AZ-900 Cloud Guru
How many subscriptions and regions can a VNET belong to?
1
How subscriptions and regions can a VNET belong to?
1
How long does it take for cloud shell to time out
20 mins
How many minutes of downtime is 99.99% availability
4 minutes
Azure Virtual Desktop
A *desktop and application virtualization service* that runs on the cloud. It enables your users to use a cloud-hosted version of Windows from any location via a WEB browser. Azure Virtual Desktop works with devices like Windows, Mac, iOS, Android, and Linux. - Supports individual ownership through personal desktops. - You can use your licenses. No need to pay extra aka you are not charged monthly for them - Simplified management.
Azure Reliability and Predictability
A 2019 report revealed that Microsoft Azure delivered "an average uptime of 99.995% for its core compute services
Billing Cycle
A billing cycle on Azure is typically every 30 to 60 days
Azure Key Vault
A centralized cloud services to store application secrets. Provide secure access, permissions control, and access logging Usage: secrets management, key management, certificate management, store secrets backed by hardware security modules (HSMs)
Kubernetes Node
A collection of Pods
Kubernetes Pod
A collection of containers
Kubernetes Cluster
A collection of nodes (Compute Engine VMs). A Kubernetes Cluster includes one master node and one or more worker nodes.
Role Definition
A collection of permissions such as read, write, delete
Azure Kubernetes Service (AKS)
A complete orchestration service for containers with distributed architectures with multiple containers. Replicate Container Architecture Standard Azure Services Included Global Reach
Azure Geography
A discrete market typically containing two or more regions that preserve data residency and compliance boundaries.
Content Delivery Network (CDN)
A distributed network of servers that can efficiently deliver web content to users. It is a way to get content to users in their local region to minimize latency.
Azure Pricing Calculator
A free web-based tool that allows you to input Azure services and modify properties and options of the services. It outputs the costs per service and total cost for the full estimate.
Scale Sets
A group of identical, load balanced VMs that can be activated or deactivated as needed A baseline VM for the scale set ensures application stability. A baseline VM is what you copy from to make the other VM's As resource usage increases, more VM's are activated to take load You only pay for the VM, storage and networking resources you use. Nothing additional for scale sets Can run up to a 1000 virtual machines
Service Trust Portal
A list of standards that Microsoft follows, pen test results, security assessments, white papers, faqs, and other documents that can be used to show Microsoft compliance efforts
Azure Security Center
A monitoring service that provides threat protection across all of your services both in Azure, and on-premises.
What is an address space on a virtual network?
A range of IP addresses that can be assigned to resources attached to the virtual network
Azure Powershell
A set of cmdlets for managing Azure resources directly from the PowerShell command line
What is an Azure region?
A set of datacenters, deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network
What is a scale set?
A set of individual virtual machines that can be configured and managed as a single group
Storage account endpoints
A storage account provides a unique namespace in Azure for your data. Every object that you store in Azure Storage has a URL address that includes your unique account name. The combination of the account name and the service endpoint forms the endpoints for your storage account.
What does Infrastructure as a Service describe?
A type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis
What is an availability zone?
A unique physical location within a region that is made up of one or more datacenters equipped with independent power, cooling, and networking
Examples of Authorization
A user can create virtual machines A user is access to some files A user is allowed access to a building
Examples of Authentication
A user logs in with a password A user uses the thumb print scanner on a laptop
Cloud shell features
Accessible from web Choose between Azure Cli and Powershell Tooling Storage to persist data between sessions
What is special about the China region in Azure?
All customer data is guaranteed to be geographically within China. You are guaranteed to be compliant with all Chinese data and IT regulations. All Azure services available in the China region are physically located inside China.
VNet Peering
Allows virtual machines in two separate virtual networks to communicate directly, using their private IP addresses. Can be used to transfer data between Azure AD tenants Over azure private network
Total Cost of Ownership (TCO) Calculator
Allows you to compare the difference in cost between your current on-premises infrastructure and your predicted cloud infrastructure
Network Security Group (NSG)
Allows you to filter network traffic to and from Azure resources in a VN. Can contain multiple inbound and outbound security files that enable you to filter traffic to and from resource and destination IP address, port, and protocol. As many rules as permitted by subscription. Can override default rules but cannot delete them.
Azure Hybrid Benefit
Allows you to use existing licenses such as a license to use a particular VM in the cloud free of charge with out having to buy a new license
What is a distributed denial-of-service attack?
An attack where lots of computers target a single server or website with the aim of making it stop
Azure Storage Account
An entity that is used to store Azure storage data objects such as blobs, files, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that's accessible from anywhere in the world over HTTP or HTTPS. Data in your storage account is durable and highly available, secure, and massively scalable.
Azure Functions
An event-driven, serverless compute service Only Runs When Needed Saves Money Resilience
Every Azure Account has what associated with it when its created?
