Azure Fundamentals
How many cloud deployment models are there?
3
Where can you find service costs?
Check the documentation for specific details on what each service area costs.
What are the two ways encryption is typically approached?
Encryption at rest Encryption in transit
List of Azure IoT Services
IoT Central Azure IoT Hub IoT Edge
What does a virtual machine appear like to a user?
It appears to the user like a physical computer running Windows or Linux
What analogy can be used to describe cloud computing?
It is like a utility, such as the electricity that is supplied to a light switch.
Azure DDoS Protection
Protects Azure-hosted applications from distributed denial of service (DDOS) attacks
How are multiple VMs run on a single server?
They are isolated and secure
What does each region belong to?
a specific geography
push notification
allows an app to notify you of new messages or events without the need to actually open the application
Auzre is a continually expanding set of what?
cloud services
What size business is cloud computing designed for?
from a small start-up to a large enterprise
Network perimeters, firewalls, and physical access controls used to be the primary protection for corporate data. But network perimeters have become increasingly porous with the explosion of bring your own device (BYOD), mobile apps, and cloud applications. What has become the new primary protection for corporate data?
identity
vertical scaling
increasing the processing power of individual components Adding resources to a single node, such as memory, processing power, or redundant components. Also referred to as scale up. to increase the memory, storage, or computer power on an existing virtual machine. For example, you can additional memory to a web or database server to make it run faster.
What is the real value in cloud computing?
it enables you to quickly solve your toughest business challenges and bring cutting edge solutions to your users
What must be done to read encrypted data?
it must be decrypted, which requires the use of a secret key.
What happens when you select the Book and Filter icon?
it shows the Directory + subscription pane
What does serverless computing allow you to do?
lets you run application code without creating, configuring, or maintaining a server.
Cloud computing is like renting what?
like renting resources
What are the two cost factors for resources?
meters and pricing
What does good IT governance involve?
planning your initiatives and setting priorities on a strategic level to help manage and prevent issues.
Which cloud deployment model is most common?
public cloud
When considering moving storage to the cloud, what might a customer be concerned about?
security backup disaster recovery how to manage cloud-hosted data
How do you access preview features?
select its entry on the preview page https://azure.microsoft.com/en-us/updates/?status=inpreview and learn more about how to evaluate it.
What can the container orchestrator do?
start, stop, and scale out application instances as needed.
Into what can virtual networks be segmented?
subnets
What is an isolation boundary?
the barrier between availability zones
What technology does Azure use?
virtualization
Do both symmetric and asymmetric encryption play a role in securing data?
yes
router
(computer science) a device that forwards data packets between computer networks
What are the three cloud deployment models
1) public cloud 2) private cloud 3) hybrid
Azure Table storage
A NoSQL store that hosts unstructured data independent of any schema
virtual network
A software-based network that exists between devices on a physical network.
Describe a use case scenario for a private cloud deployment.
A use case scenario for a private cloud would be when an organization has data that cannot be put in the public cloud, perhaps for legal reasons. An example scenario may be where government policy requires specific data to be kept in-country or privately.
What programming languages can you use to build web apps in the Azure App Service?
ASP.NET ASP.NET Core Java Ruby Node.js PHP Python
Natural Language processing
Allow your apps to process natural language with pre-built scripts, evaluate sentiment and learn how to recognize what users want.
redundant power supply
An enclosure that contains two complete power supplies, the second of which turns on when the first fails.
Azure Functions
An event-driven, serverless compute service
Which data storage service stores unstructured data?
Azure Blob Storage
Describe the billing hierarchy from highest to lowest level.
Billing account Billing Profile (Invoice) Invoice section Azure subscription
What do Bash and PowerShell provide access to?
Both include access to the Azure command-line interface called Azure CLI and to Azure PowerShell
Give examples of where device or application data is read or written. Describe the types of data in the examples.
Buying a movie ticket online Looking up the price of an online item Taking a picture Sending an email Leaving a voicemail
Azure Cache for Redis
Caches frequently used and static data to reduce data and application latency
Azure Speech
Convert spoken audio into text, use voice for verification, or add speaker recognition to your app.
Give an example of auto-scaling.
For example, Auto Scaling is a feature of Amazon Elastic Compute Cloud (Amazon EC2) that simplifies horizontally scaling a set of Amazon EC2 resources.
Azure Cosmos DB
Globally distributed database that supports NoSQL options
What is likely to be the primary way new users interact with Azure?
In the Azure Portal
How do you navigate to the Azure dashboard?
In the Azure Portal, click the stack of pancakes icon > Click "Dashboard"
What does a Distributed Denial of Service (DDoS) attack do?
It attempts to overwhelm a network resource by sending so many requests that the resource becomes slow or unresponsive.
What does the Notifications pane display?
It lists the last actions that have been carried out, along with their status.
How do you know if you are using the preview version of the Azure portal?
It will be branded with Microsoft Azure (Preview) on the left side of top bar
In what format is the output of the Cloud Shell command 'az account list'?
JSON
Cosmos DB
Microsoft's proprietary globally-distributed, multi-model database service "for managing data at planet-scale" launched in May 2017. It is schema-agnostic, horizontally scalable and generally classified as a NoSQL database
What feature is critical to restricting communication between virtual machines?
Network Security Groups
What is a standard way that cloud storage providers access data?
REST endpoints, for example
Azure Notification Hubs
Send push notifications to any platform from any back end
What are the three primary types of data that Azure data storage is designed to hold?
Structured data. Semi-structured data. Unstructured data.
Fault Tolerance
The ability of a system to continue operation even if a component fails.
What is container orchestration?
The task of automating, managing, and interacting with a large number of containers
What should you carefully consider when determining how your solution will meet your workload requirements?
The time window against which your application SLA performance targets are measured. The smaller the time window, the tighter the tolerances. If you define your application SLA as hourly or daily uptime, you need to understand these tighter tolerances might not allow for achievable performance targets.
To what does the usage that a meter tracks correlate?
The usage that a meter tracks correlates to a number of billable units.
What is serverless computing ideal for?
This is ideal for automated tasks
Backup and archive costs in an on-premises datacenter.
This is the cost to back up, copy, or archive data. Options might include setting up a backup to or from the cloud. There's an upfront cost for the hardware and additional costs for backup maintenance and consumables like tapes.
What is the basis for encryption of website data in transit?
Transport Layer Security (TLS)
In Cloud Shell, how do you paste what has been copied to the clipboard?
Two ways: 1) right-click on a new line and select Paste 2) use Shift + Insert
List of Azure Cognitive Services
Vision Speech Knowledge mapping Bing Search Natural Language processing
When is an Azure subscription created for you?
When you sign up
Azure Content Delivery Network
delivers high-bandwidth content to customers globally
What does maximizing availability require?
implementing measures to prevent possible service failures
What can you use to better search, filter, and organize resource and resource groups?
tags
cloud provider
the name for the company providing cloud computing services
How can Azure make your app highly available?
through Availability Zones
What does a policy definition express?
what to evaluate and what action to take
Give an example of horizontal scaling.
For example, you have more than one server processing incoming requests.
SQL Server on VMs
Host enterprise SQL Server apps in the cloud
REST API
Any API that uses Representational State Transfer (REST), which means that the two programs, on separate computers, use HTTP messages to request and transfer data.
These allow you to filter network traffic to and from Azure resources in an Azure virtual network.
Network Security Groups
What is the Cloud Shell command to start a website app?
az webapp start '\' + <ENTER > --resourcegroup <resource group ID> '\' + <ENTER> --name <webapp name>
How can you upload service certificates?
either using the Azure portal or by using the classic deployment model
What message might you see if a web site is unavailable?
"503 Service Unavailable"?
What does the Advisor allow you to do?
- Get proactive, actionable, and personalized best practices recommendations. - Improve the performance, security, and high availability of your resources as you identify opportunities to reduce your overall Azure costs. - Get recommendations with proposed actions inline.
When do you need good IT governance?
- You have multiple engineering teams working in Azure - You have multiple subscriptions in your tenant - You have regulatory requirements that must be enforced - You want to ensure standards are followed for all IT allocated resources
What are compute services primarily for?
- performing calculations - executing logic - running applications
To apply an Azure policy, what will you do?
1) Create a policy definition 2) Assign a definition to a scope of resources 3) View policy evaluation results
How do you scale up an App Service plan?
1) Login to the Azure Portal --> 2) In the menu, click Dashboard 3) In the left pane, scroll down and click Scale up 4) In the main pane, modify the service plan and click Apply
Describe the steps to move an existing application to containers using Azure Kubernetes Service (AKS).
1. You convert an existing application to one or more containers and then publish one or more container images to the Azure Container Registry. 2. By using the Azure portal or the command line, you deploy the containers to an AKS cluster. 3. Azure AD controls access to AKS resources. 4. You access SLA-backed Azure services, such as Azure Database for MySQL, via OSBA. 5. Optionally, AKS is deployed with a virtual network.
uninterruptable power supply
A device that provides power to a computer system for a short time if electrical power is lost.
What is Azure PowerShell?
A module you install that enables you to connect to your Azure subscription and manage resources. Windows PowerShell and PowerShell Core provide services such as the shell window and command parsing. Azure PowerShell then adds the Azure-specific commands.
What provides connectivity to all of the servers in a datacenter?
A network switch
What areas are geographies broken up into?
Americas Europe Asia Pacific Middle East and Africa
Name Microsoft's public cloud provider.
Azure
a package or container for composing focus-specific sets of standards, patterns, and requirements related to the implementation of Azure cloud services, security, and design that can be reused to maintain consistency and compliance.
Azure Blueprints
What is the name for the monitoring service that provides threat protection across all of your services both in Azure, and on-premises?
Azure Security Center
What two experiences does Azure Cloud Shell provide?
Bash and PowerShell
Why might you set up separate Azure subscriptions for different environments?
Because resource access control occurs at the subscription level.
What is the name for combining SLAs across different service offerings?
Composite SLA. The resulting composite SLA can provide higher or lower uptime values, depending on your application architecture.
In the Azure Portal, what is the name of the default dashboard?
Dashboard
How do you create multiple invoices within the same billing account?
Depending on your needs, you can set up multiple invoices within the same billing account. To do this, create additional billing profiles. Each billing profile has its own monthly invoice and payment method.
IoT Central
Fully-managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage your IoT assets at scale
What are the options in the Help pane?
Help + Support What's new Azure roadmap Launch guided tour Keyboard shortcuts Show diagnostics Privacy statement
In the Azure Portal, what is the default (main) page?
Home
What feature introduces security and privacy considerations throughout all phases of the development process.
Microsoft Security Development Lifecycle (SDL)
EU Model Clauses
Microsoft offers customers EU Standard Contractual Clauses that provide contractual guarantees around transfers of personal data outside of the EU. Microsoft is the first company to receive joint approval from the EU's Article 29 Working Party that the contractual privacy protections Azure delivers to its enterprise cloud customers meet current EU standards for international transfers of data. This ensures that Azure customers can use Microsoft services to move data freely through Microsoft's cloud from Europe to the rest of the world.
What is Microsoft Azure?
Microsoft's private and public cloud platform
Name three cloud providers.
Microsoft, Amazon, Google
Are specific datacenters exposed to end users?
No
Are tags applied at a resource group level propagated to resources within the resource group?
No
Does Azure provide SLAs for most services under the Free or Shared tiers, or free products such as Azure Advisor?
No
Is there a way to automate repetitive tasks using the Azure Portal?
No
Internet of Things
One of the 8 main categories of Azure services. Technology that enables you to: - integrate sensors and devices - manage them with IoT hubs - create full-featured dashboards and apps to monitor and control all of your assets
What are the learning paths for this certifications (see Azure Fundamentals part 1: Describe core Azure concepts)
Part 1: Describe core Azure concepts Part 2: Describe core Azure services Part 3: Describe core solutions and management tools on Azure Part 4: Describe general security and network security features Part 5: Describe identity, governance3, privacy, and compliance features Part 6: Describe Azure cost management and service level agreements
Describe the Security Development Lifecycle recommendation to perform dynamic analysis security testing.
Performing run-time verification of your fully compiled or packaged software checks functionality that is only apparent when all components are integrated and running. This verification is typically achieved using a tool, a suite of pre-built attacks, or tools that specifically monitor application behavior for memory corruption, user privilege issues, and other critical security problems. Similar to SAST, there is no one-size-fits-all solution and while some tools (such as web app scanning tools) can be more readily integrated into the CI/CD pipeline, other Dynamic Application Security Testing (DAST) such as fuzzing requires a different approach.
