AZ-900
Azure Log Analytics
* Aggregates logs * super simple
What options do you have to deploy Containers?
* Azure Container Instances (ACI) * Azure Kubernetes Service (AKS)
How can you do Secrets Management in Azure?
* Azure Key Vault (AKV) *
What types of data does Azure Storage support?
* Blobs * Queues * files * tables * Disks (attached to VMs)
Common use cases of Cloud Computing
* Migration of Production Services * Traffic Bursting: for instance during the holiday season * Backup & Disaster Recovery: unlimited storage space with built-in data life cycle management * web hosting & CDN * Test and Development environments * Proof of Concept * Big Data and Data Manipulation
Why does a system become unavailable
* planned maintenance * unplanned maintenance
How can you copy storage?
- AzCopy - Azure PowerShell - Azure Storage SDK
Cosmos DB Backups
automatically done every 4 hours stored inn geo-redundant blob storage only last 2 snapshots are retained if you delete a DB the snapshots will be retained for 30 days
PaaS is typically less expensive than IaaS on Azure (T/F)
according to Azure documentation it is!
What is the difference between RBAC and policies?
At first glance, it might seem like Azure Policy is a way to restrict access to specific resource types similar to role-based access control (RBAC). However, they solve different problems. RBAC focuses on user actions at different scopes. You might be added to the contributor role for a resource group, allowing you to make changes to anything in that resource group. Azure Policy focuses on resource properties during deployment and for already-existing resources. Azure Policy controls properties such as the types or locations of resources. Unlike RBAC, Azure Policy is a default-allow-and-explicit-deny system.
Azure Data Factory
Automates data movement and data transformation. Spins up and down HDInsight clusters as needed. You can create data processing pipelines
What is an availability zone?
Availability Zones are physically separate datacenters within an Azure region. Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking. It is set up to be an isolation boundary. If one zone goes down, the other continues working. Availability Zones are connected through high-speed, private fiber-optic networks.
Azure AD Privileged Identity Management (PIM)
Azure AD Privileged Identity Management (PIM) is an additional, paid-for offering that provides oversight of role assignments, self-service, and just-in-time role activation and Azure AD and Azure resource access reviews.
AAD
Azure Active Directory
Azure Resource Manager (ARM)
Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.
What types of events does the Azure Activity Log service track?
* Administrative * Service * Health * Security * Alert * Autoscale * Recommendation
Once Azure Information Protection is enabled, what can you do?
* After your content is classified, you can track and control how the content is used. For example, you can: * Analyze data flows to gain insight into your business * Detect risky behaviors and take corrective measures Track access to documents * Prevent data leakage or misuse of confidential information
What are the main Azure service monitoring and alerting related Azure services?
* Azure Status: tracks global Azure health * Azure Health: tracks your account * Azure Resource Health: gives you the status of a specific resource (for instance a VM)
What are the main application monitoring and alerting related Azure services?
* Azure log Analytics * Azure Monitoring * Application Insights
Purchasing Models for SQL Database
* DTUs vs vCores * DTU = Database Transaction Unit. Good for when you need a lot of compute power. * vCore = virtual Cores
Azure Storage
* Durable and Highly Available * Secure * Scalable * Managed * Accessible over the web
What Data Security does Azure Storage offer?
* Full disc encryption (for Windows BitLocker) *
in the Shared Responsibility Model, what are the parts that are solely the responsibility of the customer (and not of Azure)
* Identity and Account Controls * Application Controls
Cloud Service Models
* Infrastructure as a Service (IaaS): This service allows you to arhitect your own portion of the cloud, by configuring a virtual network. * Platform as a Service (Paas): application framework from the operating system and up. * Software as a Service (SaaS): delivery of an application through the internet (e.g. GMail) Less common models: * Disaster Recorvery aaS * Communications aaS * Monitoring aaS
Firewall options?
* Linux and Windows VM Firewalls * DocumentDB Firewall * Azure SQL DB Server Firewall * Network Security Groups * Application Gateway + Web Application Firewall (WAF) * Third-Party Ecosystem (Market place)
Except for the ad-hoc support by Support Tickets, what otherr options do you hhave?
* MSDN * Stack Overflow * Server Fault * Azure Feedback Forums * Azure Knowledge Center * Twitter yes, even twitter, and real people monitor all these channels, by the way.
Azure Cost Management Tool?
* Monitor cloud spending * Increase organizational accountability: Implement governance policies for effective enterprise cloud cost management, and increase accountability with budgets, cost allocation, and charge-backs. * Optimize cloud efficiency: Improve the return on your cloud investment by using continuous cost optimization and industry best practices. * Manage your Azure and AWS spending
Azure Operations
* Monitoring * Log Analytics * App Monitoring * App Alerting
What are the main automation options in Azure?
* PowerShell (scripts) * Azure Automation * Azure Event Grid * Chef * Puppet * Logic Apps * DSC (Desired State Configuration)
What are the Azure Network Watcher features?
* Topology: show a diagram of you network topology * Variable Packet Capture: Wireshark like tool * IP Flow Verify * Next hop * Security Group View * NSG Flow Logging * Virtual Network Gateway and Connection Troubleshooting * Network Subscription Limits
What Data Security does SQL DB offer?
* Transparent Data Encryption (TDE) * Column Level Encryption * Dynamic Data Masking * Always Encrypted (encrypted on the client even before sending it to the database)
What is special to installing Azure Backup Agent?
* during installation you need to register the machine * download vault credentials into the agent and set an encryption passphrase * if you loose the passphrase, the backup is unrecoverable
Key Cloud Concepts
* on-demand resourcing: ... * Scalability: rapidly, up and down * Economy of Scale: ... * Flexibility and Elasticity: ... * Growth: ... * Utility based metering: you only pay what you use. * Shared infrastructure: ... * Highly Available: ... * Security: ...
What are the Azure SQL Database Service Tiers?