An instance of Azure AD
Security Principle
An object representing an entity such as a user or group, which can access the resource
Azure marketplace
An online market to buy and sell finisher software as a service application and premium dataset
Common PaaS Scenarios
Analytics or business intelligence Development framework
What can you store in a blob container inside Azure Storage?
Any kind of binary file, such as videos, images, documents, and applications
App Service
App service is an easy way to host and manage your web application App Services are a PaaS offering on Azure Web Apps are used to host websites and web applications Web Apps for Containers can host your existing container images Api Apps can host your data backed services
Which types of blobs are supported by Azure Storage?
Append Blobs Block Blob Page blob
Append Blobs
Append blobs are made up of blocks like block blobs, but are optimized for append operations. Append blobs are ideal for scenarios such as logging data from virtual machines.
Application insights
Application Insights is a service that monitors the availability, performance, and usage of your web applications, whether they're hosted in the cloud or on-premises. It leverages the powerful data analysis platform in Log Analytics to provide you with deeper insights into your application's operations. Application Insights can diagnose errors, without waiting for a user to report them. Application Insights includes connection points to a variety of development tools, and integrates with Microsoft Visual Studio to support your DevOps processes.
Management groups
Are an azure resource management scope that sit above subscriptions. A collection of subscriptions. Permissions, policies, and compliance settings can be applied to the group of subscriptions at one time
Azure Availability Zones
Are physically separate locations within each Azure region that are tolerant to local failures. A minimum of 3 separate availability zones are present in all availability zone enabled regions
When can you delete a resource group from Azure?
At any time, as long as your resources or resource group are not locked by a related service
When can you delete a resource group?
At anytime , as long as your resources or resource groups are not licked by a related service
Availability Sets
Availability sets are a way for you to ensure your application remains online if a high-impact maintenance event is required, or a hardware a failure occurs. Availability sets are made up of update domains and fault domains. Everything is contained with in one datacenter
Azure Region Pairs
Availability zones are created by using one or more datacenters. There's a minimum of three zones within a single region. It's possible that a large disaster could cause an outage big enough to affect even two datacenters. That's why Azure also creates region pairs.
Options for moving files in Azure
AzCopy, Azure Storage Explorer, and Azure File Sync
AVD users should exist in the same Windows Server Active Directory that is linked to
Azure AD
Why type of storage service provides persistent storage for ACI
Azure File Storage
File Storage
Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and MacOS. Applications running in Azure virtual machines or cloud services can mount a file storage share to access file data, just as a desktop application would mount a typical SMB share. Any number of Azure virtual machines or roles can mount and access the file storage share simultaneously. Typical usage scenarios would be to share files anywhere in the world, diagnostic data, or application data sharing
Azure Migrate
Azure Migrate provides a simplified migration, modernization, and optimization service for Azure. All pre-migration steps such as discovery, assessments, and right-sizing of on-premises resources are included for infrastructure, data, and applications. Azure Migrate's extensible framework allows for integration of third-party tools, thus expanding the scope of supported use-cases
Azure Policy
Azure Policy is a service in Azure that you use to create, assign, and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service-level agreements (SLAs). Azure Policy does this by using policies and initiatives. It runs evaluations of your resources and scans for those not compliant with the policies you have created. For example, you can have a policy to allow only a certain stock keeping unit (SKU) size of virtual machines (VMs) in your environment. Once you implement this policy, it will evaluate resources when you create new ones or update existing ones. It will also evaluate your existing resources.
ARM Templates
Azure Resource Manager templates (ARM templates), you can describe the resources you want to use in a declarative JSON format. Benefits: - *Verified* before the code is executed. - The template orchestrates the creation of *many resources in parallel*. - Creates *all dependencies* in the correct order.
There is a potential threat to your Azure infrastructure from an outside attacker. Which service is best for detecting the threat and taking action?
Azure Sentinel
3 Main components of VPN Gateway Scenario
Azure VNET with a VPN Gateway attached Tunnel - a secure connection between the Azure VPN Gateway and the on premises gateway On premises gateway
Your company suddenly has a bunch of new remote employees, who all need a Windows environment to work from. Which is the best Azure solution to get them up and running quickly?
Azure Virtual Desktop (formerly Windows Virtual Desktop)
How do resources on Azure use a virtual network?
Azure Virtual Network enables Azure resources to securely communicate with each other, the internet, and on premises networks
Azure Billing Zones
Azure has 3 billing zones and data transferred with in a zone is free but data transfered to another zone costs money
What are valid managed disk storage types on Azure?
Azure offers four types of manage disk storage: Standard HDD, Standard SSD, Premium SSD, and Ultra Disk.
Private cloud
Azure on your own hardware in a location of your choice. All the benefits of public cloud but you can lock it down. A lot of staff required
Which Azure calculator would you use to figure out monthly costs for Azure services?
Azure pricing calculator
Azure AD Subscription
Billing Entity- all resources in a subscription are billed together Cost Seperation- You can have multiple subscriptions within a tenant to seperate costs Payment- if a subscription isn't paid all the resources are turned off
What type of storage is Archive Storage?
