AZ-900 Cloud Guru

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

How many subscriptions and regions can a VNET belong to?

1

How subscriptions and regions can a VNET belong to?

1

How long does it take for cloud shell to time out

20 mins

How many minutes of downtime is 99.99% availability

4 minutes

Azure Virtual Desktop

A *desktop and application virtualization service* that runs on the cloud. It enables your users to use a cloud-hosted version of Windows from any location via a WEB browser. Azure Virtual Desktop works with devices like Windows, Mac, iOS, Android, and Linux. - Supports individual ownership through personal desktops. - You can use your licenses. No need to pay extra aka you are not charged monthly for them - Simplified management.

Azure Reliability and Predictability

A 2019 report revealed that Microsoft Azure delivered "an average uptime of 99.995% for its core compute services

Billing Cycle

A billing cycle on Azure is typically every 30 to 60 days

Azure Key Vault

A centralized cloud services to store application secrets. Provide secure access, permissions control, and access logging Usage: secrets management, key management, certificate management, store secrets backed by hardware security modules (HSMs)

Kubernetes Node

A collection of Pods

Kubernetes Pod

A collection of containers

Kubernetes Cluster

A collection of nodes (Compute Engine VMs). A Kubernetes Cluster includes one master node and one or more worker nodes.

Role Definition

A collection of permissions such as read, write, delete

Azure Kubernetes Service (AKS)

A complete orchestration service for containers with distributed architectures with multiple containers. Replicate Container Architecture Standard Azure Services Included Global Reach

Azure Geography

A discrete market typically containing two or more regions that preserve data residency and compliance boundaries.

Content Delivery Network (CDN)

A distributed network of servers that can efficiently deliver web content to users. It is a way to get content to users in their local region to minimize latency.

Azure Pricing Calculator

A free web-based tool that allows you to input Azure services and modify properties and options of the services. It outputs the costs per service and total cost for the full estimate.

Scale Sets

A group of identical, load balanced VMs that can be activated or deactivated as needed A baseline VM for the scale set ensures application stability. A baseline VM is what you copy from to make the other VM's As resource usage increases, more VM's are activated to take load You only pay for the VM, storage and networking resources you use. Nothing additional for scale sets Can run up to a 1000 virtual machines

Service Trust Portal

A list of standards that Microsoft follows, pen test results, security assessments, white papers, faqs, and other documents that can be used to show Microsoft compliance efforts

Azure Security Center

A monitoring service that provides threat protection across all of your services both in Azure, and on-premises.

What is an address space on a virtual network?

A range of IP addresses that can be assigned to resources attached to the virtual network

Azure Powershell

A set of cmdlets for managing Azure resources directly from the PowerShell command line

What is an Azure region?

A set of datacenters, deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network

What is a scale set?

A set of individual virtual machines that can be configured and managed as a single group

Storage account endpoints

A storage account provides a unique namespace in Azure for your data. Every object that you store in Azure Storage has a URL address that includes your unique account name. The combination of the account name and the service endpoint forms the endpoints for your storage account.

What does Infrastructure as a Service describe?

A type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis

What is an availability zone?

A unique physical location within a region that is made up of one or more datacenters equipped with independent power, cooling, and networking

Examples of Authorization

A user can create virtual machines A user is access to some files A user is allowed access to a building

Examples of Authentication

A user logs in with a password A user uses the thumb print scanner on a laptop

Cloud shell features

Accessible from web Choose between Azure Cli and Powershell Tooling Storage to persist data between sessions

What is special about the China region in Azure?

All customer data is guaranteed to be geographically within China. You are guaranteed to be compliant with all Chinese data and IT regulations. All Azure services available in the China region are physically located inside China.

VNet Peering

Allows virtual machines in two separate virtual networks to communicate directly, using their private IP addresses. Can be used to transfer data between Azure AD tenants Over azure private network

Total Cost of Ownership (TCO) Calculator

Allows you to compare the difference in cost between your current on-premises infrastructure and your predicted cloud infrastructure

Network Security Group (NSG)

Allows you to filter network traffic to and from Azure resources in a VN. Can contain multiple inbound and outbound security files that enable you to filter traffic to and from resource and destination IP address, port, and protocol. As many rules as permitted by subscription. Can override default rules but cannot delete them.

Azure Hybrid Benefit

Allows you to use existing licenses such as a license to use a particular VM in the cloud free of charge with out having to buy a new license

What is a distributed denial-of-service attack?

An attack where lots of computers target a single server or website with the aim of making it stop

Azure Storage Account

An entity that is used to store Azure storage data objects such as blobs, files, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that's accessible from anywhere in the world over HTTP or HTTPS. Data in your storage account is durable and highly available, secure, and massively scalable.

Azure Functions

An event-driven, serverless compute service Only Runs When Needed Saves Money Resilience

Every Azure Account has what associated with it when its created?