Disaster recovery
The procedures and processes for restoring an organization's IT operations following a disaster
Datacenter infrastructure costs in an on-premises datacenter.
These are costs for: - construction and building equipment - future renovation and remodeling costs - operational expenses for: - electricity - floor space - cooling - building maintenance
What is the purpose of the Azure Storage Account that you create when you access Azure Cloud Shell?
This storage area is used as your $HOME folder and any scripts or data you place here is kept across sessions. Each subscription has a unique storage account associated with it, so you can keep the data and tools you need specific to each account you manage.
What App Service styles can you host with Azure App Service?
Web Apps API Apps WebJobs Mobile Apps
What are the benefits of CapEx?
With capital expenditures: - you plan your expenses at the start of a project or budget period - costs are fixed, meaning you know exactly how much is being spent. This is appealing when you need to predict the expenses before a project starts due to a limited budget.
Can Azure Policy allow a resource to be created even if it doesn't pass validation?
Yes. In these cases, you can have it trigger an audit event that can be viewed in the Azure Policy portal, or through command-line tools.
What are the advantages of a private cloud deployment?
You can ensure the configuration can support any scenario or legacy application You have control (and responsibility) over security Private clouds can meet strict security, compliance, or legal requirements
How can you configure your cloud computing environment to ensure that you meet data-residency and compliance laws?
You can replicate your services into multiple regions for redundancy and locality, or select a specific region to ensure you meet data-residency and compliance laws for your customers.
How does cloud computing save in costs over owning a computer?
You only pay for what you use.
What are the benefits of cloud computing as compared to owning your own computer?
You pay for only the services you use You don't manage the upkeep of the computer
When working in Cloud Shell, what is the first thing you want to make sure of?
You want to make sure that you are working with the correct Azure subscription.
What feature is a distributed network of servers that can efficiently deliver web content to users?
a Content Delivery Network (CDN)
What is an orchestration?
a collection of functions or steps, that are executed to accomplish a complex task.
What do containers provide?
a consistent, isolated execution environment for applications
What does the container engine do?
a piece of software that accepts user requests, including command line options, pulls images, and from the end user's perspective runs the container. There are many container engines, including docker, RKT, CRI-O, and LXD. Also, many cloud providers, Platforms as a Service (PaaS), and Container Platforms have their own built-in container engines which consume Docker or OCI compliant Container Images.
What is an Azure resource group?
a place to hold all of the things that we need to create in an Azure solution. allows you to administer all of the services, disks, network interfaces, and other elements that potentially make up a solution as a unit.
Power BI Embedded
a platform-as-a-service (PaaS) analytics solution, where developers can embed reports and dashboards into an application for their customers.
What is Azure App Service?
a platform-as-a-service (PaaS) offering in Azure that is designed to host enterprise-grade web-oriented applications. You can meet rigorous performance, scalability, security, and compliance requirements while using a fully managed platform to perform infrastructure maintenance.
MySQL
a popular open-source DBMS product that is license-free for most applications The most common version of the Structured Query Language, a language for creating, maintaining, and querying a database.
What is a service principal?
an identity that is used by a service or application. And like other identities, it can be assigned role
What is Azure Cloud Shell?
an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell. You can switch between the two shells, and both support the Azure CLI and Azure PowerShell modules.
Microsoft Azure Marketplace
an online store that hosts applications that are certified and optimized to run in Azure.
kubernetes
an open source system for automating deployment, scaling, and management of containerized applications
How are Azure Logic Apps and Azure Functions similar?
both enable you to trigger logic based on an event.
What is one way to enforce standards for IT governance? When is this approach used? What are its drawbacks?
by not allowing teams to directly create Azure resources - and instead have the IT team define and deploy all cloud-based assets. This approach is often the solution in on-premises situations, but this requirement reduces the team agility and ability to innovate
How can you completely remove public internet access to your services?
by restricting access to service endpoints. With service endpoints, Azure service access can be limited to your virtual network.
How can you switch Azure tenants from the Portal?
by selecting your profile picture and selection Switch Directory from the options menu
With Docker, can applications be moved between machines?
containers can be moved between machines.
On what does the decision between VMs and containers depend?
how much flexibility you need: - If you need to completely control the environment, you might choose a VM. - If not, then the portability, performance, and management capabilities of containers might be the better choice.
When you build a cloud solution, what choice must you make? What do you base this choice on?
how you want work to be done based on your resources and needs
Where can you access the Total Cost of Ownership (TCO) calculator?
https://azure.microsoft.com/en-us/pricing/tco/calculator/
Azure Cognitive Services
pre-built APIs you can leverage in your applications to solve complex problems
How is data communication made easier in Azure?
with developer packages and libraries, along with well-documented APIs that streamline data storage operations.
What is another name for horizontal scaling?
"scaling out"
What is vertical scaling also known as?
"scaling up"
network access point
(NAP) Provides a wireless hotspot for people to use e.g in a library
What is latency?
*Latency* is the length of time it takes to receive a response back. TCP latency has an inverse relationship with throughput. the time it takes for data to travel over the network. Latency is typically measured in milliseconds.
What are the performance commitments for Azure CosmosDB?
- 99.999 percent uptime - low-latency commitments of less than 10 milliseconds on DB read operations as well as on DB write operations.
Provide use cases for Role-Based Access Control (RBAC).
- Allow one user to manage VMs in a subscription, and another user to manage virtual networks. - Allow a database administrator (DBA) group to manage SQL databases in a subscription. - Allow a user to manage all resources in a resource group, such as VMs, websites, and virtual subnets. - Allow an application to access all resources in a resource group.
What services does Azure Active Directory provide?
- Authentication. This includes verifying identity to access applications and resources, and providing functionality such as self-service password reset, multi-factor authentication (MFA), a custom banned password list, and smart lockout services. - Single-Sign-On (SSO). SSO enables users to remember only one ID and one password to access multiple applications. A single identity is tied to a user, simplifying the security model. As users change roles or leave an organization, access modifications are tied to that identity, greatly reducing the effort needed to change or disable accounts. - Application management. You can manage your cloud and on-premises apps using Azure AD Application Proxy, SSO, the My apps portal (also referred to as Access panel), and SaaS apps. - Business to business (B2B) identity services. Manage your guest users and external partners while maintaining control over your own corporate data - Business-to-Customer (B2C) identity services. Customize and control how users sign up, sign in, and manage their profiles when using your apps with services. - Device Management. Manage how your cloud or on-premises devices access your corporate data.
What are the benefits of Azure data storage?
- Automated backup and recovery: mitigates the risk of losing your data if there is any unforeseen failure or interruption. - Replication across the globe: copies your data to protect it against any planned or unplanned events, such as scheduled maintenance or hardware failures. You can choose to replicate your data at multiple locations across the globe. - Support for data analytics: supports performing analytics on your data consumption. - Encryption capabilities: data is encrypted to make it highly secure; you also have tight control over who can access the data. - Multiple data types: Azure can store almost any type of data you need. It can handle video files, text files, and even large binary files like virtual hard disks. It also has many options for your relational and NoSQL data. - Data storage in virtual disks: Azure also has the capability of storing up to 32 TB of data in its virtual disks. This capability is significant when you're storing heavy data such as videos and simulations. - Storage tiers: storage tiers to prioritize access to data based on frequently used versus rarely used information.
What management and programming tools are included in the Azure Cloud Shell environment?
- Azure command-line tools (Azure CLI, AzCopy, etc.) Languages / Frameworks including .NET Core, Python, and Java - Container management support for Docker, Kubernetes, etc. - Code editors such as vim, emacs, code, and nano - Build tools (make, maven, npm, etc.) - Database query tools such as sqlcmd
What features does the Compliance Manager provide?
- Combines the following three items: 1) Detailed information provided by Microsoft to auditors and regulators, as part of various third-party audits of Microsoft 's cloud services against various standards (for example, ISO 27001, ISO 27018, and NIST). 2) Information that Microsoft compiles internally for its compliance with regulations (such as HIPAA and the EU GDPR). 3) An organization's self-assessment of their own compliance with these standards and regulations. - Enables you to assign, track, and record compliance and assessment-related activities, which can help your organization cross team barriers to achieve your organization's compliance goals. - Provides a Compliance Score to help you track your progress and prioritize auditing controls that will help reduce your organization's exposure to risk. - Provides a secure repository in which to upload and manage evidence and other artifacts related to compliance activities. - Produces richly detailed reports in Microsoft Excel that document the compliance activities performed by Microsoft and your organization, which can be provided to auditors, regulators, and other compliance stakeholders. Compliance Manager provides ongoing risk assessments with a reference of risk-based scores for regulations and standards displayed in a dashboard view. Alternatively, you can create assessments for the regulations or standards that matter more to your organization. As part of the risk assessment, Compliance Manager also provides recommended actions you can take to improve your regulatory compliance. You can view all action items, or select the action items that correspond with a specific certification. Important: Compliance Manager is a dashboard that provides a summary of your data protection and compliance stature and recommendations for improvement. The Customer Actions provided in Compliance Manager are recommendations only; it is up to each organization to evaluate the effectiveness of these recommendations in their respective regulatory environment prior to implementation. Recommendations found in Compliance Manager should not be interpreted as a guarantee of compliance.
What are some of the benefits of using Azure Application Gateway over a simple load balancer?
- Cookie affinity. Useful when you want to keep a user session on the same backend server. - SSL termination. Application Gateway can manage your SSL certificates and pass unencrypted traffic to the backend servers to avoid encryption/decryption overhead. It also supports full end-to-end encryption for applications that require that. - Web application firewall. Application gateway supports a sophisticated firewall (WAF) with detailed monitoring and logging to detect malicious attacks against your network infrastructure. - URL rule-based routes. Application Gateway allows you to route traffic based on URL patterns, source IP address and port to destination IP address and port. This is helpful when setting up a content delivery network. - Rewrite HTTP headers. You can add or remove information from the inbound and outbound HTTP headers of each request to enable important security scenarios, or scrub sensitive information such as server names.
Regardless of the deployment type (IaaS, PaaS, SaaS), what security features remain the customer's responsibility?
- Data - Endpoints - Accounts - Access management
Give examples of abnormal conditions in which a system often are usually expected remain in service?
- Natural disasters - System maintenance, both planned and unplanned, including software updates and security patches. - Spikes in traffic to your site - Threats made by malicious parties, such as distributed denial of service, or DDoS, attacks
What are some of the common areas you will see in previews?
- New storage types - New Azure services, such as Machine Learning enhancements - New or enhanced integration with other platforms - New APIs for services
What are the elements of the Microsoft Security Development Lifecycle (SDL)?
- Provide training - Define security requirements - Define metrics and compliance reporting - Perform threat modeling - Establish design requirements - Define and use cryptography standards - Manage security risks - Use approved tools - Perform Static Analysis Security Testing - Perform Dynamic Analysis Security Testing - Perform penetration testing - Establish a standard incident response process
What are the best practices for RBAC?
- Segregate duties within your team and grant only the amount of access to users that they need to perform their jobs. Instead of giving everybody unrestricted permissions in your Azure subscription or resources, allow only specific actions at a particular scope. - When planning your access control strategy, grant users the lowest privilege level that they need to do their work. - Use Resource Locks to ensure critical resources aren't modified or deleted.
What are some of the key features of Azure data storage?
- Storage of both structured and unstructured data - High security that supports global compliance standards - Load balancing, high availability, and redundancy capabilities - The ability to send large volumes of data directly to the browser using features such as Azure Blob storage Ultimately, the capabilities make it an ideal platform for hosting any large global application or portal.
Give examples of services that require managing hardware and software.
- Storing data - Streaming video - Hosting a website
List some good uses for tags.
- Using tags to associate a cost center with resources for internal chargeback - Using tags in conjunction with Azure Automation to schedule maintenance windows - Using tags to store environment and department association
What features does Azure Key Vault provide above and beyond the typical certificate management.
- You can create certificates in Key Vault, or import existing certificates - You can securely store and manage certificates without interaction with private key material. - You can create a policy that directs Key Vault to manage the life cycle of a certificate. - You can provide contact information for notification about life-cycle events of expiration and renewal of certificate. - You can automatically renew certificates with selected issuers - Key Vault partner x509 certificate providers / certificate authorities.
What do you need to sign-up for a free Azure account?
