Azure Fundamentals
which URL should you visit to use Compliance Manager?
https://servicetrust.microsoft.com
Service Trust Portal is located where?
https://servicetrust.microsoft.com/
What License should you use when you want to publish on-prem web apps using Azure AD?
Basic License
What should you use to prevent a flood of HTTP traffic to a VM?
DDoS
You want to execute JavaScript code that sends a maintenance email every Sunday. What should you use?
Function App
What is Azure Monitor
Monitors availability and performance of resources using metrics and logs
Describe Logic Apps
They automate tasks with NO coding required. For Cloud AND On-Prem
What setup would qualify as an Availability Zone?
Two Datacenters located in the same region
What is Azure Info Protection (AIP)
Labels & detects sensitive info (example: credit card #s - detects them and labels them highly sensitive) (PREM Paid AAD)
Azure Virtual Network is
Network in the Cloud. Provides communication between the resources in the cloud
You want to be notified of multiple authentication attempts with different passwords. Which alert should you monitor?
Suspected Brute Force Attack (occurs when an attacker uses a password dictionary to try to guess a user password)
Name 4 types of Azure Paid Support and Sev C response time
Developer (Bus Hours 8), Standard (8), Professional Direct(4), Premier(4)
What is the Term used for the ability to quickly return to an operational state after a failure or loss of data backups and other means?
Disaster Recovery - the recovery of data after it was LOST due an event.
SQL Database is considered what type of offering? Iaas? Paas? or Saas?
Paas
What reduces latency by using Doman Name System (DNS) to route users to datacenters that are near them?
Traffic Manager
Can you increase the composite SLA by having a fallback Queue? Yes or No
Yes
Do azure Subscriptions link to AAD (Azure Active Directory)
Yes
Does Logic Apps implement serverless computing through GUI
Yes
You need to filter traffic between two subnets in an Azure Deployment. Filtering should be based on: 1) Source IP address and Port Number 2) Destination IP address and Port Number 3) TCP/IP Protocol in Use You deploy and configure Azure Firewall as the traffic filter. Does this work?
Yes - Azure Firewall provides filtering between subnets and Azure and On-premises
Application Gateway uses path-based routing for images and videos?
Yes - it can route images to one pool and videos to another using data from the URL.
A VM Scale set Automatically creates and integrates with Azure Load Balancer or Azure App Gateway?
Yes - this is an advantage of using scale sets so you do not have to set up Load Balancer or App Gateway for each identical VM
A company wants to move it's VM to another region, can they configure site recovery in another region with the same geographic cluster?
Yes - you can enable replication and identify the target region. You MUST configure site replication in the same GEO Cluster. NOT SUPPORTED across regions in DIFFERENT GEO CLUSTERS
What is the minimum configuration necessary to ensure SLA guarantees for a VM instance?
a single VM instance with Premium Storage
What does Machine Learning Studio Do?
allows you to use built-in algorithms NOT custom in Python.
You need an Azure Security Solution able to identify and investigate suspicious user activities. What should you use? ON-PREMISE
ATP Azure Advanced Threat Protection
You want to control the users who are allowed to create Virtual Networks VNETS. What do you use?
RBAC - you should use RBAC to control the users allowed to create VNETS
Name 3 things you can in Azure Monitor
1) Monitor and visualize Metrics 2) Query and analyze logs 3) Set up Alerts and Actions
What Service do you use to analyze your resource configuration to help you optimize your Azure deployments?
Azure Advisor
You can quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform. You can meet rigorous performance, scalability, security and compliance requirements while using a fully managed platform to perform infrastructure maintenance. What service is this and what type of offering?
App Services - a PaaS offering
What should you use for a web API that must be load balanced across three instances?
Application Gateway
You want to send HTTP Traffic to a specific end point when the URL contains a specific route. what resource should you use?
Application Gateway - supports ROUTING. allows you to distribute HTTP app traffic to a pool of backend instances. APP Layer Load Balancing.
Which feature of Azure monitor allows you to visually analyze telemetry Data?
Application Insights
What is Azure Blueprint?
Applies the same scope of policies to a set of Azure resources. Plus role assignments, policy assignments, manager templates at the SUBSCRIPTION LEVEL
Azure Load Balancer balances the Apps or resources and routes the requests to the most _______________ server
Available (think hostess)
What service/tool should you use to identify and investigate suspicious user activities?
Azure Advanced Threat Protection ATP - it leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
You need to use information from Azure to develop best practices recommendations for optimization. What should you use?
Azure Advisor - RECOMMENDATIONS
What should you use if you want the fastest way to run a container in Azure?
