatically reapply the tag (or add it for the first time) if it is missing

CORS should not allow every resource to access your web apps - how can you enforce this?

Azure Policies

How can you make sure new resources use the same tags as existing resources?

Azure Policies

MFA should be enabled on accounts with write permissions on your subscription - how can you enforce this?

Azure Policies

You want to restrict which locations your organization can specify when it deploys a resource. How can you do this?

Azure Policies

Lets you create, configure, and control all your services and resources from a single easy to use web-based interface

Azure Portal

Where can you manage your Azure subscription using a GUI

Azure Portal

a web-based, unified console that provides an alternative to command-line tools

Azure Portal

You're a developer who needs to set up your first VM to host a process that runs nightly. Which of the following tools is your best choice?

Azure Portal - your *first VM, and a one-off task = portal

Your financial officer want to run custom reports in real time to see how resources are being used and cost, what should you use?

Azure Portal, bc we are doing one-time tasks and the person is non-technical

if you're in a cloud management or administrative role, it's less efficient to rely solely on visual scanning and clicking so you should use _______ for one-off resource mgmt stuff

Azure PowerShell or Azure CLI

What can you use to perform one-off mgmt , administrative, or reporting actions in Azure

Azure Powershell, Azure CLI, or Azure Portal

allows you to distribute you applications globally so you can locative your data and apps where they're needed most

Azure Regional Datacenters

ARM

Azure Resource Manager

Instead of defining the detailed access requirements for each individual, and then updating access requirements when new resources are created, Azure enables you to control access through

Azure Role Based Access Control (Azure RBAC)

a relational database based on the latest stable version of the Microsoft SQL Server database engine. This db is a high-performance, reliable, fully managed, highly available, and secure database. You can use it to build data-driven applications and websites in the programming language of your choice, without needing to manage infrastructure.

Azure SQL Database

a scalable cloud data service that provides the broadest SQL Server database engine compatibility with all the benefits of a fully managed PaaS.

Azure SQL Managed Instance

Provides recommendations on how to improve security posture based on your current configurations, resources, and networks

Azure Security Center

What can automatically detect potential inbound attacks like logins from malicious IPs, suspicious commands being run, etc

Azure Security Center

place to check security settings, identify potential security weaknesses, and analyze inbound attacks

Azure Security Center

provides visibility of your security posture across all of your services, both on Azure and on-premises

Azure Security Center

Where can you get a detailed analysis of different components and whether they comply with certain security regulations?

Azure Security Center (policy & compliance section)

aggregates security data from many different sources, and provides additional capabilities for threat detection and response

Azure Sentinel

After an outage, this service provides official incident reports, called root cause analyses (RCAs), which you can share with stakeholders.

Azure Service Health

Your cloud operations team wants to let stakeholders know about upcoming planned downtime in advance. When outages do happen, the team wants to quickly ascertain whether the issue is specific to their services or a service interruption that affects many Azure customers. The team also wants to provide key stakeholders with reports that explain how and why the incident occurred, and so on. What should they use?

Azure Service Health

You want to monitor Azure services and regions, what should you use?

Azure Service Health for status of services and outages

If you want to stay no top of planned outages you should use

Azure Service Helth

A company wants to build a new voting kiosk for sales to governments around the world. Which IoT technologies should the company choose to ensure the highest degree of security?

Azure Sphere

When security of IoT devices is of critical consideration, you'll want to use

Azure Sphere bc it ensures a secure channel of communication between the device and Azure by controlling everything from the hardware to the operating system and the authentication process

A company wants to implement a touchless point-of-sale solution for self-checkout. The self-checkout terminals should be, above all else, secure. Each terminal must be impervious to malicious code that could create fraudulent transactions, force the company to take the systems offline during a heavy shopping period, or send transactional data to a spying organization. The terminals should also report back vital information on the company's health and allow secure updates to its software remotely. They also want a way to push updates to its terminals and also make sense of all of the data that will be generated through analysis. What IoT Service should be used + why?

Azure Sphere with Iot Central Security is important = sphere Iot Central can also provide the analytics the company is looking for so building on top of both makes sense

A company has millions of log entries that it wants to analyze. Which db option would be ideal for analysis?

Azure Synapse Analytics

Where can the IT department find reference blueprints that it can apply directly to its Azure subscriptions?

Azure compliance doucmentation

on-demand computing service for running cloud-based applications. It provides computing resources such as disks, processors, memory, networking, and operating systems. The resources are available on-demand and can typically be made available in minutes or even seconds. You pay only for the resources you use, and only for as long as you're using them.

Azure compute

Meeting the European Union Model Clauses ensures

Azure customers can use Microsoft services to move data freely through Microsoft's cloud, from Europe to the rest of the world

Linking compute resources and providing access to applications is the key function of

Azure networking

How can you access previews?

Azure portal create a resource and search "preview"

You can create and configure Azure Virtual Network instances using

Azure portal, Azure PowerShell on your local computer, or Azure Cloud Shell

How do you know when there's a service outage?

Azure status provides a global view of the health of Azure services and regions -- good starting place You can subscribe to Azure Status for updates via RSS feed You can access Azure Service Health from here too, for a personalized view the health of services and regions your are using

Your company has a team of remote workers that need to use Windows-based software to develop your company's applications, but your team members are using various operating systems like macOS, Linux, and Windows. Which Azure compute service would help resolve this scenario?

Azure virtual desktop

empower developers and data scientists a wide range of productive experiences for building, training, and deploying machine learning models faster

Azure's AI and ML services

Azure Load Balancer

Balances inbound and outbound connections to applications or service endpoints.

Azure Database for PostgreSQL Single Server pricing tiers

Basic, General Purpose, and Memory Optimized. Each tier offers different resource capabilities to support your database workloads. You can build your first app on a small database for a few dollars a month, and then adjust the scale to meet the needs of your solution. Dynamic scalability enables your database to transparently respond to rapidly changing resource requirements. You only pay for the resources you need, and only when you need them.

for large amounts of data, you can use open source cluster services to run analytics at a massive scale and make decisions based on complex queries using this service category

Big Data

BGP

Border Gateway Protocol; used to exchange routes between on-premises networks and resources running in Azure. This protocol enables dynamic routing between your on-premises network and services running in the Microsoft cloud.

you might need a single invoice for your organization but want to organize charges by department, team, or project how can you do this?

Break up your resources by subscriptions for separate departments But then have a invoice section for the subscriptions you want on a single invoice

How can you improve your secure score?

By remediating all of the recommendations for a single resource within a control

Stages of CI pipeline and CD pipeline

CI: plan, code, build, test CD: release, deploy, operate, monitor

Security posture is your organization's ability to protect from and respond to security threats. The common principles used to define a security posture are

CIA confidentiality integrity availability

What are the lock levels?

CanNotDelete - authorized people can modify/read but not delete ReadOnly - authorized people can not delete or change

requires significant up-front financial costs

CapEx

View the report with TCO calculator

Choose a time frame between one and five years and TCO will generate a report for you based on the info you entered view costs breakdowns for on prem v. Azure in categories: compute, datacenter, networking, storage, and IT labor

Offers a collection of documents, implementation guidance, best practices, and tools for each of those things

Cloud Adoption Framework

Azure Machine Learning Service

Cloud-based environment you can use to develop, train, test, deploy, manage, and track machine learning models. It can auto-generate a model and auto-tune it for you. It will let you start training on your local machine, and then scale out to the cloud.

Azure Kubernetes Service

Cluster management for VMs that run containerized services. a complete orchestration service for containers with distributed architectures and large volumes of containers. controls placement of pods (1+ container) on a cluster node staggers update deployments & can roll back horizontally scales automatically or manually networking stuff and api extensions

Azure ML Studio

Collaborative visual workspace where you can build, test, and deploy machine learning solutions by using prebuilt machine learning algorithms and data-handling modules.

What's the easiest way for a company to combine security data from all of its monitoring tools into a single report that it can take action on?

Collect security data in Azure Sentinel

Colocation at a cloud exchange for ExpressRoute

Colocated providers can normally offer both Layer 2 and Layer 3 connections between your infrastructure, which might be located in the colocation facility, and the Microsoft cloud. e.g. you can request a virtual cross-connection to the Microsoft cloud

composite SLA

Combining SLAs across different service offerings multiply the SLA of each individual service (by instance)

How can your IT department ensure that employees at the company's retail stores can access company applications only from approved tablet devices?

Conditional Access

Azure Virtual Network

Connects VMs to incoming virtual private network (VPN) connections.

Azure ExpressRoute

Connects to Azure over high-bandwidth dedicated secure connections. For environments where you need high bandwidth and security. ExpressRoute provides dedicated private connectivity to Azure that doesn't travel over the internet.

Azure compute resources that you can use to deploy and manage containers.

Container Instances and Azure Kubernetes Service

These are lightweight, virtualized application environments. They're designed to be quickly created, scaled out, and stopped dynamically. You can run multiple instances of these application on a single host machine What am I?

Containers e.g. Container Instances and Azure Kubernetes Service

Speech

Convert spoken audio into text, use voice for verification, or add speaker recognition to your app.

What blob storage tier should you use to access invoices for your customers

Cool access tie - for data that is infrequently accessed and stored for at least 30 da

Over the years, Tailwind Traders has acquired several smaller companies. Each of these companies had teams of developers who used different database services and various APIs to work with their data. You'd like to enable each of these teams to work with an environment where they can use their existing skills. What should you use?

Cosmos DB - which has the flexibility to use an API developers are comfortable with e.g. SQL, MongoDB, Cassandra, Tables, and Gremlin

How can your company most easily implement a deny by default policy so that VMs can't connect to each other?

Create a network security group rule that prevents access from another VM on the same network allows you to filter traffic to and from resources by source and destination IP address, port, and protocol

You want to enable Azure Security Center to recommend missing security system updates on your servers. How can you do this?

Create an Azure Policy (Enable Monitoring in Azure Security Center - which is actually an initiative with numerous policy defs in it to monitor different things in Security Center)

You want to specify a set of VM SKUs that your organization can deploy. How can you do this?

Create an Azure Policy specifying the allowed SKUs

Which is the best way for you to ensure that the team deploys only cost-effective virtual machine SKU sizes?

Create an Azure Policy that specified the allowed SKU sized

What is the first step that you would take in order to share an image file as a blob in Azure Storage?

Create an Azure Storage Account

How can a company enforce having only certain applications run on its VMs?

Create an application control rule in Azure Security Center

Web Apps feature of Azure App Service

Create and deploy mission-critical web apps at scale.

What's the best way for your company to limit all outbound traffic from VMs to known hosts?

Create application rules in Azure Firewall

How can you allow some users to control the virtual machines in each environment but prevent them from modifying networking and other resources in the same resource group or Azure subscription?

Create role assignments with Azure RBAC

Azure Virtual WAN

Creates a unified wide area network (WAN) that connects local and remote sites.

Azure Sphere

Creates an end-to-end, highly secure IoT solution that encompasses everything from the hardware and OS on the device to the secure method of sending messages from the device to the message hub. Built in communication and security for internet connected devices

CORS

Cross-Origin Resource Sharing

Which is the most efficient way for a testing team to save costs on virtual machines on weekends, when testers are not at work?

Deallocate the VMs when they are not in use

Why deallocate a VM without deleting its storage?

Deallocating a VM when you don't plan on using it for some time is just one way to minimize costs (cut out compute time and public IP address usage)

Azure Content Delivery Network

Delivers high-bandwidth content to customers globally.

Adding a third virtual machine reduces your composite SLA. How can you offset this reduction?

Deploy extra instances of the same VM across different availability zones in the same region

Azure Cognitive Search

Deploy this fully managed search as a service.

bring together people, process, and tech by automatizing software delivery using this service category

DevOps

Azure Service Fabric

Distributed systems platform that runs in Azure or on-premises.