An instance of Azure AD

Security Principle

An object representing an entity such as a user or group, which can access the resource

Azure marketplace

An online market to buy and sell finisher software as a service application and premium dataset

Common PaaS Scenarios

Analytics or business intelligence Development framework

What can you store in a blob container inside Azure Storage?

Any kind of binary file, such as videos, images, documents, and applications

App Service

App service is an easy way to host and manage your web application App Services are a PaaS offering on Azure Web Apps are used to host websites and web applications Web Apps for Containers can host your existing container images Api Apps can host your data backed services

Which types of blobs are supported by Azure Storage?

Append Blobs Block Blob Page blob

Append Blobs

Append blobs are made up of blocks like block blobs, but are optimized for append operations. Append blobs are ideal for scenarios such as logging data from virtual machines.

Application insights

Application Insights is a service that monitors the availability, performance, and usage of your web applications, whether they're hosted in the cloud or on-premises. It leverages the powerful data analysis platform in Log Analytics to provide you with deeper insights into your application's operations. Application Insights can diagnose errors, without waiting for a user to report them. Application Insights includes connection points to a variety of development tools, and integrates with Microsoft Visual Studio to support your DevOps processes.

Management groups

Are an azure resource management scope that sit above subscriptions. A collection of subscriptions. Permissions, policies, and compliance settings can be applied to the group of subscriptions at one time

Azure Availability Zones

Are physically separate locations within each Azure region that are tolerant to local failures. A minimum of 3 separate availability zones are present in all availability zone enabled regions

When can you delete a resource group from Azure?

At any time, as long as your resources or resource group are not locked by a related service

When can you delete a resource group?

At anytime , as long as your resources or resource groups are not licked by a related service

Availability Sets

Availability sets are a way for you to ensure your application remains online if a high-impact maintenance event is required, or a hardware a failure occurs. Availability sets are made up of update domains and fault domains. Everything is contained with in one datacenter

Azure Region Pairs

Availability zones are created by using one or more datacenters. There's a minimum of three zones within a single region. It's possible that a large disaster could cause an outage big enough to affect even two datacenters. That's why Azure also creates region pairs.

Options for moving files in Azure

AzCopy, Azure Storage Explorer, and Azure File Sync

AVD users should exist in the same Windows Server Active Directory that is linked to

Azure AD

Why type of storage service provides persistent storage for ACI

Azure File Storage

File Storage

Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and MacOS. Applications running in Azure virtual machines or cloud services can mount a file storage share to access file data, just as a desktop application would mount a typical SMB share. Any number of Azure virtual machines or roles can mount and access the file storage share simultaneously. Typical usage scenarios would be to share files anywhere in the world, diagnostic data, or application data sharing

Azure Migrate

Azure Migrate provides a simplified migration, modernization, and optimization service for Azure. All pre-migration steps such as discovery, assessments, and right-sizing of on-premises resources are included for infrastructure, data, and applications. Azure Migrate's extensible framework allows for integration of third-party tools, thus expanding the scope of supported use-cases

Azure Policy

Azure Policy is a service in Azure that you use to create, assign, and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service-level agreements (SLAs). Azure Policy does this by using policies and initiatives. It runs evaluations of your resources and scans for those not compliant with the policies you have created. For example, you can have a policy to allow only a certain stock keeping unit (SKU) size of virtual machines (VMs) in your environment. Once you implement this policy, it will evaluate resources when you create new ones or update existing ones. It will also evaluate your existing resources.

ARM Templates

Azure Resource Manager templates (ARM templates), you can describe the resources you want to use in a declarative JSON format. Benefits: - *Verified* before the code is executed. - The template orchestrates the creation of *many resources in parallel*. - Creates *all dependencies* in the correct order.

There is a potential threat to your Azure infrastructure from an outside attacker. Which service is best for detecting the threat and taking action?

Azure Sentinel

3 Main components of VPN Gateway Scenario

Azure VNET with a VPN Gateway attached Tunnel - a secure connection between the Azure VPN Gateway and the on premises gateway On premises gateway

Your company suddenly has a bunch of new remote employees, who all need a Windows environment to work from. Which is the best Azure solution to get them up and running quickly?

Azure Virtual Desktop (formerly Windows Virtual Desktop)

How do resources on Azure use a virtual network?

Azure Virtual Network enables Azure resources to securely communicate with each other, the internet, and on premises networks

Azure Billing Zones

Azure has 3 billing zones and data transferred with in a zone is free but data transfered to another zone costs money

What are valid managed disk storage types on Azure?

Azure offers four types of manage disk storage: Standard HDD, Standard SSD, Premium SSD, and Ultra Disk.

Private cloud

Azure on your own hardware in a location of your choice. All the benefits of public cloud but you can lock it down. A lot of staff required

Which Azure calculator would you use to figure out monthly costs for Azure services?

Azure pricing calculator

Azure AD Subscription

Billing Entity- all resources in a subscription are billed together Cost Seperation- You can have multiple subscriptions within a tenant to seperate costs Payment- if a subscription isn't paid all the resources are turned off

What type of storage is Archive Storage?

