Microsoft Certified Azure Fundamentals Exam (AZ-900)
Azure Advanced Threat Protection is one of Microsoft's cloud based security services. What are the components of the Azure ATP?
•*Azure ATP Portal*: monitor and respond to suspicious activity. •*Azure ATP Sensor*: sensors are installed directly on your domain controllers. The sensor monitors domain controller traffic without requiring a dedicated server or configuring port mirroring. •*Azure Cloud Service*:runs on the Azure Service Fabric (be able to describe the service fabric for the exam!)
List the components of Azure Health? Also what are some use cases of Azure Service Health?
•*Azure Status* provides a global view of the health state of Azure services •*Service Health* offers a customizable dashboard that tracks the state of your Azure services in the regions where you use them. In this dashboard, you can track active events such as ongoing service issues, upcoming planned maintenance, or relevant Health advisories. •*Resource Health* helps you diagnose and obtain support when an Azure service issue affects your resources. It provides you with details with about the current and past state of your resources. It also provides technical support to help you mitigate problems.
Compare / Contrast CapEx(Capital Expenditure) vs. OpEx(Operational Expenditure)
•*Capital Expenditure*: the spending of money on physical infrastructure up front, and then deducting that expense from your tax bill over time. CapEx is an upfront cost, which has a value that reduces over time. •*Operational Expenditure*: spending money on services or products now and being billed for them now. You can deduct this expense from your tax bill in the same year. There's no upfront cost. You pay for a service or product as you use it.
What are some computing services offered by a Cloud Provider?
•*Compute power* - e.g. Servers or web applications •*Storage* - e.g. Files and Databases •*Networking* - e.g. secure connections between the cloud provider and on-premises. •*Analytics* - e.g. visual telemetry and performance data
List some use cases and benefits of the Azure Monitor.
•A way to *visualize and present data* to different audiences(e.g. a yearly audit, or report for a technology committee meeting, or for a customer whose needs demand it). •*Respond proactively to critical conditions*(e.g. sending a text alert to an administrator responsible for handling the issue or automating a process that attempts to fix it). •Overall *visibility into the operations of your cloud* environment.
List 3 great(and free!) tools for managing and implementing cost recommendations in Azure.
•Azure Advisor •Azure Cost Management •Cloudyn, a Microsoft Subsidiary
List some of the core available options for storage that a customer can choose from in Azure.
•Azure Blob Storage •Azure File Storage •Azure Queue Storage •Azure Table Storage They all can be accessed easily from anywhere in the world in a standard web browser!
List some of the key Database Services provided by Azure.
•Azure Cosmos DB •Azure SQL Data Warehouse •Azure Database Migration Service •Azure SQL Database
List some of the core products that make up Azure Networking.
•Azure Network Watcher •Azure Express Route •Azure Traffic Manager •Azure Content Delivery Network •Azure Application Gateway •Azure Virtual Network •Azure Load Balancer
List some core examples of Compute Services in Azure.
•Azure VMs •Azure VM Scale Sets •Azure Kubernetes Service •Azure Service Fabric •Azure Batch •Azure Container Instances •Azure Functions
As it relates to cost, what kinds of changes are typically suggested by the Azure Advisor?
•Buy reserved instances to save money over pay-as-you-go •Reduce costs by eliminating unprovisioned Azure ExpressRoute circuits. •Right-size or shutdown underutilized virtual machines.
When you provision an Azure resource, Azure creates one or more meter instances for that resource. The meters track the resources' usage, and generate a usage record that is used to calculate your bill.Give some examples of tracking meters that can be used?
•Compute Hours •IP Address Hours •Data Transfer In •Data Transfer Out •Standard Managed Disk
Give three disadvantages to using a private cloud model.
•Initial CapEx costs and must purchase the hardware for startup and maintenance •Owning the equipment limits agility - to scale you must buy, install, and setup new hardware •Private clouds require IT skills and expertise.
Give three disadvantages to using a public cloud model.