- General Purpose: 4TB max (8TB for managed instance) - Hyperscale: 100TB + scales up/down fast and backups fast - Business Critical: super fast
Cosmos DB pricing model
Based on RU: Request Units reads are less expensive than writes
Benefits of using Azure
Be ready for the future: Continuous innovation from Microsoft supports your development today and your product visions for tomorrow. Build on your terms: You have choices. With a commitment to open source, and support for all languages and frameworks, build how you want and deploy where you want to. Operate hybrid seamlessly: On-premises, in the cloud, and at the edge--we'll meet you where you are. Integrate and manage your environments with tools and services designed for a hybrid cloud solution. Trust your cloud: Get security from the ground up, backed by a team of experts, and proactive compliance trusted by enterprises, governments, and startups.
How do you request ad-hoc support?
By opening a support ticket from the Azure Portal
Table API
Premium version of Table Storage part of the Cosmos DB offering: * Global distribution * dedicated throughput worldwide * single-digit millisecond latencies at the 99th percentile * guaranteed high availability * automatic secondary indexing
Azure backup server
application aware backup whenever you want linux and windows backup/restore VMWare VMs cannot backup Oracle no support for tape backup requires live Azure license
System Center DPM
application aware backup whenever you want linux, windows any os can backup on-premises, cans store locally on tape backup/restore VMWare VMs cannot backup Oracle
Site Recovery Service
Purpose = get you up and running as quickly as possible in the event of an outage Does this by failing over to a different location It supports three fail over scenarios: 1. Azure to Azure 2. On-premises to Azure 3. On-Premises to secondary site
Migration (to the cloud) options
Rehost: Recreate your existing infrastructure in Azure. Choosing this approach has the least impact because it requires minimal changes. It typically involves moving virtual machines from your data center to virtual machines on Azure. Refactor: Move services running on virtual machines to platform-as-a-service (PaaS) services. This approach can reduce operational requirements, improve release agility, and keep your costs low. Small enhancements to run more efficiently in the cloud can have large impacts on performance. Rearchitect: You might be forced to rearchitect some systems so that they can be migrated. Other apps could be changed to become cloud native, or to take advantage of new approaches to software, such as containers or microservices. Rebuild: You might need to rebuild software if the cost to rearchitect it is more than that of starting from scratch. Replace: While you're reviewing your estate, it's possible you'll find that third-party applications could completely replace your custom applications. Evaluate software-as-a-service (SaaS) options that can be used to replace existing applications.
Azure File Share
SAMBA compatible file sharing service
What ideas does Serverless Computing encompass?
SEM 1. Server abstraction 2. Event-Driven 3. Micro-Billing
SKU
SKU is short for 'Stock-keeping-Unit'. It basically stands for an item which is on sale, in lamen language. In terms of the Microsoft Azure cloud, they basically signify a purchasable SKU under a product.
Azure Cognitive Services categories?
SLAVS * Search * Language * Anomaly Detection * Vision * Speech
Policy Initiatives
Sets of Policies. Managing a few policy definitions is easy, but once you have more than a few, you will want to organize them. That's where initiatives come in. Initiatives work alongside policies in Azure Policy. An initiative definition is a set or group of policy definitions to help track your compliance state for a larger goal. Even if you have a single policy, we recommend using initiatives if you anticipate increasing the number of policies over time.
Azure Data Warehouse
a ... uh ... Data warehouse built on SQL Server. Certified for compliance
Enterprise Agreement
agreement to purchase a pre-determined amount of Azure Services. Savings of 15-45% percent with respect to Web Direct users
Differences between Datacenters and Cloud Computing
Datacenter: few locations, Physical Security your responsibility, Mechanical & Electrical infrastructure are on you, Network infrastructure your responsibility and can be both hardware or software based, Servers can be physical and virtual, Storage is limited and -frankly- a pita. Cloud: location around the globe, Physical security and mechanical & electrical infra is part of the vendor, Network infra is only virtual and security is a shared responsibility, servers are virtual only (except for reserved instances) and security is a shared responsibility, storage is unlimited with a myriad of storage services that cater to different requirements
Azure Table Storage
Intended for Simple Structure data (e.g. address books and user profiles) * schemaless design * indexes records For secondary indexes or global distribution --> Cosmos DB For complex joins, foreign keys etc -> RDMS
Request Units depend on....
Item Size Number of properties in an item consistency level number of properties indexed document indexing query complexity script usage (ie. stored procedures and triggers)
Azure Network Watcher
Monitors the Network
Azure Firewall
More feature rich than Network Security Groups
What are some VPN Options?
Point-to-Site (P2S) * public internet * SSTP connection Site-to-Site (S2S) * requires VPN device located on-premises * requires public IP Address ExpressRoute * Through 3rd party connectivity provider * Private Connection (not public internet) * High-speed network complement to VPN
What is the maximum time an Azure Function can run?
10 minutes
Availability sets
2-3 fault domains and 3 or more update domains
How many support plans does Microsoft Azure have?
4
If Site outage happens what are your recovery options?
6 in total: 1. Recover to latest (default): lowest RPO, high RTO (as it needs to process a lot of unprocessed data) 2. Latest Processed: lower RTO but higher RPO (because unprocessed data is discarded) 3. Latest Application-Consistent 4. Latest Multi-VM Processed 5. Latest Multi-VM Application-Consistent 6. Custom Recovery Point
Azure Application Gateways
Application Gateway is a layer 7 load balancer. It supports SSL termination, cookie-based session affinity, and round robin for load-balancing traffic. AWS: Application Load Balancer
Where do I configure when System Metric alerts should be triggered?
In the Azure Monitoring Services portal you can create metric alerts...
CIA model
Confidentiality Integrity Availability
Azure VPN Gateway
Connects Azure virtual networks to other Azure virtual networks, or customer on-premises networks (Site To Site). Allows end users to connect to Azure services through VPN tunneling (Point To Site). AWS: VPN Gateway
When do you qualify for an Enterprise agreement?
As a private business you have to have 500 users and devices. As a public organization you must have at least 250 users and devices
Azure Policy Service
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. AWS: Organizations
How long does Azure Monitor store its data?
for 30 days by default
Azure Redis Cache
in-memory
Azure Search
inedexes text data search suggestions
Azure Analysis Services
lets you create data models of existing data. fully managed platform as a service (PaaS) that provides enterprise-grade data models in the cloud. Use advanced mashup and modeling features to combine data from multiple data sources, define metrics, and secure your data in a single, trusted tabular semantic data model.