Blob Storage

What type of Azure storage is ideal for long-term backups, disaster recovery, and archiving?

Blob storage

Which services can feed data into Azure Monitor?

Both Azure services and on-premises services

Azure Advisor makes shutdown recommendations based on what

CPU and outbound network utilization

Locks

Can be assigned to a subscription, resource group or resource Types - Delete where you cant delete the object or Read -only where you cant make any changes to the object Locked means locked- meaning the lock must be removed before an actions can be performed

Azure Sovereign Regions

Certain regions are dedicated to specific sovereign entities. Although all regions are Azure regions, these sovereign regions are isolated from the rest of Azure. They aren't necessarily managed by Microsoft, and they might be restricted to certain types of customers. Such as Azure Governemnt - US

Rules and health probes

Checks to ensure the backend instance can receive the data

Azure China is operated by

China specifically 21Vianet

Azure Active Directory

Cloud based identity and access management service. Azure AD helps employees of an organization sight in and access resources. Benefits: Authentication SSO (single-sign on) Application management B2B identity services B2C identity services Device Management

B2B collaboration

Collaborate with external users by letting them use their preferred identity to sign in to your Microsoft applications or other enterprise applications (SaaS apps, custom-developed apps, etc.). B2B collaboration users are represented in your directory, typically as guest users.

Cloud Adoption Framework

Collection of Documents- lots of resources to guide you through the cloud adoption process Guidance- Help to define strategies for adoption Governance- Key to the cloud adoption process. Strategy Plan Ready Innovate

Cache

Collection of temporary copies of original files. The primary purpose is to optimize speed for an application. When a copy expires, a new copy is needed

Which companies must comply with General Data Protection Regulation (GDPR) requirements?

Companies of any country must adhere to GDPR if their users and customers are located in the European Union.

Azure Compliance Manager

Compliance Manager is a workflow-based risk assessment tool that helps you track, assign, and verify your organization's regulatory compliance activities related to Microsoft Cloud services, such as Microsoft 365, Dynamics 365, and Azure.

What features of Azure AD are only available in the P1 and P2 tiers?

Conditional Access Self service password reset RBAC

Conditional Access

Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action. Example: A payroll manager wants to access the payroll application and is required to do multi-factor authentication to access it. specify the actions that must be completed or the conditions that must be met to grant access to the requested resource

What is the best scenario for using Azure ExpressRoute?

Connecting your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider

What is consumption-based pricing on Azure?

Consumption-based pricing is when you are charged for only what you use (pay-as-you-go rate)

Azure Container Instances

Containerized apps run on Azure without provisioning servers or VMs. Primary Azure service for running container workloads A workload is your process or application On Demand - Use containerized apps to process data on demand by only creating the container image when you need it. Save some cash in the process Works with the tool of your choice- Azure CLI, Azure Portal, or Powershell

Azure Cost Management

Cost management tool in the portal provides detailed view of current and projected costs. Reports and recommendations- get detailed reports and recommendations on how to save on costs and analyze them optimization- your current resources to save money and monitor any amazon web services charges to

Shared Responsibility Model

Customer: responsible for security "in" the cloud Azure: responsible for security "of" the cloud

Azure Databox

Data Box devices easily move data to Azure when busy networks aren't an option. Move large amounts of data to Azure when you're limited by time, network availability, or costs, using common copy tools such as Robocopy. All data is AES-encrypted, and the devices are wiped clean after upload, in accordance with NIST Special Publication 800-88 revision 1 standards. Think of a box of hard drives to move data

Express Route

Dedicated Circuit between business and microsoft azure. Connection through a connectivity provider, the ability to extend microsoft cloud to on premise networks over a private connection.

Azure Government Cloud

Dedicated Regions for US government Exclusivity- only government can use it Compliance- ensures compliance with government agencies and level 5 department of defense approval You get standard Azure benefits

How to use Security Center

Define Policies- setup policies for Azure to monitor resources form Protect Resources- actively protect resources through monitoring your policies and their outcomes Response- response to any security threats and go back to step 1 to mitigate threats

Role-Based Access Control (RBAC)

Define User Access- assign users to individual resources Minimum Access - enable minimum access necessary to resources. Target Specific Use Cases- Be very explicit about uses and access

Using Security Center

Define policies - set up policies to monitor resources from. A policy is a set of rules used to evaluate a resource. Use predefined policies or create your own Protect resources- Actively protect your resources Response- respond to any security alerts. Investigate all of them and then go back to step 1 to define new policies to account for the alert

Which of the following are features of role-based access control?

Defining which actions users can take on a resource Defining which users have access to specific Azure resources

Which of the following are types of locks in Azure?

Delete Read-only

Azure Resource Manager (ARM)

Deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features like access control, locks, and tags to secure and organize your resources after deployment.