Blob Storage
What type of Azure storage is ideal for long-term backups, disaster recovery, and archiving?
Blob storage
Which services can feed data into Azure Monitor?
Both Azure services and on-premises services
Azure Advisor makes shutdown recommendations based on what
CPU and outbound network utilization
Locks
Can be assigned to a subscription, resource group or resource Types - Delete where you cant delete the object or Read -only where you cant make any changes to the object Locked means locked- meaning the lock must be removed before an actions can be performed
Azure Sovereign Regions
Certain regions are dedicated to specific sovereign entities. Although all regions are Azure regions, these sovereign regions are isolated from the rest of Azure. They aren't necessarily managed by Microsoft, and they might be restricted to certain types of customers. Such as Azure Governemnt - US
Rules and health probes
Checks to ensure the backend instance can receive the data
Azure China is operated by
China specifically 21Vianet
Azure Active Directory
Cloud based identity and access management service. Azure AD helps employees of an organization sight in and access resources. Benefits: Authentication SSO (single-sign on) Application management B2B identity services B2C identity services Device Management
B2B collaboration
Collaborate with external users by letting them use their preferred identity to sign in to your Microsoft applications or other enterprise applications (SaaS apps, custom-developed apps, etc.). B2B collaboration users are represented in your directory, typically as guest users.
Cloud Adoption Framework
Collection of Documents- lots of resources to guide you through the cloud adoption process Guidance- Help to define strategies for adoption Governance- Key to the cloud adoption process. Strategy Plan Ready Innovate
Cache
Collection of temporary copies of original files. The primary purpose is to optimize speed for an application. When a copy expires, a new copy is needed
Which companies must comply with General Data Protection Regulation (GDPR) requirements?
Companies of any country must adhere to GDPR if their users and customers are located in the European Union.
Azure Compliance Manager
Compliance Manager is a workflow-based risk assessment tool that helps you track, assign, and verify your organization's regulatory compliance activities related to Microsoft Cloud services, such as Microsoft 365, Dynamics 365, and Azure.
What features of Azure AD are only available in the P1 and P2 tiers?
Conditional Access Self service password reset RBAC
Conditional Access
Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action. Example: A payroll manager wants to access the payroll application and is required to do multi-factor authentication to access it. specify the actions that must be completed or the conditions that must be met to grant access to the requested resource
What is the best scenario for using Azure ExpressRoute?
Connecting your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider
What is consumption-based pricing on Azure?
Consumption-based pricing is when you are charged for only what you use (pay-as-you-go rate)
Azure Container Instances
Containerized apps run on Azure without provisioning servers or VMs. Primary Azure service for running container workloads A workload is your process or application On Demand - Use containerized apps to process data on demand by only creating the container image when you need it. Save some cash in the process Works with the tool of your choice- Azure CLI, Azure Portal, or Powershell
Azure Cost Management
Cost management tool in the portal provides detailed view of current and projected costs. Reports and recommendations- get detailed reports and recommendations on how to save on costs and analyze them optimization- your current resources to save money and monitor any amazon web services charges to
Shared Responsibility Model
Customer: responsible for security "in" the cloud Azure: responsible for security "of" the cloud
Azure Databox
Data Box devices easily move data to Azure when busy networks aren't an option. Move large amounts of data to Azure when you're limited by time, network availability, or costs, using common copy tools such as Robocopy. All data is AES-encrypted, and the devices are wiped clean after upload, in accordance with NIST Special Publication 800-88 revision 1 standards. Think of a box of hard drives to move data
Express Route
Dedicated Circuit between business and microsoft azure. Connection through a connectivity provider, the ability to extend microsoft cloud to on premise networks over a private connection.
Azure Government Cloud
Dedicated Regions for US government Exclusivity- only government can use it Compliance- ensures compliance with government agencies and level 5 department of defense approval You get standard Azure benefits
How to use Security Center
Define Policies- setup policies for Azure to monitor resources form Protect Resources- actively protect resources through monitoring your policies and their outcomes Response- response to any security threats and go back to step 1 to mitigate threats
Role-Based Access Control (RBAC)
Define User Access- assign users to individual resources Minimum Access - enable minimum access necessary to resources. Target Specific Use Cases- Be very explicit about uses and access
Using Security Center
Define policies - set up policies to monitor resources from. A policy is a set of rules used to evaluate a resource. Use predefined policies or create your own Protect resources- Actively protect your resources Response- respond to any security alerts. Investigate all of them and then go back to step 1 to define new policies to account for the alert
Which of the following are features of role-based access control?
Defining which actions users can take on a resource Defining which users have access to specific Azure resources
Which of the following are types of locks in Azure?
Delete Read-only
Azure Resource Manager (ARM)
Deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features like access control, locks, and tags to secure and organize your resources after deployment.