•Security Requirements •Government Policies •Business requirements for a legacy software / application.
As it relates to IAM(Identity & Access Management), define "Authentication(AuthN)".
*Authentication(AuthN)* is the process of *establishing the identity of a person or service looking to access a resource*. It establishes if they are who they say they are!
As it relates to IAM(Identity & Access Management), define "Authorization(AuthZ)".
*Authorization(AuthZ)* is the process of *establishing what level of access an authenticated person or service has*. It specifies what data they're allowed to access and what they can do with it.
In terms of Server-less Computing concepts, name some of the solutions offered by Azure.
*Azure Logic Apps* (to orchestrate and connect server-less functions & APIs), *Azure Functions* (run computer code without worrying about servers), *Azure Active Directory*.
Define Azure Policy.
*Azure Policy*: a service in Azure that you use to define, assign, and, manage standards for resources in your environment. It can prevent the creation of disallowed resources, ensure new resources have specific settings applied, and run evaluations of your existing resources to scan for non-compliance.
A Cloud Administrator has concerns about resources meeting SLAs(Service Level Agreements). Which of the Azure Health components is appropriate for this scenario?
*Azure Resource Health*. It provides a much more in-depth view than Azure Status, plus the administrator can opt to have a customized dashboard that provides insights into how well his resources meet those SLAs.
Infinity Manufacturing, a fictitious company is looking to migrate some of their infrastructure to Azure. Name an appropriate tool to help them predict how much money they can save.
*Azure TCO(Total Cost of Ownership) Calculator*. Here you can enter details about current on-premises infrastructure, define your workload, include assumptions and generate a report.
Describe what takes place when a customer purchases Azure services through a Cloud Service Provider.
*Cloud Solution Providers (CSP)* typically are Microsoft partner companies that a customer hires to build solutions on top of Azure. Payment and billing for Azure usage occur through the customer's CSP.
Describe an Azure Web agreement.
*Direct Web* customers pay general public prices for Azure resources, and their monthly billing and payments occur through the Azure website.
Describe an Azure Enterprise agreement.
*Enterprise* customers sign an Enterprise Agreement with Azure that commits them to spend a negotiated amount on Azure services, which they typically pay annually. Enterprise customers also have access to customized Azure pricing.
True or False. Basic support plans only include access to support engineers via email.
*FALSE*. Basic plans have NO access to technical support of any kind. Technical support access begins from Dev and upwards to Premier.
True or False. Azure Cosmos DB only supports SQL databases.
*FALSE*. Comos DB is multi-model (it supports all kinds of different databases, even NoSQL ones!) and is globally distributed making workload migration between nearby geographical locations a breeze!
True or False. Azure resources cost the same across all locations and regions.
*FALSE*. In many cases, great savings in cost can be reached by spinning up resources in different regions. However note that the cost of egress traffic between areas must be considered or not it can still drive up overall expense. Make this a part of your cloud strategy.
True or False. Customers are required to pay for inbound data transfers (data going into Azure datacenters).
*FALSE*. Most of the time inbound data transfers (data going into Azure datacenters) are free. For outbound data transfers (data going out of Azure datacenters), the data transfer pricing is based on Billing Zones.
Describe the concept of "five nines".
*Five Nines* = a 99.999% performance-target commitment. This is roughly *6 seconds of downtime per week / 5.26 minutes per year*. It is the highest level of commitment.
As it relates to cost, give one example of unnecessary expense in Azure.
*Over-sized and underutilized VMs*. Reduce your costs by picking the right VM for your workload. For example, you might go from a expensive *Standard_D4sv3 to a cheaper *Standard_D2sv3*.
Compare / contrast the benefits of using Reserved Instances vs. subscriptions that are pay-as-you-go.
*Pay-as-you-go* = for unpredictable resources. *Reserved Instances* = for static & predictable resources. *Pay-as-you-go* = ideal for resources that may / may not always be used / run all year long. *Reserved Instances* = for heavy workloads that run 24 x 7 x 365. For such workloads, Reserved Instances can save you as much as 80% in costs each year when compared to pay-as-you-go.