Azure Traffic Manager

Distributes network traffic across Azure regions worldwide.

Common characteristic shared by azure storage services (5)

Durable and highly available with redundancy and replication. Secure through automatic encryption and role-based access control. Scalable with virtually unlimited storage. Managed, handling maintenance and any critical problems for you. Accessible from anywhere in the world over HTTP or HTTPS.

What is a region pair?

Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources (such as VM storage) across a geography that helps reduce the likelihood of interruptions because of events such as natural disasters, civil unrest, power outages, or physical network outages that affect both regions at once. If a region in a pair was affected by a natural disaster, for instance, services would automatically failover to the other region in its region pair.

ExpressRoute Built-in redundancy

Each connectivity provider uses redundant devices to ensure that connections established with Microsoft are highly available. You can configure multiple circuits to complement this feature. All redundant connections are configured with Layer 3 connectivity to meet service-level agreements.

Layers of defense in depth

Each layer provides protection so that if one layer is breached, a subsequent layer is already in place to prevent further exposure. - physical security - identity and access - perimeter - network - compute - application - data

What do the roles do in RBAC

Each role has an associated set of access permissions that relate to that role. When you assign individuals or groups to one or more roles, they receive all of the associated access permissions.

Which of the following options isn't a benefit of ExpressRoute? - Redundant connectivity - Consistent network throughput - Encrypted network communication - Access to Microsoft cloud services

Encrypted network communication is not provided. ExpressRoute does provide private connectivity, but it isn't encrypted.

Defense in depth: application

Ensure apps are secure and free of vulnerabilities. Store sensitive secrets in secure storage. Make security a design requirement Integrating security into the application development lifecycle

CIA availability

Ensure that services are functioning and can be accessed only by authorized users. Denial-of-service attacks are designed to degrade the availability of a system, affecting its users.

Microsoft Privacy Statement

Explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes..

T/F Every region has support for availability zones

False

T/F Network traffic is unrelated to costs in Azure

False

T/F You need an Azure Subscription to use the TCO calculator

False

T/F You need to purchase an Azure account before you can use any Azure resources.

False

T/F Azure DevOps is a lighter-weight tool than GitHub

False - GitHub is lighter weight and focused on individual developers and open source, DevOps is focused on enterprise dev with more tools and access control

T/F Subscriptions within a management group do not automatically inherit the conditions applied to the management group.

False - all subscriptions automatically inherit from their management group

T/F An azure account can only have one subscription

False - could have multiple; maybe with different billing models

T/F Resources can not be moved between resource groups

False - many resources can be moved although some have limitations

T/F Public cloud takes a lot of CapEx to scale up

False - no CapEx is needed in public cloud

T/F with OpEx you are responsible for purchasing and maintaining your computing resources

False - only maintaining

T/F A management group and subscription can have more than one parent.

False - only support one parent

T/F Organizations have to pay for unused resources when they use the public cloud

False - orgs only pay for what they use

T/F You must choose a region for any service that you create

False - some global Azure services don't require you to select a particular region, such as Azure Active Directory, Azure Traffic Manager, and Azure DNS.

T/F Azure Database for PostgreSQL Single Server is free

False - the benefits are of no additional cost but to use the db you need a pricing tier (basic, general purpose, memory optimized)

T/F Organizations are not responsible for hardware maintenance and updates when they are private cloud

False - they are responsible for maintenance as a private cloud

T/F Resource groups can be nested

False - they can not

T/F ExpressRoute supports site-to-site virtual private networks

False - this is not an ExpressRoute model

T/F With CapEx you are only responsible for the computing resources you use

False - you pay an upfront cost no matter what you use

T/F Azure AD helps users access external resources while you manage the internal access rights

False; Azure AD can handle both external and internal resource access management

T/F You must bring your own training data to Azure Cognitive Service to train the model

False; Azure Cognitive Services has pre-trained models which can be used

T/F Azure Government provisions separate memory space for deployments to protect apps from the other non-government apps running on the same servers

False; Azure Government offers physical isolation from non-US government deployments and provides screened US personnel

T/F Azure Policies check resources on create to see if they are compliant and it is up to you to keep them compliant after that

False; Azure Policies do make sure resources or complicate on creation and can prevent noncompliant resources from being created but, they also evaluate resources and highlight ones that are not compliant when changes are made to the resources - and can sometimes fix non-compliant resource automatically

T/F Azure Firewall is stateless

False; Azure firewall is stateful

T/F deallocating a VM means you don't need to pay for it anymore

False; Deallocating a VM means that the VM is no longer running. But the associated hard disks and data are still kept in Azure. --> you cut compute time and public IP addr time, but still pay for disk storage

T/F Virtual Network only allows you to create a single isolated virtual network

False; It can create multiple isolated virtual networks

T/F Security Center does not advanced cloud defense capabilities for VMs

False; It does provide this for VMs, and also, network security, and file integrity

T/F you can apply tags to a resource group, and they will automatically applied to the resources within that resource group

False; They will not automatically apply to the resources within the resource group -- but you can accomplish this using Azure Policies

T/F You only pay for the VMs you deploy on a dedicated host

False; With dedicated hosts you pay for the host price (base don VM family, type, etc) independent of how many VMs you deploy to it bc you're just buying a physical server in Microsoft's cloud datacenter

T/F You can not get any reports when using IoT Hub

False; You can create a customized set of management tools and reports by using the IoT Hub RESTful API

T/F You must create role in order to use Azure RBAC

False; You can create custom roles, but there are also built-in roles

T/F Since policies are inherited by their parent scopes, you can not exclude a subscope from the parent scope of an Azure Policy

False; You can exclude a subscope from the policy assignment if there are specific child resources you need to be exempt from the policy assignment

T/F Azure VMs use Azure Disk Storage to store virtual disks. And you can use Azure Disk Storage to store a disk outside of a virtual machine.

False; You can not use Azure Disk Storage to store a disk outside a VM

T/F You can deploy more than one one VPN gateway in each virtual network

False; You can only deploy ONE per virtual network, but it can connect to multiple locations including other vNets and on-prem datacenters

T/F Azure Government is only available in one location for security

False; currently has 8 geographies

T/F Resources are evaluated to see if they meet Azure Policy requirement on a daily basis

False; hourly

T/F When you grant access at a parent scope using RBAC, those permissions are inherited by all child scopes that you specify should inhert

False; inheritance is automatic

T/F Azure Service Health only displays the major issues that broadly affect Azure customers

False; it also provides localized issues that affect you

T/F With ExpressRoute, your data still travels over the public internet, so it is exposed to the potential risks associated with internet communications

False; it does not travel over the public internet and is therefore not exposed to risks associated with internet communications

T/F Azure Security Center monitors your cloud-based resources to ensure they retain the correct security settings

False; it does this for both cloud and on-prem resources

T/F Azure SQL Database is a IaaS database engine

False; it is PaaS

T/F you need machine learning or data science knowledge to use azure cognitive services

False; no knowledge required

T/F Previews have their own SLA and promise of data protection, security, compliance, privacy, etc.

False; often previews have little or no guarantees and are not recommended for production use or critical workloads

T/F All blueprint artifacts must be configured

False; some have no additional parameters/configurations to handle e.g. Deploy threat detection on SQL servers

T/F Azure Policy does not have built in support for HIPAA and ISO 27001

False; there are initiative that support compliance with HIPAA and ISO 27001

T/F If you need to exceed the limit for resources in a subscription you can apply to increase the limit for a small fee

False; there's no flexibility to increase limits

T/F You lose your Azure services when you free trial ends

False; they are disabled

T/F Any customer claiming to be US Gov entity can use Azure Government

False; they must be validated

T/F You can elastically and independently scale throughput and storage across a single Azure region anywhere in the world using Cosmos DB

False; you can do this across any number of Azure regions worldwide, not just one

T/F To stay on top of outages and other incidents, you must regularly check the Azure Service Health dashboard

False; you can set up alerts to help you stay on top of incidents and downtime

T/F Condition Access if provided to all users for free

False; you need an Azure AD Premium P1 or P2 license. If you have a Microsoft 365 Business Premium license, you also have access to Conditional Access features.

T/F all storage accounts cost the same

False; you specify a type (such as block blob storage or table storage), a performance tier (standard or premium), and an access tier (hot, cool, or archive). These selections present different costs.

Azure Database for MariaDB

Fully managed and scalable MariaDB relational database with high availability and security.

Azure Database for MySQL

Fully managed and scalable MySQL relational database with high availability and security.

Azure Database for PostgreSQL

Fully managed and scalable PostgreSQL relational database with high availability and security.

IoT Central

Fully managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage IoT assets at scale.

Azure SQL Database

Fully managed relational database with auto-scale, integral intelligence, and robust security. allows you to build modern cloud apps with an always up-to-date relational database service that includes serverless compute, hyperscale storage, and automated features to optimize performance and durability.

Azure Cache for Redis

Fully managed service caches frequently used and static data to reduce data and application latency. create fast, scalable apps with an open-source compatible, in-memory data store.

IoT Edge

Fully managed service that allows data analysis models to be pushed directly onto IoT devices, which allows them to react quickly to state changes without needing to consult cloud-based AI models.

Azure Functions v. Logic Apps purpose

Functions = serverless compute service / programming Logic Apps = erverless orchestration service / workflow (you could use Azure Functions to orchestrate a long-running business process that involves various connections, but this was not its primary use case when it was designed.)

If you already have your orchestration or business logic expressed in C#, Java, Python, or another popular programming language should you use Functions or Logic Apps?

Functions bc you can port your code into the body of Azure Functions which might be easier than recreating with a Logic App

Your company hopes to publish an API that would allow third parties to integrate their own inventories of new and used items Although the internal implementation of the API is closed source, the company wants to create a set of examples that call the API to perform various actions and get feedback, issues, and feature requests What should be used to do this?

GitHub - it's open source, simple permissions, doesn't need intense project mgmt = GitHub

the preferred host for open-source software

GitHub Although Azure DevOps can publish public code repositories, visibility and general acceptance by the open-source development community

Azure Cosmos DB

Globally distributed, multi-model database service that supports NoSQL options. Developers can build apps with guaranteed low latency and high availability anywhere, at any scale. You can also migrate Cassandra, MongoDB, and other NoSQL workloads to the cloud.

How can you add, view, or delete locks in Azure portal?

Go to the Settings section of a resource's settings pane and then choose Locks

GitHub and GitHub Actions

Good for open source & widely accepted Developers can publish code, accept contributions, accept feedback and bug reports has a long history with public repositories and is trusted by tens of thousands of open-source project owners

You want to allow one user to manage VMs in a subscription and another to manage virtual networks. What can you do?

Grant RBAC at the resource and/or resource group level (depending on where the networks and VMs are deployed)

What allows Azure to provide a high guarantee of availability?

Having a broadly distributed set of datacenters

HIPAA

Health Insurance Portability and Accountability Act

What blob storage tier should you use to access images for your website

Hot access tier as this will be accessed frequently

An advantage of this cloud service model is rapid deployment of new compute devices. Setting up a new virtual machine is considerably faster than procuring, installing, and configuring a physical server. What cloud service model am I?

IaaS

Azure Virtual Networks are IaaS, PaaS, or SaaS?

IaaS

The most flexible cloud service model is

IaaS

This cloud service model is the closest to managing physical servers; a cloud provider will keep the hardware up-to-date, but operating system maintenance and network configuration is up to you as the cloud tenant. What cloud service am I?

IaaS

You configure and manage the hardware for your application in this cloud model

IaaS

the most flexible category of cloud services

IaaS - It aims to give you complete control over the hardware that runs your application. Instead of buying hardware, with IaaS, you rent it.