DDOS Protection Service
Detects the DDOS attack and deflects it. Various levels of protection depending on scenario No downtime Cannot support more than 100 resources. Can be used across subscriptions
Service endpoints
Direct connection from subnet to Azure PaaS services Connects over Microsofts private backbone ( not over public internet) Services can be configured to only allow for traffic from service endpoint-enabled subnets
DDOS
Distributed Denial of Service
Load Balancer
Distributes new inbound flows that arrive on the Load Balancer's frontend to backend pool instances, according to rules and health probes
Resource Group Facts
Each resource can only exist in a single resource group You can add or remove resources to any rg at any time you can move resources between rg's a rg can have resources in different regions can give access control to a rg can interact with other resource group You delete the resource group and everything in it will also be deleted
Azure Active Directory Seamless Single Sign on
Enable SSO in Azure AD Seamlessly use all applications without logging in Single user name and password
What does fault tolerance describe for cloud computing?
Ensuring services and applications remain available in the event of a failure
B2B direct connect
Establish a mutual, two-way trust with another Azure AD organization for seamless collaboration. B2B direct connect currently supports Teams shared channels, enabling external users to access your resources from within their home instances of Teams. B2B direct connect users aren't represented in your directory, but they're visible from within the Teams shared channel and can be monitored in Teams admin center reports.
In which scenario/s would you use an Application Gateway?
For incoming traffic, to make routing decisions based on additional attributes of an HTTP request, such as URI path or host headers To host multiple websites
Common SaaS Scenarios
Gain access to sophisticated software
Authorization
Granting the correct level of access to a resource or service
Management Groups
Group subscriptions- allows you to take action across multiple subscriptions Organize - allows you to manage access policies and compliance in bulk Billing logic- you maintain billing associated with the right budgets.
Disk Types
HDD - low cost and suitable for backup SSD - Standard for PROD, Higher reliability and scalability Premium SSD - Super fast and high performance. Used for critical workloads Ultra Disk- for most demanding and intensive workloads. Disks up to 64tb
Azure Information Protection (AIP)
Helps organizations classify and optionally help protect documents and emails by applying labels. Labels can be applied: Automatically by admins who define rules and conditions, manually by users, a combo of the two where users are given recommendations Usage: A user saves a word doc containing a credit card number, a custom tooltip displays a label if the file is confidential/all employees, label classifies doc and protects it.
Application Gateway
Higher level load balancer Works on the HTTP request of the traffic, instead of the IP address and port Traffic form a specific web address can go to a specific machine Is a fit for most other Azure services Supports auto scaling, end to end encryption, zone redundancy and multi site hosting
Blob Pricing
Hot - frequently accessed files. Lower access times and higher costs Cool - Lower storage costs and higher access times. Data remains here for at least 30 days Archive - Lowest cost and highest access time
File Storage Scenarios
Hybrid - can supplement your local file storage if you are running out of space Lift and shift - move your existing file storages and related services to Azure
Tags
Identify Roles- protect sensitive data by defining which roles can access a resource. Related Resources- to make bulk processing and updating easier, define which resources are related Filter resources per project, customer, or for reporting purposes Unambiguous- create a list for tags used that includes: description, tag name, and potential values Tags applied to a resource group are not inherited by its resources. Tags are also not inherited if they are applied at the subscription level Not all resources supports tags. Mainly resources created before tags. You should use tags to analyze a cost report
What is high availability in cloud computing?
If one resource on Azure dies unexpectedly, another resource will almost instantly take over the workload.
Load Balancer Scenarios
Incoming Internet Traffic Internal Network Traffic Port Forwarding - forwarding traffic to a specific machine Outbound Traffic - Allow outbound connectivity for backend pool VMs
Factors affecting cost of app service
Instance type Number of instances Operating system Region Tier
Azure Resource Manager Templates
JSON files that define the infrastructure and configuration of resources in Azure.
Azure Container Registery
Keeps track of current valid container images Manages files and artifacts for containers Feeds container images to ACI and AKS Use Azure identity and security features
Chine Region
Located in china and has no connection outside of china Data is kept in china ensured compliance with Chinese regulations
How to choose a region
Location - want it to be close to your users Features- some features aren't in all regions price- the price of services may vary region to region
Azure Subscription
Logical container used to provision resources in Microsoft Azure. It holds the details of all your resources like virtual machines, databases, etc. An azure account can have multiple subscriptions. Useful for organizing who pay what
Archive Storage
Low cost storage for rarely accessed data with flexibility latency requirements. Store terabytes of data in the cloud for a few dollars a month, and repurpose other storage infrastructure for other business objectives. Secure, easy to manage. Storage tier available for blob storage.
VNet Peering Benefits
Low latency, High Bandwith Link Separate Networks- resources in separate networks can communicate with one another Data Transfer
Saas characteristics
Managed form a central location hosted on a remote server accessible over the internet users not responsible for hardware or software updates rate limting/Qos Micorost 365
What is a heirarchy of resource groups, subscriptions, and management groups?