Microsoft Data Migration Assistant
makes recommendation on data migrations; i.e. some database could benefit from SQL Server Stretch DB
Azure Advance Threat Protection (ATP)
monitors user activities and looks for anomalies
Resources can be part of multiple resource groups (T/F)
nope
How do you choose the region you need to deploy
normally you choose the region closest to your users, but you also have to weigh in the cost you'll incur in that region.
Elastic Pools
pool database with different performance peak moments in one pool. Cheaper.
Azure Cloud Services
provides managed VM hosting offers 2 types of VMs: Web Roles & worker roles. It is a legacy product. If you need remote access to VMs and custom software installation
How are account, subscriptions, resources groups and resources?
see diagram
Failure Domains vs Update Domains
see diagram. Failure domains group VMs that can fail together without impacting applications that run on them. Update domains are groups of VMs that can be rebooted together without impacting the applications that run on them.
Azure Container Instances
simple container runtime service Easy and fast for one container, but very limited
What to do if you accidentally delete databases?
submit a ticket with Azure Support
Azure HDInsight
supports a wide variety of open-source big data frameworks
Cosmos DB is compatible with MongoDB?
true.
Azure services that support Availability Zones fall into which categories
two categories: Zonal services - you pin the resource to a specific zone (for example, virtual machines, managed disks, IP addresses) Zone-redundant services - platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).
Ho much cost savings can i make with Azure Reservations?
up to 72% over pay-as-you-go subscriptions
SQL API
used to be called Document database Lets you use a SQL-like language to query JSON documents
Azure Logic Apps
you can create a workflow visually in the azure portal integrated with lots of other Azure services (e.g. Machine Learning) Has connectors for product from other vendors like twitter and salesforce can connect to applications on-premises like Oracle
When do you qualify to become a CSP?
you need to sign an agreement with Microsoft.
High Availability within a region for Azure SQL Database is handled automatically?
yup
Can you use Azure Load Balancer for internal load balancing?
yup. see diagram.
Azure API Management
Makes it easy to provide APIs that can be used by internal developers and external partners and customers Gateway between clients and backend handles management tasks such as security, monitoring, analytics and rate limiting You can transform your legacy APIs into RESTful ones
A hypervisor is ...
... a piece of software used to create the virtualized environment allowing for multiple VMs to be installed on the same host. It creates a pool of virtual shared hardware devices
How many global regions does Azure at least have
34+
What is a Runbook?
A collection of PowerShell scripts that use the Azure SDK APIs to automate
Recovery Services Vault
A place where VM backups are stored in according to a Backup Policy
Recovery Service Vault are multi-region by default, right?
Right! you need to use geo-redundant storage, but that's the default.
StorSimple
Allows you to automatically copy infrequently accessed files to the cloud
Azure DDoS Protection
Basic Tier: common DDoS Standard Tier: more DDoS
Where do I activate the Azure Network Watcher features?
In the Azure Log Analytics portal
Azure Redis Cache
Managed Redis. key/value store Basic Tier only for Dev/Test Standard Tier provides replicated, high available cache Premium Tier provides high performance, handles bigger workloads and disaster recovery
What are the main protections of the WAF?
Protection from: * SQL Injection * X-Site scripting * OWASP vulnerabilities
Azure Activity Log
Records events using data from Azure Resource Manager
Web App for Containers
Scales your containers transparently
Azure Database Migration Service
The Azure Database Migration Service performs all of the required steps. You just change the connection string in your apps.
What are Azure Reservations?
They are paying in advance for specific products for a pre-determined period
What tool do you use to calculate on-prem to Azure migration costs?
XXX
RBAC
Role-based access control. An access control model that uses roles to define access and it is often implemented with groups. A user account is placed into a role, inheriting the rights and permissions of the role. Other access control models are MAC and DAC.
How can you save on infrastructure costs?
1. set up spending limits 2. use cheaper locations & regions (not always cheaper in the end, so careful!) 3. use reserved instances 4. Right-size underutilized virtual machines 5. Deallocate virtual machines in off hours (also not always cheaper!) 6. Delete unused virtual machines 7. Migrate to PaaS or Saas services
The key takeaway is that resources are always charged based on ...
... usage. For example, if you de-allocate a VM then you will not be billed for compute hours, I/O reads or writes or the private IP address since the VM is not running and has no allocated compute resources. However you will incur storage costs for the disks.
Reserved instances
1-3 year commitment up to 72% cheaper that payg
What are the ways to increase the performance of Azure App Service Web Apps?
1. Autoscaling 2. Azure Redis Cache 3. CDN
How can you see cost information?
1. Azure Advisor >> Cost Tab 2. Azure Cost Management
What are the serverless implementation options?
1. Azure Stateless (default) Functions 2. Azure Durable Functions 2. Azure Logic Apps
Azure Purchasing Options?
1. Azure.com 2. Microsoft Representative 3. Microsoft Partner
How can you save on licensing costs?
1. use Linux vs. Windows 2. Apply for Azure Hybrid Benefit for Windows Server 3. Apply for Azure Hybrid Benefit for SQL Server 4. Use Dev/Test subscription offers 5. Bring your own SQL Server license 6. Use SQL Server Developer Edition 7. Use constrained instance sizes for database workloads
What are the Microsoft Azure Support plans?
1. Developers: for non-production. during normal business hours. 8 hour response time.. 2. Standard: for production workloads. 24/7 support from support engineers by phone & e-mail. 1 hour response time. 3. Professional Direct: Standard support + operational support + Training + Guidance from a ProDirect Delivery Manager 4. Premier: Professional Direct + 15 minutes response time + launch support (fee) + Guidance by technical account manager + on-demand training
What is the Azure Service Life Cycle?
1. Private Preview 2. Public Preview 3. General Availability
What are the benefits of vitualization?
1. Reduced capital expenditure: less hardware is required as you an have multiple VMs on the same machine 2. Reduced operating costs: less hardware, less space, less power, less cooling required within a datacenter 3. Smaller footprint: less space required to house the hardware 4. optimization of resources
What are the primary factors affecting your monthly costs when using Azure services?