Multi-Tier Cloud Security Singapore granted Microsoft cloud services MTCS 584:2013 Certification for

Iaas, PaaS, and also SaaS Microsoft is the first global solution provider to receive this cert across all three

How can VMs be used in disaster recovery?

If a primary datacenter fails, you can create VMs running on Azure to run your critical applications and then shut them down when the primary datacenter becomes operational again.

RBAC uses an allow model which means

If one role grants you read permissions and another grants you write for the same resource, you will have both read and write permissions (instead of neither)

How do you define an Azure Policy Initiative?

In Portal of via command-line You can search for built-in initiatives or create your own

Zone-redundant gateways

In regions that support availability zones, VPN gateways and ExpressRoute gateways can be deployed in a zone-redundant configuration. This configuration brings resiliency, scalability, and higher availability to virtual network gateways. Deploying gateways in Azure availability zones physically and logically separates gateways within a region while protecting your on-premises network connectivity to Azure from zone-level failures. These gateways require different gateway SKUs and use Standard public IP addresses instead of Basic public IP addresses.

ISO

International Organization of Standards

enables devices to gather and then relay information for data analysis

IoT

you can connect, monitor, and manage all IoT assets; analyze data as it arrives from sensors and take action with it using this service category

IoT

A company wants to quickly manage its individual IoT devices by using a web-based user interface. Which IoT technology should it choose?

IoT Central

With this IoT Service you can control a single device or all devices at once, and you can set up alerts for certain conditions, such as a device failure.

IoT Central

if you want a pre-built customizable user interface with which you can view and control your devices remotely, you might prefer to start with

IoT Central

A company has a fleet of delivery vehicles with shipments of goods that have sensors to collected and monitor temperature, humidity, tilt, shock, light, and location. Their sensors will be from a third-party vendor. Goals of this system include: - Shipment monitoring with real-time tracing and tracking. - Shipment integrity with real-time ambient condition monitoring. - Security from theft, loss, or damage of shipments. - Geo-fencing, route optimization, fleet management, and vehicle analytics. - Forecasting for predictable departure and arrival of shipments. The company would prefer a pre-built solution to collect sensor and vehicle computer data and provide an interface that displays reports about shipments and vehicles. What IoT Service should be used + why?

IoT Central We definitely want a UI and lots of report capabilities and pre-built stuff which leads us away from the IoT Hub and toward IoT Central Although security is mentioned, it is not of upmost importance and the sensors the company has will be from a third-part vendor, therefore Azure Sphere is not the best option bc it can't provide its own hardware to take care of security and the UI capabilities of IoT Central are more important

You want to send messages from the IoT device to the cloud and vice versa. Which IoT technology can send and receive messages?

IoT Hub

A company has appliances that will send telemetry information to a centralized location, where the data can be analyzed and maintenance can be scheduled. The devices will not require remote control. They will merely be sending their telemetry data for analysis and pro-active maintenance. Because Tailwind Traders already has software in place for managing appliance maintenance requests, the company wants to integrate all functionality into this existing system. What IoT Service should be used + why?

IoT Hub bc security is not top priority we don't need Sphere and data will be analyzed with their existing system so we don't need Dashboard and other capabilities from IoT Central

Costs with Azure Virtual Desktop

It is available to you at no additional cost if you have an eligible Microsoft 365 license. Just pay for the Azure resources used by Azure Virtual Desktop. (bing your own licenses)

How can your IT department use biometric properties, such as facial recognition, to enable delivery drivers to prove their identities?

MFA

Machine Learning

Machine learning is a data science technique that allows computers to use existing data to forecast future behaviors, outcomes, and trends. Using machine learning, computers learn without being explicitly programmed.

Defense in depth: compute

Malware, unpatched systems, and improperly secured systems open your environment to attacks. The focus in this layer is on making sure that your compute resources are secure and that you have the proper controls in place to minimize security issues. Secure access to VMs Implement endpoint protection on devices and keep systems patched and current.

Knowledge mapping

Map complex information and data to solve tasks such as intelligent recommendations and semantic search.

provides support for several popular No-SQL APIs

Microsoft Cosmos DB

The ___________________ can generate assessment reports that provide recommendations to help guide you through required changes prior to performing a migration.

Microsoft Data Migration Assistant

Where can the team access details about the personal data Microsoft processes and how the company processes it, including for Cortana?

Microsoft Privacy Statement

What's Azure AD Multi-Factor Authentication?

Microsoft service that provides multifactor authentication

Azure Sentinel

Microsoft's cloud-based SIEM system. It uses intelligent security analytics and threat analysis.

What does the Online Services Terms OST apply to

Microsoft's online services that you license through a subscription, including Azure, Dynamics 365, Office 365, and Bing Maps

MVP

Minimum Viable Product

Azure Network Watcher

Monitors and diagnoses network issues by using scenario-based analysis.

MFA

Multifactor authentication

NIST

National Institute of Standards and Technology

Why combine Network security groups and Azure Firewall

Network security groups provide distributed network-layer traffic filtering to limit traffic to resources within virtual networks in each subscription. Azure Firewall is a fully stateful, centralized network firewall as a service. It provides network-level and application-level protection across different subscriptions and virtual networks. together they provide better defense-in-depth network security.

Azure table storage

NoSQL datastore for key-value pairs; cheap for semi-structured data

NoSQL means

Not only SQL More than just a relational db

VM cons

Only run one OS at a time (con if mult apps need different OSes) Starting VM can be slow bc it starts a whole computer

a consumption-based model of expenses

OpEx

Azure Application Gateway

Optimizes app server farm delivery while increasing application security. provides a web application firewall - which has centralized, inbound protection for your web apps against common exploits and vulnerabilities

Azure App Services provides a managed hosting environment where developers can upload their web applications, without having to worry about the physical hardware and software requirements. This is an example of what cloud service model?

PaaS

The cloud service to focus on app dev

PaaS

This cloud service model is a managed hosting environment. The cloud provider manages the virtual machines and networking resources, and the cloud tenant deploys their applications into the managed hosting environment. What cloud service am I?

PaaS

Azure Container Instance a IaaS, PaaS, or SaaS?

PaaS; allows you to upload your containers, which it runs for you

PCI DSS

Payment Card Industry Data Security Standard

Disadvantage of PaaS

Platform limitations. There can be some limitations to a cloud platform that might affect how an application runs.

Point-to-point Ethernet connection for ExpressRoute

Point-to-point connections provide Layer 2 and Layer 3 connectivity between your on-premises site and Azure. You can connect your offices or datacenters to Azure by using the point-to-point links.

CIA integrity

Prevent unauthorized changes to information - at rest (where its stored) - in transit (during transfers including local to cloud) e.g. using hashes

Azure DDoS Protection

Protects Azure-hosted applications from distributed denial of service (DDOS) attacks. helps protect your Azure applications by analyzing and discarding DDoS traffic at the Azure network edge, before it can affect your service's availability

Azure DNS

Provides ultra-fast DNS responses and ultra-high domain availability.

Azure API Management

Publish APIs to developers, partners, and employees securely and at scale.

Azure App Service

Quickly create powerful cloud web-based apps.

different geographical locations around the globe that contain Azure datacenters

Regions

Where can you see the health of resources from a security perspective categorized as low, medium, and high?

Resource security hygiene section of Azure Security Center

Resource groups

Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed. Good to break into resource type

How do you protect your resources once they've been deployed?

Role based access control to limit users to authorization adding locks to prevent deletion

Azure Synapse Analytics

Run limitless analytics at a massive scale by using a cloud-based enterprise data warehousing and big data analytics that takes advantage of massively parallel processing to run complex queries quickly across petabytes of data.

Which is the best first step a team should take to compare the cost of running environments on Azure versus in their datacenter?

Run the Total Cost of Ownership Calculator TCO

How can your company ensure that certain VM workloads are physically isolated from workloads being run by other Azure customers?

Run the VMs on an Azure Dedicated Host

How can your IT department reduce the number of times users must authenticate to access multiple applications?

SSO

In this cloud service model, the cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage, and applications. The cloud tenant only needs to provide their data to the application managed by the cloud provider. What cloud service am I?

SaaS

Is Azure DevOps IaaS, PaaS, or SaaS?

SaaS

Microsoft Office 365 provides a fully working version of Microsoft Office that runs in the cloud. All you need to do is create your content, and Office 365 takes care of everything else. This is an example of what cloud service?

SaaS

Users pay for the software they use on a subscription model with this cloud service model

SaaS

pay as you go pricing model is linked to which cloud service model

SaaS

software that's centrally hosted and managed for you and your users or customers. Usually one version of the application is used for all customers, and it's licensed through a monthly or annual subscription. What cloud service model is this?

SaaS

Azure Virtual Machine Scale Sets

Scaling for Windows or Linux VMs hosted in Azure.

Adaptive network hardening

Security Center can monitor the internet traffic patterns of the VMs, and compare those patterns with the company's current network security group (NSG) settings. From there, Security Center can make recommendations about whether the NSGs should be locked down further and provide remediation steps.

Azure Notification Hubs

Send push notifications to any platform from any back end.

the cloud service provider automatically provisions, scales, and manages the infrastructure required to run the code & architectures are highly scalable and event-driven, only using resources when a specific function or trigger occurs What is this called?

Serverless computing

Microsoft-covered cloud services are audited at least annually against the

Service Organization Controls (SOC) report framework by independent third-party auditors this covers controls for data security, availability, processing integrity, and confidentiality as applicable to in-scope trust principles for each service

SQL Server on Azure Virtual Machines

Service that hosts enterprise SQL Server apps in the cloud.

Azure Database Migration Service

Service that migrates databases to the cloud with no application code changes. allows you to accelerate your transition to the cloud using a simple, self-guided migration process.

Public cloud

Services are offered over the public internet and available to anyone who wants to purchase them. Cloud resources, such as servers and storage, are owned and operated by a third-party cloud service provider, and delivered over the internet.

Conditional Access Flow

Signals: collect info on user location, device, identity, etc Decision: about how much access to grant or deny and if MFA is needed Enforcement: to carry out the decision and prompt for MFA or deny access or grant access.

Azure Database for PostgreSQL is available in two deployment options:

Single Server and Hyperscale (Citus).

SSO

Single Sign-on enables users to remember only one ID and one password to access multiple applications - reduce what user must remember, reduce work to provide access to multiple user identities, reduce IT help for forgotten passwords, and etc.

Disadvantage of SaaS

Software limitations. There can be some limitations to a software application that might affect how users work. Because you're using as-is software, you don't have direct control of features.

Your company experiences surges in e-commerce traffic that coincide with national holidays and weekends. In the past employees would come in to keep an eye on stuff, but the manager wished they could do this from how. How can this be done?

The Azure Mobile App - we want to handle stuff on the go, and it isn't really repeatable stuff

Bandwidth

The amount of data that can be transmitted over a network in a given amount of time.

REST API

The design of the URL style that's used to expose the API's functionality. Typically GET, PUT, POST, DELETE requests over HTTP

Web API endpoint

The location of the code library

CIA confidentiality

The principle of least privilege means restricting access to information only to individuals explicitly granted access, at only the level that they need to perform their work. This information includes protection of user passwords, email content, and access levels to applications and underlying infrastructure.

Point-to-site virtual private networks

The typical approach to a virtual private network (VPN) connection is from a computer outside your organization, back into your corporate network. In this case, the client computer initiates an encrypted VPN connection to connect that computer to the Azure virtual network.

Management groups

These groups help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.

What does it means for Conditional Access to provide a more granular multifactor authentication experience for users

They need to authenticate with MFA only in certain cases - done by collecting signals from user (like location, device, etc) and making a decision about access rights and MFA from those signals e.g. If they are at a known location they may not be prompted for a 2nd factor of auth - but will at an unexpected location or if sign-ons are unusual

for a VPN gateway you need to create a Public IP address, explain

This address provides a public-routable IP address as the target for your on-premises VPN device. This IP address is dynamic, but it won't change unless you delete and re-create the VPN gateway.