DDOS Protection Service

Detects the DDOS attack and deflects it. Various levels of protection depending on scenario No downtime Cannot support more than 100 resources. Can be used across subscriptions

Service endpoints

Direct connection from subnet to Azure PaaS services Connects over Microsofts private backbone ( not over public internet) Services can be configured to only allow for traffic from service endpoint-enabled subnets

DDOS

Distributed Denial of Service

Load Balancer

Distributes new inbound flows that arrive on the Load Balancer's frontend to backend pool instances, according to rules and health probes

Resource Group Facts

Each resource can only exist in a single resource group You can add or remove resources to any rg at any time you can move resources between rg's a rg can have resources in different regions can give access control to a rg can interact with other resource group You delete the resource group and everything in it will also be deleted

Azure Active Directory Seamless Single Sign on

Enable SSO in Azure AD Seamlessly use all applications without logging in Single user name and password

What does fault tolerance describe for cloud computing?

Ensuring services and applications remain available in the event of a failure

B2B direct connect

Establish a mutual, two-way trust with another Azure AD organization for seamless collaboration. B2B direct connect currently supports Teams shared channels, enabling external users to access your resources from within their home instances of Teams. B2B direct connect users aren't represented in your directory, but they're visible from within the Teams shared channel and can be monitored in Teams admin center reports.

In which scenario/s would you use an Application Gateway?

For incoming traffic, to make routing decisions based on additional attributes of an HTTP request, such as URI path or host headers To host multiple websites

Common SaaS Scenarios

Gain access to sophisticated software

Authorization

Granting the correct level of access to a resource or service

Management Groups

Group subscriptions- allows you to take action across multiple subscriptions Organize - allows you to manage access policies and compliance in bulk Billing logic- you maintain billing associated with the right budgets.

Disk Types

HDD - low cost and suitable for backup SSD - Standard for PROD, Higher reliability and scalability Premium SSD - Super fast and high performance. Used for critical workloads Ultra Disk- for most demanding and intensive workloads. Disks up to 64tb

Azure Information Protection (AIP)

Helps organizations classify and optionally help protect documents and emails by applying labels. Labels can be applied: Automatically by admins who define rules and conditions, manually by users, a combo of the two where users are given recommendations Usage: A user saves a word doc containing a credit card number, a custom tooltip displays a label if the file is confidential/all employees, label classifies doc and protects it.

Application Gateway

Higher level load balancer Works on the HTTP request of the traffic, instead of the IP address and port Traffic form a specific web address can go to a specific machine Is a fit for most other Azure services Supports auto scaling, end to end encryption, zone redundancy and multi site hosting

Blob Pricing

Hot - frequently accessed files. Lower access times and higher costs Cool - Lower storage costs and higher access times. Data remains here for at least 30 days Archive - Lowest cost and highest access time

File Storage Scenarios

Hybrid - can supplement your local file storage if you are running out of space Lift and shift - move your existing file storages and related services to Azure

Tags

Identify Roles- protect sensitive data by defining which roles can access a resource. Related Resources- to make bulk processing and updating easier, define which resources are related Filter resources per project, customer, or for reporting purposes Unambiguous- create a list for tags used that includes: description, tag name, and potential values Tags applied to a resource group are not inherited by its resources. Tags are also not inherited if they are applied at the subscription level Not all resources supports tags. Mainly resources created before tags. You should use tags to analyze a cost report

What is high availability in cloud computing?

If one resource on Azure dies unexpectedly, another resource will almost instantly take over the workload.

Load Balancer Scenarios

Incoming Internet Traffic Internal Network Traffic Port Forwarding - forwarding traffic to a specific machine Outbound Traffic - Allow outbound connectivity for backend pool VMs

Factors affecting cost of app service

Instance type Number of instances Operating system Region Tier

Azure Resource Manager Templates

JSON files that define the infrastructure and configuration of resources in Azure.

Azure Container Registery

Keeps track of current valid container images Manages files and artifacts for containers Feeds container images to ACI and AKS Use Azure identity and security features

Chine Region

Located in china and has no connection outside of china Data is kept in china ensured compliance with Chinese regulations

How to choose a region

Location - want it to be close to your users Features- some features aren't in all regions price- the price of services may vary region to region

Azure Subscription

Logical container used to provision resources in Microsoft Azure. It holds the details of all your resources like virtual machines, databases, etc. An azure account can have multiple subscriptions. Useful for organizing who pay what

Archive Storage

Low cost storage for rarely accessed data with flexibility latency requirements. Store terabytes of data in the cloud for a few dollars a month, and repurpose other storage infrastructure for other business objectives. Secure, easy to manage. Storage tier available for blob storage.

VNet Peering Benefits

Low latency, High Bandwith Link Separate Networks- resources in separate networks can communicate with one another Data Transfer

Saas characteristics

Managed form a central location hosted on a remote server accessible over the internet users not responsible for hardware or software updates rate limting/Qos Micorost 365

What is a heirarchy of resource groups, subscriptions, and management groups?