1. resource type 2. services 3. user's location (actually geography of usage) 4. billing zone
Azure Event Grid
A fully managed event routing service that allows for uniform event consumption using a publish/subscribe model. SNS in AWS
Planned Maintenance
A planned maintenance event is when the underlying Azure fabric that hosts VMs is updated by Microsoft. A planned maintenance event is done to patch security vulnerabilities, improve performance, and add or update features. Most of the time these updates are done without any impact to the guest VMs. But sometimes VMs require a reboot to complete an update. When the VM is part of an availability set, the Azure fabric updates are sequenced so not all of the associated VMs are rebooted at the same time. VMs are put into different update domains. Update domains indicate groups of VMs and underlying physical hardware that can be rebooted at the same time. Update domains are a logical part of each data center and are implemented with software and logic.
What is a Log Management Solution?
A plugin of additional data acquisition rules and visualizations
What is a Region?
A region is a geographical area on the planet containing at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.
Web role
A web role is a VM running the IIS web server
Worker role
A worker role is a VM that is not running IIS
Explain Update Domains and Fault Domains
An update domain is a group of VMs that can be rebooted at the same time without impacting your application. A fault domain is a shared power source, storage and network switch (that can fail without impacting your applications)
Azure Management Groups
Azure Management Groups are containers for managing access, policies, and compliance across multiple Azure subscriptions. Management groups allow you to order your Azure resources hierarchically into collections, which provide a further level of classification that is above the level of subscriptions. All subscriptions within a management group automatically inherit the conditions applied to the management group. Management groups give you enterprise-grade management at a large scale no matter what type of subscriptions you might have.
How can you scale VMs?
AVA * Availability sets: An availability set is a logical grouping of two or more VMs that help keep your application available during planned or unplanned maintenance. * Virtual Machine Scale Sets: * Azure Batch
Azure Virtual Network
AWS VPC
ADAL
Active Directory Authentication Library
Accelerated Networking
Allows two VMs to bypass the virtual switch and communicate through the physical hardware directly to one another. Only works if both VMs have Accelerated Networking enabled and they are running on the same network.
SQL Server Stretch Database
Allows you to migrate cold table rows to Azure and still allow you to query the migrated data This keeps your database lean and fast, yet your cold data still available it also keeps you backups of the local data short(er) it is more expensive than storing the data in files offline, but easier to keep it queryable
SQL Database Managed Instance
Almost 100% compatible with SQL Server, but managed
Which are the current Geographies?
Americas Europe Asia Pacific Middle East and Africa
What do you need to access the Azure Key Vault API?
An AAD JWT token. You can obtain one from AAD simply by authenticating (as a human), or by providing a Client ID and either a Client Secret or a Certificate (as a server)
What is a geography and why do they matter?
An Azure geography is a discrete market typically containing two or more regions that preserve data residency and compliance boundaries. They matter because: 1. Geographies allow customers with specific data residency and compliance needs to keep their data and applications close. 2. Geographies ensure that data residency, sovereignty, compliance, and resiliency requirements are honored within geographical boundaries. 3. Geographies are fault-tolerant to withstand complete region failure through their connection to dedicated high-capacity networking infrastructure.
What is an SLA
An SLA or Service-Level Agreement is a formal document that provides specific terms that state the level of service that will be provided to a customer.
Azure Security Center
An automated security assessment service that improves the security and compliance of applications. Automatically assess applications for vulnerabilities or deviations from best practices. Free Tier: * Security Policies * Recommendations Standard Tier, all Free Tier features plus: * Works with non-Azure resources * Advanced threat detection systems for Azure systems * Customizable alerting * Security Event collection and search * Threat intelligence module
AAD Privileged Identity Management
Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services like Office 365 or Microsoft Intune. * Provide just-in-time privileged access to Azure AD and Azure resources * Assign time-bound access to resources using start and end dates * Require approval to activate privileged roles * Enforce multi-factor authentication to activate any role * Use justification to understand why users activate * Get notifications when privileged roles are activated * Conduct access reviews to ensure users still need roles * Download audit history for internal or external audit
AADB2C
Azure Active Directory Business to Consumer (like social logins)
Deployment Slots
Azure App Service Web Apps Deployment Slots are used to stage new version of web apps. When you're happy with the staging version, you can swap it for the production version. if something goes wrong after all, you can swap back the old version
How to reach High-Availability with Azure App Service Web Apps?
Azure App Service Web Apps are deployed in one Region, so you need to deploy a stand-by copy in another region
Azure App Service Web Apps
Azure App Service enables you to build and host web apps, background jobs, mobile backends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability. App Service supports both Windows and Linux, and enables automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model. supports ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP or Python Integrated with Azure DevOps, GitHub, BitBucket, Docker Hub and Azure Container Registry
Azure Container Instances (ACI)
Azure Container Instances (ACI) offers the fastest and simplest way to run a container in Azure. You don't have to manage any virtual machines or configure any additional services. It is a PaaS offering that allows you to upload your containers and execute them directly with automatic elastic scale.
Azure CDN
Azure Content Delivery Network
Azure Relational Database Storage
Azure Database for MySQL Azure Database for PostgreSQL SQL Server
Azure Government
Azure Government delivers a dedicated cloud enabling government agencies and their partners to transform mission-critical workloads to the cloud.
Azure IaaS VM Backup
Azure IaaS VM Backup: backsup VMs in the cloud Only backup service that doesn't allow on-premises backups
What is the service that help you prevent from leaking data (for instance customer data in e-mails?)
Azure Information Protection
Azure Load Balancer
Azure Load Balancer load-balances traffic at layer 4 (TCP or UDP). AWS: Network Load Balancer
What are the 4 core foundation services of the Cloud?
CANS * Compute * Analytics * Network * Storage (files & DBs)
What are the 8 main foundation services of the cloud?
CANS * Compute * Analytics * Network * Storage (files & DBs) IASI * IoT * AI * Security * Integration
What are 4 of the basic services that Cloud Providers povide?
CANS Compute power - such as Linux servers or web applications Analytics - such as visualizing telemetry and performance data Networking - such as secure connections between the cloud provider and your company Storage - such as files and databases
What are the four major subjects to know for the fundamentals exam?
CASC * Cloud Concepts * Azure Pricing and Support * Security, Privacy, Compliance and Trust * Core Azure Services
Scaling Azure App Service Web Apps
Can be done manually vertically or horizontally. You can also specify thresholds and let Azure handle it automatically. For instance "scale 40% horizontally if the CPU reaches 60%"
Azure Cognitive Services
Cognitive Services bring AI within reach of every developer. A disadvantage is that it is a closed environment.