OSI layer 2

This layer is the Data Link Layer, which provides node-to-node communication between two nodes on the same network.

OSI Layer 3

This layer is the Network Layer, which provides addressing and routing between nodes on a multi-node network

TCO

Total Cost of Ownership

TCO Calculator

Total Cost of Ownership helps you estimate the cost savings of operating your solution on Azure over time, instead of in your on-premises datacenters

T/F A management group tree can support up to six levels of depth. This limit doesn't include the root level or the subscription level.

True

T/F A subscription is a deployment boundary for Azure resources

True

T/F All capabilities that are available in the Azure portal are also available through PowerShell, the Azure CLI, REST APIs, and client SDKs

True

T/F All resources must be in a resource group

True

T/F All subscriptions and management groups are within a single hierarchy in each directory

True

T/F All subscriptions within a single management group must trust the same Azure AD tenant.

True

T/F Any number of Azure virtual machines or roles can mount and access the file storage share in Azure Files simultaneously.

True

T/F App Service has built-in load balancing and traffic manager provide high availability.

True

T/F App Service is a platform as a service (PaaS) offering.

True

T/F Azure Cosmos DB provides comprehensive service level agreements for throughput, latency, availability, and consistency guarantees.

True

T/F Azure Database for MySQL is a relational database service in the cloud with 99.99 percent availability

True

T/F Azure Firewall provides a central location to create, enforce, and log application and network connectivity policies across subscriptions and virtual networks.

True

T/F Azure Policy integrates with DevOps by applying CI/CD policies in pre-deployment and post-deployment

True

T/F Azure SQL Database handles most of the database management functions, such as upgrading, patching, backups, and monitoring, without user involvement

True

T/F Azure compliance documentation includes Audit reports

True

T/F Azure is the only major cloud provided that contractually commits to conformance with CJIS Security Policy to meet the same requirements as law enforcement and public safety entities

True

T/F Azure management groups provide a level of scope above subscriptions.

True

T/F Azure supports Saas, Paas, and IaaS

True

T/F Both Logic Apps and Functions are trigger based

True

T/F By default, VPN gateways are deployed as two instances in an active/standby configuration, even if you only see one VPN gateway resource in Azure

True

T/F Free products typically don't have an SLA

True

T/F Hardware must be purchased for start-up and maintenance of private clouds

True

T/F If a policy is applied to a resource group, that policy is applied to all resources within that resource group

True

T/F Organizations control security, compliance, or legal requirements when they are hybrid cloud

True

T/F Organizations have complete control over resources and security when they are private cloud

True

T/F Policy assignments are inherited by all child resources within that scope

True

T/F Preview features for existing services are available on deploy, configure, and mgmt

True

T/F Role based access control can be applied to the resource group

True

T/F SQL Database can be the right choice for a variety of modern cloud applications because it enables you to process both relational data and non-relational structures, such as graphs, JSON, spatial, and XML.

True

T/F Some services or VM features are only available in certain regions

True

T/F The IoT Hub service supports communications both from the device to the cloud and from the cloud to the device

True

T/F There's a minimum of three zones within a single region.

True

T/F To build enterprise integration solutions with Azure Logic Apps, you can choose from a gallery of 200+ connectors. The gallery includes services such as Salesforce, SAP, Oracle DB, and file shares

True

T/F Unlike virtual machines, you don't manage the operating system for a container.

True

T/F When a user sends a request from any of the Azure tools, APIs, or SDKs, Azure Resource Manager receives the request, authenticates it, authorizes it, and send it to the Azure service

True

T/F You can call Azure Functions from Azure Logic Apps and vice versa

True

T/F You store blobs in containers, which helps you organize your blobs depending on your business needs.

True

T/F Your storage account will contain all of your Azure Storage data objects, such as blobs, files, and disks

True

T/F a hypervisor can run multiple VMs with different OSes at the same time

True

T/F a resource can only be a member of a single resource group

True

T/F both Azure DevOps and GitHub allow public and private code repositories

True

T/F plans with 99.99% availability have max 1 minute of downtime per week

True

T/F the newest capabilities of SQL Server are released first to SQL Database, and then to SQL Server itself so you get the newest SQL Server capabilities, with no overhead for updates or upgrades, tested across millions of databases

True

T/F you can automate the provisioning of new labs as part of a toolchain by using Azure Pipelines or GitHub Actions

True

T/F you can choose to create subscriptions to set up separate environments for development and testing, security, or to isolate data for compliance reasons

True

T/F VPN gateways use a pre-shared key as the only method of authentication

True They also rely on also rely on Internet Key Exchange (IKE) t set up association between endpoint and Internet Protocol Security (IPSec) to encrypt and decrypt data packets in the VPN tunnel

T/F Resource groups are a scope for applying role-based access control (RBAC) permissions

True - easing admin work and limiting access

T/F You can apply access-management policies at the subscription level

True - this is called access control boundary you can create separate subscriptions to reflect different organizational structures like departments

T/F Cloud computing is a consumption-based model

True - you only pay for what you use

T/F If you delete a resource group, all resources contained within it are also deleted

True! Careful

T/F If you want to prevent users from gaining access to something you should use RBAC, but to audit resource use you should use Azure Policy

True; RBAC prevents! Azure Policy is more monitor-y

T/F When you set up a virtual network, you define a private IP address space by using either public or private IP address ranges

True; You can also divide that IP address space into subnets and allocate part of the defined address space to each named subnet.

T/F You can buy one-year or three-year Azure Reserved Virtual Machine Instances to save you up to 72 percent versus pay-as-you-go pricing.

True; You can pay for a reservation up front or monthly. Reservations provide a billing discount and don't affect the runtime state of your resources.

T/F Azure Sentinel supports a number of data sources, which it can analyze for security events including connectors for AWS

True; as long as logs are in an open-standard logging format

T/F You need to configure, update, and maintain the software that runs on the VM in Azure VM

True; but don't need to buy and maintain the physical hardware

T/F ARM Templates can even execute PowerShell and Bash scripts before or after the resource has been set up.

True; gives you the ability to utilize scripts for tasks that may not be possible with the ARM template itself

T/F ExpressRoute connections don't go over the public Internet.

True; this allows ExpressRoute connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the Internet.

T/F Blueprints are versioned

True; to track and comment on changes to a blueprint

T/F You can configure a VPN gateway as a secure failover path for ExpressRoute connections

True; xpressRoute circuits have resiliency built in. But they aren't immune to physical problems that affect the cables delivering connectivity or outages that affect the complete ExpressRoute location. In high-availability scenarios, where there's risk associated with an outage of an ExpressRoute circuit, you can also provision a VPN gateway that uses the internet as an alternative method of connectivity. In this way, you can ensure there's always a connection to the virtual networks.

T/F You can have multiple dashboards generated from IoT Central

True; you can also integrate with IoT Hub to create reports, and target dashboard at a variety of users

T/F You can specify the relevant configuration parameters for a blueprint definition when you assign it to a scope

True; you can define it when the blueprint is created, or when you assign it to a scope this allows flexibility to specify relevant params at each scope e.g. different allowed locations for different resource groups

Where can the legal team access information around how the Microsoft cloud helps them secure sensitive data and comply with applicable laws and regulations?

Trust Center

Where can you find whether Azure meets a security standard or not?

Trust Center

The Health Insurance Portability and Accountability Act (HIPAA) is a

US federal law that regulates patient Protected Health Information (PHI).

How can you protect your organization's resources from network-based attacks (perimeter layer)?

Use Azure DDoS Protection to filter large-scale attacks before they can cause a denial of service for users. Use perimeter firewalls with Azure Firewall to identify and alert on malicious attacks against your network.

Your company wants to be more methodical and careful when it pushes new versions of its e-commerce website to production. The company will expand its quality assurance (QA) team, and it will use the cloud to create and host virtual machines (VMs). Through this approach, it will create testing environments that match the production environment. They don't want QA people having to configure stuff al the time, and doesn't want a bunch of VMs sitting around unused, what should they do?

Use Azure DevTest Labs

Suppose you need to test a new feature on an old version of an operating system. What can you do?

Use Azure DevTest Labs which can set up everything automatically upon request. After the testing is complete, DevTest Labs can shut down and deprovision the VM, which saves money when it's not in use. To control costs, the management team can restrict how many labs can be created, how long they run, and so on.

Team of developers with Windows experience want to perform one-off testing, mgmt, and other tasks and find Azure Portal too slow, what can they do?

Use Azure PowerShell - one off tasks with a Windows background

You want to allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets. How can you do this?

Use RBAC at the resource group level

You need to allow a database administrator group to manage SQL databases in a subscription. How can you grant this access?

Use RBAC on the subscription (or resource group/resource level if there are things they should not have access to)

Vision

Use image-processing algorithms to smartly identify, caption, index, and moderate your pictures and videos.

Azure DevTest Labs

Used to manage VMs for testing including configuration, provisioning, and automatic deprovisioning Can quickly create on-demand Windows and Linux environments to test or demo applications directly from deployment pipelines.

What if you want to configure governance and other requirements for your resources accross subscriptions? How can you do this?

Using Azure Blueprints ensures a dev team can build and deploy stuff rapidly while staying compliant

How can you automatically apply security settings to new resources when they are created?

Using Azure Security Center

How can you automated responses to security alerts in Secure Center?

Using a workflow automation with Azure Logic Apps and Security Center connectors triggered by a threat detection alert or by a Security Center recommendation Your logic app can then send an email and post a teams message in response

How do you manage Azure RBAC permissions?

Using the Access control (IAM) pane in the Azure portal The pane should who has access to what scope and what roles apply - you can also grant/remove access from this pane

Choosing VM v. Container

VM if needs complete control Container for portability and performance and more lightweight etc.

VM virtualize the ____________ while containers virtualize the __________________

VM virtualize the hardware while containers virtualize the OS

To start using Azure Firewall, you should build

VMs on a virtual network

Why use VMs for testing and development?

VMs provide a quick and easy way to create different OS and application configurations. Test and development personnel can then easily delete the VMs when they no longer need them.

All transferred data is encrypted in a private tunnel as it crosses the internet via

VPN/VPN gateway

These are typically deployed to connect two or more trusted private networks to one another over an untrusted network (typically the public internet).

VPNs Traffic is encrypted while traveling over the untrusted network to prevent eavesdropping or other attacks. VPNs use an encrypted tunnel within another network

Imagine you're running a website that enables scientists to upload astronomy images that need to be processed. If you duplicated the VM, you'd normally need to configure an additional service to route requests between multiple instances of the website. What can you use to have that work done for you?

Virtual Machine Scale Sets

These allow you to centrally manage, configure, and update a large number of VMs in minutes to provide highly available applications. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. What am I?

Virtual Machine Scale Sets

If you need complete control over your computing environment you should use

Virtual Machines

an Azure compute resource that you can use to deploy and manage a set of identical VMs. With all VMs configured the same, these are designed to support true autoscale. No pre-provisioning of VMs is required. What am I?

Virtual machine scale set

How can you stay updated the latest update to Azure products, services, features, products, and announcements?

Visit the Azure Updates page azure.microsoft.com updates filter by available, in preview, and in development browse or search updates, subscribe to a RSS feed to get notifications, and access Microsoft Connect to read product news and announcements

you can build, deploy, manage, and scale web apps and APIS using this service category

Web

Why combine Azure Application Gateway web application firewall and Azure Firewall

Web application firewall (WAF) is a feature of Azure Application Gateway that provides your web applications with centralized, inbound protection against common exploits and vulnerabilities. Azure Firewall provides: - Inbound protection for non-HTTP/S protocols (e.g. ssh) - Outbound network-level protection for all ports and protocols. - Application-level protection for outbound HTTP/S. Combining them provides more layers of protection.

