Test
Azure portal
A graphic interface for deploying managing and monitoring Azure resources - it can be used to manage all aspects of your applications has a home view, which is the default view with menus, a dashboard view, which gives you easy access to tools and information
Azure Scale sets
A VM scale set is a group of identical autoscaling VMs in the Azure cloud. Allow you to easily deploy and manage large number of VMs as a single unit. Sets to provision VMs automatically,
What is Azure App service?
A cloud platform for developing and hosting web applications and services. It enables you to build web apps and preform automated deployments from ADO Tools and service for software developers. CO/CD platforms, control repos, SQL databases, container registries.
Describe regions
Regions are always paired with other regions regions contain one or more data centers regions specify the location of resources
Tags
- not all Azure resources support tags, cannot be applied to resources that came out before Aure resource manager. Are name/ value pairs- can apply to Azure resources, RGs or subscriptions using powershell, CLI- as many as 50 applied by RG, not inherited by resources can create a policy that tags resources
What are Azure dedicated hosts?
A provided physical severs dedicated to your organization's workload only. They are isolated physical servers where you run organizations workload only. They are single tenant, so they are dedicated to a single subscription only. They are only charged per dedicated host.
Resource groups?
Allow you to group resources togther
Vnet peering
Allows virtual machines in two separate virtual networks to communicate directly, using their private IP addresses.
Azure CLI
An automated way to control and automate many of the same tasks that can be performed through the Aure portal, such as creating and managing VMs, networking, storage and more used to manage multiple subscriptions
ASG
Application security groups- mutli tier arch provide the possibility to group network interfaces of the virtual machines per service tier and give each tier human readable labels. Much easier than IP addresses.
What are aviabiity sets?
Availability sets are separate deployments in the same data center. they provide separate fault and update zones, but same data center.
Azure Cloud Shell
Azure Cloud Shell is a browser-based scripting environment in your portal.
What is Azure Advisor?
Azure advisor integrates with MSFT defender for cloud to help prevent, detect and respond to threats to Azure resources. Azure Advisor analyzes resource configuration and usage telemetry to provide recommendations for: high availability, security, performance and Cost. used to review security recommendations for your deployed resources. Advisor integrates with security center to allow you to detect issues before the occur You can then view recommendations to help mitigate the threat
Azure File Storage
Azure files is a cloud file storage service from MSFT that operates like a traditional file server. Accessed using Server Message Block (SMB protocol). SMB is a file sharing protocl used on Windows operating systems. Can be accessed using Network File System protocol. SAS not required
Azure Storage
Cloud storage designed for large-scale applications, including providing a storage foundation for Azure virtual machines. A valid destination for platform metrics and logs
Describe Azure Storage access tiers
Cold Storage: incurs penalties for data deleted within 30 days Archive storage tier is not available at the account level The archive tier incurs the highest rehydration costs Hot tier: best performance and lowest access latencies but is the most expensive. Data used frequently. Cool tier- accessed less frequently. must be stored for at least 30 days. moving or deleting incurs penalties Archive tier: rarely access. Highest access latencies.
Your team does not have the resources to provision and scale the infrastructure your applications require to run. What should you do?
Create an Azure functions subscription and upload your code Azure functions is an example of serverless computing. In the serverless computing model, ad customer can submit their application code to a cloud service provider such as Azure Azure provisions and maintains the servers and infrastructure required to run the application: including backups, high availability and autoscaling
Azure Data Studio
Data management tool that enables you to connect to and query data stores and build reports.
A company plans to use a custom software as a Service application and wants to minimize costs The company is legally required to maintain and secure all access on site.
Hybrid model- combines features of public and private clouds, this provides a way to save costs by sharing less secure solution needs in a public cloud and providing high risk, high value resources internal to the network
Application Security Groups
Let you organize similar servers so you can easily define and implement security policies based on hose groups
What are policies?
Policies allow you to specify what type of resources can be created
A company needs to implement a solution where it maintains management control over hardware and infrastructure. The solution can be physcially deployed offsite
Private model- one where an org builds and maintains its own solution within its own datacenter or hosted as dedicated resources by a solution provider. Services and infrastructure are hosted on a private network dedicated to that organization only
What are regional pairs?
Provides separate fault and update zones but does not min latency.
What are Role Based Access Controls?
RBAC allow you to assign permissions to users so that they can create resources in Azure. This allows you to control which users are allowed to create resources. assigns permissions that apply to users and groups
Azure Key Vault
Securely store a database connection string to avoid its accidental exposure in a web sites source code. an azure service that allows you to securely store and access cryptographic keys, passwords, certifications and other secrets. To avoid exposure of your backend database connection string in a web applications source doe, you can store it in Azure Key Vault and retrieve it in your application programmatically
A private cloud
Services and the infrastructure are run on a private network by definition, will have a single tenant
What are spot VMs?
Spot pricing provides access to Azure compute resources at deep discounts when unused Azure capacity is avialble Not use standard SLA for Azure VMs- evicted with 30 second notice you set the cap
Resource helth
View the number of VMs hat are currently down. Resource health displays a list of health issues that are related to a particular resource, such as either a VM is available or not
What are iniatives?