Time Series Insights
Collects time-stamped data run queries on billions of events
Compliance Manager
Compliance Manager is a workflow-based risk assessment dashboard within the Service Trust Portal that enables you to track, assign, and verify your organization's regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure.
Azure Compliance Manager
Compliance Manager is a workflow-based risk assessment tool that helps you track, assign, and verify your organization's regulatory compliance activities related to Microsoft Cloud services, such as Microsoft 365, Dynamics 365, and Azure.
What are Cosmos DB index update modes?
Consistent: as soon as a record was added/changed the index is updated Lazy: eventually consistent None: no updates are made to the index
Main difference between VMs and Containers
Containers don't need a host OS and are smaller and thus more resource-efficient than VMs
Control Plane Operations vs Data Plane Operations
Control Plane Operations are CRUD operations on Azure resources Data Plane Operations happen within resources
What are the benefits of using Azure Application Gateway over a simple load balancer?
Cookie affinity. Useful when you want to keep a user session on the same backend server. SSL termination. Application Gateway can manage your SSL certificates and pass unencrypted traffic to the backend servers to avoid encryption/decryption overhead. It also supports full end-to-end encryption for applications that require that. Web application firewall. Application gateway supports a sophisticated firewall (WAF) with detailed monitoring and logging to detect malicious attacks against your network infrastructure. URL rule-based routes. Application Gateway allows you to route traffic based on URL patterns, source IP address and port to destination IP address and port. This is helpful when setting up a content delivery network. Rewrite HTTP headers. You can add or remove information from the inbound and outbound HTTP headers of each request to enable important security scenarios, or scrub sensitive information such as server names.
billable unit
Costs are resource-specific, so the usage that a meter tracks and the number of meters associated with a resource depend on the resource type. The usage that a meter tracks correlates to a number of billable units. The rate per billable unit depends on the resource type you are using. Those units are charged to your account for each billing period.
What do you have to do before you can automate anything?
Create an automation account
Benefits of using Resource Manager
Declarative Management: Manage your infrastructure through declarative templates rather than scripts. A Resource Manager template is a JSON file that defines what you want to deploy to Azure. Deploy, manage, and monitor groups, not single resources: Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually. Redeploy groups/solutions: Redeploy your solution throughout the development life cycle and have confidence your resources are deployed in a consistent state. Deploy in the correct order: Define the dependencies between resources so they're deployed in the correct order. Apply access control: Apply access control to all services because RBAC is natively integrated into the management platform. Apply tags: Apply tags to resources to logically organize all the resources in your subscription. Clarify your organization's billing: Clarify your organization's billing by viewing costs for a group of resources that share the same tag.
What is DSC?
Desired State Configuration. These are methods that you can use in PowerShell to obtain the desired state in your environment (e.g. enforce that specific ports are open, or that only a specific set of software is installed)
What are region pairs and why are they important?
Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources (such as virtual machine storage) across a geography that helps reduce the likelihood of interruptions due to events such as natural disasters, civil unrest, power outages, or physical network outages affecting both regions at once.
Azure DevTest Labs
Easily creates non-production environments Admins can set limits on how many VMs can be deployed at once and shut down VMs not in use. Base images for VM creation can be selected. Formulas with specific artifacts can be run to create images Once a user claims a VM, no-one else can use it until it is unclaimed and put back into the shared pool
Tags applied at a resource group level are propagated to resources within the resource group (T/F)
False
Tags can be applied to any type of resource on Azure (T/F)
False
Enterprise Agreements include all support plans
False, twice. 1) you cannot obtain a developer support plan, 2) you have to pay for your support plan
Resource Locks don't apply to the owner (T/F)
False. Resource locks apply regardless of RBAC permissions. Even if you are an owner of the resource, you must still remove the lock before you'll actually be able to perform the blocked activity.
Explain the price differences between standard and premium storage accounts
For standard storage accounts, you only pay for the storage you use and not the quota you set. However, for premium storage accounts you pay for the quota since the storage is provisioned completely to provide you guaranteed performance levels.
Azure Machine Learning Services
Fully open, supports main frameworks
What is GA?
GA = General Availability. When a product has been successfully tested and preview it is made generally available.
Main benefits of cloud computing
GRECCSS * Global * Reliable * Elastic * Cost Effective * Current * Scalable * Secure
Cosmos DB
Global and Multimodel database * table * document * graph * Wide Column Model (like cassandra)
What are the protocols supported by the Azure Application Gateway?
HTTP
AAD Identity Protection
Identity Protection is a tool that allows organizations to accomplish three key tasks: * Automate the detection and remediation of identity-based risks. * Investigate risks using data in the portal. * Export risk detection data to third-party utilities for further analysis.
Azure Traffic Manager
Handles failover of Azure App Service Web Apps by using priority routing. In case of outage of the primary region it will route the traffic to the secondary. It doesn't handle Database failover! You need to configure geo-redundant storage Doesn't handle backup recovery! You need to configure geo-redundant storage
Benefits of using Azure to store data
Here are some of the important benefits of Azure data storage: Automated backup and recovery: mitigates the risk of losing your data if there is any unforeseen failure or interruption. Replication across the globe: copies your data to protect it against any planned or unplanned events, such as scheduled maintenance or hardware failures. You can choose to replicate your data at multiple locations across the globe. Support for data analytics: supports performing analytics on your data consumption. Encryption capabilities: data is encrypted to make it highly secure; you also have tight control over who can access the data. Multiple data types: Azure can store almost any type of data you need. It can handle video files, text files, and even large binary files like virtual hard disks. It also has many options for your relational and NoSQL data. Data storage in virtual disks: Azure also has the capability of storing up to 32 TB of data in its virtual disks. This capability is significant when you're storing heavy data such as videos and simulations. Storage tiers: storage tiers to prioritize access to data based on frequently used versus rarely used information.