Management Groups (Top) Subscriptions Resource Groups
Azure Monitor Outcomes
Maximize Performance Maximize Availability Identify Issues
Azure Government is operated by
Microsoft
Microsoft Defender for Identity
Monitor users- Analyze user activity and information. This includes any permissions and memberships of groups Baseline Behavior- Record what a user's normal behavior and routine is, and any activity outside those actions will be flagged Suggest changes to meet security best practice leverages your on-premises Active Directory signals to identify, detect and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
Event Logs
No captured by Azure Monitor by default. Need to be enabled
When a blue print is updated and the updated version is published. Are the blue prints assignments updated automatically?
No, you must update the assignments individually
Billing Admin
One more users can be a billing admin which manages anything to do with billing and invoicing on Azure. Ensures separation of responsibility
What is the difference between OpEx and CapEx?
OpEx is an ongoing cost for running a business. CapEx is the cost of acquiring and maintaining assets.
IAAS characteristics
Organization has complete control of the infrastructure Dynamic and flexible, you can do almost anything Cost varies depending on consumption services are highly scalable multiple users share a single piece of hardware VM, VNET, Storage
Page Blobs
Page blobs store random access files up to 8 TB in size. Page blobs store the virtual hard drive (VHD) files serve as disks for Azure virtual machines.
SaaS (Software as a Service)
Pay for software as you use it. Not installed locally, instead it is 'Hosted'software e.g. Google Docs
Azure Portal Features
Personalization- can be custom to you Access control Cost management One stop shop Constantly updated
Azure Service Health
Personalized guidance and support when you have azure issues. Can notify you and help you understand what is wrong and update when it is resolved. Azure status : global view of AZ services. Service health : track services in regions you use. Resource health : what service issues affect your resources.
7 Layers of defense in cloud computing
Physical Identity and Access Perimeter Network Compute Gateways and Firewalls Data
Disaster Recovery
Plan to recover critical business systems in the event of a disaster such as weather events or cyber attacks
Microsoft Defender for cloud provides
Policy and compliance metrics A secure score to entice great security hygiene Integrate with other cloud providers Alerts for resources that aren't secure
Premium Block Blobs
Premium storage account type for block blobs and append blobs. Recommended for scenarios with high transaction rates or that use smaller objects or require consistently low storage latency
Premium File Shares
Premium storage account type for file shares only. Recommended for enterprise or high-performance scale applications. Use this account type if you want a storage account that supports both Server Message Block (SMB) and NFS file shares.
Premium Page Blobs
Premium storage account type for page blobs only.
Application Security Group
Protects an application rather than an IP endpoint. Allows you to configure security as a natural extension of an applications structure. You can group VMs and network security policies based on your application and its components instead of an explicit IP address
Azure Advisor
Provides recommendations on high availability, security, performance, and cost. Analyzes deployed services and looks for ways to improve your environment across those areas. Can user information from security center to develop best practices recommendations for optimization
Azure Advisor Security Assistance
Provides security recommendations by integrating with Azure Security center.
Azure AD B2C
Publish modern SaaS apps or custom-developed apps (excluding Microsoft apps) to consumers and customers, while using Azure AD B2C for identity and access management.
Free Accounts
Really Free Provides access to many azure services up to a certain limit for free.
What is a suitable use case for the Azure Files storage service?
Replace or supplement on-premises file servers.
Azure AD Tenant
Represents an organization in Azure A Tenant is a dedicated instance of AAD that an organization receives when signing up for Azure Each tenant is distinct and completely separate from other AAD tenants Each user in Azure can be a member or gues of up to 500 Azure AD tenants
Influences on pricing
Resource Size- different sizes of resources will have different prices Resource Type Location- different Azure locations have different prices for services. Exchange rates, labor costs and more have an influence on the price Bandwith- bandwith your services are using incurs a cost
Which factors have an influence on the cost of using products and services on Azure?
Resource size The location of the service or resource How much bandwidth you will use
PaaS Characteristics
Resources are virtualized and can easily be scaled up or down as needed Services often assist with the development , testing, and deployment of apps Multi user access via the same development application Integrates web services App Servies, Azure CDN, Cosmos DB
What authentication types are supported by both self service password reset and MFA
SMS Voice Call Passowrd
What's the best definition for scalability on Azure?
Scalability is the ability of a system to handle increased load. Services covered by Azure Autoscale can scale automatically to match demand to accommodate workload.
Cloud Advantages of Virtual Network
Scaling - Adding more VNETS or more addresses to one is simple High availability - Peering VNets, using load balancing, or using a VPN gateway all increase availability Isolation- manage and organize resources with subnets and network security groups
What are the two types of scaling on Azure?