Policy evaluation

When a condition is evaluated against your existing resources, each resource is marked as compliant or noncompliant. You can review the noncompliant policy results and take any action that's needed. If you make changes to your policy definition and create a policy assignment, that policy is evaluated over your resources within the hour. (are resources are re-evaluated hourly)

How can VMs be used during lift and shift?

When moving from a physical server to the cloud. You can create an image of the physical server and host it within a VM with little or no changes. Like a physical server, you must update the installed OS and the software it runs.

stateless v. stateful Azure functions

When they're stateless (the default), they behave as if they're restarted every time they respond to an event. When they're stateful (called Durable Functions), a context is passed through the function to track prior activity.

Azure costs by usage meters

When you provision a resource, Azure creates meters to track usage of that resource and determine billing e.g. CPU time, bandwidth, number of operations, size of resource, etc

How can DDoS (standard) Protection help manage cloud consumption

When you run on-premises, you have a fixed number of compute resources. But in the cloud, elastic computing means that you can automatically scale out your deployment to meet demand. A cleverly designed DDoS attack can cause you to increase your resource allocation, which incurs unneeded expense DDoS Protection Standard helps ensure that the network load you process reflects customer usage - and you can receive a credit for costs accrued from a DDoS attack

Azure Virtual Machines

Windows or Linux virtual machines (VMs) hosted in Azure.

Azure PowerShell is available for

Windows, Linux, and Mac, and you can access it in a web browser via Azure Cloud Shell.

Difference between functions and logic apps

With Functions, you write code to complete each step. With Logic Apps, you use a GUI to define the actions and how they relate to one another. functions are usually stateless, logic apps are always stateful functions can be run locally or in the cloud, logic apps are cloud only

Any-to-any networks with ExpressRoute

With any-to-any connectivity, you can integrate your wide area network (WAN) with Azure by providing connections to your offices and datacenters. Azure integrates with your WAN connection to provide a layer 3 connection like you would have between your datacenter and any branch offices.

Micro-billing in serverless computing

With serverless computing, you pay only for the time your code runs. If no active function executions occur, you are not charged.

How can you handling different types of billing requirements for resources

With subscriptions using it as a billing boundary Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.

Does Azure Government have level 5 DoD approval?

Yep - and it offers the most compliance certifications of any cloud provider

Does Azure meet ISO 27001

Yes

Is there a difference in availability between 99% SLA and 99.9%?

Yes 99% means it can be down 7.2hr/month or 1.68 hr/week 99.9% means 43.2 min / month or 10 minutes a week

Does location of resources affect cost?

Yes, Different regions can have different associated prices And geographic regions can impact where your network traffic flows and therefore influence data transfer costs between regions

Should you deallocate virtual machines during off hours?

Yes; disks and data stay, deallocating saves money by for compute costs and this can be automated

Can the OS you choose affect costs?

Yes; so compare pricing if the OS doesn't matter to you

What approach might you take to add a preview service to your architecture?

You can create a new prototype version of the app that tests with smaller group of users

geo-distribution

You can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region.

How can you prevent a lock from being removed?

You can specify it in your Azure Blueprints, then if the lock is removed it will be replaced

How can you use Azure Policy to manage tags?

You can use Azure Policy to ensure that a resource inherits the same tags as its parent resource group. Or to enforce tagging rules and conventions like added tags to new resources when they're made or reapplying tags that were removed

How can you delete/change a locked resource?

You must remove the lock (whether you are an owner of the resource or not)

Abstraction of servers in Serverless computing

You never explicitly reserve server instances. The platform manages that for you. Each function execution can run on a different compute instance. This execution context is transparent to the code. With serverless architecture, you deploy your code, which then runs with high availability.

Why is cloud computing typically cheaper to use?

You're billed only for what you use. it uses a pay-as-you-go pricing model. You typically pay only for the cloud services you use, which helps you: - Lower your operating costs. - Run your infrastructure more efficiently. - Scale as your business needs change.

What happens after your free trial subsription

Your Azure services are disabled when the trial ends or when your credit expires for paid products, unless you upgrade to a paid subscription

Azure services that support availability zones fall into three categories:

Zonal services: You pin the resource to a specific zone (for example, VMs, managed disks, IP addresses). Zone-redundant services: The platform replicates automatically across zones (for example, zone-redundant storage, SQL Database). Non-regional services: Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.

Azure's SLAs are represented as

a % representing availability also called uptime

Azure Pipelines

a CI/CD pipeline automation tool

You typically deploy Azure Firewall on

a central virtual network to control general network access

Azure Key Vault

a centralized cloud service for storing an application's secrets, such as passwords, encryption keys, and certificates, in a single, central location. It provides secure access to sensitive information by providing access control and logging capabilities.

toolchain

a combination of software tools that aid in the delivery, development, and management of software applications throughout a system's development lifecycle output of one tool is input for next tool in the chain e.g. automated dependency updates; building software; delivering artifacts to places

Containers are managed through

a container orchestrator, which can start, stop, and scale out application instances as needed.

Git

a decentralized source-code management tool

Azure Virtual Desktop

a desktop and application virtualization service that runs on the cloud. It enables your users to use a cloud-hosted version of Windows from any location. works across Windows, Mac, iOS, Android, and Linux less likely to have confidential info on personal device; separates desktop from user hardware can be full desktop or just certain apps

workload

a distinct capability or task that's logically separated from other tasks, in terms of business logic and data storage requirements defines a set of requirements for availability, scalability, data consistency, and disaster recovery

service-level agreement (SLA)

a formal agreement between a service company and the customer. For Azure, this agreement defines the performance standards that Microsoft commits to for you, the customer.

Define region

a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network

Payment Card Industry (PCI) Data Security Standard (DSS)

a global standard seeks to prevent fraud through increased control of credit card data applies to any organization that stores, processes, or transmits payment and cardholder data

GitHub (+features)

a hosted version of Git that serves as - a shared source-code repository, including tools that enable developers to perform code reviews by adding comments and questions in a web view of the source code before it can be merged into the main code base. - facilitates project management, including Kanban boards. - supports issue reporting, discussion, and tracking. - features CI/CD pipeline automation tooling. - includes a wiki for collaborative documentation. - can be run from the cloud or on-premises

Online Services Terms OST

a legal agreement between Microsoft and the customer defines the obligations by both parties with respect to the processing and security of customer data and personal data

Azure Firewall

a managed, cloud-based network security service that helps protect resources in your Azure virtual networks by implementing high-security, high-availability firewall with unlimited scalability.

How can you manage resources across subscriptions?

a management group manages access, policies, and compliance across multiple Azure subscriptions

secure score

a measurement of an organization's security posture. which allows you to see how things change when you change your security stuff

Azure Security Center

a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises And provide centralized view of security alerts

A resource tag consists of

a name and value

firewall

a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules

Azure China 21Vianet

a physically separated instance of cloud services located in China and operated independently by 21Vianet

Policy assignment

a policy definition that takes place within a specific scope. This scope could be a management group (a collection of multiple subscriptions), a single subscription, or a resource group. This is how you assign definitions to resources.

ExpressRoute

a private connection from your on-premises infrastructure to your Azure infrastructure lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider; you can establish connections to Microsoft cloud services, such as Microsoft Azure and Microsoft 365

Azure Artifacts

a repository for hosting artifacts, such as compiled source code, which can be fed into testing or deployment pipeline steps

What are scopes in RBAC?

a resource or set a resources access applied to can be - a management group (mult. subscriptions) - single subscription - resource group - single resource

Azure Government

a separate instance of the Microsoft Azure service addressing the security and compliance needs of US federal agencies, state and local governments, and their solution providers

Azure Policy

a service in Azure that enables you to create, assign, and manage policies that control or audit your resources. These policies enforce different rules across all of your resource configurations so that those configurations stay compliant with corporate standards.

Azure Storage

a service that you can use to store files, messages, tables, and other types of information App/clients can read and write data from Azure Storage Azure Storage is also used by IaaS virtual machines, and PaaS cloud services

Network virtual appliances

a specialized VM that can be compared to a hardened network appliance. A network virtual appliance carries out a particular network function, such as running a firewall or performing wide area network (WAN) optimization.

ISO 27001

a standard that applies to the security of IT systems, published by the International Organization for Standardization

What is a VM image

a template used to create a VM include an OS and often other software, like development tools or web hosting environments

Conditional Access

a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from.

Containers

a virtualization environment - you can run multiple containers on a single physical or virtual host. lightweight and designed to be created, scaled out, and stopped dynamically. While it's possible to create and deploy virtual machines as application demand increases, containers are designed to allow you to respond to changes on demand.

You create logic app workflows by using

a visual designer on the Azure portal or in Visual Studio. The workflows are persisted as a JSON file with a known workflow schema.

Azure Policy initiatives

a way of grouping related policies together it contains all the policy definitions to help track compliance toward a larger goal

Azure Portal

a web-based user interface to view all the services you're using, create new services, configure your services, and view reports, pay for stuff for simple one-time mgmt tasks

STAR Certification is based on

achieving International Organization of Standards/International Electrotechnical Commission (ISO/IEC) 27001 certification and meeting criteria specified in the Cloud Controls Matric (CCM) involves rigorous independent third-part assessment of a cloud provider's security posture

Any US state or local agency that wants access to the FBI's Criminal Justice Information Services CJIS databases is required to

adhere to the CJIS Security Policy (Supported under compliance category US Gov in Azure)

Azure offers customers a HIPAA Business Associate Agreement (BAA), which stipulates

adherence to certain security and privacy provisions in HIPAA and the HITECH Act Microsoft offers a BAA to Azure customers as a contract addendum

Being able to deploy and configure cloud-based resources quickly as your app requirements change is called

agility

The Microsoft Privacy Statement covers

all of Microsoft's services, websites, apps, software, servers, and devices

Azure Database for PostreSQL

allows developers to build scalable, secure, an fully managed enterprise-ready apps. You can scale out single-nodes with high performance, or migrate PostgreSQL and Oracle workloads to the cloud.

Azure Hybrid Benefit

allows you to to repurpose software licenses on Azure -- saving costs

To begin using Azure Storage, you first create

an Azure Storage account to store your data objects. (done with Azure portal, PowerShell, or the Azure CLI)

Network security groups

an Azure resource that can contain multiple inbound and outbound security rules. You can define these rules to allow or block traffic, based on factors such as source and destination IP address, port, and protocol.

To create and use Azure services, you need

an Azure subscription

Azure Boards

an agile project management suite that includes Kanban boards, reporting, and tracking ideas and work from high-level epics to work items and issues.

why use VMs to run apps in the cloud?

an application might need to handle fluctuations in demand. Shutting down VMs when you don't need them or quickly starting them up to meet a sudden increase in demand means you pay only for the resources you use

Azure Test Plans

an automated test tool that can be used in a CI/CD pipeline to ensure quality before a software release.

landing zone

an environment in the cloud to begin hosting your workloads - includes cloud infrastructure as well as governance, accounting, and security capabilities

Azure account

an identity in Azure Active Directory (Azure AD) or in a directory that Azure AD trusts

Azure Data Lake Analytics

an on-demand analytics job service that simplifies big data you write queries to transform your data and extract valuable insights. The analytics service can handle jobs of any scale instantly by setting the dial for how much power you need. You only pay for your job when it's running, making it more cost-effective.

After a blueprint is made for a management group, the artifacts are deployed to

any existing subscriptions in the blueprint's scope (the mgmt group in this case), and any new subscriptions as they're created and added to the scope

A storage account provides a unique namespace for your Azure Storage data, that's accessible from

anywhere in the world over HTTP or HTTPS. Data in this account is secure, highly available, durable, and massively scalable.