True or False. Basic support plans include access to support for billing and subscriptions.
*TRUE*. Offered in this tier is 24x7 access to billing and subscription support, online self-help, documentation, whitepapers, and support forum
Describe the concept of "three nines".
*Three Nines* = a 99.9% performance-target commitment. This is roughly 10 minutes of downtime per week / 8.76 hours per year*. It is one of the lowest levels of commitment.
Rob is new to cloud computing and is confused by the terms: "Vertical Scaling" and "Horizontal" scaling. Give him a brief rundown on the differences between the two!
*Vertical scaling*: aka "scaling up", is the process of adding resources to increase the power of an existing server. Some examples of vertical scaling are: *adding more CPUs, or adding more memory*. *Horizontal scaling*: aka "scaling out", is the process of adding more servers that function together as one unit. For example, *you have more than one server processing incoming requests*
Name three kinds of attacks that Azure DDoS protection is capable of mitigating.
*Volumetric attacks*: The attackers goal is to flood the network layer with a substantial amount of seemingly legitimate traffic. *Protocol attacks*. These attacks render a target inaccessible, by exploiting a weakness in the layer 3 and layer 4 protocol stack. *Resource (application) layer attacks*. These attacks target web application packets to disrupt the transmission of data between hosts.
If an admin de-allocates (the equivalent of turning off) a VM, will he still be charged for usage?
*YES and NO*. He will NOT be charged for compute time, however he will be charge for persistent disks (to keep his data on that VM's storage).
Two or more elements that confirm Identities, are required by Azure Multi-Factor Authentication. List three (3).
1. *Something you know* (e.g. password / answer to question). 2. *Something you possess* (mobile app, keyfob etc.) 3. *Something you are* (Bio-metrics: fingerprint, facescan etc.)
Describe two usage scenarios of the Azure Security Center.
1. Incidence Response Management. 2. Security Policy and Vulnerability Management.
List three best practices an administrator can use when setting up new resources in the Azure portal.
1. Segregate duties within your team and grant only the amount of access to users that they need to perform their jobs. 2. Grant users the lowest privilege level that they need to do their work. 3. Use Resource Locks to ensure critical resources aren't modified or deleted.
Describe Azure Table Storage in simple terms.
A NoSQL store that hosts unstructured data independent of any schema
Give the simplest definition of a container.
A container is similar to a VM but it doesn't need a guest operating system.
What is an Azure Resource group?
A container that holds related resources for an Azure solution. The resource group includes those resources that you want to manage as a group. You decide how to allocate resources to resource groups based on what makes the most sense for your organization. For example, networking resources can be placed in their own resource group.
Define an Azure Resource and give some examples.
A manageable item that is available through Azure. Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources.
What is a policy definition?
A policy definition expresses *what to evaluate and what action to take*. The following are examples of items that are impacted by policy definitions: Allowed Storage Accounts, Allowed VMs, Allowed Resources, Allowed Locations (e.g. you can / cannot create a resource in a particular region / availability zone).
What is an Azure Region? Also name a few popular regions right here in the USA.
A region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.Some examples of popular regions are: *East US & East US 2, SouthCentral US, West US, West US 2, Central US. *
From left to right in order of levels of support, order the following from the least to the greatest: Premier, Dev, Standard, Basic, Professional Direct.
ANSWER: *Basic, Dev, Standard, Professional Direct, Premier*
True or False. Tags can be applied to any kind of resource on Azure.
ANSWER: *FALSE* Not all resources in Azure support tags! You have to check and see which ones do.
Can Resource groups be nested?
ANSWER: *NO* Although other cloud providers may offer this feature, it is not yet offered in Azure.
Are applied Tags inherited?
ANSWER: *NO*. Every resource that needs to be tagged, should be tagged accordingly.
True or False. A policy applied to a resource group affects all resources in that particular group.