Scaling up/down and scaling out
Limitations of Service Endpoints
Secure access to VNets only meaning no private on-premises access, and on-premises access must be done over public IP PaaS public endpoint still exists Service endpoints provide access to an entire service For example provides private access to all of Azure storage not just a storage account
Regulatory Compliance
Security Center keeps track of your regulatory compliance
Role Assignments 3 components
Security principle Role Definition Scope
What is a fully managed platform on Azure?
Servers, network, storage, and more are all managed by Azure. You focus on your business value and logic.
Reserved Capacity
Similar to reserved instances can be used on such services such as Azure SQL, Synapse Analytics. Cosmos DB, Redis Cache
Spending Limits
Some Azure accounts with monthly credits to use will have default spending limits. When the credits are used the limit kicks in. When credits are gone either remove the limit entirely or leave it in effect. No spending limit - aka pay as you go
Reserved Instances
Some azure services can be reserved for a certain time period such as 1 to 3 years. Reserving an instance of a service gives you a discount
Which are authentication methods used to verify a user with multi-factor authentication?
Something you know Something you have Something you are
VPN Gateway
Specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and on-premises location the public Internet. Can also send encrypted traffic between Azure virtual networks over the Microsoft network. Each virtual network can only have one VPN gateway. When you create a virtual network gateway, gateway VMS are deployed to the gateway subnet and configured with the settings you specify. One of the settings is the gateway types is VPN. You can create gateways between two VPN gateways (VNet-to-VNet), a VPN gateway to on-premise VPN device (Site-to-Site), or connect to your virtual network from a remote location (Point-to-Site) over a VPN connection. A PaaS offering to build, deploy, and scale enterprise-grade web, mobile, and API apps.
Azure CLI Advantages
Stable- text commands don't change Structure - Cli commands are structured logically Cross Platform- Cli works on WIndows , Mac, linux Automation Logging
Types of Storage Accounts
Standard General Purpose v2 Premium Block Blobs Premium File Shares Premium Page Blobs
Two types of DDOS Protection
Standard and Basic Basic is enabled automatically and is free with Azure Standard is not enabled automatically and incurs additional charges
Standard General Purpose v2
Standard storage account type for blobs, file shares, queues, and tables. Recommended for most scenarios using Azure Storage. If you want support for network file system (NFS) in Azure Files, use the premium file shares account type.
Storage Account name
Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only. Your storage account name must be unique within Azure. No two storage accounts can have the same name.
Block Blobs
Store text and binary data up to 4.7 Terabytes. Made up of individually managed blocks of data
High Availability
System is continuously operational at all times means VMs can spin up fast to heal process requests
Common IAAS Scenarios
Test and Development Storage and backups High Performance Computing Big data and analysis
Backend pool
The VM instances receiving traffic
Which cloud ability does elasticity describe?
The ability to quickly expand or decrease computer processing, memory, and storage resources
Agility
The ability to rapidly develop, test, and launch software applications that drive business growth
Authentication
The act of proving who or what something is
What is the role of subscriptions in relation to Azure resources billing?
The billing of Azure resources in your account is generated at the subscription scope.
What significance does the name for your Azure storage account have?
The combination of the storage account name and the Azure Storage service endpoint forms the endpoints for your storage account. Your storage account name must be unique within Azure.
Azure Functions Serverless
The oldest server less service on azure Preforms only a single task for each invocation Fundamental compute action and can be run millions of times per second
Virtual Network Address Space
The range of IP Addresses that are available in the VNET Every service or resource on the VNET gets its own address
Scope
The resources the access applies to. Specify which role can access a resource or resource group
What is the service for managing privacy on Azure called?
There isn't a single service, as privacy is part of every service on Azure.
Site to Site VPN
Think Azure to on premises S2S connections can be used for cross-premises and hybrid configurations. A S2S connection requires a VPN device located on-premises that has a public IP address assigned to it.
Serverless
Think azure functions. You dont maintain the server just the code running on the server
Operational Expenditure (OpEx)
This is spending money on services or products now and being billed for them now. You can deduct this expense from your tax bill in the same year. There is no upfront cost, you pay for a service or product as you use it. Think paying for virtual services as you need them
Consumption based pricing
This pricing model is based on the amount of a service that is consumed. This is a useful method where your usage of the product or service may change over time Low usage = Low cost
What is the primary use for disk storage?
To attach to a Virtual Machine to act as a Virtual hard drive.
Why would you use a content delivery network?
To better handle instantaneous high loads, such as the start of a product launch event To provide better performance and improved user experience for end users
Why is cloud agility important for businesses?
To enable the ability to rapidly develop, test, and launch software applications that drive business growth
What is the main function of Azure Information Protection?
To help an organization classify and (optionally) protect its documents and emails by applying labels
What is the purpose of having defense in depth?
To provide several layers of defense for your resources, data, and assets
Which of the following are valid use cases to use Azure Service Health in your architecture?
To set up custom alerts to notify you of any outages, planned or otherwise To track incidents with your services in real time and get a report afterwards
What are the Microsoft services that can tell you more about trust in the Azure platform?