- a phone number - a credit card - Microsoft or GitHub account Credit card information is used for identity verification only. You won't be charged for any services until you upgrade.
What are ways in which customers see savings resulting of economies of scale of cloud providers?
- ability to acquire hardware at a lower cost. - deals with local governments and utilities to get: - tax savings - lowering the price of power - lowering the price of cooling - lowering the price of high-speed network connectivity between sites. Cloud providers are then able to pass on these benefits to end users in the form of lower prices than what you could achieve on your own Q: Don't economies of scale would apply to security, as well?
What are WebJobs in the Azure App Service?
- allows you to run a program (.exe, Java, PHP, Python, or Node.js) or script (.cmd, .bat, PowerShell, or Bash) in the same context as a web app, API app, or mobile app. - They can be scheduled, or run by a trigger. - often used to run background tasks as part of your application logic
In the Azure Portal, how do you navigate to the Advisor?
- by selecting Advisor from the navigation menu on the Home page - by searching for it in the All Services menu (pancake icon --> All services) - by searching for it in the search bar on the Home screen
What are the ways you can switch to editing mode in the default Azure Portal dashboard?
- click the Edit (pencil icon) button. - Right-click on the dashboard background area and select Edit. - Right-click on a tile and a menu will appear with edit options, including 'Customize' - Hover over a tile on the dashboard - a ... context menu will appear on the top/right corner with a Customize option.
What are some guidelines and best practices for using resource groups to your advantage in an organization?
- consistent naming convention - organizing principles - by IT type - e.g. all infrastructure together - by resource type - e.g. all virtual network groups together, all VMs together - by environment - prod, qa, dev - by department - finance, marketing, human resources
Azure services offered for mobile development
- create mobile backend services for iOS, Android, and Windows apps quickly and easily - features that used to take time and increase project risk, such adding corporate sign-in and then connecting to on-premises resources such as SAP, Oracle, SQL Server, and SharePoint, are now simple to include - offline data synchronization - connectivity to on-premises data - broadcasting push notifications - auto-scaling to match business needs
What properties does a resource have, in addition to the standard Azure properties?
- department (like finance, marketing, and more) - environment (prod, test, dev) - cost center - life cycle and automation (like shutdown and startup of virtual machines)
Common characteristics of Azure compute, storage, and network services
- durable and highly available with redundancy and replication - secure through automatic encryption and role-based access control - scalable with virtually unlimited storage - managed, handling maintenance and any critical problems for you. - accessible from any where in the world over HTTP or HTTPS
In a distributed system, what types of failures can happen, and must be planned for?
- hardware can fail - the network can have transient failures - on rare occasion, an entire service or region can experience a disruption
How do you create a new virtual machine using Azure PowerShell?
- launch PowerShell - install the Azure PowerShell module - sign in to your Azure account using the command Connect-AzAccount - issue a command beginning with 'New-AzVM `'
List the OpEx costs with cloud computing
- leasing software - customized software features - scaling charges based on usage/demand instead of fixed hardware or capacity - billing at the user or organizational level
How would you create an Azure VM using Azure CLI?
- open a command prompt window - sign in to Azure using the command az login - create a resource group - use a command beginning with 'az vm create \'
Name some of the more common services that Azure provides.
- run your existing applications on virtual machines - explore new software paradigms such as intelligent bots and mixed reality. - communicate with your users through vision, hearing, and speech using AI and machine-learning services - use storage solutions that dynamically grow to accommodate massive amounts of data. - Azure services enable solutions that are not feasible without the power of the cloud.
Once you know the workload requirements of your Azure solution, what do you do?
- select Azure products and services - provision resources according to those requirements
What are the trade-offs to having two independent fallbacks in order to improve the SLA?
- the application logic is more complicated - you are paying more to add the Queue support - there may be data-consistency issues you'll have to deal with due to retry behavior.
What factors affect latency?
- the type of connection you use - how your application is designed - distance (perhaps the biggest factor)
What are the downsides to VMs?
- they can only run one operating system at a time. So, if you have multiple server apps that all require different runtime environments, they may also require multiple virtual machines to execute properly. - because the VM is emulating a full computer, tasks like starting a VM up or taking a snapshot are relatively slow, often taking several minutes.
What are the features of API apps using the Azure App Service?
- you can build REST-based Web APIs using your choice of language and framework. - full Swagger support - the ability to package and publish your API in the Azure Marketplace - produced apps can be consumed from any HTTP(S)-based client.
Internet connection
-Your Internet service provider supplies a device called a modem that is designed to carry data to and from the Internet -This device typically has a standard Ethernet port that can be connected to a router -Most routers supply a WAN port designed for an Internet connection -Plug a standard network cable into the router's WAN port and connect the other end of the cable into the Internet modem
Describe the two levels of Azure DDoS Protection.
1) Basic The Basic service tier is automatically enabled as part of the Azure platform. Always-on traffic monitoring and real-time mitigation of common network-level attacks provide the same defenses that Microsoft's online services use. Azure's global network is used to distribute and mitigate attack traffic across regions. 2) Standard The Standard service tier provides additional mitigation capabilities that are tuned specifically to Microsoft Azure Virtual Network resources. DDoS Protection Standard is simple to enable and requires no application changes. Protection policies are tuned through dedicated traffic monitoring and machine learning algorithms. Policies are applied to public IP addresses associated with resources deployed in virtual networks, such as Azure Load Balancer and Application Gateway. DDoS standard protection can mitigate the following types of attacks: - Volumetric attacks. The attackers goal is to flood the network layer with a substantial amount of seemingly legitimate traffic. - Protocol attacks. These attacks render a target inaccessible, by exploiting a weakness in the layer 3 and layer 4 protocol stack. - Resource (application) layer attacks. These attacks target web application packets to disrupt the transmission of data between hosts.
What four things do all cloud providers offer?
1) Compute power - such as Linux servers or web applications 2) Storage - such as files and databases 3) Networking - such as secure connections between the cloud provider and your company 4) Analytics - such as visualizing telemetry and performance data
Provide examples of when to user virtual machines.
1) During testing and development. VMs provide a quick and easy way to create different OS and application configurations. Test and development personnel can then easily delete the VMs when they no longer need them. 2) When running applications in the cloud. The ability to run certain applications in the public cloud as opposed to creating a traditional infrastructure to run them can provide substantial economic benefits. For example, if an application needs to handle fluctuations in demand, being able to shut down VMs when you don't need them or quickly start them up to meet a suddenly increased demand means you pay only for the resources you use. 3) When extending your datacenter to the cloud. An organization can extend the capabilities of its own on-premises network by creating a virtual network in Azure and adding VMs to that virtual network. Applications like SharePoint can then run on an Azure VM instead of running locally, making it easier or less expensive to deploy than in an on-premises environment. 4) During disaster recovery. As with running certain types of applications in the cloud and extending an on-premises network to the cloud, you can get significant costs savings by using an IaaS-based approach to disaster recovery. If a primary datacenter fails, you can create VMs running on Azure to run your critical applications and then shut them down when the primary datacenter becomes operational again. 5) When moving from a physical server to the cloud ("lift and shift"). You can create an image of the physical server and host it within a VM with little or no changes. Just like a physical on-premises server, you must maintain the VM. You update the installed OS and the software it runs.
What are the two tiers of Azure Security Center available?
1) Free. Available as part of your Azure subscription, this tier is limited to assessments and recommendations of Azure resources only. 2) Standard. This tier provides a full suite of security-related services including continuous monitoring, threat detection, just-in-time access control for ports, and more. To access the full suite of Azure Security Center services, you will need to upgrade to a Standard tier subscription. You can access the 30-day free trial from within the Azure Security Center dashboard in the Azure portal. After the 30-day trial period is over, Azure Security Center is $15 per node per month.
How do you access the Azure Cloud Shell?
1) Log in to the Azure Portal --> 2) Along the top menu bar, select the button with the right carrot and underscore, i.e. '>_'. If you don't see the icon, it will appear under the ellipses '...' next to your profile
How do you navigate to the analytics about your website?
1) Login in to the Azure Portal --> 2) In the menu, select Dashboard --> 3) Click the resource that is the App Service 4) In the left pane, you should see the Overview selected by default. Scroll down to see the analytics
How do you change an App Service configuration?
1) Login to the Azure Portal --> 2) In the pancake icon menu, click Dashboard --> 3) In the left pane, scroll down to the Settings section 4) Select the configuration, and make the change
What are the three key characteristics of SLAs for Azure products and services?
1) Performance Targets 2) Uptime and Connectivity Guarantees 3) Service credits
What two trends have emerged in this ever-changing world?
1) Teams are delivering new features to their users at record speeds 2) End users expect an increasingly rich and immersive experience with their devices and with software. Software releases were once scheduled in terms of months or even years. Today, teams are releasing features in smaller batches. Releases are now often scheduled in terms of days or weeks. Some teams even deliver software updates continuously—sometimes with multiple releases within the same day.
What are three benefits cloud computing?
1) You only pay for what you need 2) You don't worry about upgrades 3) You don't have to worry about scalability. For example, as people move to your town, you can rest assured that your lights will stay on.
What are the two approaches to IT investments?
1) capital expenditure (CapEx) 2) operational expenditure (OpEx)
What are the two basic services provided by all cloud providers?
1) compute power - how much processing your computer can do (CPU, RAM, etc.) 2) storage - the volume of data you can store on your computer
What are the eight main categories of Azure services?
1) compute services 2) cloud storage 3) networking 4) app hosting 5) artificial intelligence 6) internet of things 7) integration 8) security
What are six ways that cloud computing makes running a business easier?
1) cost-effective 2) scalable 3) elastic 4) current 5) reliable 6) secure
What are the steps to using Azure Blueprints
1) create a blueprint - compose templates, policies, role assignments, and resource groups based on common or organization-based patterns into re-usable blueprints 2) apply to a scope - apply the blueprint to one or more subscriptions 3) track assignments - track where blueprints have been applied and share them across your organization
What are two ways you can manage an Azure solution's resource groups?
1) the Azure portal 2) via a command line using the Azure CLI
What two primary services does Azure provide to monitor the health of your apps and resources?
1. Azure Monitor 2. Azure Service Health
What four sources provide full transparency as to how Microsoft Azure manages the underlying resources you are building, allowing you to fully govern the resources you own and use?
1. Microsoft Privacy Statement 2. Microsoft Trust Center 3. Service Trust Portal 4. Compliance Manager
In what areas does Azure Advisor make recommendations?
1. Reduce costs by eliminating unprovisioned Azure ExpressRoute circuits. This recommendation identifies ExpressRoute circuits that have been in the provider status of Not Provisioned for more than one month. Advisor recommends deleting the circuit if you aren't planning to provision the circuit with your connectivity provider. 2) Buy reserved instances to save money over pay-as-you-go. Advisor will review your virtual machine usage over the last 30 days and determine if you could save money in the future by purchasing reserved instances. Advisor will show you the regions and sizes where you potentially have the most savings and will show you the estimated savings you might achieve from purchasing reserved instances. 3) Right-size or shutdown underutilized virtual machines. This analysis monitors your virtual machine usage for 14 days and then identifies underutilized virtual machines. Virtual machines whose average CPU utilization is 5 percent or less and network usage is 7 MB or less for four or more days are considered underutilized virtual machines. The average CPU utilization threshold is adjustable up to 20 percent. By identifying these virtual machines, you can decide to resize them to a smaller instance type, reducing your costs.
Give two examples of ways you can integrate Security Center into your workflows and use it.
1. Use Security Center for incident response. Many organizations learn how to respond to security incidents only after suffering an attack. To reduce costs and damage, it's important to have an incident response plan in place before an attack occurs. You can use Azure Security Center in different stages of an incident response. You can use Security Center during the detect, assess, and diagnose stages. Here are examples of how Security Center can be useful during the three initial incident response stages: - Detect. Review the first indication of an event investigation. For example, you can use the Security Center dashboard to review the initial verification that a high-priority security alert was raised. - Assess. Perform the initial assessment to obtain more information about the suspicious activity. For example, obtain more information about the security alert. - Diagnose. Conduct a technical investigation and identify containment, mitigation, and workaround strategies. For example, follow the remediation steps described by Security Center in that particular security alert. 2. Use Security Center recommendations to enhance security. You can reduce the chances of a significant security event by configuring a security policy, and then implementing the recommendations provided by Azure Security Center. - A security policy defines the set of controls that are recommended for resources within that specified subscription or resource group. In Security Center, you define policies according to your company's security requirements. - Security Center analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations based on the controls set in the security policy. The recommendations guide you through the process of configuring the needed security controls. For example, if you have workloads that do not require the Azure SQL Database Transparent Data Encryption (TDE) policy, turn off the policy at the subscription level and enable it only in the resources groups where SQL TDE is required.