ANSWER: *TRUE*.
True or False. Resources can be in only one resource group.
ANSWER: *TRUE*. Resources can belong to only one group at a time.
Where can an administrator look to begin examining the security of Azure-based solutions?
ANSWER: The *Azure Security Center*. It is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises.
Jim the systems admin at a fictitious company is an absolute control freak! From the list below, choose the most appropriate cloud solution for him: a). Virtual Machines b). Containers c). Serverless compute
ANSWER: a). *Virtual Machines.* Because he will emulate a physical system, Jim can do whatever he likes (e.g. install software, configure updates etc.)
With regards, to the burden upon the customer, which of the following provides the least burden? a). IaaS b). PaaS c). SaaS
ANSWER: c). *SaaS* On the other extremity, IaaS provides the greatest burden to the customer, with PaaS balancing between SaaS & IaaS.
As it relates to Azure, define the term SLAs (Service Level Agreements)
An SLA *defines performance targets for an Azure product or service*. The performance targets that an SLA defines are specific to each Azure product and service. For example, performance targets for some Azure services are expressed as *uptime guarantees or connectivity rates*.
What is an Azure Billing Zone?
An Zone is a geographical grouping of Azure Regions for billing purposes.(NOTE: not to be confused with Availability Zones!)
Describe an Azure function in as few words as possible., then give an example.
An event-driven, serverless compute service (e.g. confirmation of a successful login to a bank account).
As it relates to Azure and policies, what is an initiative?
An initiative definition is a set or group of policy definitions to help track your compliance state for a larger goal.
Give one example of where you would use a private cloud solution
An organization has data that cannot be put in the public cloud, perhaps for legal reasons. An e.g. may be where government policy requires specific data to be kept in-country or privately.
Define: Elasticity as it relates to cloud computing
As your workload changes due to a spike or drop in demand, a cloud computing system can compensate by automatically adding or removing resources. (e.g. a web-site during Black Friday Sale)
What countries / territories are part of Zone 2?
Asia Pacific, Japan, Australia, India, Korea
what is an Availability Zone?
Availability Zones are physically separate locations within an Azure region (think of subsets within a Venn Diagram!) Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking.
What popular Azure services make use of Availability Zones?
Availability Zones are primarily for VMs, managed disks, load balancers, and SQL databases.
Describe Azure Active Directory.
Azure AD is a cloud-based identity service. It has built in support for synchronizing with your existing on-premises Active Directory or can be used stand-alone. This means that all your applications, whether on-premises, in the cloud (including Office 365), or even mobile can share the same credentials.
Rob has started his own video surveillance company and wishes to park his customer's footage in the cloud where it is secure and highly accessible. Propose the most appropriate Azure storage solution to him.
Azure Blob Storage, is capable of storing very large objects like video files & bitmaps.
What is one of the primary benefits of Azure DDoS protection?
Azure DDoS protection identifies the attacker's attempt to overwhelm the network and blocks further traffic from reaching Azure services. Legitimate traffic from customers still flows into Azure without any interruption of service.
A small company with 10 employees and little capital want to migrate their small on-premises storage server to the cloud. Choose an appropriate Azure solution.
Azure File Storage is excellent for this scenario, because it consists of File shares that you can access and manage like a file server
What Azure services can be used to manage BigData?
Azure HD Insights, Azure SQL Data Warehouse, and Azure DataLake
Azure offers services related to the IoT(Internet of Things). A manufacturing company has thousands of smart probes and sensors and would like a way to securely monitor communications and messages between them all. Suggest the most appropriate Azure IoT service.
Azure IoT Hub. It directly handles messages between IoT devices (Think of the Phillips Hue Hub, AppleTV for HomeKit, WINK Hub).
How are the terms Azure Monitor and Telemetry connected?
Azure Monitor is a comprehensive solution for *collecting, analyzing, and acting on telemetry from your cloud and on-premises environments*. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.