__________ storage stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data

archive

Azure queue storage

asynchronous message queuing for communication between apps

AuthZ

authorization

unique physical location within an Azure region

availability zone - 1+ datacenters with independent power, cooling, networking, schedules for maintenance etc

You want to ensure your services and data are redundant so you can protect your information in case of failure. Azure can help make your app highly available through

availability zones

China East, China North are regions that are

available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft doesn't directly maintain the datacenters.

Which of the following services should be used when the primary concern is to perform work in response to an event (often via a REST command) that needs a response in a few seconds? - Azure functions - Azure app service - Azure container instances

azure functions

_________ can act as an extension of your own datacenter into the cloud

azure virtual networks

You can access SLAs from

azure.microsoft.com support, legal, sla

Just-in-time VM access

blocks traffic by default to specific network ports of VMs, but allows traffic for a specified time when an admin requests and approves it.

What kinds of policies can be created with Azure Policy

both individual policies and groups of related policies (initiatives)

How can you detect threats in Azure Sentiel

build in analytics based on known threats and vectors using customizable templates or build custom analytics with specific rules for your environment

Azure IoT Central

builds on top of IoT Hub by adding a prebuilt customizable dashboard that allows you to view, connect, monitor, and manage your IoT devices You can also set up alerts to send messages when a certain device needs maintenance

A VM in Azure can connect to the internet by default, but how can you enable incoming connections?

by defining a public IP address or a public load balancer

How do you build a Logic App

by linking triggers to actions (a task or step that can execute) with connectors

Azure Repos

centralized source-code repository where software development, DevOps engineering, and documentation professionals can publish their code for review and collaboration.

How can you cutover from your on-premises SQL Server to your Azure SQL Managed Instance

changing the connection string in your applications

Sore application or backup data safely and securely using

cloud based storage in Azure

a way to rent compute power and storage from someone else's datacenter

cloud computing

The United Kingdom (UK) Government G-Cloud is a

cloud computing certification for services used by government entities in the United Kingdom. Azure has received official accreditation from the UK government.

You can use availability zones to run mission-critical applications and build high-availability into your application architecture by

co-locating your compute, storage, networking, and data resources within a zone and replicating in other zones

What are blueprint artifacts?

components in a blueprint definition

you can use these cloud services to help scale computing capabilities on demand while only paying for what you use using this service category

compute services

File integrity monitoring

configure the monitoring of changes to important files on both Windows and Linux, registry settings, applications, and other aspects that might indicate a security attack.

What is Azure Marketplace?

connect users with Microsoft partners, independent software vendors, and startups that are offering their solutions and services, which are optimized and certified to run on Azure. Includes open-source container platforms, virtual machine images, databases, application build and deployment software, developer tools, threat detection, and blockchain

assume that you have a private datacenter in California connected to ExpressRoute in Silicon Valley. You have another private datacenter in Texas connected to ExpressRoute in Dallas. With ExpressRoute Global Reach, you can

connect your private datacenters through two ExpressRoute circuits. Your cross-datacenter traffic will travel through the Microsoft network.

Logic Apps excel at

connecting a large array of disparate services via their APIs to pass and process data through many steps in a workflow you supply only a few details and the details of calling the necessary APIs is abstracted away

Defining your strategy with the Cloud Adoption Framework

consider why you're migrating to the cloud, what business outcomes you expect, and what project to lead with 1. define and document motivations by meeting with stakeholders and leadership 2. document business outcomes like finance, marketing, sales, human resources to write goals 3. evaluation financial considerations by measuring objectives and identifying the return expected 4. understand technical considerations for your first proj

Microsoft offers customers European Union (EU) Standard Contractual Clauses that provide

contractual guarantees around transfers of personal data outside of the EU

Adaptive application controls

control which applications are allowed to run on VMs. Security Center uses machine learning to look at the processes running on a VM and creates rules for each resource group that holds the VMs and provides recommendations and alerts that inform the company about unauthorized applications that are running on its VMs.

Defense in depth: data

controls access to business and customer data that you need to protect ensure the confidentiality, integrity, and availability of the data - follow regulatory requirements

Data in this access tier can tolerate slightly lower availability, but still requires high durability, retrieval latency, and throughput characteristics. This has a slightly lower availability service-level agreement (SLA) and higher access costs than other options.

cool access tier

At any time, you can check the ______________ page in the Azure portal to get a summary of your current usage and review invoices from prior months

cost management and billing

Readying your organization with the Cloud Adoption Framework

create a landing zone environment in azure to structure subscriptions, shared resources, tools, governance, security 1. Azure setup guide: review it and know stuff 2. Azure landing zone: build subscriptions 3. Expand landing zone: ensure it meets operations, governance, and security needs 4. best practices: follow recommended and proven practices to stay scalable and maintainable

Each time the Logic App trigger fires, the Logic Apps engine

creates a logic app instance that runs the actions in the workflow. These actions can also include data conversions and flow controls, such as conditional statements, switch statements, loops, and branching.

Azure agreements and contracts in China are signed by

customers and 21Vianet

security posture

cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats.

Usage patterns

define when and how users access your application consider if availability changes during critical and non-critical periods

service lifecycle

defines how every Azure service is released for public use 1. development phase -- collect & define requirements + build it 2. public preview phase -- public can access/experiment with it, provide feedback 3. general availability -- production ready service after testing and validation

application SLA

defines the SLA requirements for a specific application - typically one you build on Azure

What is meant by cloud computing?

delivery of computing services over the internet

Azure Resource Manager

deployment and management service for Azure to create, update, and delete resources, access control, locks, and tags to secure and organize your resources

Imperative code

details each individual step that should be performed to achieve a desired outcome

declarative code

details only a desired outcome, and it allows an interpreter to decide how to best achieve that outcome possibly more robust for deploying 100s of resources simultaneously and reliably

Azure Functions can perform orchestration tasks by using an extension called Durable Functions, which allow

developers to chain functions together while maintaining state.

IoT Hub monitoring helps you maintain the health of your solution by tracking events such as

device creation, device failures, and device connections.

By taking advantage of cloud-based backup services, data replication, and geo-distribution, you can deploy your apps with the confidence that comes from knowing that your data is safe in the event of disaster. This is called

disaster recovery

Disk Storage provides

disks for Azure virtual machines. Applications and other services can access and use these disks as needed allowing persistently stored and accessed data

What are DDoS attacks?

distributed denial of service attack attempts to overwhelm and exhaust an application's resources, making the application slow or unresponsive to legitimate users. can target anything publicly reachable through the internet

One advantage of blob storage over disk storage is that it

does not require developers to think about or manage disks; data is uploaded as blobs, and Azure takes care of the physical storage needs.

Event-driven scale in Serverless computing

e.g. if you need to response to events like timers, http/api/webhooks, queues, etc. The platform automatically schedules the function to run and scales the number of compute instances based on the rate of incoming events. Triggers define how a function is invoked. Bindings provide a declarative way to connect to services from within the code.

Pros of microservices

each service can be created with a different tech stack so each job can be completed with the best tools for that service easier for new team members to ramp up and get started bc each service has a small scope to pick up can update and deploy single service at a time bugs and features = more manageable and less risky a service can go down without taking out entire app good for high release velocity; highly scalable, good if app has many domains/subdomains; good for small development teams

Before you jump in to build a custom chat experience by using Bot Service, it might make sense to

earch for prebuilt, no-code solutions that cover common scenarios e.g. QnA Maker on Azure Marketplace that uses FAQ/support/manuals etc to build a bot

You can configure cloud-based apps to take advantage of autoscaling, so your apps always have the resources they need. This is considered

elasticity

Azure virtual networks

enable Azure resources, such as VMs, web apps, and databases, to securely communicate with each other, with users on the internet, and with your on-premises client computers. You can think of an Azure network as a set of resources that links other Azure resources.

Azure Databse for MySQL and Azure Databse for MariaDB

enable you to deliver highly-available, scalable apps with managed open-source database services. You can also migrate your existing MySQL and MariaDB workloads to the cloud.

Azure Batch

enables large-scale parallel and high-performance computing (HPC) batch jobs with the ability to scale to tens, hundreds, or thousands of VMs.

GitHub Actions

enables workflow automation with triggers for many lifecycle events like CI/CD toolchain

App Service

enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability. Supports automated deployments for Continuous deployment

Azure Blueprints

enables you to define a repeatable set of standard Azure resources that your organization requires e.g. define that a certain resource lock must exist --> if the lock is removed it will be replaced

network security group

enables you to filter network traffic to and from Azure resources within an Azure virtual network like an internal firewall can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol

Azure SQL Managed Instance

enables you to migrate your SQL workloads to Azure while maintaining complete SQL server compatibility. With SQL Server on Azure VMs, you can also migrate your SQL workloads to Azure while maintaining OS-level access

for a VPN gateway you need to deploy a virtual network with

enough address space for the additional subnet that you'll need for the VPN gateway. The address space for this virtual network must not overlap with the on-premises network that you'll be connecting to. You can deploy only one VPN gateway within a virtual network.

Defense in depth: identity and access

ensuring that identities are secure, access is granted only to what's needed, and sign-in events and changes are logged controls access to infrastructure and change control Use single sign-on (SSO) and multifactor authentication MFA audit events and changes

Define your workloads with the TCO Calculator

enter the specifications of your on-premises infrastructure - servers: OS, virtualization, CPI cores, RAM memory - databases: types, hardware, Azure service replacement - Storage: type and capacity, archive storage - networking: bandwidth you currently consume etc

Authentication

establishing the identity of a person or service that wants to access a resource - get legit creds, confirm user is who they say they are

Authorization

establishing what level of access an authenticated person or service has - what data they're allowed to access and what they can do with it

Azure Advisor

evaluates configuration and usage Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs designed to help you save time on cloud optimization recommendation service includes suggested actions you can take right away, postpone, or dismiss

When you assign the Owner role to a user at the management group scope, that user can manage

everything in all subscriptions within the management group.

You can enable ExpressRoute Global Reach to

exchange data across your on-premises sites by connecting your ExpressRoute circuits

Azure CLI

executable program that can execute commands in Bash that call the Azure Rest API to perform any mgmt task in Azure used for routine setup, teardown, and maintenance of resources or the deployment

Policy definition

expresses what to evaluate and what action to take e.g. prevent VMs from being deployed in certain Azure regions Every policy definition has conditions under which it's enforced and an accompanying effect that takes place when the conditions are met

tags provide

extra info (metadata) about your resources

T/F A private cloud is always on prem

false - it can be hosted by a third party. Private just means only you can access and use it

Cloud computing offers

faster innovation, flexible resources, and economies of scale.

How can you request a service credit from Microsoft?

file a claim within the timeline your SLA states (typically 1-2 months: end of calendar month after the month the incident occurred in)

Defense in depth: physical security

first line of defense to protect computing hardware in the datacenter access to buildings and computing hardware

99.99 percent uptime is called

four-nines

When can you use spending limits to prevent accidental overun?

free or credit-based subscriptions when you run out of credits, deployed resources are removed rom production and VMs are stopped and deallocated - your data becomes read-only for credit-based subscriptions, your subscription is suspended until the next billing period

Azure Cost Management + Billing

free service that helps you understand your Azure bill, manage your account and subscriptions, monitor and control Azure spending, and optimize resource use

Azure file storage

fully managed file shares in the cloud accessibly with industry standard network protocols (Server Message Block and Network File System (preview) protocols)

Azure db offerings include

fully managed relational and in-memory databases spanning proprietary and open source engines

Azure HDInsight

fully managed, open-source analytics service for enterprises that processes massive amounts of data with clusters types like Apache Spark, Hadoop, Kafka, HBase, and Storm in the cloud. also supports a broad range of scenarios such as extraction, transformation, and loading (ETL), data warehousing, machine learning, and IoT.