NoSQL
A NoSQL (originally referring to "non-SQL" or "non-relational")[1] database provides a mechanism for storage and retrieval of data that is modeled in means other than the tabular relations used in relational databases. Such databases have existed since the late 1960s, but the name "NoSQL" was only coined in the early 21st century,[2] triggered by the needs of Web 2.0 companies.[3][4] NoSQL databases are increasingly used in big data and real-time web applications.[5] NoSQL systems are also sometimes called "Not only SQL" to emphasize that they may support SQL-like query languages or sit alongside SQL databases in polyglot-persistent architectures.[6][7] Motivations for this approach include: simplicity of design, simpler "horizontal" scaling to clusters of machines (which is a problem for relational databases),[2] finer control over availability and limiting the object-relational impedance mismatch.[8] The data structures used by NoSQL databases (e.g. key-value pair, wide column, graph, or document) are different from those used by default in relational databases, making some operations faster in NoSQL. The particular suitability of a given NoSQL database depends on the problem it must solve. Sometimes the data structures used by NoSQL databases are also viewed as "more flexible" than relational database tables.[9] Many NoSQL stores compromise consistency (in the sense of the CAP theorem) in favor of availability, partition tolerance, and speed. Barriers to the greater adoption of NoSQL stores include the use of low-level query languages (instead of SQL, for instance), lack of ability to perform ad-hoc joins across tables, lack of standardized interfaces, and huge previous investments in existing relational databases.[10] Most NoSQL stores lack true ACID transactions, although a few databases have made them central to their designs.
What feature can provide a secure connection between an Azure Virtual Network and an on-premises location over the internet?
A VPN gateway (or virtual network gateway), enables this scenario. For example, in a three-tiered web site solution, you can keep your service or data tiers in your on-premises network, placing your web tier into the cloud, but keeping tight control over other aspects of your application.
What is a Billing Zone?
A Zone is a geographical grouping of Azure Regions for billing purposes. The following zones exist and include the listed countries (regions). AZURE BILLING ZONES Zone 1: United States, US Government, Europe, Canada, UK, France, Switzerland Zone 2: East Asia, Southeast Asia, Japan, Australia, India, Korea Zone 3: Brazil, South Africa, UAE DE Zone 1: Germany
Describe a common use case scenario for public cloud.
A common use case scenario is deploying a web application or a blog site on hardware and resources that are owned by a cloud provider. Using a public cloud in this scenario allows cloud users to get their website or blog up quickly, and then focus on maintaining the site without having to worry about purchasing, managing or maintaining the hardware on which it runs.
wide area network
A computer network that covers a large geographical area. Most WANs are made up of several connected LANs.
load balancer
A dedicated network device that can direct requests to different servers based on a variety of factors.
VPN gateway
A device that sits at the edge of a LAN to establish and maintain a secure VPN connection. Each one is a router or remote access server with VPN software installed, and encrypts and encapsulates data to exchange over the tunnel. Meanwhile, clients, servers, and other hosts on the protected LANs communicate through it as if they were on the same, private network and do not have to run special VPN software.
multi-tenant
A feature of cloud computing in which multiple customers share storage locations or services without knowing it.
kernel
A kernel is the core component of an operating system. Using interprocess communication and system calls, it acts as a bridge between applications and the data processing performed at the hardware level.When an operating system is loaded into memory, the kernel loads first and remains in memory until the operating system is shut down again. The kernel is responsible for low-level tasks such as disk management, task management and memory management. A computer kernel interfaces between the three major computer hardware components, providing services between the application/user interface and the CPU, memory and other hardware I/O devices. The kernel provides and manages computer resources, allowing other programs to run and use these resources. The kernel also sets up memory address space for applications, loads files with application code into memory, sets up the execution stack for programs and branches out to particular locations inside programs for execution. The kernel is responsible for: Process management for application execution Memory management, allocation and I/O Device management through the use of device drivers System call control, which is essential for the execution of kernel services There are five types of kernels: 1) Monolithic Kernels: All operating system services run along the main kernel thread in a monolithic kernel, which also resides in the same memory area, thereby providing powerful and rich hardware access. 2) Microkernels: Define a simple abstraction over hardware that use primitives or system calls to implement minimum OS services such as multitasking, memory management and interprocess communication. 3) Hybrid Kernels: Run a few services in the kernel space to reduce the performance overhead of traditional microkernels where the kernel code is still run as a server in the user space. 4) Nano Kernels: Simplify the memory requirement by delegating services, including the basic ones like interrupt controllers or timers to device drivers. 5) Exo Kernels: Allocate physical hardware resources such as processor time and disk block to other programs, which can link to library operating systems that use the kernel to simulate operating system abstractions.
massive parallel processing
A large scale parallel processing that involves hundreds or thousands of processors. Utilize hundreds or thousands of CPU's working together to serve either many users or a few users processing large data sets. Supercomputers use _____ for applications such as artificial intelligence and weather forecasting.
How does Azure Managed Identity work?
A managed identity can be instantly created for any Azure service that supports it—and the list is constantly growing. When you create a managed identity for a service, you are creating an account on your organization's Active Directory (a specific organization's Active Directory instance is known as an "Active Directory Tenant"). The Azure infrastructure will automatically take care of authenticating the service and managing the account. You can then use that account like any other Azure AD account, including allowing the authenticated service secure access of other Azure resources.
toast notification
A message that appears as an overlay on a user's screen, often displaying a validation warning. a non modal, unobtrusive window element used to display brief, auto-expiring windows of information to a user.
What are network ports?
A network port is a 16-bit number that identifies one side of a connection between two computers. Computers use port numbers to determine to which process or application a message should be delivered. As network addresses are like street address, port numbers are like suite or room numbers.
How are Azure Blueprints different from Azure Policy?
A policy can be included as one of many artifacts in a blueprint definition.
Describe other use case scenarios for a private cloud deployment.
A private cloud can provide cloud functionality to external customers as well, or to specific internal departments such as Accounting or Human Resources.
How many tags can a resource have? What is the character limit for the name? What is the character limit for the tag value?
A resource can have up to 50 tags. The name is limited to 512 characters for all types of resources except storage accounts, which have a limit of 128 characters. The tag value is limited to 256 characters for all types of resources.
router
A router is a device that analyzes the contents of data packets transmitted within a network or to another network. Routers determine whether the source and destination are on the same network or whether data must be transferred from one network type to another, which requires encapsulating the data packet with routing protocol header information for the new network type. Based on designs developed in the 1960s, the Advanced Research Projects Agency Network (ARPANET) was created in 1969 by the U.S. Department of Defense. This early network design was based on circuit switching. The first device to function as a router was the Interface Message Processors that made up ARPANET to form the first data packet network. The initial idea for a router, which was then called a gateway, came from a group of computer networking researchers who formed an organization called the International Network Working Group, which became a subcommittee of the International Federation for Information Processing in 1972.In 1974, the first true router was developed and by 1976, three PDP-11-based routers were used to form a prototype experimental version of the Internet. From the mid-1970s to the 1980s, mini-computers were used as routers. Today, high-speed modern routers are actually very specialized computers with extra hardware for rapid data packet forwarding and specialized security functions such as encryption. When several routers are used in a collection of interconnected networks, they exchange and analyze information, and then build a table of the preferred routes and the rules for determining routes and destinations for that data. As a network interface, routers convert computer signals from one standard protocol to another that's more appropriate for the destination network. Large routers determine interconnectivity within an enterprise, between enterprises and the Internet, and between different internet service providers (ISPs); small routers determine interconnectivity for office or home networks. ISPs and major enterprises exchange routing information using border gateway protocol (BGP).
What is a firewall?
A security barrier that prevents unauthorized access to or from private networks a service that grants server access based on the originating IP address of each request.
software library
A software library is a suite of data and programming code that is used to develop software programs and applications. It is designed to assist both the programmer and the programming language compiler in building and executing software. A software library generally consists of pre-written code, classes, procedures, scripts, configuration data and more. Typically, a developer might manually add a software library to a program to achieve more functionality or to automate a process without writing code for it. For example, when developing a mathematical program or application, a developer may add a mathematics software library to the program to eliminate the need for writing complex functions. All of the available functions within a software library can just be called/used within the program body without defining them explicitly. Similarly, a compiler might automatically add a related software library to a program on run time.
blockchain
A type of distributed ledger technology consisting of data structure blocks that may contain data or programs, with each block holding batches of individual transactions and the results of any executables. Each block contains a time stamp and a link to a previous block. a growing list of records, called blocks, that are linked using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data (generally represented as a Merkle tree).
What do you see when you launch the Azure Cloud Shell?
A welcome window, from which you choose to use either a Bash or PowerShell environment
As your solution grows in complexity, you will have more services depending on each other. Give an example where you might overlook possible failure points in your solution if you have several interdependent services.
A workload that requires 99.99 percent uptime shouldn't depend upon a service with a 99.9 percent SLA.
What types of applications are available in Azure Marketplace?
AI + Machine Learning Web application
What exam will you be prepared to take once you complete this learning path?
AZ900 Microsoft Azure Fundamentals Exam.
In Azure Monitor, what are the two objects record and analyze.
Activity Logs record when resources are created or modified Metrics tell you how the resource is performing and the resources that it's consuming.
Azure SignalR Service
Add real-time web functionalities easily
Azure Bing Search
Add these APIs to your apps and harness the ability to comb billions of webpages, images, videos, and news with a single API call.
What are the additional advantages of region pairs?
Additional advantages include: - If there's an extensive Azure outage, one region out of every pair is prioritized to make sure at least one is restored as quick as possible for applications hosted in that region pair. - Planned Azure updates are rolled out to paired regions one region at a time to minimize downtime and risk of application outage. - Data continues to reside within the same geography as its pair (except for Brazil South) for tax and law enforcement jurisdiction purposes.
After you have defined you workloads in the Total Cost of Ownership (TCO) calculator, what do you do?
Adjust the values of assumptions that the TCO calculator makes, which might vary between customers. To improve the accuracy of the TCO calculator, you should adjust the values so they match the costs of your current on-premises infrastructure. The assumptions you can customize include: Virtual machine costs Electricity costs Storage costs IT labor costs Hardware costs Software costs Virtualization costs Datacenter costs Networking costs Database costs
Multi-Tier Cloud Security (MTCS) Singapore
After rigorous assessments conducted by the MTCS Certification Body, Microsoft cloud services received MTCS 584:2013 certification across all three service classifications: - Infrastructure as a Service (IaaS) - Platform as a Service (PaaS) - Software as a Service (SaaS) Microsoft was the first global cloud solution provider (CSP) to receive this certification across all three classifications.
What are two ways that Azure Monitor responds proactively to critical conditions that are identified within the data it collects?
Alerts. Azure Monitor proactively notifies you of critical conditions using alerts, and can potentially attempt to take corrective actions. Alert rules based on metrics can provide alerts in almost real-time, based on numeric values. Alert rules based on logs allow for complex logic across data, from multiple sources. Autoscale. Azure Monitor uses Autoscale to ensure that you have the right amount of resources running to manage the load on your application effectively. Autoscale enables you to create rules that use metrics, collected by Azure Monitor, to determine when to automatically add resources to handle increases in load. Autoscale can also help reduce your Azure costs by removing resources that are not being used. You can specify a minimum and maximum number of instances, and provide the logic that determines when Autoscale should increase or decrease resources.
What are some common Azure policy definitions you can apply?
Allowed Storage Account SKUs This policy definition has a set of conditions/rules that determine whether a storage account that is being deployed is within a set of SKU sizes. Its effect is to deny all storage accounts that do not adhere to the set of defined SKU sizes. Allowed Resource Type This policy definition has a set of conditions/rules to specify the resource types that your organization can deploy. Its effect is to deny all resources that are not part of this defined list. Allowed Locations This policy enables you to restrict the locations that your organization can specify when deploying resources. Its effect is used to enforce your geographic compliance requirements. Allowed Virtual Machine SKUs This policy enables you to specify a set of VM SKUs that your organization can deploy. Not allowed resource types Prevents a list of resource types from being deployed.