A software/web developer has built a 2 Factor Authentication app on Azure. Where can he park separate events or functions that form the building blocks of communication in his application? He only wants these events or functions to run when triggered(e.g. when a customer attempts to authenticate).
Azure Queue storage. It is a service for storing large numbers of messages. You access messages from anywhere in the world via authenticated calls using HTTP or HTTPS.
Describe in detail, the primary functions of the Azure Resource Manager.
Azure Resource Manager is the deployment and management service for Azure. It provides a consistent management layer that enables you to create, update, and delete resources in your Azure subscription. You can use its access control, auditing, and tagging features to secure and organize your resources after deployment.
What is Azure Service Health?
Azure Service Health is a suite of experiences that provide personalized *guidance and support when issues with Azure services affect you*. It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved.
Give a detailed explanation of the primary function of an Azure Virtual Network (VNet)
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure and it enables many types of Azure resources, such as Azure VMs, to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you'd operate in your own data center, but brings with it additional benefits of Azure's infrastructure such as scale, availability, and isolation.
What is Azure Germany?
Basically Azure Cloud Services operated under strict EU regulations and ONLY within Germany data-centers.However *not all Azure US services are offered in Germany*. Some particular services not yet offered are: Azure Active Directory Premium, and Azure Key Vault.
Describe the Azure Service Fabric
Basically a wide range of Azure systems that run in the cloud or on-premises.
What is Azure Government, and what are some of the services offered?
Basically specialized cloud service offerings by Azure for government agencies. It is operated by screened U.S. Citizens. Some mission critical services offered are: Azure Site Recovery(DRaaS-Disaster Recovery-as-a-Service), and Azure Analysis Services.
For an administrator, what are some added benefits of the Key Vault?
Centralized storage of secrets, secure access, permissions control, and access logging(for e.g. see when, where and how someone gained access to resources).
What is Cloud agility?
Cloud agility is the ability to rapidly change an IT infrastructure to adapt to the evolving needs of the business. For e.g. if your service peaks one month, you can scale to demand and pay a larger bill for the month. If the following month the demand drops, you can reduce the used resources and be charged less. This agility lets you manage your costs dynamically, optimizing spending as requirements change.
Describe the Hybrid Cloud
Combine public and private cloud(on premises data-center). Simple as that.
What is Azure Express Route?
Connects to Azure over high-bandwidth dedicated secure connections
Define: fault-tolerance as it relates to cloud computing
Customers and end-users are not impacted when a disaster occurs.
What is the function of the Azure Content Delivery Network?
Delivers high-bandwidth content to customers globally
Give one example of where you would use a public cloud solution
Deploy a website or blog. The web-server is handled by the cloud provider. You only worry about managing the site itself.
Misha the cloud computing class nerd wants to engage you in a discussion on Economies of Scale. Start the conversation off with an adequate definition and an example.
Economies of scale is *the ability to do things more efficiently or at a lower-cost per unit when operating at a larger scale.* In other words, more money is saved, when production rates are higher. Users also pay less for power consumption, cooling and network connectivity than they would with on-premises infrastructure.
What is the purpose of the Azure Key Vault?
Encryption services all use keys to encrypt and decrypt data, so how do we ensure that the keys themselves are secure? Suppose we also wanted to protect passwords, certificates, and other pieces of sensitive info? In Azure, we can use Azure Key Vault to protect our secrets.
Name three options a customer has to purchase Azure Products & Services?
Enterprise, Web, Cloud Service Provider (CSP)
What is the primary benefit of CapEx?
Fixed Costs and a predictable expense for your budget! Companies on a tight budget will lean here.
What is the Compliance Manager?
Found in the Service Trust Portal, it is comprehensive a dashboard that provides a summary of your data protection and compliance stature and recommendations for improvement for services like Azure, Dynamics 365, & Office 365.
What is GDPR?
GDPR stands for *General Data Protection Regulation*. It's the core of Europe's digital privacy legislation.
What does it mean to be NIST compliant?