Azure Container Instances - no VMs, no OS to manage. PaaS offering
What service do you use to create a rule that restricts network traffic across subscriptions
Azure Firewall
You want to create a rule that restricts network traffic across subscriptions. What should you use?
Azure Firewall
Function Apps
Azure Functions execute code using your choice from a wide variety of common modern programming languages like C#, F#, Node.js, Java, and PHO. You pay only for the time your code runs or pay for an unlimited App Service plan based on reserved instances. Functions can integrate with your existing code libraries and Azure platforms, including triggering as part of an Azure Logic App.
What is the container service that is the complete orchestration service for Containers?
Azure Kubernetes Service -
Logic Apps
Azure Logic Apps are configured within a web portal and can execute your logic without programming any code. This is more simple to administrate as you only need to manage the properties of these logic blocks in your workflow; but it is also less powerful as you can not get as customized or granular as with Functions. However many (over 200) connectors are plug-and-play so Logic Apps are hardly limited. You pay per action or trigger, plus storage.
To ensure meeting internal company compliance goals and that Azure Resources are compliant with company standards (will include ongoing evaluation of ongoing compliance and identification of non-compliant resources) go to?
Azure Policies
Your company wants to ensure it meets its internal compliance goals and that Azure Resources are compliant with Company Standards. What should you use?
Azure Policies
What should you use to determine the pricing of specific Azure services/resources
Azure Pricing Calculator
You want to use SQL queries to access data from a SQL Svr DB without having to deploy a VM. what do you use? Azure SQL DB or Cosmos DB
Azure SQL DB
Which Azure Monitor Feature sends an email when a VM is about to reach its quota for the month?
Azure Service Health
Which Azure component provides information about planned maintenance and advisories such as deprecated offerings?
Azure Service Health
Describe the difference between Network Security Groups (NSG) and Azure Firewall
Azure security groups (NSG) is a feature of VNet that describe firewall rules on the subnets in Azure. Azure firewall is a product for your transit VNet to secure traffic to Azure, across subscriptions and VNets. Use NSG to limit access within a vNET and Azure Firewall to limit access to a vNET from the outside.
A company wants to move it's VM to another region, can they move the VM to a different resource group in another region?
NO - moving a resource to a different resource group does not move the resource, only the meta data.
What service provides for bi-directional connections between your IoT devices and IoT application?
IoT Hub
Your App Services web app automatically requests more computing resources when there is a sudden spike in traffic. What computing Term applies?
Elasticity
You want to start collecting data about your Azure infrastructure using Monitor. Which type of data collection requires you to enable diagnostics?
Event Logs
You can directly migrate an existing European account to Azure Germany with minimal changes. TRUE or FALSE
FALSE
When you install Azure Threat Protection, DDoS is automatically set up? True of False
FALSE - Azure DDoS is deployed and configured separately from ATP
Machine learning models created in ML Studio can be deployed and managed by ML Service. TRUE or FALSE?
FALSE - ML Studio solutions are managed in ML Studio only and are only deployed as web services.
You want to execute JavaScript code that sends maintenance email every sunday eve. What service should you use?
Function App - allows you to write code that executes on a trigger or schedule.
What are Initiatives?
Group of Policies that are managed as a single unit
To analyze large amounts of streaming data being collected from IoT devices, use?
HD Insight - LARGE AMOUNTS of streaming DATA/IoT
You want to use Java to process batches in Hadoop clusters - what resource should you use?
HD Insight - it is a managed HADOOP that allows you to process batches using R, Python, SQL, Scala and Java
You want to view the Azure Features that are planned to be deprecated. What monitoring feature should you use?
Health Advisories
You want to view the Azure features that are planned to be deprecated. What should you use?
Health Advisories - HA provide you events that are of concern to you such as when you exceed usage quota or when a feature is about to be deprecated.
You want a SaaS solution that allows you to build IoT solutions without DEV expertise - what should you use?
IoT Central
A solution should allow devices to send on-board diagnostic sensory and telemetry data to the Cloud for analysis. What solution should you use?
IoT Central - this solution supports device to cloud messaging and per-device identity. you can also use it to analyze telemetry data.
You need to prevent any users from deleting resources from a resource group with contents spanning multiple subscriptions. What should you use?
Locks - Locks can be applied to a subscription, Resource Group or a resource as CanNotDelete or ReadOnly
You want to use serverless computing to design a graphical workflow that sends an email every night but only if an automated build fails. what should you use?