What are initiatives
What us Azure blue prints?
When a blueprint is updated and the updated version is published, any assignments of the blueprint are not updated automatically. You must update the blueprint assignment with the new updated version of the assignment When a blueprint is unassigned, all of the resources assigned by the blueprint remain in place, but blueprint resources lacking is removed. This also results in the deletion of the blueprint assignment object When you deleted a core blueprint, any assigned versions of the blueprint remain in place A blueprint must be unassigned before it can be deleted.
When to use a policy
When you want to ensure that only CMs of a specific size are deployed to a scope such as a RG or a subscription. Policy definition is a JSON files, assigned to a scope. Used to enforce rules that apply to ensure compliance and identify non-compliant resources
Lock
When you want to prevent VMS from being deleted by anyone after they have been deployed. When you want to prevent new resources from being added to a RG prevent accidental modification of a RG
Health Advisories
You want to view the Azure features that are planned to be deprecated or when usage exceeds quota
Container group
a container group is a group of containers that all run on the same host VM, this means the group itself is tied to the operating system. So, all containers in the container group share the same operating system
What is Azure SQL
a family of relational database services built on MSFT SQL server. High availability, scale, global distribution while still providing familiarity and compatibility of SQL server.
Azure monitor
a monitoring solution that can collect telemetry from your resources to analyze their performance, create alerts, and build dashboards with a system health overview of your Azure and on premise env allows a admin to configure actions that should occur when specific conditions are met on the consumer side- when CPU for a VM exceeds a certain threshold or resource usage quotas, such as CPU is reached metrics are numerical values that describe some aspects of the system- such as CPU time- nt an analysis feature
Azure lo analytics workspace
a place in the cloud where you can collect and query your log data. You can use Aure Log analytics workspace to explore and analyze data from a variety of sources
Azure QuickStart templates
a stored VM config used to speed up the deployment of frequently used OS configs. It is an infrastructure component
Vertical Scalability
add compute and memory resources to each virtual machine describes an environment where the number of compute nodes is minimized but compute resources for each node are increased nodes
Azure resource manager
allows you to increase default limits how many of select resources of each type can be provisioned per azure region- lets you increase default limits but does not exceed hard times used to deploy resources based on templates and provides an easy to deploy consistent resources uses basic JSON sytax with support for expressions and functions that extend JSOn values
Health history
allows you to know how many time your web app has been unavailable during the past month. Keeps track of inactivity for 90 days.
PaaS
allows you to manage applicatiosn without managing underlying OS you do not create CM- only have control of te applications on the V<
Iaas
allows you to rent hardware and have control over the OS- includes VMs, Vnets can create VMs, attach devices to them, and assign the VM to Vnets that you create. you control applications. OS updates don by azure
Azure ad
analyzes your resource config to ep you optimize your Azure deployments, provides best practices recommendations regarding performance, Secuity and avaibility
What are availability zones?
availability zones are deployed in separate data centers, so interruptions in one zone do not affect the other. Each availability zone is a separate fault and update zone and low latency with other availability zones in the region
Azure Reservations
can cut costs- can be applied to VMs, Blob storage, Cosmos or SQL - commit a 3 year plan for VMs and storage resources to receive a reduction in pay as you go
VPN Gateway
can deploy to a v net to connect them to each other over the public internet v net is created in the scope of a region- v nets from different regions can talk to each other through MSFt connectivity in Azure or via VPN gateways
Azure SQL database
cost effective, serverless database with an intermittent usage pattern and low computer utilization over time. Serverless service tier is optimized for scenarios with intermittent of unpredictable usage patterns Automatically passes the database during times of inacibiy nd resunes with aciity retuens.
advantage of public cloud over private cloud
costs are lower and spread among multiple tenants. This possible because subscribing tenants share resources, and the provider can take advantage of economies of scale. Usually, higher level of reliability because it is based on a larger network of services
User defined roles
custom routing tables that are used to override and supplement the default routing tables in V nets
Azure firewall
deny traffic to your azure virtual network resources from known malicious IP addresses is firewall as a service in Azure that can protect your resources
Microsoft cloud defender
designed to help protect azure cloud, non-Azure cloud and hybrid computing resources through a set of Secuity tools. MSFT defender for cloud provides tool to help strengthen your orgs security posture, protect against threats and quickly secure your computing enviorment
Free subscriptions
evaluate Azure App services for six months- $200 credit- free access to azure services for a year
A free azure subscription
free for 30 days, $200 credit
Azure database for Postgrse SQL
fully manages database service based on the PostgreSQL community edition database engine, As a PaaS offering not provide access to the OS. Not compatible with SQL service to provide smooth lift and shift service
Azure front door
global endpoint that works at layer 7 (http/https) to enable fast, secure and widely scalable web apps
Why private cloud over cloud?
greater security- based on a private network, including storage public cloud does not support high level of customization for each tenant- while there are levels of it available on demand scalability is a feature of both
Which five factors affect the cost of an app service?