Trust Center Service Trust Portal
If you don't want to share the hardware your VMs run on, how can you manage that in Azure?
Use Azure Dedicated Host.
Azure File Sync
Use Azure File Sync to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share. You can use any protocol that's available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.
To limit spending on Azure, what is a recommended best practice?
Use Azure spending limits on resources and services.
If you have multiple applications in Azure Active Directory that you want users to access, which is the best way to handle user access?
Using single sign-on
Which features are in Azure Cost Management?
Visualizing future costs for your Azure account Visualizing current costs for your Azure account
What are 3 kinds of App Service
Web App for Containers Api Apps Web Apps
You can use the Azure CLI, Azure Portal and Azure PowerShell on which platforms
Windows, Linux, and Mac OS
Difference between Geo redundant storage and read only geo redundant storage
With Geo Redundant storage you can only read from the secondary storage location once the primary storage location has failed. With Readonly you can read from either at anytime
When the virtual machine is stopped does the storage attached to it incur costs?
Yes
user defined routes
You can create custom, or user-defined(static), routes in Azure to override Azure's default system routes, or to add more routes to a subnet's route table. In Azure, you create a route table, then associate the route table to zero or more virtual network subnets. Each subnet can have zero or one route table associated to it. User defined routes override default routes
Azure Data Box Gateway
You should use Azure Data Box Gateway to periodically migrate data to Azure using Server Message Block (SMB). This service enables you to securely transfer large amounts of data to and from Azure Data Box. Use gateway to replicate data between on-premises storage and Azure Data Box, or to transfer data into and out of Azure storage accounts using your network.
Azure Virtual Machine
Your machine exclusively You dont own or control the hardware the VM runs on VM's are an IAAS offering where are you are responsible for the machine Take advantage of Azure tools Price for VM's goes up as resources go up and you pay by the hour All VMs must be on a VNET
Microsoft Active Directory
a directory service that Microsoft developed for the Windows domain networks. This is not Azure Active Directory
Azure Region
a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.
Subnets
a logically visible subdivision of an Internet Protocol (IP) network Allows for multiple networks on same VNET Allows for logical grouping of resources More efficient to allocate addresses to resources on a subnet More Secure
Quotas
a quota is a limit on a certain property of an azure service. ensure Azure can maintain their high service level if you need to increase the quota for a particular service, you can ask Microsoft to increase them. Quotas for resources in a resource group are per region not per subscription
Cmdlet
a script that performs a specific task "New-AzVm" creates a new virtual machine
Azure Sentinel
a security information and event management tool. (SIEM) Features- Behavioral Analytics AWS Integrations Cloud Scale
Elasticity
ability to quickly expand or decrease computing resources not just VMs. Elasticity enables scaling
Define edge computing
allows customers to run VMs. containers, and data services at edge locations
A Vpn Gateway is an important part of a hybrid Azure Infrastrucuture as it?
allows for encrypted traffic to flow between on-premises services and Azure services
Blueprint Contributor role
allows users to manage blueprints but not assign them
Azure AD ID Protection
allows you to apply MFA with conditions. It is also used to detect risks such as anonymous IP address logins, unfamiliar sign-ins, and credential leaks
Cloud Shell
an interactive browser-accessible shell for managing Azure Resources
Cost management
built in service that gives you a breakdown of the usage and cost of your Azure resource
Blueprint operator
can assign existing published blueprints, but they cannot create new blueprint definitions
Contributor role
can create and delete blue print definitions but can not assign them
Contributor and Management Group Contributor
can create, update, move, delete and read management groups
Owner Role
can create, update, move, delete, and read management groups in addition to assigning access policies
Scaling out
creating more instances
Firewall
defines rules for what kind of traffic can and cannot access the device or service behind it Variations- comes as hardware and software versions critical part of any network
Platform as as Service (PaaS)
delivers a computing platform—often an operating system with associated services—over the Internet without downloads or installation.
IAAS
delivers hardware networking capabilities, including the use of servers, networking, and storage, over the cloud using a pay-per-use revenue model
Initiatives
enable you to group several related policy definitions to simplify assignments and management because you work with a group as a single item. For example you can group related tagging policy definitions into a single initiative. Rather than assigning each policy individually, you can apply the initiative.
Autoscale
enhances the manageability and reliability by provisioning virtual machine instances based on workload.
External Identities
external users can "bring their own identities." Whether they have a corporate or government-issued digital identity, or an unmanaged social identity like Google or Facebook, they can use their own credentials to sign in. The external user's identity provider manages their identity, and you manage access to your apps with Azure AD or Azure AD B2C to keep your resources protected.
User Access Administrator
grants permissions to assign access policies
Kubernetes
greek for governor or captain is open-source software that enables you to deploy and manage containerized applications at scale.