Advantages/Benefits of the Cloud
High availability: Depending on the service-level agreement that you choose, your cloud-based applications can provide a continuous user experience with no apparent downtime even when things go wrong. Scalability: Applications in the cloud can be scaled in two ways: Vertically: Computing capacity can be increased by adding RAM or CPUs to a virtual machine. Horizontally: Computing capacity can be increased by adding instances of a resource, such as adding more virtual machines to your configuration. Elasticity: Cloud-based applications can be configured to take advantage of auto-scaling, so your applications will always have the resources they need. Agility: Cloud-based resources can be deployed and configured quickly as your application requirements change. Geo-distribution: Applications and data can be deployed to regional datacenters around the globe, so your customers always have the best performance in their region. Disaster recovery: By taking advantage of cloud-based backup services, data replication, and geo-distribution, you can deploy your applications with the confidence that comes from knowing that your data is safe in the event that disaster should occur.
When are Microservices most appropriate?
High release velocity highly scalable rich (business) domains small development teams
What are the Blob storage tiers?
Hot (frequent access), Cool (little access, immediate access), Archive (takes up to 15 hours to access, 180-day minimum or you get fined)
What happens if a resource fails to respect an SLA?
In some cases (which?) a Azure Credits are given in compensation
Isolated Service Tier
If you need really high performing instances or more than 20 instances.
Where do I configure when Application Metric alerts should be triggered?
In the Azure Monitoring Services portal you can create metric alerts...
Azure IOT Central
IoT Central is an IoT application platform that reduces the burden and cost of developing, managing, and maintaining enterprise-grade IoT solutions.
Azure IoT Hub
IoT Hub is a managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud-hosted solution backend. You can connect virtually any device to IoT Hub.
What is cloud computing?
Is a remote virtual pool of on-demand shared resources offering Compute, Storage, Database and Network services that can be rapidly deployed at scale
What is Azure Advisor?
It can advise you about different subjects: * High Availability * Security * Performance * Cost: a.o. tracks under-used or un-used resources
What is the main advantage of using DSC?
It lets you define the end-state and have Azure do the work to attain that end-state without having to specify all the intermediate steps.
Azure Information Protection
Lets you label information as confidential and AIP will prevent that this information be shared (by example by mail)
Durable Functions
Like Azure Functions, but stateful. A context is passed through the function to track prior activity. Allows you to create workflows and call other functions synchronously or asynchronously
Azure Data Redundancy Options
Locally-Redundant storage (LRS) - copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option, but is not recommended for applications requiring high availability. Zone-redundant storage (ZRS) - copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region. Geo-Redundant storage (GRS) - replicated across 2 regions, but in case of a regional failure you need to wait for MS to restore the region to another region Read-Access Geo-Redundant storage (RA-GRS) - after regional failure immediately available read copy in second region (no write access!)
Shared Responsibility Model
Look at the picture to see who's responsible for what
Main Benefits of Serverless
Management-free Scalability Pay-for-use-only
What is the Azure Hybrid Benefit for Windows Server?
Many customers have invested in Windows Server licenses and would like to repurpose this investment on Azure. The Azure Hybrid Benefit gives customers the right to use these licenses for virtual machines on Azure. To be eligible for this benefit, your Windows licenses must be covered by Software Assurance.
What about a VM can you monitor with Azure Monitor?
Memory CPU Network Disk
Azure Germany
Microsoft Azure Germany delivers a cloud platform built on the foundational principles of security, privacy, compliance, and transparency. Azure Germany is a physically isolated instance of Microsoft Azure. It uses world-class security and compliance services that are critical to German data privacy regulations for all systems and applications built on its architecture.
Azure pricing calculator
Microsoft developed the Azure pricing calculator. The Azure pricing calculator is a free web-based tool that allows you to input Azure services and modify properties and options of the services. It outputs the costs per service and total cost for the full estimate.
Azure Service Fabric
Microsoft's proprietary container orchestrator/Microservice Platform Also runs on Linux, Windows On Azure, On-Premises and even on AWS
Azure Data Lake
NoSQL unstructured data storage. No regulatory compliance. uses U-SQL.
Does Azure SQL Database Managed tier work with Hyperscale?
Nope and so don't Elastic Pools
When storage accounts are create as part of creating an image they are encrypted by default, right?
Nope.
Building your Azure solution by provisioning resources in locations that offer the lowest prices is always the cheapest option (T/F)
Nope. For example, you might want to build your Azure solution by provisioning resources in locations that offer the lowest prices. This approach, though, would require transferring data between locations if any dependent resources and their users are located in different parts of the world. If there are meters tracking the volume of data moving between the resources you provision, any potential savings you make from choosing the cheapest location could be offset by the additional cost of transferring data between those resources.
Does every region have two or more Availability Zones?
Nope. SomeEven have none... Not every region has support for Availability Zones. The following regions have a minimum of three separate zones to ensure resiliency. Central US East US 2 West US 2 West Europe France Central North Europe Southeast Asia
Azure Backup Agent
Not application aware Windows only (no linux) backs up on-premises or in the cloud Also called MARS (Microsoft Azure Recovery Service) backup 3X a day
Inbound and outbound data transfers from Data Centers are free of charge (T/F)
Not exactly. Most of the time inbound data transfers (data going into Azure datacenters) are free. For outbound data transfers (data going out of Azure datacenters), the data transfer pricing is based on Billing Zones. In most zones, the first outbound 5 gigabytes (GB) per month are free. After that amount, you are billed a fixed price per GB.
Open Service Broker for Azure (OSBA)
Open Service Broker for Azure is the open source, Open Service Broker-compatible API server that provisions managed services in the Microsoft Azure public cloud.
What are the different characteristics of Microsoft's Azure SLA?
PUCS 1. Performance Targets 2. Uptime 3. Connectivity Guarantees 4. Service Credits
What are valid Azure Hybrid Identity Solutions?
Pass-through Authentication Synchronized Identity AD FS Federated Identity
Cloud Deployment Models
Public Cloud: cloud shared and offered over the internet to the public Private Cloud: privately hosted, owned and used by the company using the cloud. This require more capital expenditure than a public cloud Hybrid Cloud: combines both pubic and private models (not mentioned in course) Community Cloud
What kind of previews are there?
Public and private. Private are only for specific Azure Users. Public previews can be accessed by all users through the Azure Portal.
You are working on an Azure Cosmos DB application that has exceeded the provisioned request unit rate for a collection. What will occur as a result?