Organizational continuity and disaster recovery costs in an on-premises datacenter.
Along with server fault tolerance and redundancy, you need to plan for how to recover from a disaster and continue operating. Your plan should consist of creating a disaster recovery site. It could also include backup generators. Most of these are upfront costs, especially if you build a disaster recovery site, but there's an additional ongoing cost for the infrastructure and its maintenance.
What is a hypervisor controller on a VM?
Also known as a virtual machine monitor, VMM, this is computer software, firmware (permanent software programmed into a read-only memory) or hardware that creates and runs virtual machines. A computer on which it runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine. It emulates all of the functions of a real computer and its CPU in a virtual machine. It can run multiple virtual machines at the same time, optimize the capacity of the abstracted hardware. Each virtual machine can run any compatible operating system, such as Windows or Linux.
Give an example of a microservices architecture.
Amazon all the end-user sees is a website. But, Amazon has a microservice for everything. There are microservices for: - orders - determining a list of recommended items to buy - wish lists - authenticating web cart credit cards - etc... Each microservice is a mini application performing a single business capability.
What do you need to use all of the Azure Cloud Shell features?
An Azure subscription. NOTE: The sandbox only provides a limited set of features.
Failure Mode Analysis
An analysis to identify possible points of failure and to define how the application will respond to those failures. the process of reviewing as many components, assemblies, and subsystems as possible to identify potential failure modes in a system and their causes and effects. For each component, the failure modes and their resulting effects on the rest of the system are recorded in a specific FMEA worksheet. There are numerous variations of such worksheets. An FMEA can be a qualitative analysis,[1] but may be put on a quantitative basis when mathematical failure rate models[2] are combined with a statistical failure mode ratio database. It was one of the first highly structured, systematic techniques for failure analysis. It was developed by reliability engineers in the late 1950s to study problems that might arise from malfunctions of military systems. An FMEA is often the first step of a system reliability study. General: A procedure to determine which malfunction symptoms appear immediately before or after a failure of a critical parameter in a system. After all possible causes are listed for each symptom, the product is designed to eliminate the problems.
DevOps
An approach based on lean and agile principles in which there is a collaboration between: - business owners - development department - operations department - quality assurance department brings together people, processes, and technology, automating software delivery to provide continuous value to your users. allows you to build and release pipelines that provide continuous integration, delivery, and deployment for your applications. You can integrate repositories and application tests, perform application monitoring, and work with build artifacts. You can also work with and backlog items for tracking, automate infrastructure deployment and integrate a range of third-party tools and services such as Jenkins and Chef. allows for consistent, repeatable deployments for your applications to provide streamlined build and release processes.
service bus
An enterprise service bus (ESB) implements a communication system between mutually interacting software applications in a service-oriented architecture (SOA). It represents a software architecture for distributed computing, and is a special variant of the more general client-server model, wherein any application may behave as server or client. ESB promotes agility and flexibility with regard to high-level protocol communication between applications. Its primary use is in enterprise application integration (EAI) of heterogeneous and complex service landscapes.
What is horizontal scaling?
An increase in the number of resources, or the process of adding more servers that function together as one unit.
What is Azure compute?
An on-demand computing service for running cloud-based applications. It provides computing resources like multi-core processors and supercomputers via virtual machines and containers It also provides serverless computing to run apps without requiring infrastructure setup or configuration. The resources are available on-demand and can typically be created in minutes or even seconds. You pay only for the resources you use and only for as long as you're using them.
PostgreSQL
An open source object-relational database system with its powerful uses; commonly used on Linux computers
How might an organization extend its datacenter to the cloud?
An organization can extend the capabilities of its own on-premises network by creating a virtual network in Azure and adding VMs to that virtual network. Applications like SharePoint can then run on an Azure VM instead of running locally, making it easier or less expensive to deploy than in an on-premises environment.
stream analytics
Analytic process of extracting actionable information from continuously flowing/streaming data
Describe the Security Development Lifecycle recommendation to perform static analysis security testing.
Analyzing source code prior to compilation provides a highly scalable method of security code review, and helps ensure that secure coding policies are being followed. Static Analysis Security Testing (SAST) is typically integrated into the commit pipeline to identify vulnerabilities each time the software is built or packaged. However, some offerings integrate into the developer environment to spot certain flaws such as the existence of unsafe or other banned functions, and then replace those functions with safer alternatives while the developer is actively coding. There is no one-size-fits-all solution; development teams should decide the optimal frequency for performing SAST, and consider deploying multiple tactics to balance productivity with adequate security coverage.
Criminal Justice Information Services (CJIS)
Any US state or local agency that wants to access the FBI's CJIS database is required to adhere to the CJIS Security Policy. Azure is the only major cloud provider that contractually commits to conformance with the CJIS Security Policy, which commits Microsoft to adhering to the same requirements that law enforcement and public safety entities must meet.
What range does a typical SLA specify for performance-target commitments for corresponding Azure products or services?
Anywhere from 99.9 percent ("three nines") to 99.999 percent ("five nines")
Apache Spark
Apache Spark is an open-source, distributed processing system used for big data workloads. It utilizes in-memory caching, and optimized query execution for fast analytic queries against data of any size. It provides development APIs in Java, Scala, Python and R, and supports code reuse across multiple workloads—batch processing, interactive queries, real-time analytics, machine learning, and graph processing.
What tools and features does Azure Monitor include that provide valuable insights into your applications, and the other resources they may depend on?
Application Insights is a service that monitors the availability, performance, and usage of your web applications, whether they're hosted in the cloud or on-premises. It leverages the powerful data analysis platform in Log Analytics to provide you with deeper insights into your application's operations. Application Insights can diagnose errors without waiting for a user to report them. Application Insights includes connection points to a variety of development tools, and integrates with Microsoft Visual Studio to support your DevOps processes. Azure Monitor for containers is a service that is designed to monitor the performance of container workloads, which are deployed to managed Kubernetes clusters, hosted on Azure Kubernetes Service (AKS). It gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers, which are available in Kubernetes through the metrics API. Container logs are also collected. Azure Monitor for VMs is a service that monitors your Azure VMs at scale, by analyzing the performance and health of your Windows and Linux VMs (including their different processes and interconnected dependencies on other resources, and external processes). Azure Monitor for VMs includes support for monitoring performance and application dependencies for VMs hosted on-premises, and for VMs hosted with other cloud providers. Integrating any, or all, of these monitoring services with Azure Service Health has additional benefits. Staying informed of the health status of Azure services will help you understand if, and when, an issue affecting an Azure service is impacting your environment. What may seem like a localized problem could be the result of a more widespread issue, and Azure Service Health provides this kind of insight. Azure Service Health identifies any issues with Azure services that might affect your application. Azure Service Health also helps you to plan for scheduled maintenance.
At what tiers does Azure Monitor collect data from?
Application monitoring data - Data about the performance and functionality of the code you have written, regardless of its platform. Guest OS monitoring data - Data about the operating system on which your application is running. This could be running in Azure, another cloud, or on-premises. Azure resource monitoring data - Data about the operation of an Azure resource. Azure subscription monitoring data - Data about the operation and management of an Azure subscription, as well as data about the health and operation of Azure itself. Azure tenant monitoring data - Data about the operation of tenant-level Azure services, such as Azure Active Directory.
Provide an example where you would use Azure Logic Apps.
As an example, let's say a ticket arrives in ZenDesk. You could: - Detect the intent of the message with cognitive services - Create an item in SharePoint to track the issue - If the customer isn't in your database, add them to your Dynamics 365 CRM system - Send a follow-up email to acknowledge their request All of that could be designed in a visual designer making it easy to see the logic flow, which is ideal for a business analyst role.
General Data Protection Regulation (GDPR)
As of May 25, 2018, a European privacy law — GDPR — is in effect. GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.
If you want to share a dashboard, what is the first step?
As with any other Azure resource, you need to specify a new resource group (or use an existing resource group) in which to store shared dashboards. If you do not have an existing resource group, Azure will create a dashboard resource group in whichever location you specify. If you have existing resource groups, you can specify that resource group to store the dashboards.
How can you use Azure VMs as part of a disaster recovery plan?
As with running certain types of applications in the cloud and extending an on-premises network to the cloud, you can get significant costs savings by using an IaaS-based approach to disaster recovery. If a primary datacenter fails, you can create VMs running on Azure to run your critical applications and then shut them down when the primary datacenter becomes operational again.
How is cloud computing elastic?
As your workload changes due to a spike or drop in demand, a cloud computing system can compensate by automatically adding or removing resources.
How are Azure Policy and RBAC different?
At first glance, it might seem like Azure Policy is a way to restrict access to specific resource types similar to role-based access control (RBAC). However, they solve different problems. RBAC focuses on user actions at different scopes. You might be added to the contributor role for a resource group, allowing you to make changes to anything in that resource group. Azure Policy focuses on resource properties during deployment and for already-existing resources. Azure Policy controls properties such as the types or locations of resources. Unlike RBAC, Azure Policy is a default-allow-and-explicit-deny system.
What are the shortened terms used for authentication and authorization?
Authentication is sometimes shortened to AuthN, and authorization is sometimes shortened to AuthZ.
What are three features of Azure VMs that allow them to meet any uptime requirement?
Availability sets Virtual Machine Scale Sets Azure Batch
What is the purpose of region pairs?
Availability zones are created using one or more datacenters, and there is a minimum of three zones within a single region. However, it's possible that a large enough disaster could cause an outage large enough to affect even two datacenters. Region pairs ensure availability in the event of such an outage. If a region in a pair was affected by a natural disaster, for instance, services would automatically fail over to the other region in its region pair.
What additional, paid-for feature provides oversight of role assignments, self-service, and just-in-time role activation and Azure AD and Azure resource access reviews.
Azure AD Privileged Identity Management (PIM)
What are the components of Azure Advanced Threat Protection (ATP)?
Azure ATP portal Azure ATP has its own portal, through which you can monitor and respond to suspicious activity. The Azure ATP portal allows you to create your Azure ATP instance, and view the data received from Azure ATP sensors. You can also use the portal to monitor, manage, and investigate threats in your network environment. You can sign in to the Azure ATP portal at https://portal.atp.azure.com . Your user accounts must be assigned to an Azure AD security group that has access to the Azure ATP portal to be able to sign in. Azure ATP sensor Azure ATP sensors are installed directly on your domain controllers. The sensor monitors domain controller traffic without requiring a dedicated server or configuring port mirroring. Azure ATP cloud service Azure ATP cloud service runs on Azure infrastructure and is currently deployed in the United States, Europe, and Asia. Azure ATP cloud service is connected to Microsoft's intelligent security graph.
Through what service does Azure provide authentication and authorization services?
Azure Active Directory (AAD)
What is the name of Azure's cloud-based identity service?
Azure Active Directory (AAD)
What feature is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization?
Azure Advanced Threat Protection (Azure ATP)
What two tools can be used to get visibility into the costs you are incurring, or check whether, for example, the virtual machines have been sized properly, or predict how much your bill will be?
Azure Advisor Azure Cost Management
What two tools can help you optimize your cloud spend.
Azure Advisor Azure Cost Management
List of Azure web services
Azure App Service Azure Notification Hubs Azure API Management Azure Cognitive Search Web Apps feature of Azure App Service Azure SignalR Service
If all of your traffic is HTTP, what might be a better option than Azure Load Balancer?
Azure Application Gateway
The four main types of storage services.
Azure Blob storage Azure File storage Azure Queue storage Azure Table storage
What tools and artifacts can help you with auditing, traceability, and compliance of your deployments?
Azure Blueprint
These can be useful in Azure DevOps scenarios, where they are associated with specific build artifacts and release pipelines and can be tracked more rigorously.
Azure Blueprints
a declarative way to orchestrate the deployment of various resource templates and other artifacts such as role assignments, policy assignments, Azure Resource Manager templates, Resource groups
Azure Blueprints
preserves the relationship between what should be deployed and was was deployed, and improves deployment tracking and auditing
Azure Blueprints
How can containers be managed in Azure?
Azure Container Instance (ACI) Azure Kubernetes Service (AKS)
container service
Azure Container Service allows you to quickly deploy a production ready Kubernetes, DC/OS, or Docker Swarm cluster.
By which globally distributed database is the Azure Blueprints services backed?
Azure Cosmos Blueprint objects are replicated to multiple Azure regions. This replication provides low latency, high availability, and consistent access to your blueprint objects, regardless of which region Blueprints deploys your resources to.