Azure Monitor
helps you find resources that aren't performing at 100% Features- Constant Feed of telemetry from Azure services and on premises equipment Fully Managed Query Language- interactive query language to learn about the telemetry data Machine Learning- can be used in conjunction to identify issues Best place to track events at the resource level. Such as the creation of a VM. Need to enable diagnostics to capture event logs Can use autoscale to add or remove resources as appropiate to minimize costs and ensure optimum performance levels
Designated time of recovery
how long does it take to recover from a disaster
How does Azure calculate the availability for all services
in a monthly billing cycle
Blueprint owner
includes all blueprint related permissions
Scaling up
increase the power/tier of the resources you are currently using but not creating more instances
Telemetry
information about how services or devices are performing
Public cloud
is Azure, AWS, GCP. No upfront consts but monthly usage. Little control over services and infrastructure
Azure Sentinel
is Microsoft's cloud-based SIEM system. It uses intelligent security analytics and threat analysis.
Azure Traffic Manager
is a DNS-based traffic load balancer. This service allows you to distribute traffic to your public facing applications across the global Azure regions. Traffic Manager also provides your public endpoints with high availability and quick responsiveness.
Az Copy
is a command line utility that you can use to copy blobs or files to or from a storage account
policy
is set of rules used to evaluate a resource. Microsoft does provide predefined policies
Elastic computing
is the ability to quickly expand or decrease computer processing, memory, and storage resources to meet changing demands without worrying about capacity planning and engineering for peak usage
Azure Active Directory Domain Services
is the traditional on-premises version of domain services provided by AD. Organizations use AD DS to centrally manage all their resource objects, such as users, computers, printers, shared folders, groups, organizational units (OUs), etc. These objects are part of the Active Directory domain, which allows the administrators to securely manage them through Group Policies. Some of the key features offered by AD DS includes: One-premises identity & authentication User and computer management Group Policies Domain trusts
Cloud agility
is tied to the rapid provisioning of computer resources. Cloud environments can usually provide new compute instances or storage in minutes, a far cry from the common weeks (or months, in some organizations) that the same provisioning process can take in typical IT shops.
User risk policy
is used if the credentials are compromised
Sign-in Risk Policy
it is considered for any suspicious sign-ins like multiple incorrect login attempts
Point to site VPN
lets you create a secure connection to your virtual network from an individual client computer. Think remote workers accessing Azure
Hybrid
model is the best of public and private but could become complex
Capital Expenditure (CapEx)
money spent by a business or organization on acquiring or maintaining fixed assets, such as land, buildings, and equipment. Think buying a server
Azure Advanced Threat Protection (ATP)
monitor Azure AD and detect when users are behaving differently than they normally do; requires additional login requirements like MFA or even locks them out when they do
When running Azure Powershell with cloud shell, are both windows and linux functionality available
no only linux because Azure Powershell when running in the cloud shell runs on a linux vm
Single sign on
one pair of credentials for multiple services
Recovery point
point of time data to recover
Private endpoint
private connection to specific instance of a service example: single storage account Available over connected networks -hybrid/on-premises networks -peered virtual networks Can completely disable public access to a connected service Truly private public endpoint disabled
Azure DNS Private Zones
provides a simple, reliable, secure DNS service to manage and resolve names in a virtual network without the need to create and manage a custom DNS solution. Use your own domain names and get name resolution for virtual machines within and between virtual networks.
Azure Dedicated Host
provides dedicated physical servers to host your Azure VMs for Windows and Linux.
Cloud architecture models
public private hybrid
Azure Spot VMs
save money by using unused capacity the VM can be evicted at anytime use for interruptible non-critical workloads use with Azure scale sets Set max price for the Spot VM Dont use the standard SLA you can set a limit to how much you want to spend
azure arc
simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.
Resource required for Cloud Shell
storage account
Azure AD Connect
synchronizes user identities between on-premises Active Directory and Azure AD
Azure blueprints
templates for creating azure resources Includes- Resource Templates RBAC Policies Sample regulations for common regulations
Fault Tolerance
the ability for a system to respond to unexpected failures or system crashes as the backup system immediately and automatically takes over with no loss of service
Frontend
the access point for the load balancer. All traffic goes here first
Azure mobile apps
the azure portal in the form of a mobile app
Offer types
the different types of subscriptions - such as student account, pay as you go, etc
Origin Server
the original location of the files such as a website.
Cloud Computing
the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.
Scalability
the process of adding more resources on an as needed basis. The ability to scale up or down with cloud resources
Multifactor authentication
the use of two or more types of authentication credentials in conjunction to achieve a greater level of security
Inbound flows
traffic from the internet or local networks
Governance
validates that your organization can achieve its goals through effective and efficient use of IT
3 Principles of Zero Trust
verify explicitly, use least privilege access, and assume breach.
Does the customer always retain responsibility for the data?
yes
Plan Methodology
you align actionable plans with business outcomes
Strategy Methodology
you define the business justification and expected outcomes of adoption.
Innovate methodology
you develop new cloud-native or hybrid solutions
Ready Methodology
you prepare the cloud environment for the planned changes