Generally speaking, *NIST guidance* provides the set of standards for recommended security controls for information systems at federal agencies.
What is Azure DE Zone 1?
Germany.
What is the primary benefit of OpEx?
Grows if demand is increased and shrinks accordingly. For new companies / startups this will make lots of sense.
Robert an Azure Administrator wishes to find alternative methods of applying policies (other than using the Azure Portal). Suggest some alternatives to help him out.
He can also apply policy via Azure PowerShell or the Azure CLI.
Russia is part of Zone 3 in Azure!
Heck no! Microsoft Azure services are NOT available in Russia. Brazil is the only area / territory in Zone 3.
What can be a primary disadvantage of the Hybrid Cloud?
Humongous expenses. Running both cloud + on premises is typically very costly! (It might be necessary in a scenario with legacy Line-of-Business software)
Microsoft Azure is compliant with several standards, laws and regularitons. List some of these.
ISO, SOC, NIST, FedRAMP, GDPR
What is ISO?
ISO, the International Organization for Standardization, develops and publishes International Standards.
Define: redundancy as it relates to cloud computing
If one component fails, another is available to take its place and its workload.
Robert has created some resources in Azure. How soon can he take advantage of the Azure Monitoring service?
Immediately! He can enable diagnostics on supported resources, and for compute resources he can even add an agent to begin collecting data.
What is VM Dellocation and how does it help to reduce costs?
In a development or testing environment, VMs may not always be used at maximum capacity throughout the day. Turning off (deallocation) of these VMs can save lots of money. Further more, tools in Azure can be applied to automate this process on a schedule. (Try it out in the Azure portal).
Describe the Private Cloud
In a private cloud, you create a cloud environment in your own datacenter and provide self-service access to compute resources to users in your organization (You take the place of Microsoft Azure).
Describe the Microsoft Trust Center?
It contains information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services.
Describe the function of Network Security Group(NSG).
It enables you to filter network traffic to and from Azure resources in an Azure virtual network.This can be done by source/dest. IP address, port and protocol.
Describe the Service Trust Portal?
It hosts the Compliance Manager service, and is the Microsoft public site for published downloadable audit reports and other compliance-related information relevant to how Microsoft builds and operates its cloud services.
What is the Azure Firewall?
It is *a managed, cloud-based, network security service that protects your Azure Virtual Network resources*. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
What is the IoT Central?
It is a SaaS based Azure software that makes it easy to connect, monitor, and manage your IoT assets (think of WINK, HomeKit etc. as examples)
What is Azure Spending Limits?
It is a feature that *prevents you from exhausting the credit on your account within each billing period*. When limits are maxed out by deployed / active resources, those resources are turned off disabled until the next billing cycle begins.
What is an Azure Geography?
It is a special market(made up of at least 2 regions) that caters to customers who due to data-residency and compliance requirements, need to keep their data as geographically close as possible (e.g. a Law firm with Florida Bar Requirements). Geographies are also fault-tolerant.
What is an Azure Container Instance / is it used for?
It is used to run applications in Azure without the need of a VM, or provisioned server.
Michael wishes to enable his organization to send encrypted email and to classify and protect documents when needed. Choose an appropriate Azure service/solution.
Microsoft Azure Information Protection (AIP) will give Michael the tools he needs.
Describe the Public Cloud
Microsoft Azure is a public cloud provider. There is no local hardware to manage or keep up-to-date - everything runs on your cloud provider's hardware. In some cases, you can save additional costs by sharing computing resources with other cloud users.
Describe the function of Azure Network Watcher.
Monitors and diagnoses network issues using scenario-based analysis
Why should one never use Azure public or private previews, and beta releases in a production environment?
PREVIEWS ARE PROVIDED "AS-IS," "WITH ALL FAULTS," AND "AS AVAILABLE," AND ARE EXCLUDED FROM THE SERVICE LEVEL AGREEMENTS AND LIMITED WARRANTY. Previews may *not be covered by customer support*. Previews may be subject to *reduced or different security, compliance and privacy commitments*.