Requests to that collection are throttled until the rate drops below the reserved level
What is resiliency?
Resiliency is the ability of a system to recover from failures and continue to function. It's not about avoiding failures, but responding to failures in a way that avoids downtime or data loss. The goal of resiliency is to return the application to a fully functioning state following a failure. High availability and disaster recovery are two crucial components of resiliency. When designing your architecture you need to design for resiliency, and you should perform a Failure Mode Analysis (FMA). The goal of an FMA is to identify possible points of failure and to define how the application will respond to those failures.
Resource Lock
Resource locks are a setting that can be applied to any resource to block modification or deletion. Resource locks can set to either Delete or Read-only. Delete will allow all operations against the resource but block the ability to delete it. Read-only will only allow read activities to be performed against it, blocking any modification or deletion of the resource. Resource locks can be applied to subscriptions, resource groups, and to individual resources, and are inherited when applied at higher levels.
What are the main interesting features from Azure Application Gateway?
SSL Termination, Connection Draining, request redirection.
Scale Sets
Scale sets allow you to centrally manage, configure, and update a large number of VMs in minutes to provide highly available applications. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. With Virtual Machine Scale Sets, you can build large-scale services for areas such as compute, big data, and container workloads
Primary purposes for Certificates in Azure?
Service Certificates: used for cloud service. Service certificates are attached to cloud services and enable secure communication to and from the service. Management Certificates: used for authenticating with the management API
How to make automatic multi-region failover more efficient for a Cosmos DB?
Set a preferred regions list for each region
Cosmos DB Consistency Levels
Strong Consistency: read operation returns most recent version (only possible when db in single region) Bounded staleness: reads may lag behind writes by a limited amount of time session consistency: guarantees consistency for each client session Consistent prefix: never see out-of-order writes Eventual Consistency
Types of data
Structured data. Structured data is data that adheres to a schema, so all of the data has the same fields or properties. Structured data can be stored in a database table with rows and columns. Structured data relies on keys to indicate how one row in a table relates to data in another row of another table. Structured data is also referred to as relational data, as the data's schema defines the table of data, the fields in the table, and the clear relationship between the two. Structured data is straightforward in that it's easy to enter, query, and analyze. All of the data follows the same format. Examples of structured data include sensor data or financial data. Semi-structured data. Semi-structured data doesn't fit neatly into tables, rows, and columns. Instead, semi-structured data uses tags or keys that organize and provide a hierarchy for the data. Semi-structured data is also referred to as non-relational or NoSQL data. Unstructured data. Unstructured data encompasses data that has no designated structure to it. This lack of structure also means that there are no restrictions on the kinds of data it can hold. For example, a blob can hold a PDF document, a JPG image, a JSON file, video content, etc. As such, unstructured data is becoming more prominent as businesses try to tap into new data sources.
Explain the difference between - Total Cost of Ownership tool - Azure Cost Management Tool
TCO Tool: estimates current on-premises costs and cost-savings in migrating to Azure ACM Tool: track actual Azure expenditure
What is Azure Hybrid Benefit for SQL Server?
The Azure Hybrid Benefit for SQL Server helps you maximize the value from your current licensing investments and accelerate your migration to the cloud. Azure Hybrid Benefit for SQL Server is an Azure-based benefit that enables you to use your SQL Server licenses with active Software Assurance to pay a reduced rate. You can use this benefit even if the Azure resource is active, but the reduced rate will only be applied from the time you select it in the portal. No credit will be issued retroactively.
What "tool" do I use if I want to try out or rapidly deploy entire end-to-end solutions from 3rd party vendors?
The Azure Marketplace.
Microsoft Security Development Lifecycle (SDL)
The Microsoft Security Development Lifecycle (SDL) introduces security and privacy considerations throughout all phases of the development process. It helps developers build highly secure software, address security compliance requirements, and reduce development costs. The guidance, best practices, tools, and processes in the SDL are practices used internally at Microsoft to build more secure products and services.
Service Trust Portal (STP)
The Service Trust Portal (STP) hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft's cloud services. STP users can download audit reports produced by external auditors and gain insight from Microsoft-authored reports that provide details on how Microsoft builds and operates its cloud services.
What are the SLAs for the free or shared tiers?
The free and share tiers don't come with an SLA.
Who owns the azure subscription?
The person that creates the subcription
When is it better not to use DSC?
When you have specific requirements on the order of steps to take to get to the end-state. DSC may execute the steps to get to the end-state in way that doesn't suite your security, network, regulatory or other requirements. Example: port 1 must be opened before opening port 2 etc.
What's the main benefit of Serverless Computing compared to VMs or Containers?
The serverless model differs from VMs and containers in that you only pay for the processing time used by each function as it executes. VMs and containers are charged while they're running - even if the applications on them are idle.
What's the difference -if any- between Spending limits and quotas?
The spending limit is equal to the amount of credit and it can't be changed. It can be removed though (if you move to a pay as you go subscription). Quotas relate to resources (max nr of VMs per account and such)
Azure Kubernetes Service (AKS)
The task of automating, managing, and interacting with a large number of containers is known as orchestration. Azure Kubernetes Service (AKS) is a complete orchestration service for containers with distributed architectures with multiple containers.
If you delete a resource group, all resources contained within are also deleted (T/F)
Yup. Organizing resources by life cycle can be useful in non-production environments, where you might try an experiment, but then dispose of it when done. Resource groups make it easy to remove a set of resources at once.
Azure Storage firewalls and virtual networks
This model enables you to secure and control the level of access to your storage accounts that your applications and enterprise environments demand, based on the type and subset of networks used. When network rules are configured, only applications requesting data over the specified set of networks can access a storage account. You can limit access to your storage account to requests originating from specified IP addresses, IP ranges or from a list of subnets in an Azure Virtual Network (VNet).
Valet Key Pattern
This pattern focuses on efficiently using cloud storage services with untrusted clients. This pattern loosely models the use of valet keys from the real world. Valet keys are useful when you are willing to trust a valet parking attendant to park your car, but don't want to also give them access to areas in the car not needed for this purpose, such as the glove compartment. This pattern enables specifying that a user of your application is allowed to access very specific areas within your cloud storage account, with specific permissions, and for a limited amount of time. You can issue as many cloud storage valet keys as you like and they can all be different.