Logic App - allows you to design a workflow by using a graphical interface
Which Azure svc provides serverless workflow orchestration to let you integrate apps, data, systems and svcs across enterprises and organizations? 1) functions 2)Logic Apps 3) Apps Grid 4) Bot Service
Logic Apps
Which Azure service can autoscale to add or remove resources to minimize cost and optimize performance?
MONITOR- you can create rules in metrics on Monitor to match resources to an application load.
What should you use if you want to create Machine Learning algorithms using Python?
Machine Learning Services -
In Azure Resource Manager (ARM) can you use the tool to manage Linux?
NO
Do all Paid Support Plans include 24/7 email/phone support?
No - Developer does not - includes bus hrs access to Support Engineers.
Does Azure Functions provide serverless computing through a Graphical User Interface GUI?
No - Functions uses Scripting language. Functions are based on/triggered by an event.
You need to filter traffic between two subnets in an Azure Deployment. Filtering should be based on: 1) Source IP address and Port Number 2) Destination IP address and Port Number 3) TCP/IP Protocol in Use You configure and deploy web app firewall (WAF) as the traffic filter. Does this work?
No - WAF is deployed as part of App Gateway Service
A company wants to move it's VM to another region, can they backup the VM, Delete the VM and copy the VM to a different region - would this work?
No - significant effort and downtime
A VM scale set automates the distribution of VM instances across Availability Sets, Zones and Regions?
No - they do automate distribution for Sets & Zones BUT NOT REGIONS
Can Azure Powershell be used to create Azure Manager Resource Templates?
No. ARM templates use basic JSON scripting language
What factors effect cost?
Number of Instances, Instance Type, Region, Tier, OS,
An Azure Multi Factor Authentication MFA Server is required for authentication when supporting users located on...
On-PREM Active Directory Only.
Which 3 authentication methods support SSPA & MFA? 1)Pswd 2)Email 3)App Pswd 4) Voice Call 5) Security Questions 6)SMS
Password, Voice Call and SMS
What should be used to limit access to resources at the resource group in a detailed granular way? Access will be granted to various groups and individual users.
RBAC - because the limits can be placed and the Role -leve
You want to prevent VMs from being deployed in a subscription. What do you use?
Policy - a policy definition is a JSON file that is assigned to a scope such as a Resource Group.
What are Azure Locks?
Prevent Deletion OR Modifications of resources (NO DELETE & READ ONLY)
Azure App Gateway - what does it do?
Provides for the management of traffic to specific Servers. (think Matre'd)
You want to be sure only members of the Sales Group can access the resources in Sales-rg - Use What?
RBAC - applies permissions to users & groups
You can increase the number of VMs as more inbound requests arrive. What computing Term applies?
Scalability
What does Azure Security Center Do? Name all 6
Security Recommendations, Monitor Security settings, monitor all services, Uses ML to detect and remove malware, Analyze and identify inbound attacks, JIT access control for Ports
What service do you use to find out about service outages and planned maintenance?
Service Health
A Network Security Group NSG can only protect resources in a what?
Single Subscription - Cannot protect across Subscriptions
Azure Advisor is a free offering that analyzes your Azure usage and provides recommendations on how you can save money, improve performance, be more secure, and improve reliability of the solutions you already have running in Azure. TRUE or FALSE?
TRUE
Azure Security Center provides native integration with Windows Defender - TRUE or FALSE
TRUE
Machine Learning Studio is a collaborative drag and drop visual workspace to work with Machine Learning solutions. No coding is needed. TRUE or FALSE
TRUE
the Microsoft Trust Center is the Azure info site that contains general broad-ranging information on security - True or False?
TRUE - MTC helps to design, plan, deploy and manage Azure Cloud solutions - includes; Security, Privacy, Compliance, Transparency, Products and Svcs
An NSG defines rules that allow or deny inbound and outbound traffic? True or False
TRUE - an NSG acts like a firewall
Service Health lives where?
Under Azure Monitor. It provides details on overall Azure health (datacenters, outages, etc)
A zone is a geographical grouping of Azure regions used to determine billing based on...?
data transfers - billing applies to incoming and outgoing data. There are 4 zones (1, 2, 3 and DE 4)
A VPN Gateway does what?
network that routes data from on-prem to Azure via the Internet. (Think MS network access from home.)
What does Service Health provide?
notifies you if your app service exceeds usage, allows you to respond to planned service outages, allows you to implement a webhook to display health incidents
What does Azure Advisor Do?
provides recommendations on availability, performance, Security, cost (APSC)
What is Event Grid?
single service for managing routing of all events from any source to any destination. Designed for high availability, consistent performance, and dynamic scale
Content Delivery Network (CDN) delivers what?
web content to the closest in proximity server - helps prevent buffering (think Netflix)