Data Protection Addendum DPA

further defines the data processing and security terms for online services including - Compliance with laws - Disclosure of data - Data Security practices and policies: data encryption, data access, customer responsibilities, compliance with auditing - Data transfer, retention, and deletion

Why are regions important?

give you the flexibility to bring applications closer to your users no matter where they are. Global regions provide better scalability and redundancy. They also preserve data residency for your services.

How can you access DPA (Data protection addendum)

go to licensing resources and documents on micrsoft.com search for DPA

security controls

groups of related security recommendations

Capital Expenditure (CapEx)

he up-front spending of money on physical infrastructure, and then deducting that up-front expense over time. The up-front cost from CapEx has a value that reduces over time.

Azure Pricing Calculator

help determine which Azure service best fit your budget with estimations of resources and their configurations

Azure Databricks

helps unlock insights from all your data and build artificial intelligence solutions using an interactive Apache Spark-based analytics service with other big data services in Azure. supports Python, Scala, R, Java, and SQL, as well as data science frameworks and libraries including TensorFlow, PyTorch, and scikit-learn.

Cloud Adoption Framework for Azure

helps you create and implement the business and technology strategies needed to succeed in the cloud by providing you with proven guidance to help with your cloud adoption journey

Azure Blob Storage is unstructured, meaning that

here are no restrictions on the kinds of data it can hold

Depending on the service-level agreement (SLA) that you choose, your cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong. This is considered

high availability

Advantages of using cloud

high availability; scalability; elasticity; agility; geo-distribution; disaster recovery

Azure Database for PostgreSQL Hyperscale (Citus)

horizontally scales queries across multiple machines by using sharding. Its query engine parallelizes incoming SQL queries across these servers for faster responses on large datasets. It serves applications that require greater scale and performance, generally workloads that are approaching, or already exceed, 100 GB of data. It supports multi-tenant applications, real-time operational analytics, and high throughput transactional workloads. Apps for PostgreSQL can run distributed queries on Hyperscale (Citus) with standard connection libraries and minimal changes.

What access tiers for blob storage can be set at the blob level, during upload or after upload?

hot, cool, or archive

App Service plans determine

how much hardware is devoted to your host. For example, the plan determines whether it's dedicated or shared hardware and how much memory is reserved for it.

The main difference between policy-based and route-based VPNs is

how traffic to be encrypted is specified

Which cloud model (private, public, hybrid) is more flexible?

hybrid

This layer is now more often the target of attack than the network is.

identity layer

What happens if a pod crashed or is removed in kubernetes

if a pod crashed a new instance can be created if a pod is removed, the workload can be moved to a different pod in the cluster

When to use route based VPN gateways

if you need - Connections between virtual networks - Point-to-site connections - Multisite connections - Coexistence with an Azure ExpressRoute gateway

When is Conditional Access useful?

if you need to - require MFA - for certain users or networks, or all users/networks - require access only via approved apps (like only accessing outlook via the outlook app) - require access only via managed devices (a device meeting your standard for security and compliance) - block access from untrusted sources (like unknown/unexpected locations)

What does it mean for inbound data traffic to be free but outbound to cost money?

inbound = data going into Azure datacenters outbound = data leaving Azure datacenters some inbound data stuff is free outbound data transfer pricing is based on billing zones

Who can you apply Azure RBAC to?

individuals, groups, service principals, and managed identities

code that performs setup and configuration can be stored, versioned, and maintained along with application source code in a source code-management tool such as Git. This approach to managing hardware and cloud resources, is referred to as

infrastructure as code

Why use initiatives even when you only have a single policy?

initiatives enable you to increase the number of policies apply to a scope over time w/o having to change the policy assignment for your resources

Resources

instances of services that you create, like virtual machines, storage, or SQL databases

Why care about SLAs?

it affects your performance and the SLA you can make with your customers

What does it mean for a firewall to be stateful

it analyzes the complete context of a network connection, not just an individual packet of network traffic

Describe the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed)

it is preserved - Azure creates a record that associates a resource with the blueprint that defines it so you can track and audit deployment

How does Azure Firewall enables outside firewalls to identify traffic coming from your virtual network

it uses a static (unchanging) public IP address for your virtual network resources

combines container management automation with an extensible API to create a cloud native application management powerhouse

kubernetes

Virtual machine scale sets

let you create and manage a group of identical, load-balanced VMs

Conditional Access comes with a What If tool, which

lets you test our Conditional Access policies before you implement them by modeling your proposed Conditional Access policies across recent sign-in attempts from your users to see what the impact would have been if those policies had been enabled.

What is it called when you move from a physical server to the cloud

lift and shift

How do you assign Azure Policy Initiatives?

like policy assignment, just assign it a specific scope of a management group, subscription, or resource group

Which is not a feature of cloud computing? - faster innovation - limited pool of services - speech recognition and other cognitive services

limited pool of services is not a feature of cloud computing

Defense in depth: network

limits communication between resources through segmentation and access controls to allow only what is required restrict inbound internet access and limit outbound where appropriate Implement secure connectivity to on-premises networks

resource quotas

limits on the number of similar resources you can provision in a subscription -- mostly so Microsoft can plan its datacenter copacity

Azure Logic Apps

low/no code development platform using Logic Apps Designer UI to help automate and orchestrate tasks based on event triggers Build by linking triggers to actions using a library of connectors (or a custom connector)

Azure IoT Hub

managed service that's hosted in the cloud and that acts as a central message hub for bi-directional communication between your IoT application and the (maybe millions) devices it manages.

What can be used to manage governance across multiple Azure subscriptions

management groups

You organize subscriptions into containers called

management groups

Making a plan with the Cloud Adoption Framework

map goals to specific actions 1. digital estate: identify existing workloads you want to migrate to the cloud 2. initial organization alignment: who needs to be involved (tech + governance) 3. skills readiness plan: how to train them to operate in the cloud 4. cloud adoption plan: to bring together the devlopment, operations, and business teams toward a shared goal

Containers are often used to create solutions that break solutions into smaller, independent pieces this is called

microservice achitecture

you might split a website into a container hosting your front end, another hosting your back end, and a third for storage. This split allows you to separate portions of your app into logical sections that can be maintained, scaled, or updated independently. This is an example of?

microservice architecture

this is a way to simplify an application architecture by focusing on creating smaller, more manageable, autonomous, and independently deployed web services that address a single business domain or capability

microservice architectures

Adopting the cloud MIGRATION with the Cloud Adoption Framework

migrate your first workload using migration guide, and innovate stuff 1. migrate your first workload 2. migration scenarios: use additional in-depth guides to explore complex migrations 3. best practices: check Azure cloud migration best practice checklist to verify you've got them 4. process improvements: find ways to make migration process scale with less effort + innovate

Azure SQL Database and Azure SQL Managed Instance offer many of the same features; however, Azure SQL Managed Instance provides several options that might not be available to Azure SQL Database. These include

migrating dbs to the cloud that do not use SQL_Latin1_General_CP1_CI_AS server collation (the only one SQL Database supports)

you can build and deploy cross platform and native apps for any mobile device, use Xamarin services in Azure using this service category

mobile

As you move your workloads to the cloud, a natural evolution is to start with infrastructure as a service (IaaS) services because they map more directly to concepts and operations you're already familiar with. But to save costs you can

move from IaaS to PaaS which are less expensive and require less to manage but can still meet your requirements

UDR (user defined routing) is a significant update to Azure's Virtual Networks as this allows

network admins to control the routing tables between subnets within a VNet, as well as between VNets, thereby allowing for greater control over network traffic flow.

These have security rules that enable you to filter the type of network traffic that can flow in and out of virtual network subnets and network interfaces. After it is created it is associated with a VNet What is it?

network security group

What is like an internal firewall (firewall but within the same network)

network security group

Connect virtual networks to other virtual networks through a _____________ connection

network-to-network

for a VPN gateway you need to create a Virtual network gateway, explain

o route traffic between the virtual network and the on-premises datacenter or other virtual networks. The virtual network gateway can be either a VPN or ExpressRoute gateway

Azure blob storage

object storage solution for massive amounts of unstructured data like text and binary good for serving images and documents directly to a browser; storing archive data; steaming video and audio; disaster recovery

Azure Reservations

offers discounted prices on certain Azure services by reserving services and resources by paying in advance save you up to 72 percent as compared to pay-as-you-go prices

Azure Container Instances

offers the fastest and simplest way to run a container in Azure without having to manage any virtual machines or adopt any additional services. Containerized apps run on Azure without provisioning servers or VMs.

How is Azure RBAC enforced?

on any action that's initiated against an Azure resource that passes through Azure Resource Manager

Managing your cloud environments with the Cloud Adoption Framework

ongoing work for your cloud environment 1. establish a mgmt baseline: define minimum set of tools that should be applied to every asset in the environment - your commitment to operations 2. define business commitments: document supported workloads and operations and agree on cloud investments 3. expand the management baseline: apply recommended best practices to iterate on your initial management baseline 4. advanced operations and design principles: perform a deeper architecture review to deliver on your resiliency and reliability

Governing your cloud environments with the Cloud Adoption Framework

ongoing work for your cloud environment 1. methodology: consider end goal - how can you get there in steps 2. benchmark: use the governance benchmark tool to assess your current and future states to establish a vision 3. initial governance foundation: create an MVP capturing the first steps of your governance plan 4. improve the initial governance foundation: iteratively add governance controls that address tangible risks as you progress toward your final goal

What access tiers can be set at the account level?

only hot and cool (not archive)

Azure Government uses physically isolated datacenters and networks located

only in the US

The task of automating, managing, and interacting with a large number of containers is known as

orchestration

If you have multiple departments and need to do a "chargeback" of cloud costs by department you can

organize subscription by department or project or use tags

Bot Service solutions usually rely on

other AI services for such things as natural language understanding or even translation for localizing replies into a customer's preferred language

You can link virtual networks together by using virtual network

peering

DevOps is a concept that combines

philosophies and practices to facilitate technical teams as they work toward common goals by employing processes that automate the ongoing development, maintenance, and deployment of software systems to expedite the release of software changes, ensure the ongoing deploy-ability of the system, and ensure that all changes meet a high quality bar.

US DoD Central, US Gov Virginia, US Gov Iowa are regions that are

physical and logical network-isolated instances of Azure for U.S. government agencies and partners. These datacenters are operated by screened U.S. personnel and include additional compliance certifications.

Availability zone

physically separate datacenters within an Azure region

When done correctly, DevOps practices and processes touch nearly every aspect of a company and the software development lifecycle, including

planning, project management, and the collaboration of software developers and operations and quality assurance teams. Tooling automates and enforces most of the practices and processes, making it both difficult and unnecessary to work around.

Azure Bot Service & Bot Framework

platforms for creating virtual agents that understand and reply to questions just like a human; it creates a virtual agent that can intelligently communicate with humans. can include ordering food by text, simple QA, or sophisticated convo that provides access to services

Connect individual devices to virtual networks through a ____________ connection

point-to-site

compliance blueprints on policy definitions, for common standards

policy definitions for common security standards that you can apply to your Azure subscription helps make sure you meet standards

resource lock

prevent resources from being accidently deleted or changed

What is Azure

private and public cloud platform with an ever-expanding set of services to help you build solutions to meet your business goals. Azure services range from simple web services for hosting your business presence in the cloud to running fully virtualized computers for you to run your custom software solutions. Azure provides a wealth of cloud-based services like remote storage, database hosting, and centralized account management. Azure also offers new capabilities like AI and Internet of Things (IoT).

Multifactor authentication

process where a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan. Makes it more difficult to fully authenticate and steal credentials

Defense in depth: perimeter

protecting from network-based attacks against your resources. Identifying these attacks, eliminating their impact, and alerting you when they happen are important ways to keep your network secure. uses distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for users use perimeter firewalls to identify and alert on malicious attacks against your network.