Management Groups (Top) Subscriptions Resource Groups

Azure Monitor Outcomes

Maximize Performance Maximize Availability Identify Issues

Azure Government is operated by

Microsoft

Microsoft Defender for Identity

Monitor users- Analyze user activity and information. This includes any permissions and memberships of groups Baseline Behavior- Record what a user's normal behavior and routine is, and any activity outside those actions will be flagged Suggest changes to meet security best practice leverages your on-premises Active Directory signals to identify, detect and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

Event Logs

No captured by Azure Monitor by default. Need to be enabled

When a blue print is updated and the updated version is published. Are the blue prints assignments updated automatically?

No, you must update the assignments individually

Billing Admin

One more users can be a billing admin which manages anything to do with billing and invoicing on Azure. Ensures separation of responsibility

What is the difference between OpEx and CapEx?

OpEx is an ongoing cost for running a business. CapEx is the cost of acquiring and maintaining assets.

IAAS characteristics

Organization has complete control of the infrastructure Dynamic and flexible, you can do almost anything Cost varies depending on consumption services are highly scalable multiple users share a single piece of hardware VM, VNET, Storage

Page Blobs

Page blobs store random access files up to 8 TB in size. Page blobs store the virtual hard drive (VHD) files serve as disks for Azure virtual machines.

SaaS (Software as a Service)

Pay for software as you use it. Not installed locally, instead it is 'Hosted'software e.g. Google Docs

Azure Portal Features

Personalization- can be custom to you Access control Cost management One stop shop Constantly updated

Azure Service Health

Personalized guidance and support when you have azure issues. Can notify you and help you understand what is wrong and update when it is resolved. Azure status : global view of AZ services. Service health : track services in regions you use. Resource health : what service issues affect your resources.

7 Layers of defense in cloud computing

Physical Identity and Access Perimeter Network Compute Gateways and Firewalls Data

Disaster Recovery

Plan to recover critical business systems in the event of a disaster such as weather events or cyber attacks

Microsoft Defender for cloud provides

Policy and compliance metrics A secure score to entice great security hygiene Integrate with other cloud providers Alerts for resources that aren't secure

Premium Block Blobs

Premium storage account type for block blobs and append blobs. Recommended for scenarios with high transaction rates or that use smaller objects or require consistently low storage latency

Premium File Shares

Premium storage account type for file shares only. Recommended for enterprise or high-performance scale applications. Use this account type if you want a storage account that supports both Server Message Block (SMB) and NFS file shares.

Premium Page Blobs

Premium storage account type for page blobs only.

Application Security Group

Protects an application rather than an IP endpoint. Allows you to configure security as a natural extension of an applications structure. You can group VMs and network security policies based on your application and its components instead of an explicit IP address

Azure Advisor

Provides recommendations on high availability, security, performance, and cost. Analyzes deployed services and looks for ways to improve your environment across those areas. Can user information from security center to develop best practices recommendations for optimization

Azure Advisor Security Assistance

Provides security recommendations by integrating with Azure Security center.

Azure AD B2C

Publish modern SaaS apps or custom-developed apps (excluding Microsoft apps) to consumers and customers, while using Azure AD B2C for identity and access management.

Free Accounts

Really Free Provides access to many azure services up to a certain limit for free.

What is a suitable use case for the Azure Files storage service?

Replace or supplement on-premises file servers.

Azure AD Tenant

Represents an organization in Azure A Tenant is a dedicated instance of AAD that an organization receives when signing up for Azure Each tenant is distinct and completely separate from other AAD tenants Each user in Azure can be a member or gues of up to 500 Azure AD tenants

Influences on pricing

Resource Size- different sizes of resources will have different prices Resource Type Location- different Azure locations have different prices for services. Exchange rates, labor costs and more have an influence on the price Bandwith- bandwith your services are using incurs a cost

Which factors have an influence on the cost of using products and services on Azure?

Resource size The location of the service or resource How much bandwidth you will use

PaaS Characteristics

Resources are virtualized and can easily be scaled up or down as needed Services often assist with the development , testing, and deployment of apps Multi user access via the same development application Integrates web services App Servies, Azure CDN, Cosmos DB

What authentication types are supported by both self service password reset and MFA

SMS Voice Call Passowrd

What's the best definition for scalability on Azure?

Scalability is the ability of a system to handle increased load. Services covered by Azure Autoscale can scale automatically to match demand to accommodate workload.

Cloud Advantages of Virtual Network

Scaling - Adding more VNETS or more addresses to one is simple High availability - Peering VNets, using load balancing, or using a VPN gateway all increase availability Isolation- manage and organize resources with subnets and network security groups

What are the two types of scaling on Azure?

Scaling up/down and scaling out

Limitations of Service Endpoints

Secure access to VNets only meaning no private on-premises access, and on-premises access must be done over public IP PaaS public endpoint still exists Service endpoints provide access to an entire service For example provides private access to all of Azure storage not just a storage account

Regulatory Compliance

Security Center keeps track of your regulatory compliance

Role Assignments 3 components

Security principle Role Definition Scope

What is a fully managed platform on Azure?

Servers, network, storage, and more are all managed by Azure. You focus on your business value and logic.