What data storage service is a globally distributed database service?
Azure Cosmos DB
Which data storage service support schema-less data?
Azure Cosmos DB
List Azure database services
Azure Cosmos DB Azure SQL Database Azure Database for MySQL Azure Database for PostgreSQL SQL Server on VMs Azure Synapse Analytics Azure Database Migration Service Azure Cache for Redis Azure Database for MariaDB
In addition to the Azure Advisor, what tool can be used to understand budgeted and actual costs?
Azure Cost Management
Which data storage type allows you to perform analytics on your data usage and prepare reports?
Azure Data Lake Storage
Which data storage type is a large repository that stores both structured and unstructured data.
Azure Data Lake Storage
What can you use to migrate your existing SQL Server databases to Azure SQL Database with minimal downtime?
Azure Database Migration Service
List the main DevOps services in Azure
Azure DevOps Azure DevTestLabs
Storage Service Encryption provides low-level encryption protection for data written to physical disk, but how do you protect the virtual hard disks (VHDs) of virtual machines? If malicious attackers gained access to your Azure subscription and got the VHDs of your virtual machines, how would you ensure they would be unable to access the stored data?
Azure Disk Encryption
What capability helps you encrypt your Windows and Linux IaaS virtual machine disks.
Azure Disk Encryption
Which data storage type provides fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol.
Azure Files
What choices do you have to provide inbound protection at the perimeter?
Azure Firewall a managed, cloud-based, network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall provides inbound protection for non-HTTP/S protocols. Examples of non-HTTP/S protocols include: Remote Desktop Protocol (RDP), Secure Shell (SSH), and File Transfer Protocol (FTP). It also provides outbound, network-level protection for all ports and protocols, and application-level protection for outbound HTTP/S. Azure Application Gateway a load balancer that includes a Web Application Firewall (WAF) that provides protection from common, known vulnerabilities in websites. It is designed to protect HTTP traffic. Network Virtual Appliances (NVAs) ideal options for non-HTTP services or advanced configurations, and are similar to hardware firewall appliances.
When demand is variable, what is a good choice for Azure compute? For example, you may be receiving messages from an IoT solution used to monitor a fleet of delivery vehicles. You'll likely have more data arriving during business hours.
Azure Functions
What are the two implementations of serverless compute?
Azure Functions, which can execute code in almost any modern language. Azure Logic Apps, which are designed in a web-based designer and can execute logic triggered by Azure services without writing any code.
What is the name of the cloud-based solution that helps organizations classify and optionally protect documents and emails by applying labels?
Azure Information Protection (AIP)
We've seen that the encryption services all use keys to encrypt and decrypt data, so how do we ensure that the keys themselves are secure? Also, Corporations may also have passwords, connection strings, or other sensitive pieces of information that they need to securely store. What tool protects an organizations secrets?
Azure Key Vault
What are the Azure Community support channels?
Azure Knowledge Center Microsoft Technology Community Stack Overflow Server Fault Azure Feedback Forums Twitter
What can you use to move existing applications to containers?
Azure Kubernetes Service (AKS)
What is Azure Kubernetes Service?
Azure Kubernetes Service (AKS) is a complete orchestration service for containers with distributed architectures with multiple containers.
What feature helps improve resiliency, or the ability to recover when your service goes down?
Azure Load Balancer
Which feature can increase resiliency within a single geographic region?
Azure Load Balancer
Compare Azure Load Balancer to Azure Traffic Manager.
Azure Load Balancer distributes traffic within the same region to make your services more highly available and resilient. Traffic Manager works at the DNS level, and directs the client to a preferred endpoint. This endpoint can be to the region that's closest to your user. Load Balancer and Traffic Manager both help make your services more resilient, but in slightly different ways. When Load Balancer detects an unresponsive VM, it directs traffic to other VMs in the pool. Traffic Manager monitors the health of your endpoints. When Traffic Manager finds an unresponsive endpoint, it directs traffic to the next closest endpoint that is responsive.
The most common Artificial Intelligence and Machine Learning service types in Azure.
Azure Machine Learning Service Azure Machine Learning Studio
What feature manages the challenges of service principals for you?
Azure Managed Identity
What feature allows you manage multiple Azure subscriptions in an organization?
Azure Management Groups
What can be implemented to ensure that employees with Azure access are following internal standards for creating resources?
Azure Policy
What features is used to create, assign and, manage policies?
Azure Policy
a default-allow and explicit-deny system focused on resource properties during deployment and for already existing resources. It supports cloud governance by validating that resources within a subscription adhere to requirements and standards.
Azure Policy
When an Azure policy has been assigned, and a new resource gets created, what is the policy evaluation process and effect?
Azure Policy creates a list of all assignments that apply to the resource and then evaluates the resource against each definition. Policy processes several of the effects before handing the request to the appropriate Resource Provider to avoid any unnecessary processing if the resource violates policy. Each policy definition in Azure Policy has a single effect. The list of possible effects are show below. That effect determines what happens when the associated policy rule is matched. When that happens, Azure Policy will take a specific action based on the assigned effect. List of possible effects: Deny The resource creation/update fails due to policy. Disabled The policy rule is ignored (disabled). Often used for testing. Append Adds additional parameters/fields to the requested resource during creation or update. A common example is adding tags on resources such as Cost Center or specifying allowed IPs for a storage resource. Audit, AuditIfNotExists Creates a warning event in the activity log when evaluating a non-compliant resource, but it doesn't stop the request. DeployIfNotExists Executes a template deployment when a specific condition is met. For example, if SQL encryption is enabled on a database, then it can run a template after the DB is created to set it up a specific way
Where is the link that allows you to open a support ticket with the Azure team?
Azure Portal --> question mark icon (Help) --> Help + support button --> Create a support request link
What is the Azure module that you can install for Windows PowerShell or PowerShell Core?
Azure PowerShell
What Microsoft offer enables you to test beta and other pre-release features, products, services, software, and regions?
Azure Preview Features
storage queue
Azure Queue Storage is a service for storing large numbers of messages. You access messages from anywhere in the world via authenticated calls using HTTP or HTTPS. A queue message can be up to 64 KB in size. A queue may contain millions of messages, up to the total capacity limit of a storage account. Queues are commonly used to create a backlog of work to process asynchronously.
What are some of the Azure storage options?
Azure SQL Database Azure Cosmos DB Azure Blob Storage Azure Data Lake Storage Azure Files Azure Queue Disk Storage Storage Tiers Encryption and Replication
What views compose Azure Service Health?
Azure Status provides a global view of the health state of Azure services. With Azure Status, you can get up-to-the-minute information on service availability. Everyone has access to Azure Status and can view all services that report their health state. Service Health provides you with a customizable dashboard that tracks the state of your Azure services in the regions where you use them. In this dashboard, you can track active events such as ongoing service issues, upcoming planned maintenance, or relevant Health advisories. When events become inactive, they are placed in your Health history for up to 90 days. Finally, you can use the Service Health dashboard to create and manage service Health alerts, which notify you whenever there are service issues that affect you. Resource Health helps you diagnose and obtain support when an Azure service issue affects your resources. It provides you with details about the current and past state of your resources. It also provides technical support to help you mitigate problems. In contrast to Azure Status, which informs you about service problems that affect a broad set of Azure customers, Resource Health gives you a personalized dashboard of your resources' health. Resource Health shows you times, in the past, when your resources were unavailable because of Azure service problems. It's then easier for you to understand if an SLA was violated.
What foundational service can help secure your environment through encryption?
Azure Storage Azure Virtual Machines Azure SQL Database Azure Key Vault
What feature encrypts data at rest?
Azure Storage Service Encryption
What encryption types are available for Azure resources?
Azure Storage Service Encryption (SSE) for data at rest helps you secure your data to meet the organization's security and regulatory compliance. It encrypts the data before storing it and decrypts the data before returning it. The encryption and decryption are transparent to the user. Client-side encryption is where the data is already encrypted by the client libraries. Azure stores the data in the encrypted state at rest, which is then decrypted during retrieval.
List of Azure Big Data services
Azure Synapse Analytics AzureHDInsight AzureDatabricks
What feature routes traffic to different endpoints, including the endpoint with the lowest latency to the user?
Azure Traffic Manager
Which feature helps reduce network latency and provides resiliency across geographic locations?
Azure Traffic Manager
In an e-commerce site running in three geographic regions, how can you connect users to the service that's closest geographically, but under the same domain?
Azure Traffic Manager It uses the DNS server that's closest to the user to direct user traffic to a globally distributed endpoint.
Examples of compute services in Azure.
Azure Virtual Machines Azure Virtual Machine Scale Sets Azure Kubernetes Service Azure Service Fabric Azure Batch Azure Container Instances Azure Functions
Features of Azure networking facilities
Azure Virtual Network Azure Load Balancer Azure Application Gateway Azure VPN Gateway Azure DNS Azure Content Delivery Network Azure DDoS Protection Azure Traffic Manager Azure ExpressRoute Azure Network Watcher Azure Firewall Azure Virtual WAN
What resources are available if you have questions about Azure resources or capabilities?
Azure free support resources Azure support plans Azure community support
How can usage costs vary by location?
Azure has datacenters all over the world. Usage costs vary between locations that offer particular Azure products, services, and resources based on popularity, demand, and local infrastructure costs.
What are the customer and Azure security responsibilities at the Platform as a Service (PaaS) level?
Azure is taking care of the operating system and of most foundational software like database management systems. Everything is updated with the latest security patches and can be integrated with Azure Active Directory for access controls. PaaS also comes with many operational advantages. Rather than building whole infrastructures and subnets for your environments by hand, you can "point and click" within the Azure portal or run automated scripts to bring complex, secured systems up and down, and scale them as needed. Examples of PaaS are Azure Event Hubs for ingesting telemetry data from drones and trucks — as well as a web app with an Azure Cosmos DB back end with its mobile apps.
In a virtual network, how is the physical hardware managed? How do you configure virtual networks?
Azure manages the physical hardware for you. You configure virtual networks and gateways through software, which enables you to treat a virtual network just like your own network. You choose which networks your virtual network can reach, whether that's the public internet or other networks in the private IP address space.
What methods can be used to create resource groups?
Azure portal Azure PowerShell Azure CLI Templates Azure SDKs (like .NET, Java)
What tool did Microsoft develop to make estimates easy for customers to create?
Azure pricing calculator
How does Azure Logic Apps interact with other services?
Azure provides over 200 different connectors and processing blocks to interact with different services - including most popular enterprise apps. You can also build custom connectors and workflow steps if the service you need to interact with isn't covered. You then use the visual designer to link connectors and blocks together, passing data through the workflow to do custom processing - often all without writing any code.
What governance strategy does Azure provide to enforce standards for IT governance and still allow IT teams to be agile and innovative?
Azure provides several tools you can use to enforce and validate your standards, while still allowing your engineering teams to create and own their own resources in the cloud. Azure also provides several built-in features to track and analyze your resource utilization and performance.
Between what can usage rates and billing periods differ?
Azure usage rates and billing periods can differ between Enterprise, Web Direct, and Cloud Solution Provider (CSP) customers. Some subscription types also include usage allowances, which affect costs. The Azure team develops and offers first-party products and services, while products and services from third-party vendors are available in the Azure Marketplace . Different billing structures apply to each of these categories.
Which feature provides secure network communication among resources such as virtual machines and other networks?
Azure virtual network
Cloud Security Alliance (CSA) STAR Certification.
Azure, Intune, and Microsoft Power BI have obtained STAR Certification, which involves a rigorous independent third-party assessment of a cloud provider's security posture. This STAR certification is based on achieving ISO/IEC 27001 certification and meeting criteria specified in the Cloud Controls Matrix (CCM). This certification demonstrates that a cloud service provider: - Conforms to the applicable requirements of ISO/IEC 27001. - Has addressed issues critical to cloud security as outlined in the CCM. - Has been assessed against the STAR Capability Maturity Model for the management of activities in CCM control areas.
What are the three purchasing options for Azure?
Azure.com: Buying directly through Azure.com is the fastest and easiest way for organizations of all sizes to get started with Azure. You can manage your Azure deployments and usage yourself and get a monthly bill from Microsoft for the services used. Microsoft representative: Buying Azure through a Microsoft representative is intended for large organizations or customers who already work with one. You'll also manage your Azure deployments and usage yourself and get a monthly bill from Microsoft for the services used. Microsoft partner: If you buy Azure as a managed service through your partner, your partner will: - provide you with access to Azure - manage your billing - provide support
Which data moving in and out of Azure datacenters is typically free?