Azure Dedicated Host

provides dedicated physical servers to host your Azure VMs for Windows and Linux (instead of shared hardware like normal VMs in Azure)

Azure Mobile App

provides iOS and Android access to your Azure resources when you're away from your computer You can - monitor health and status of resources - check alerts, diagnose and fix issues, restart a web app or VM, etc - run Azure CLI or PowerShell commands to manage resources

Azure Cognitive Services

provides prebuilt machine learning models that enable applications to see, hear, speak, understand, and even begin to reason.

Azure compliance documentation

provides you with detailed documentation about legal and regulatory standards and compliance on Azure.

How can you avoid defining role based access controls for multiple subscriptions that user should have access to?

put the subscriptions in a management group and apply the role based access control to the group

Regulatory compliance

refers to the discipline and process of ensuring that a company follows the laws that governing bodies enforce

tenant

representation of an organization (in Azure)

manageable item that's available through Azure. Virtual machines (VMs), storage accounts, web apps, databases, and virtual networks are examples of this

resource

A container that holds related resources for an Azure solution. This container includes resources that you want to manage as a group.

resource group

Before any resource can be provisioned, you need a

resource group for it to be placed in.

virtual network Peering enables

resources in each virtual network to communicate with each other. These virtual networks can be in separate regions, which allows you to create a global interconnected network through Azure.

When you assign the Contributor role to an application at the resource group scope, the application can manage

resources of all types within that resource group, but not other resource groups within the subscription.

ExpressRoute connectivity can be

rom an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual cross-connection through a connectivity provider at a colocation facility

this is automatically created for each subnet within an Azure vNet with default routes. You can add custom routes to modify traffic between virtual networks. This is?

route table

Azure Service Health

rovides a personalized view of the health of the Azure services, regions, and resources you rely on as well as incident history and root cause analysis

when you increase compute capacity by adding instances of resources, such as adding VMs to the configuration you are

scaling horizontally (scalability)

to increase compute capacity by adding RAM or CPUs to a single virtual machine you are

scaling vertically (scalability)

ARM Templates

scripts for deploying multiple servers that may need to connect to each other or be deployed in a certain order describe the resources you want to use in a declarative JSON format. The entire ARM template is verified before any code is executed to ensure that the resources will be created and connected correctly. You only need to define the desired state and configuration of each resource in the ARM template, and the template does the rest

What is your secure score based on?

security controls: he percentage of security controls that you satisfy

SIEM system

security information and event management aggregates security data from many different sources

define virtualization

separates the tight coupling of the computers hardware and OS using an abstraction layer called hypervisor which emulates the functioning of a real computer and its CPU in a VM optimizing the capacity of the hardware

a term used to describe an execution environment that's set up and managed for you. You merely specify what you want to happen by writing code or connecting and configuring components in a visual editor, and then specify the actions that trigger your functionality. You never have to worry about an outage, your code can scale instantly to meet demand, and you pay based only on the actual usage of your code.

serverless computing

a cloud-hosted execution environment that runs your code but abstracts the underlying hosting environment so that you're not responsible for setting up or maintaining the server. You don't have to worry about scaling it when there's increased demand, and you don't have to worry about outages. It is responsible for sending messages from one system to another, or processing messages that were sent from other systems. It's not used for user-facing systems but, rather, it works in the background.

serverless computing (Azure Functions or Logic Apps)

Trust Center

showcases Microsoft's principles for maintaining data integrity in the cloud and how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services providing support and resources for the legal and compliance community on microsoft.com -- not in Azure!

How fast are Cosmos DB data accesses?

single-digit-millisecond data access

Connect on-premises datacenters to virtual networks through a __________ connection

site-to-site

Firewall rules can

specify ranges of IP addresses to allow, or include specific network protocol and port information

Key features of policy-based VPN gateways in Azure include

specify statically the IP address of packets that should be encrypted through each tunnel - Support for IKEv1 only - Use of static routing, where combinations of address prefixes from both networks control how traffic is encrypted and decrypted through the VPN tunnel - must be used in specific scenarios that require them, such as for compatibility with legacy on-premises VPN devices

Adjust assumptions with TCO calculator

specify whether your current on-premises licenses are enrolled for Software Assurance, which can save you money by reusing those licenses on Azure specify whether you need to replicate your storage to another Azure region for greater redundancy see the key operating cost assumptions across several different areas certified by Nucleus Research like electricity, IT admin costs, network maintenance etc. --- adjust these for your current costs

Operational Expenditure (OpEx)

spending money on services or products now, and being billed for them now. You can deduct this expense in the same year you spend it. There is no up-front cost, as you pay for a service or product as you use it.

Are Azure Functions stateless of stateful?

stateless by default - behaves as if it's restarted every time it responds to an event

SKU

stock-keeping unit

Azure disk storage

stores disks for VMs and apps to access and use as needed SSD (solid state drives for higher performance work loads) HDD (hard drive disk for less critical stuff)

a logical unit of Azure services that links to an Azure account,

subscription

Teams often start their Azure governance strategy at what level

subscription level

What is a logical unit of Azure services that links to an Azure account?

subscriptions

Azure DevOps

suit of services addressing every stage of development using tools like high-performance pipelines, free private Git repositories, configurable Kanban boards, and extensive automated and cloud-based load testing. Formerly known as Visual Studio Team Services. Good for sophisticated project management and reporting.

What helps organize existing resources and groups?

tags

IoT Central provides starter templates, explain

templates for retail, energy, healthcare, and government can be provided and customized in the UI and tailor to the specific data that's sent from your devices, the reports you want to see, and the alerts you want to send. You can use the UI to update or modify a device with little code required to get started bc of the templates

Azure Cognitive Services is general purpose, meaning

that many different kinds of customers can benefit from the work that Microsoft has already done to train and test these models and offer them inexpensively at scale.

How can you estimate total cost of Azure resources?

the Azure Pricing calculator displays Azure products in categories for you to configure and add to your estimate Then you get a total estimate and price breakdown

Serverless computing

the abstraction of servers, infrastructure, and operating systems Azure takes care of managing the server infrastructure and the allocation and deallocation of resources based on demand. Infrastructure isn't your responsibility. Scaling and performance are handled automatically. You're billed only for the exact resources you use.

How do you get billed for Azure Marketplace purchases?

the billing structures are set by the vendor of the thing you use

What is cloud computing

the delivery of computing services over the internet, which is otherwise known as the cloud. These services include servers, storage, databases, networking, software, analytics, and intelligence.

What if state is required in an Azure Function?

the function can be connected to an Azure storage account

what is responsible for handling everything that happens in Azure including responding to user requests

the orchestrator, a piece of software connected to a fabric controller a fabric controller is software located on a server on each rack in an azure datacenter e.g. user wants new VM, orchestrator gets everything needed and sends request to a fabric controller which creates the VM and lets the user know when its ready

An availability zone is set up to be an isolation boundary. If one zone goes down,

the other continues working. Availability zones are connected through high-speed, private fiber-optic networks.

service credit

the percentage of the fees you paid that are credited back to you according to the claim approval process.

Microsoft is the first cloud provider to have adopted the ISO/IEC 27018 code of practice, which covers

the processing of personal information by cloud service providers

When planned maintenance or unplanned disruption affects the active instance of a VPN Gateway

the standby instance automatically assumes responsibility for connections without any user intervention connections are restored restored within a few seconds for planned maintenance and within 90 seconds for unplanned disruptions

The primary difference between Azure PowerShell and Azure CLI is

the synax you use

Downtime

the time duration that the service is unavailable

Where can you apply locks?

to a subscription, resource group, or resource

for a VPN gateway you need to create a connection, explain

to create a logical connection between the VPN gateway and the local network gateway. The connection is made to the on-premises VPN device's IPv4 address as defined by the local network gateway. The connection is made from the virtual network gateway and its associated public IP address. You can create multiple connections.

for a VPN gateway you need to create a Local network gateway, explain

to define the on-premises network's configuration, such as where the VPN gateway will connect and what it will connect to. This configuration includes the on-premises VPN device's public IPv4 address and the on-premises routable networks. This information is used by the VPN gateway to route packets that are destined for on-premises networks through the IPSec tunnel.

The objective of defense in depth is

to protect information and prevent it from being stolen by those who aren't authorized to access it. A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data.

T/F You pay for the Azure compute resources your app uses while it processes requests based on the App Service plan you choose.

true

UDR

user-defined Routing

Azure routes traffic between subnets on any connected virtual networks, on-premises networks, and the internet. How can you override this?

using route tables (rules to direct packets) and border gateway protocol (works with Azure VPN gateways or ExpressRoute to handle routes)

Azure PowerShell

utilized Azure mgmt API to automate identical tasks like updating VMs with software patch - execute cmdlets that call the Azure Rest API to perform any mgmt task in Azure. - Cmdlets can be used for routine setup, teardown, and maintenance of resources or the deployment of an entire infrastructure from imperative code.

Azure Monitor

very comprehensive platform for collecting, analyzing, visualizing, and potentially taking action based on the metric and logging data from your entire Azure and on-premises environment helps identify and drill into the root cause of issues

How can you add, modify, or delete tags?

via powershell, azure cli, ARM templates, the REST API, or Azure Portal You can also use Azure Policy

When you assign the Reader role to a group at the subscription scope, the members of that group can

view every resource group and resource within the subscription.

it's easier to build large-scale services targeting big compute, big data, and containerized workloads. As demand goes up, more VM instances can be added. As demand goes down, VM instances can be removed. The process can be manual, automated, or a combination of both. What am I?

virtual machine scale set

Which Azure compute resource can be deployed to manage a set of identical virtual machines?

virtual machine scale sets

What can you use to link virtual networks?

virtual network peering

National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is a

voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risks

How does Azure Active Directory enforce MFA

w/ Microsoft Authenticator app; SMS code, or phone call

microservice (define and pros)

web service with a small well defined scope and is loosely couple from any other web service typically create multiple to work together via APIs or parent app and each have a single functionality each service should be completely autonomous with no dependencies on other services

Adopting the cloud INNOVATION with the Cloud Adoption Framework

while migrating to the cloud, you may find ways to innovate 1. business value consensus: verify your changes add value and meet customer needs 2. azure innovation guide: use this to accelerate development and build a MVP for your idea 3. best practices: verify your progress maps to recommended practice before continuing 4. feedback loops: check with customers often to verify you're meeting their needs

logic apps execute

workflows that are designed to automate business scenarios and are built from predefined logic blocks.

Examples of actions in Logic Apps include

working with variables, decision statements and loops, and tasks that parse and modify data

in an active/active configuration

you assign a unique public IP address to each instance. You then create separate tunnels from the on-premises device to each IP address

One thing that distinguishes Azure Files from files on a corporate file share is that

you can access the files from anywhere in the world, by using a URL that points to the file. You can also use Shared Access Signature (SAS) tokens to allow access to a private asset for a specific amount of time.

After a dedicated host is provisioned, Azure assigns it to the physical server in Microsoft's cloud datacenter. What can you do for high availability?

you can provision multiple hosts in a host group (collection of dedicated hosts), and deploy your VMs across this group also take advantage of maintenance control to control when regular maintenance updates occur

ExpressRoute provides Layer 3 (address-level) connectivity between

your on-premises network and the Microsoft cloud through connectivity partners. These connections can be from a point-to-point or any-to-any network. They can also be virtual cross-connections through an exchange.


Conjuntos de estudio relacionados

Endocrine System: Review Questions

View Set

Chapter 4- Life policy provisions and options - A.D Banker

View Set

Module 4 - Chapter 7: Appraisal, Knowledge, and Experience & Chapter 8: Development of Emotions in Childhood

View Set

Chapter 26: Children and Adolescents

View Set

Supply Chain: Everything After Exam 1

View Set

AP Chemistry Practice Test Questions: Kinetics & Thermochemistry

View Set