Reserved Capacity

Similar to reserved instances can be used on such services such as Azure SQL, Synapse Analytics. Cosmos DB, Redis Cache

Spending Limits

Some Azure accounts with monthly credits to use will have default spending limits. When the credits are used the limit kicks in. When credits are gone either remove the limit entirely or leave it in effect. No spending limit - aka pay as you go

Reserved Instances

Some azure services can be reserved for a certain time period such as 1 to 3 years. Reserving an instance of a service gives you a discount

Which are authentication methods used to verify a user with multi-factor authentication?

Something you know Something you have Something you are

VPN Gateway

Specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and on-premises location the public Internet. Can also send encrypted traffic between Azure virtual networks over the Microsoft network. Each virtual network can only have one VPN gateway. When you create a virtual network gateway, gateway VMS are deployed to the gateway subnet and configured with the settings you specify. One of the settings is the gateway types is VPN. You can create gateways between two VPN gateways (VNet-to-VNet), a VPN gateway to on-premise VPN device (Site-to-Site), or connect to your virtual network from a remote location (Point-to-Site) over a VPN connection. A PaaS offering to build, deploy, and scale enterprise-grade web, mobile, and API apps.

Azure CLI Advantages

Stable- text commands don't change Structure - Cli commands are structured logically Cross Platform- Cli works on WIndows , Mac, linux Automation Logging

Types of Storage Accounts

Standard General Purpose v2 Premium Block Blobs Premium File Shares Premium Page Blobs

Two types of DDOS Protection

Standard and Basic Basic is enabled automatically and is free with Azure Standard is not enabled automatically and incurs additional charges

Standard General Purpose v2

Standard storage account type for blobs, file shares, queues, and tables. Recommended for most scenarios using Azure Storage. If you want support for network file system (NFS) in Azure Files, use the premium file shares account type.

Storage Account name

Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only. Your storage account name must be unique within Azure. No two storage accounts can have the same name.

Block Blobs

Store text and binary data up to 4.7 Terabytes. Made up of individually managed blocks of data

High Availability

System is continuously operational at all times means VMs can spin up fast to heal process requests

Common IAAS Scenarios

Test and Development Storage and backups High Performance Computing Big data and analysis

Backend pool

The VM instances receiving traffic

Which cloud ability does elasticity describe?

The ability to quickly expand or decrease computer processing, memory, and storage resources

Agility

The ability to rapidly develop, test, and launch software applications that drive business growth

Authentication

The act of proving who or what something is

What is the role of subscriptions in relation to Azure resources billing?

The billing of Azure resources in your account is generated at the subscription scope.

What significance does the name for your Azure storage account have?

The combination of the storage account name and the Azure Storage service endpoint forms the endpoints for your storage account. Your storage account name must be unique within Azure.

Azure Functions Serverless

The oldest server less service on azure Preforms only a single task for each invocation Fundamental compute action and can be run millions of times per second

Virtual Network Address Space

The range of IP Addresses that are available in the VNET Every service or resource on the VNET gets its own address

Scope

The resources the access applies to. Specify which role can access a resource or resource group

What is the service for managing privacy on Azure called?

There isn't a single service, as privacy is part of every service on Azure.

Site to Site VPN

Think Azure to on premises S2S connections can be used for cross-premises and hybrid configurations. A S2S connection requires a VPN device located on-premises that has a public IP address assigned to it.

Serverless

Think azure functions. You dont maintain the server just the code running on the server

Operational Expenditure (OpEx)

This is spending money on services or products now and being billed for them now. You can deduct this expense from your tax bill in the same year. There is no upfront cost, you pay for a service or product as you use it. Think paying for virtual services as you need them

Consumption based pricing

This pricing model is based on the amount of a service that is consumed. This is a useful method where your usage of the product or service may change over time Low usage = Low cost

What is the primary use for disk storage?

To attach to a Virtual Machine to act as a Virtual hard drive.

Why would you use a content delivery network?

To better handle instantaneous high loads, such as the start of a product launch event To provide better performance and improved user experience for end users

Why is cloud agility important for businesses?

To enable the ability to rapidly develop, test, and launch software applications that drive business growth

What is the main function of Azure Information Protection?

To help an organization classify and (optionally) protect its documents and emails by applying labels

What is the purpose of having defense in depth?

To provide several layers of defense for your resources, data, and assets

Which of the following are valid use cases to use Azure Service Health in your architecture?

To set up custom alerts to notify you of any outages, planned or otherwise To track incidents with your services in real time and get a report afterwards

What are the Microsoft services that can tell you more about trust in the Azure platform?

Trust Center Service Trust Portal

If you don't want to share the hardware your VMs run on, how can you manage that in Azure?

Use Azure Dedicated Host.

Azure File Sync

Use Azure File Sync to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share. You can use any protocol that's available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.

To limit spending on Azure, what is a recommended best practice?

Use Azure spending limits on resources and services.