Describe Platform-as-a-Service (PaaS)
Primarily used to build, test and deploy applications, and you can perform all of these actions without managing the underlying infrastructure.
What is a Resource Lock?
Resource locks are a setting that can be *applied to any resource to block modification or deletion*. Resource locks can set to either Delete or Read-only. Delete will allow all operations against the resource but block the ability to delete it. Read-only will only allow read activities to be performed against it, blocking any modification or deletion of the resource.
What does it mean to be SOC/SOC2 compliant?
SOC stands for "system and organization controls," and the controls are a series of standards designed to help measure how well a given service organization conducts and regulates its information.
What is Serverless Computing?
Serverless computing lets you run application code(e.g. functions) without creating, configuring, or maintaining a server. When compared to VMs and Containers, it is the lightest and fastest deployment method.
What does the term "BigData" mean?
Simply put, it is referring to huge volumes of data.This data is typically things like weather & communication systems, satellite feeds, scientific research etc.
Describe Software-as-a-service (SaaS)
Software is centrally hosted and managed for the end customer. It is usually based on an architecture where one version of the application is used for all customers, and licensed through a monthly or annual subscription. Office 365, Skype, and Dynamics CRM Online are perfect examples of SaaS software.
Where can one quickly and easily find recommendations on cost in Azure?
The *Azure Advisor*.
What happens if an Azure service fails to meet its SLA?
The customer is given a discount or credit towards their next bill.
Explain the purpose of the Microsoft Privacy Statement.
This privacy statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes.
Why would you need an Azure Application gateway?
To manage traffic and security to your applications on the web.
What countries / territories are part of Zone 1?
United States, Europe, Canada, UK, France
Give a few examples of where applying a Resource Lock would be appropriate (For good exam practice, give it a try in the Azure Portal if you have a subscription!)
Use resource locks to protect those key pieces of Azure that could have a large impact if they were removed or modified. Some examples are *ExpressRoute circuits, and virtual networks, critical databases, and domain controllers.*
You are tasked with building an Azure Solution. How would you an estimate of the costs without deploying and running those services or without manually pricing out each service from the Azure service pricing pages?
Use the *Azure Pricing calculator*. Not only is it free, but its web tool allows you to input Azure services and modify properties and options of the services. It outputs the costs per service and total cost for the full estimate.
Give a summary of the function of Azure Kubernetes Service
Used to manage(orchestrate) clusters of VMs that run containerized services (e.g. Docker).
Azure is involved in the AI and Machine Learning space. What are some key cognitive services offered?
Vision, Speech, Natural Language Processing.
Describe the term "Composite SLA".
When combining SLAs across different service offerings, the resultant SLA is called a *Composite SLA*. The resulting composite SLA can provide higher or lower uptime values, depending on your application architecture. *SLA of 1st application X SLA of 2nd application = composite SLA*.
How does RBAC(Role Based Access Control) define access?
When you are assigned to a role, RBAC allows you to *perform specific actions, such as read, write, or delete.* Therefore, if one role assignment grants you read permissions to a resource group, and a different role assignment grants you write permissions to the same resource group, you will have write permissions on that resource group.
Define: Scalability as it relates to cloud computing
You can increase or decrease the resources and services used based upon the needs of your organization.
What is the primary benefit of the Azure Security Center?
You can use Azure Security Center in *different stages of an incident response*. These are: DETECT, ASSESS, DIAGNOSE, STABILIZE, CLOSE.
What options does a Azure Administrator have for using / creating policies?
You can use pre-exisiting policies in the Azure portal, or you can create and save your own as "*.JSON*" files.
Describe Infrastructure-as-a-Service (IaaS)
You have complete control over the hardware that runs your application (Servers and virtual machines (VMs), storage, networks, and OSes). Instead of buying hardware, with IaaS, you rent it. It's an instant computing infrastructure, provisioned and managed over the internet.