Would I ever choose putting files in Blob storage rather than file storage?
Yup. When all you need is store the file (and not have it on an SMB compliant storage) because its much cheaper than files storage
What do you use tags for?
To group resources logically and create an cost report based on that goup.
Tools that are commonly used for day-to-day management and interaction include...
Tools that are commonly used for day-to-day management and interaction include: Azure portal for interacting with Azure via a Graphical User Interface (GUI) Azure PowerShell and Azure Command-Line Interface (CLI) for command line and automation-based interactions with Azure Azure Cloud Shell for a web-based command-line interface Azure mobile app for monitoring and managing your resources from your mobile device
What are the protocols supported by Azure Load Balancer?
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
(T/F) All solutions and services are certified to run on Azure.
True (src: https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-fundamentals/what-is-microsoft-azure)
(T/F) The Azure portal updates continuously and requires no downtime for maintenance activities.
True (src: https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-fundamentals/what-is-microsoft-azure)
Trust Center
Trust Center is a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services. Trust Center is an important part of the Microsoft Trusted Cloud Initiative, and provides support and resources for the legal and compliance community
Unplanned Maintenance
Unplanned maintenance events involve a hardware failure in the data center, such as a power outage or disk failure. VMs that are part of an availability set automatically switch to a working physical server so the VM continues to run. The group of virtual machines that share common hardware are in the same fault domain. A fault domain is essentially a rack of servers. It provides the physical separation of your workload across different power, cooling, and network hardware that support the physical servers in the data center server racks. In the event the hardware that supports a server rack becomes unavailable, only that rack of servers is affected by the outage.
Billing Zones
Zone 1: US, USGov, Europe, Canada, UK, France, Switzerland Zone 2: East Asia, Southeast Asia, Japan, Australia, India, Korea Zone 3: Brazil, South Africa, UAE DE Zone 1: Germany
Application Insights
Used to monitor applications running in Azure or anywhere else (including AWS or Digital Ocean or on-premise)
Shared Access Signatures
Using SAS you can give users direct access to directly store data in blob storage. No need to foresee an App to give access to users.
How can you estimate costs? And how can you come to the best estimate?
Using the Price Calculator. To get the best estimate you need to know exactly what you'll deploy and where.
How do I Calculate the total savings i can get by moving to the cloud?
Using the Total Cost of Ownership Calculator
What are typical Compute power choices?
VACS Virtual Machines: Software emulations of physical computers Azure App Service: a platform-as-a-service (PaaS) offering in Azure that is designed to host enterprise-grade web-oriented applications Containers provide a consistent, isolated execution environment for applications. They're similar to VMs except they don't require a guest operating system. Instead, the application and all its dependencies is packaged into a "container" and then a standard runtime environment is used to execute the app. This allows the container to start up in just a few seconds, because there's no OS to boot and initialize. You only need the app to launch. Serverless Computing lets you run application code without creating, configuring, or maintaining a server. The core idea is that your application is broken into separate functions that run when triggered by some action. This is ideal for automated tasks - for example, you can build a serverless process that automatically sends an email confirmation after a customer makes an online purchase.
What are the main types of app styles supported by Azure App Service?
WAWM * Web Apps * API Apps * WebJobs (background tasks) * Mobile Apps back-ends
What are the purchasing options for Azure products and services?
WEC Web Direct Enterprise Cloud Solution Provider
Azure Functions
What AWS calls Lambda
Azure Import/Export Service
What AWS calls Snowball
What is the Composite SLA?
When combining SLAs across different service offerings, the resultant SLA is called a Composite SLA. The resulting composite SLA can provide higher or lower uptime values, depending on your application architecture.
How is an availability set organized in terms of fault domains and update domains?
With an availability set, you get: * Up to three fault domains that each have a server rack with dedicated power and network resources * Five logical update domains which then can be increased to a maximum of 20
Recovery Services Vault are multi region, right?
Wrong! you need to make a Recovery Services Vault for each region you need backups for.
What tool do you use to connect your on-prem network to azure's?
XXX
What tool do you use to see your current spend?
XXX
Resources can be moved from one resource group to another (T/F)
Yep. But some limitations or requirements may apply for some services.
Cosmos DB creates automatic indexes, can you change that?
Yes you can remove created indexes or add new ones.
Does Azure Application Gateway support load balancing multiple sites?
Yes. Application gateways also have the ability to accept traffic for more than one site using multiple site hosting. This is done by routing example1.com to BackenPool1 and example2.com to BackendPool2
Does it make sense to have multiple subscriptions?
Yes. Some companies do this for billing purposes; they get separate billing and invoicing reports. Or for separating Production from development subscriptions.
Does the Azure VPN Gateway have a public IP address?
Yes. The gateway also has a Public IP address. VPN gateways need a public IP address because although they create an environment that emulates a private network between your on-premises resources and your cloud resources, the traffic still technically needs to travel over the public internet to reach your VPN gateway. Once configured, your on-premises network will know to send its traffic to this public IP address.
What should you do before using the Azure Database Migration Service?
You should use the Microsoft Database Migration Assistant first, to generate an assessment report. Once you assess and perform any remediation required, you're ready to begin the migration process.
Can you have several subscriptions at the same time?
Yup
Does Azure Key Vault support Disaster Recovery?
Yup
Are there several pricing options for VMs?
Yup, * Normal * Reserved VM Instances * Hybrid Benefit * DEV/TEST pricing
Do usage costs vary between regions?
Yup, slightly.
WebJobs
feature to run a program (.exe, Java, PHP, Python, or Node.js) or script (.cmd, .bat, PowerShell, or Bash) in the same context as a web app, API app, or mobile app. They can be scheduled or run by a trigger. WebJobs are often used to run background tasks as part of your application logic.
Azure Data Catalog
catalogs all other data (if you register the source to it)
Azure SQL DB Server Firewall
database-level firewall
What if you have data corruption on your db?
delete it as soon as possible and restore it from an non corrupted backup
Azure Batch
designed for batching service is free, buit you pay for the underlying compute spent
How can you reduce the cost of your VMs?
either use reserved instances or low-priority instances (AWS Spot instances)