If you have multiple applications in Azure Active Directory that you want users to access, which is the best way to handle user access?

Using single sign-on

Which features are in Azure Cost Management?

Visualizing future costs for your Azure account Visualizing current costs for your Azure account

What are 3 kinds of App Service

Web App for Containers Api Apps Web Apps

You can use the Azure CLI, Azure Portal and Azure PowerShell on which platforms

Windows, Linux, and Mac OS

Difference between Geo redundant storage and read only geo redundant storage

With Geo Redundant storage you can only read from the secondary storage location once the primary storage location has failed. With Readonly you can read from either at anytime

When the virtual machine is stopped does the storage attached to it incur costs?

Yes

user defined routes

You can create custom, or user-defined(static), routes in Azure to override Azure's default system routes, or to add more routes to a subnet's route table. In Azure, you create a route table, then associate the route table to zero or more virtual network subnets. Each subnet can have zero or one route table associated to it. User defined routes override default routes

Azure Data Box Gateway

You should use Azure Data Box Gateway to periodically migrate data to Azure using Server Message Block (SMB). This service enables you to securely transfer large amounts of data to and from Azure Data Box. Use gateway to replicate data between on-premises storage and Azure Data Box, or to transfer data into and out of Azure storage accounts using your network.

Azure Virtual Machine

Your machine exclusively You dont own or control the hardware the VM runs on VM's are an IAAS offering where are you are responsible for the machine Take advantage of Azure tools Price for VM's goes up as resources go up and you pay by the hour All VMs must be on a VNET

Microsoft Active Directory

a directory service that Microsoft developed for the Windows domain networks. This is not Azure Active Directory

Azure Region

a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.

Subnets

a logically visible subdivision of an Internet Protocol (IP) network Allows for multiple networks on same VNET Allows for logical grouping of resources More efficient to allocate addresses to resources on a subnet More Secure

Quotas

a quota is a limit on a certain property of an azure service. ensure Azure can maintain their high service level if you need to increase the quota for a particular service, you can ask Microsoft to increase them. Quotas for resources in a resource group are per region not per subscription

Cmdlet

a script that performs a specific task "New-AzVm" creates a new virtual machine

Azure Sentinel

a security information and event management tool. (SIEM) Features- Behavioral Analytics AWS Integrations Cloud Scale

Elasticity

ability to quickly expand or decrease computing resources not just VMs. Elasticity enables scaling

Define edge computing

allows customers to run VMs. containers, and data services at edge locations

A Vpn Gateway is an important part of a hybrid Azure Infrastrucuture as it?

allows for encrypted traffic to flow between on-premises services and Azure services

Blueprint Contributor role

allows users to manage blueprints but not assign them

Azure AD ID Protection

allows you to apply MFA with conditions. It is also used to detect risks such as anonymous IP address logins, unfamiliar sign-ins, and credential leaks

Cloud Shell

an interactive browser-accessible shell for managing Azure Resources

Cost management

built in service that gives you a breakdown of the usage and cost of your Azure resource

Blueprint operator

can assign existing published blueprints, but they cannot create new blueprint definitions

Contributor role

can create and delete blue print definitions but can not assign them

Contributor and Management Group Contributor

can create, update, move, delete and read management groups

Owner Role

can create, update, move, delete, and read management groups in addition to assigning access policies

Scaling out

creating more instances

Firewall

defines rules for what kind of traffic can and cannot access the device or service behind it Variations- comes as hardware and software versions critical part of any network

Platform as as Service (PaaS)

delivers a computing platform—often an operating system with associated services—over the Internet without downloads or installation.

IAAS

delivers hardware networking capabilities, including the use of servers, networking, and storage, over the cloud using a pay-per-use revenue model

Initiatives

enable you to group several related policy definitions to simplify assignments and management because you work with a group as a single item. For example you can group related tagging policy definitions into a single initiative. Rather than assigning each policy individually, you can apply the initiative.

Autoscale

enhances the manageability and reliability by provisioning virtual machine instances based on workload.

External Identities

external users can "bring their own identities." Whether they have a corporate or government-issued digital identity, or an unmanaged social identity like Google or Facebook, they can use their own credentials to sign in. The external user's identity provider manages their identity, and you manage access to your apps with Azure AD or Azure AD B2C to keep your resources protected.

User Access Administrator

grants permissions to assign access policies

Kubernetes

greek for governor or captain is open-source software that enables you to deploy and manage containerized applications at scale.

Azure Monitor

helps you find resources that aren't performing at 100% Features- Constant Feed of telemetry from Azure services and on premises equipment Fully Managed Query Language- interactive query language to learn about the telemetry data Machine Learning- can be used in conjunction to identify issues Best place to track events at the resource level. Such as the creation of a VM. Need to enable diagnostics to capture event logs Can use autoscale to add or remove resources as appropiate to minimize costs and ensure optimum performance levels

Designated time of recovery

how long does it take to recover from a disaster

How does Azure calculate the availability for all services

in a monthly billing cycle

Blueprint owner

includes all blueprint related permissions

Scaling up

increase the power/tier of the resources you are currently using but not creating more instances

Telemetry

information about how services or devices are performing

Public cloud

is Azure, AWS, GCP. No upfront consts but monthly usage. Little control over services and infrastructure

Azure Sentinel

is Microsoft's cloud-based SIEM system. It uses intelligent security analytics and threat analysis.