Bandwidth refers to data moving in and out of Azure datacenters. Most of the time inbound data transfers (data going into Azure datacenters) are free. For outbound data transfers (data going out of Azure datacenters), the data transfer pricing is based on Billing Zones.
Compare latency to bandwidth.
Bandwidth refers to the amount of data that can fit on the connection. Latency refers to the time it takes for that data to reach its destination.
What are the two experiences Cloud Shell provides?
Bash PowerShell
List several of the benefits that Azure provides?
Be ready for the future: continuous innovation from Microsoft support your development today and your product visions tomorrow Build on your terms: build how want and deploy where you want to with a open source and support for all languages and frameworks Operate hybrid seamlessly: on-premise, in the cloud, and at the edge. Trust your cloud: security from the ground up, backed by a team of experts, and proactive compliance trusted by enterprises, governments, and startups.
How do applications with managed service identities enabled use Azure Key Vault?
Because Azure AD can be granted access to use Azure Key Vault secrets, applications with managed service identities enabled can automatically and seamlessly acquire the secrets they need.
Why is the combined probability of failure higher than the individual SLA values.
Because an application that relies on multiple services has more potential failure points.
Why can containers start up in just a few seconds?
Because the application and all its dependencies are packaged into a "container" and then a standard runtime environment is used to execute the app. This allows the container to start up in just a few seconds, because there's no OS to boot and initialize. You only need the app to launch.
Why must Microsoft and its customers partner to ensure the proper administration of compute and storage resources?
Because there are so many parts with physical and digital security
blob storage
Blob storage is a feature in Microsoft Azure that lets developers store unstructured data in Microsoft's cloud platform. This data can be accessed from anywhere in the world. can include audio, video and text. Blobs are grouped into "containers" that are tied to user accounts. Blobs can be manipulated with .NET code.
How can you protect against Distributed Denial of Service (DDoS) attacks?
By combining Azure DDoS Protection with application design best practices. DDoS Protection leverages the scale and elasticity of Microsoft's global network to bring DDoS mitigation capacity to every Azure region. The Azure DDoS Protection service protects your Azure applications by monitoring traffic at the Azure network edge before it can impact your service's availability. Within a few minutes of attack detection, you are notified using Azure Monitor metrics.
What are Azure spending limits?
By default, Azure subscriptions that have associated monthly credits (which includes trial accounts) have a spending limit to ensure you aren't charged once you have used up your credits. This feature is useful for development teams exploring new solution architectures as it ensures you won't have an unexpectedly large bill at the end of the month. Note Azure spending limits are not the same as subscription, service, or resource group limits and quotas. Azure provides the spending limits feature to help prevent you from exhausting the credit on your account within each billing period. When your Azure usage results in charges that use all the included monthly credit, the services that you deployed are disabled and turned off for the rest of that billing period. Once a new billing period starts, assuming there are credits available, the resources are reactivated and deployed. You are notified by email when you hit the spending limit for your subscription. In addition, the Azure portal includes notifications about your credit spend. You can adjust the spending limit as desired or turn it off completely. Important The spending limit feature is specific to subscriptions that include a monthly Azure credit allotment. It is not available on pay-only subscriptions.
What are the additional when adding Azure Active Directory to SSO?
By leveraging Azure AD for SSO you'll also have the ability to combine multiple data sources into an intelligent security graph. This security graph enables the ability to provide threat analysis and real-time identity protection to all accounts in Azure AD, including accounts that are synchronized from your on-premises AD. By using a centralized identity provider, you'll have centralized the security controls, reporting, alerting, and administration of your identity infrastructure.
cash flow
Cash flow is the net amount of cash and cash-equivalents being transferred into and out of a business. At the most fundamental level, a company's ability to create value for shareholders is determined by its ability to generate positive cash flows, or more specifically, maximize long-term free cash flow (FCF). KEY TAKEAWAYS - Positive cash flow indicates that a company is adding to its cash reserves, allowing it to reinvest in the company, pay out money to shareholders, or settle future debt payments. - Cash flow comes in three forms: operating, investing, and financing. - Operating cash flow includes all cash generated by a company's main business activities. - Investing cash flow includes all purchases of capital assets and investments in other business ventures. - Financing cash flow includes all proceeds gained from issuing debt and equity as well as payments made by the company. - Free cash flow, a measure commonly used by analysts to assess a company's profitability, represents the cash a company generates after accounting for cash outflows to support operations and maintain its capital assets.
Which regions have a minimum of three separate availability zones to ensure resiliency?
Central US East US 2 West US 2 West Europe France Central North Europe Southeast Asia
What are the benefits of using Azure Key Vault?
Centralized application secrets. Centralizing storage for application secrets allows you to control their distribution, and reduces the chances that secrets may be accidentally leaked. Securely stored secrets and keys. Azure uses industry-standard algorithms, key lengths, and HSMs, and access requires proper authentication and authorization. Monitor access and use. Using Key Vault, you can monitor and control access to company secrets. Simplified administration of application secrets. Key Vault makes it easier to enroll and renew certificates from public Certificate Authorities (CAs). You can also scale up and replicate content within regions, and use standard certificate management tools. Integrate with other Azure services. You can integrate Key Vault with storage accounts, container registries, event hubs, and many more Azure services.
Which regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft does not directly maintain the datacenters?
China East China North ...and more
How do you create a new dashboard in the Azure Portal?
Click '+ New dashboard'
How do you show the portal menu?
Click the icon at the top-left of the Azure Portal window. It is the stack of pancakes icons which will display 'Show the portal menu' when you hover your mouse pointer over it.
What is purpose of cloning a dashboard?
Cloning is also an easy way to create dashboards before sharing them. For example, if you have a dashboard that is almost as you want it, clone it, make the changes that you need, and then share it.
Describe how cloud computing can bill in various ways.
Cloud computing can bill in various ways, such as: - the number of users - CPU usage time - RAM - I/O operations per second (IOPS) - storage space Plan for backup traffic and disaster recovery traffic to determine the bandwidth needed.
How does cloud computing eliminate the burden of keeping current?
Cloud computing maintains software patches, hardware setup, upgrades, and other IT management tasks. Additionally, the computer hardware is maintained and upgraded by the cloud provider. For example, if a disk fails, the disk will be replaced by the cloud provider. If a new hardware update becomes available, you don't have to go through the process of replacing your hardware. The cloud provider will ensure that the hardware updates are made available to you automatically.
shared responsibility model
Cloud provider: responsible for security "of" the cloud Customer: responsible for security "in" the cloud Cloud provider responsibilities When using IaaS, ensuring that a service is up and running requires that the cloud provider is responsible for ensuring the cloud infrastructure is functioning correctly Customer responsibilities The cloud customer is responsible for ensuring the service they are using is configured correctly, is up to date, and is available to their customers.
How does cloud security compare to the security most organizations can achieve?
Cloud providers can offer better security than most organizations can otherwise achieve.
How is cloud computing made global?
Cloud providers have fully redundant datacenters located in various regions all over the globe. This gives you a local presence close to your customers to give them the best response time possible no matter where in the world they are. You can replicate your services into multiple regions for redundancy and locality, or select a specific region to ensure you meet data-residency and compliance laws for your customers.
How do cloud providers ensure data can be accessed quickly?
Cloud providers have multiple datacenters in locations around the world, which enables you to store data close to your users, lowering latency
Describe how cloud service can be thought of as agile. Provide an example.
Cloud services are often said to be agile. Cloud agility is the ability to rapidly change an IT infrastructure to adapt to the evolving needs of the business. For example, if your service peaks one month, you can scale to demand and pay a larger bill for the month. If the following month the demand drops, you can reduce the used resources and be charged less. This agility lets you manage your costs dynamically, optimizing spending as requirements change.
Azure Machine Learning Service
Cloud-based environment you can use to develop, train, test, deploy, manage, and track machine learning models. It can auto-generate a model and auto-tune it for you. It will let you start training on your local machine, and then scale out to the cloud.
Azure Databricks
Collaborative Apache Spark-based analytics service that can be integrated with other Big Data services in Azure.
Azure Machine Learning Studio
Collaborative, drag-and-drop visual workspace where you can build, test, and deploy machine learning solutions using pre-built machine learning algorithms and data-handling modules.
What can companies choose to do with cloud computing?
Companies can choose to use the cloud to store their data and execute logic as much, or as little, as necessary to fulfill their business requirements.
What are some ways to save in licensing costs?
Compare Linux vs. Windows Azure Hybrid benefit for Windows Server Azure Hybrid benefit for SQL Server Use Dev/Test subscription offers Bring your own SQL Server license Use constrained instance sizes for database workloads
Describe the differences between on-premises storage and Azure data storage.
Compliance and security OP: Dedicated servers required for privacy and security ADS: Client-side encryption and encryption at rest Store structured and unstructured data OP: Additional IT resources with dedicated servers required ADS: Azure Data Lake and portal analyzes and manages all types of data Replication and high availability OP: More resources, licensing, and servers required ADS: Built-in replication and redundancy features available Application sharing and access to shared resources OP: File sharing requires additional administration resources ADS: File sharing options available without additional license Relational data storage OP: Needs a database server with database admin role ADS: Offers database-as-a-service options Distributed storage and data access OP: Expensive storage, networking, and compute resources needed ADS: Azure Cosmos DB provides distributed access Messaging and load balancing OP: Hardware redundancy impacts budget and resources ADS: Azure Queue provides effective load balancing Tiered storage OP: Management of tiered storage needs technology and labor skill set ADS: Azure offers automated tiered storage of data
Name a few kinds of services available on Azure.
Compute services such as VMs and containers that can run your applications Database services that provide both relational and NoSQL choices Identity services that help you authenticate and protect your users Networking services that connect your datacenter to the cloud, provide high availability or host your DNS domain Storage solutions that can accommodate massive amounts of both structured and unstructured data AI and machine-learning services can analyze data, text, images, comprehend speech, and make predictions using data — changing the world of agriculture, healthcare, and much more.
Do containers have a "guest" operating system?
Container do NOT require a guest operating system
What are the advantages of containers over VMs?
Containers are faster to spin up, because you are just waiting for the app to launch, instead of both the operating system and the app. Container apps tend to be much smaller in size than apps on VMs. With containers, the development process is simplified, because the development runtime environment can look exactly the same as the production runtime environment. Containers can be orchestrated with container cluster orchestration. You can easily deploy and manage multiple containerized applications without worrying about which server will host each container.
What factors should be considered when comparing on-premises to Azure data storage?
Cost effectiveness An on-premises storage solution requires dedicated hardware that needs to be purchased, installed, configured, and maintained. This requirement can be a significant up-front expense (or capital cost). Change in requirements can require investment in new hardware. Your hardware needs to be capable of handling peak demand, which means it may sit idle or be under-utilized in off-peak times. Azure data storage provides a pay-as-you-go pricing model, which is often appealing to businesses as an operating expense instead of an upfront capital cost. It's also scalable, allowing you to scale up or scale out as demand dictates and scale back when demand is low. You are charged for data services only as you need them. Reliability On-premises storage requires data backup, load balancing, and disaster recovery strategies. These requirements can be challenging and expensive as they often each need dedicated servers requiring a significant investment in both hardware and IT resources. Azure data storage provides data backup, load balancing, disaster recovery, and data replication as services to ensure data safety and high availability. Storage types Sometimes multiple different storage types are required for a solution, such as file and database storage. An on-premises approach often requires numerous servers and administrative tools for each storage type. Azure data storage provides a variety of different storage options including distributed access and tiered storage. This variety makes it possible to integrate a combination of storage technologies providing the best storage choice for each part of your solution. Agility Requirements and technologies change. For an on-premises deployment, these changes may mean provisioning and deploying new servers and infrastructure pieces, which are a time consuming and expensive activity. Azure data storage gives you the flexibility to create new services in minutes. This flexibility allows you to change storage back-ends quickly without needing a significant hardware investment.
What is the most efficient way to ensure a naming convention was followed across your subscription?