instance type- size of VM- CPU (memory) and storage number of instances- number of VMs that host web app operating system region- location tier
Azure traffic manager
is a DNS based traffic load balancer that allows optimal distribution of traffic to azure services spread across global Azure regions
Azure express route
is a service that enables private connectivity between your on-premise network and MSFt azure or MSFT 365 is routed over private connection enabled through a connectivity provider at a co location facility
Azure spending limits
limits that are set on a subscription and set a shard limit on how much can be spent during a billing period- once set, cannot be increased
Azure SQL server managed instance
near 100 percent compatibility with the latest version of SQL server enterprise edition.... PaaS offering, eliminating over head for the management of underlying infrastructure
NSGs
network security groups are specialized packet filtering firewalls that let you define security rules to control traffic into and out of a Vnet, between subnets, or per VM. You have the option of applying NSGs
SaaS
office 365
What three authentication types are supported by both self-service password reset and multifactor authentication
password, voice call and SMS
hybrid cloud
private cloud and public cloud on prem infrastructure and a public cloud
Azure cost manager
provided at no cost to azure customers and partners- multi cloud platform a free SaaS solution that allows to monitor, allocate and optimize cloud spend in a multi cloud environment
Azure Service Health
provides information about planned maintenance and advisories such as depreciated offerings. This is provided through azure status at the global level and Service health at the individual service level Also includes Resource health, which reports about individual resources through a configurable dashboard used to notify admin when certain events take place for which cloud provider is repsonsible-
A company wants to deploy multiple servers to host web applications but wants to keep hardware cats and management costs to a minimum The solution should be highly scalable
public model- the solution is managed by a provider. Most solutions are based on a multi-tenant model with the solution run is a shared environment with customer data
Alerts
receive an email whenever the number of requests to a web app exceeds 10,000 within an hour. Alerts are notifications that you set up to be sent when a metric exceeds a certain threshold
Health alerts
receive text messages when azure maintenance is planned
self-service password reset vs MFA
security questions and email addresses are for SSPR only MFA supports app password- non browser applications
Azure Functions
serverless computing that allows a subscriber to submit their application code to a cloud provider. allows you execute your code when needed and pay for the actual runtime only- without worrying about config of management of the underlying or physical and application infrastructure- triggered by any event types- including HTTP requests
Metrics
simply tells you how a resource is preforming and what it is consuimg
High Aviability
the ability to keep cloud resources and services functioning for long periods of time. Cloud service providers typically offer an SLA that guarantees HA or uptime of resources and services as a percentage
Agility
the ability to react quickly with allocation and deallocation of cloud resources. It allows deployment of required resources and Services in minutes without manual administration of providing or deprovisioning services
Disaster recovery is
the ability to restore a cloud service in the wake of catastrophic loss taking reg backups and replicating your application across different regions are some of the disaster recovery measures that help you ensure that data remains safe and that your applications availability is not impacted after an unexpected disastrous event
User access administrator
thei srole grants permissions to assign access and assign policies only
Application Insights
to enable developers to improve app performance and usability in Realtime allows cloud on on prem apps to send telemetry data to Azure * VISUALLY AANALYSE TELEMTRY DATA Monitors the availability, performance, and usage of web applications. it exposes an API so that developers can log data to Azure and evaluate performance bottlenecks and app usability
MSFT backbone infrastructure
traffic between peered Vnets is not routed over the public internet- instead routed through MSFT backbone
Container
typically contain only the binaries and libraries to run a single app or service. it is a infrastructure that component tat must be created, deployed, and periodically updated. azure supports AKS can be accessed over the internet by IP address or domain name. similar to a VM. - With Azure container instances- can specify the DNS label allowing container to be reachable with a URL Can run on windows or Linux represents a single app and dependencies- allows you to package, deploy, and manage the container as a unit Not require you to manually install dependencies- dependencies are installed automatically can be scaled out as needed
Shared Access Signature
unique identifier that you can use to authorize access to your Azure resources. Has info to authenticate and access resources- URI, permissions and expiry. generated programmatically or manually.
AZURE POWERSHELL
use when you need to log in to Azure with the following command without manually opening browser: - connect Account can install locally on linnux, iOs or mac az login - Azure CLI a cross platform command line tool to allow you manage Azure resources from your computer can be used to create scripts to automate azure management tasks- provides support for the concurrent execution of multiple scripts- most tasks can be automated through the use of PowerShell scrips
MSFT sentinel
used to build a baseline behavioral profile of organizational entities to identify anomalous activity. Is a security information and event manager platform that can analyze data across the enterprise to identify potential threats, including anomalous activities of users of applications, and help with faster and smarter responses.
Pay as you go
want to evaluate Azure VMs for 18 months- charges you monthly
Initative
want to manage a collection of policy definitions. Allows you to manage Mutiple polices as a while
Cloud bursting
when a company uses its own computing infrastructure for normal usage and accesses the public cloud infrastructure when it needs to scale for peak load requirements, ensuring that a sudden spike in usage does not result in poor performance or system crashes
Enterprise subscription
when you want to purchase Azure VMs and software licenses under one agreement- saves money
Horizontal scablity
where load distributed across compute nodes that are added and removed as needed. This approach does not add compute or memory resources to existing Vms