Azure Traffic Manager

is a DNS-based traffic load balancer. This service allows you to distribute traffic to your public facing applications across the global Azure regions. Traffic Manager also provides your public endpoints with high availability and quick responsiveness.

Az Copy

is a command line utility that you can use to copy blobs or files to or from a storage account

policy

is set of rules used to evaluate a resource. Microsoft does provide predefined policies

Elastic computing

is the ability to quickly expand or decrease computer processing, memory, and storage resources to meet changing demands without worrying about capacity planning and engineering for peak usage

Azure Active Directory Domain Services

is the traditional on-premises version of domain services provided by AD. Organizations use AD DS to centrally manage all their resource objects, such as users, computers, printers, shared folders, groups, organizational units (OUs), etc. These objects are part of the Active Directory domain, which allows the administrators to securely manage them through Group Policies. Some of the key features offered by AD DS includes: One-premises identity & authentication User and computer management Group Policies Domain trusts

Cloud agility

is tied to the rapid provisioning of computer resources. Cloud environments can usually provide new compute instances or storage in minutes, a far cry from the common weeks (or months, in some organizations) that the same provisioning process can take in typical IT shops.

User risk policy

is used if the credentials are compromised

Sign-in Risk Policy

it is considered for any suspicious sign-ins like multiple incorrect login attempts

Point to site VPN

lets you create a secure connection to your virtual network from an individual client computer. Think remote workers accessing Azure

Hybrid

model is the best of public and private but could become complex

Capital Expenditure (CapEx)

money spent by a business or organization on acquiring or maintaining fixed assets, such as land, buildings, and equipment. Think buying a server

Azure Advanced Threat Protection (ATP)

monitor Azure AD and detect when users are behaving differently than they normally do; requires additional login requirements like MFA or even locks them out when they do

When running Azure Powershell with cloud shell, are both windows and linux functionality available

no only linux because Azure Powershell when running in the cloud shell runs on a linux vm

Single sign on

one pair of credentials for multiple services

Recovery point

point of time data to recover

Private endpoint

private connection to specific instance of a service example: single storage account Available over connected networks -hybrid/on-premises networks -peered virtual networks Can completely disable public access to a connected service Truly private public endpoint disabled

Azure DNS Private Zones

provides a simple, reliable, secure DNS service to manage and resolve names in a virtual network without the need to create and manage a custom DNS solution. Use your own domain names and get name resolution for virtual machines within and between virtual networks.

Azure Dedicated Host

provides dedicated physical servers to host your Azure VMs for Windows and Linux.

Cloud architecture models

public private hybrid

Azure Spot VMs

save money by using unused capacity the VM can be evicted at anytime use for interruptible non-critical workloads use with Azure scale sets Set max price for the Spot VM Dont use the standard SLA you can set a limit to how much you want to spend

azure arc

simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

Resource required for Cloud Shell

storage account

Azure AD Connect

synchronizes user identities between on-premises Active Directory and Azure AD

Azure blueprints

templates for creating azure resources Includes- Resource Templates RBAC Policies Sample regulations for common regulations

Fault Tolerance

the ability for a system to respond to unexpected failures or system crashes as the backup system immediately and automatically takes over with no loss of service

Frontend

the access point for the load balancer. All traffic goes here first

Azure mobile apps

the azure portal in the form of a mobile app

Offer types

the different types of subscriptions - such as student account, pay as you go, etc

Origin Server

the original location of the files such as a website.

Cloud Computing

the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.

Scalability

the process of adding more resources on an as needed basis. The ability to scale up or down with cloud resources

Multifactor authentication

the use of two or more types of authentication credentials in conjunction to achieve a greater level of security

Inbound flows

traffic from the internet or local networks

Governance

validates that your organization can achieve its goals through effective and efficient use of IT

3 Principles of Zero Trust

verify explicitly, use least privilege access, and assume breach.

Does the customer always retain responsibility for the data?

yes

Plan Methodology

you align actionable plans with business outcomes

Strategy Methodology

you define the business justification and expected outcomes of adoption.

Innovate methodology

you develop new cloud-native or hybrid solutions

Ready Methodology

you prepare the cloud environment for the planned changes


Ensembles d'études connexes

World Politics - Study Guide for Exam 1

View Set

Water - Liquid Awesome: Crash Course Biology #2

View Set

Chapter 6: Business Strategy: Differentiation, Cost Leadership, Blue Oceans

View Set

Ch 12: the peripheral vascular system

View Set

P&C CH.1 GENERAL INSURANCE REVIEW

View Set

Chapter 9 Guide to Managing and Troubleshooting Networks

View Set