Create a policy with your naming requirements and assign it to the scope of your subscription
Web Apps feature of Azure App Service
Create and deploy mission-critical web apps at scale
Azure Virtual WAN
Creates a unified wide area network (WAN), connecting local and remote sites
List some of the compliance offerings of cloud providers
Criminal Justice Information Services (CJIS) Cloud Security Alliance (CSA) STAR Certification General Data Protection Regulation (GDPR) EU Model Clauses Health Insurance Portability and Accountability Act (HIPAA) International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 27018 Multi-Tier Cloud Security (MTCS) Singapore Service Organization Controls (SOC) 1, 2, and 3 National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) UK Government G-Cloud
What are the five web parts that make up the default dashboard in the Azure Portal?
Dashboard controls All resources tile Quickstarts + tutorials tile Service Health tile Marketplace tile
In addition to Azure Monitors own features for visualizing monitoring data and leveraging other Azure services for publishing data for different audiences, what tools may customers use for visualizing data?
Dashboards Views Power BI
Describe each of the layers of the defense in depth strategy.
Data In almost all cases, attackers are after data: Stored in a database Stored on disk inside virtual machines Stored on a SaaS application such as Office 365 Stored in cloud storage It's the responsibility of those storing and controlling access to data to ensure that it's properly secured. Often, there are regulatory requirements that dictate the controls and processes that must be in place to ensure the confidentiality, integrity, and availability of the data. Application Ensure applications are secure and free of vulnerabilities. Store sensitive application secrets in a secure storage medium. Make security a design requirement for all application development. Integrating security into the application development life cycle will help reduce the number of vulnerabilities introduced in code. We encourage all development teams to ensure their applications are secure by default, and that they're making security requirements non-negotiable. Compute Secure access to virtual machines. Implement endpoint protection and keep systems patched and current. Malware, unpatched systems, and improperly secured systems open your environment to attacks. The focus in this layer is on making sure your compute resources are secure, and that you have the proper controls in place to minimize security issues. Networking Limit communication between resources. Deny by default. Restrict inbound internet access and limit outbound, where appropriate. Implement secure connectivity to on-premises networks. At this layer, the focus is on limiting the network connectivity across all your resources to allow only what is required. By limiting this communication, you reduce the risk of lateral movement throughout your network. Perimeter Use distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for end users. Use perimeter firewalls to identify and alert on malicious attacks against your network. At the network perimeter, it's about protecting from network-based attacks against your resources. Identifying these attacks, eliminating their impact, and alerting you when they happen are important ways to keep your network secure. Identity and access Control access to infrastructure and change control. Use single sign-on and multi-factor authentication. Audit events and changes. The identity and access layer is all about ensuring identities are secure, access granted is only what is needed, and changes are logged. Physical security Physical building security and controlling access to computing hardware within the data center is the first line of defense. With physical security, the intent is to provide physical safeguards against access to assets. These safeguards ensure that other layers can't be bypassed, and loss or theft is handled appropriately.
What is unstructured data?
Data is data that is not stored in any organized way. As new data is acquired it is just added without trying to fit in with existing data. Data that is not organized in a pre-determined structure, such as text-based data. Not defined, does not follow a specified format, and is typically freeform text such as emails, Twitter tweets, text messages
What is semi-structured data?
Data that doesn't fit neatly into tables, rows, and columns. Instead, this type of data uses tags or keys that organize and provide a hierarchy for the data. This type of data is also referred to as non-relational or NoSQL data.
What type of service is Azure SQL Database
Database as a Service (DaaS)
What is the difference between de-allocating a VM and deleting a VM?
De-allocating a VM is not the same as deleting a VM. De-allocation means the VM is not assigned to a CPU or network in a datacenter. However, your persistent disks remain, and the resource is present in your subscription. It's similar to turning off your physical computer.
What is defense in depth?
Defense in depth is a strategy that employs a series of mechanisms to slow the advance of an attack aimed at acquiring unauthorized access to information. Each layer provides protection so that if one layer is breached, a subsequent layer is already in place to prevent further exposure. Microsoft applies a layered approach to security, both in physical data centers and across Azure services. The objective of defense in depth is to protect and prevent information from being stolen by individuals who are not authorized to access it. Defense in depth can be visualized as a set of concentric rings, with the data to be secured at the center. Each ring adds an additional layer of security around the data. This approach removes reliance on any single layer of protection and acts to slow down an attack and provide alert telemetry that can be acted upon, either automatically or manually. Think about security as a multi-layer, multi-vector concern. Threats come from places we don't expect, and they can come with strength that will surprise us.
Describe the Security Development Lifecycle recommendation to use approved tools
Define and publish a list of approved tools and their associated security checks, such as compiler/linker options and warnings. Engineers should strive to use the latest version of approved tools (such as compiler versions), and to utilize new security analysis functionality and protections.
Once you open the Total Cost of Ownership (TCO) calculator, what do you do?
Define your workloads Start by entering details about your on-premises infrastructure into the TCO calculator according to four groups: Servers Enter details of your current on-premises server infrastructure. Databases Enter details of your on-premises database infrastructure in the Source section. In the Destination section, select the corresponding Azure service you would like to use. Storage Enter the details of your on-premises storage infrastructure. Networking Enter the amount of network bandwidth you currently consume in your on-premises environment.
Describe how business environments can make the CapEx model challenging.
Demand and growth can be unpredictable and can outpace expectation, which is a challenge for the CapEx model.
What infrastructure must be managed with containers? With serverless?
Despite many claims of simplicity, the fact remains that administrators still have to manage the "plumbing" when It comes to containers. You still have to manage the container host, the container networking, the container images....etc..etc. With serverless you don't. You simply consume the core resources as needed. This can be a pro or con for each platform depending on your needs.
What are the three levels of Azure support plans?
Developer Standard Professional Direct
What are the common uses of PaaS?
Development framework PaaS provides a framework that developers can build upon to develop or customize cloud-based applications. Just like Microsoft Excel macro, PaaS lets developers create applications using built-in software components. Cloud features such as scalability, high-availability, and multi-tenant capability are included, reducing the amount of coding that developers must do. Analytics or business intelligence Tools provided as a service with PaaS allow organizations to analyze and mine their data. They can find insights and patterns, and predict outcomes to improve business decisions such as forecasting, product design, and investment returns.
Any resource exposed on the internet is at risk of what type of attack?
Distributed Denial of Service (DDoS)
Azure Service Fabric
Distributed systems platform. Runs in Azure or on-premises
What are the container variations supported by Azure?
Docker
What are region pairs?
Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources (such as virtual machine storage) across a geography that helps reduce the likelihood of interruptions due to events such as natural disasters, civil unrest, power outages, or physical network outages affecting both regions at once. If a region in a pair was affected by a natural disaster, for instance, services would automatically fail over to the other region in its region pair.
Say you want to increase availability and resiliency of a simple three-tiered web site. You begin by adding VMs, each configured identically to each tier. What is the problem with this?
Each VM has its own IP address, and you don't have a way to distribute the traffic in case one system goes down or is busy.
What does each server in a datacenter contain?
Each one contains a hypervisor to run multiple virtual machines.
How do Azure Logic Apps workflows work?
Each one starts with a trigger, which fires when a specific event happens or when newly available data meets specific criteria. Many triggers include basic scheduling capabilities, so developers can specify how regularly their workloads will run. Each time the trigger fires, the engine creates an app instance that runs the actions in the workflow. These actions can also include data conversions and flow controls, such as conditional statements, switch statements, loops, and branching.
What might you create additional Azure subscriptions to separate?
Environments: When managing your resources, you can choose to create subscriptions to set up separate environments for development and testing, security, or to isolate data for compliance reasons. This is particularly useful because resource access control occurs at the subscription level. Organizational structures: You can create subscriptions to reflect different organizational structures. For example, you could limit a team to lower-cost resources, while allowing the IT department a full range. This design allows you to manage and control access to the resources that users provision within each subscription. Billing: You might want to also create additional subscriptions for billing purposes. Because costs are first aggregated at the subscription level, you might want to create subscriptions to manage and track costs based on your needs. For instance, you might want to create a subscription for your production workloads and another subscription for your development and testing workloads.
What are the costs to building a datacenter? How does the cost of an on-premise datacenter compare to on in Azure?
Equipment costs aren't the only factor. You need to provide the power, cooling, and personnel to keep your systems running at each location. It might be prohibitively expensive to replicate your entire data center. But doing so with Azure can cost much less, because Azure already has the equipment and personnel in place.
If you stop a web site using Cloud Shell, what message will you see when you open the web site?
Error 403 - This web app is stopped.
Examples of how forecasts and predictions from machine learning can make apps and devices smarter.
Example: when you shop online, machine learning helps recommend other products you might like based on what you've purchased. Example: when your credit card is swiped, it compares the transaction to a database of transactions and helps detect fraud. Example: when your robot vacuum cleaner vacuums a room, machine learning helps it decide whether the job is done.
Compare how cloud computing services might differ for an existing company versus a new company?
Existing businesses might choose a gradual movement to save money on infrastructure and administration costs (referred to as "lift and shift"), while a new company might start in the cloud.
What feature can you use to provide a dedicated, private connection between your network and Azure?
ExpressRoute
What do you need to perform to design resiliency?
Failure Mode Analysis (FMA)
Give an example of meters that are tracking usage on virtual machine.
For example, a single virtual machine that you provision in Azure might have the following meters tracking its usage: Compute Hours IP Address Hours Data Transfer In Data Transfer Out Standard Managed Disk Standard Managed Disk Operations Standard IO-Disk Standard IO-Block Blob Read Standard IO-Block Blob Write Standard IO-Block Blob Delete
Give an example of an SLA commitment to responding if an Azure product or service fails to perform its governing SLA's specification.
For example, customers may have a percent discount applied to their Azure bill, as compensation for an under-performing Azure product or service.
Give two examples of elastic cloud computing.
For example, imagine your website is featured in a news article, leading to a spike in traffic overnight. Since the cloud is elastic, it automatically allocates more computing resources to handle the increased traffic. When the traffic begins to normalize, the cloud automatically de-allocates the additional resources to minimize cost. Another example is if you are running an application used by employees, you can have the cloud automatically add resources for the peak operating hours during which most people access the application, and remove the resources at the usual end of the day.
Give an example configuration using a network security group.
For example, notice that the VM in the web tier allows inbound traffic on ports 22 (SSH) and 80 (HTTP). This VM's network security group allows inbound traffic over these ports from all sources. You can configure a network security group to accept traffic only from known sources, such as IP addresses that you trust. Note Port 22 enables you to connect directly to Linux systems over SSH. Here we show port 22 open for learning purposes. In practice, you might configure VPN access to your virtual network to increase security.
Give an example of a scenario suited for serverless computing.
For example, you can build a serverless process that automatically sends an email confirmation after a customer makes an online purchase.
Why might not provisioning resources in locations that offer lower prices not be most cost-effective?
For example, you might want to build your Azure solution by provisioning resources in locations that offer the lowest prices. This approach, though, would require transferring data between locations if any dependent resources and their users are located in different parts of the world. If there are meters tracking the volume of data moving between the resources you provision, any potential savings you make from choosing the cheapest location could be offset by the additional cost of transferring data between those resources.
Give examples of security breaches.
For instance, a denial of service attack could prevent your customer from reaching your web site or services and block you from doing business. Defacement of your website damages your reputation. And a data breach could be even worse — as it can ruin hard-earned trust, while causing significant personal and financial harm
What are Service Level Agreements?
Formal documents that capture the specific terms that define the performance standards that apply to Azure. They describe Microsoft's commitment to providing Azure customers with specific performance standards. They exist for individual Azure products and services. They specify what happens if a service or product fails to perform to a governing specification.
What are the basic steps to create a resource group
From the Portal Home: click Create a resource in the search box, type "Resource Group" click the Resource Group icon click Create select a subscription from the dropdown provide a name/select the resource group provide a region for the resource review, validate, and select create
Azure Database for MariaDB
Fully managed and scalable MariaDB relational database with high availability and security MariaDB is a community-developed, commercially supported fork of the MySQL relational database management system (RDBMS), intended to remain free and open-source software under the GNU General Public License.
Azure Database for MySQL
Fully managed and scalable MySQL relational database with high availability and security
Azure Database for PostgreSQL
Fully managed and scalable PostgreSQL relational database with high availability and security
Azure Synapse Analytics
Fully managed data warehouse with integral security at every level of scale at no extra cost Run analytics at a massive scale using a cloud-base Enterprise Data Warehouse (EDW) that leverages massive parallel processing (MPP) to run complex queries quickly across petabytes of data
Azure SQL Database
Fully managed relational database with auto-scale, integral intelligence, and robust security
Azure Cognitive Search
Fully managed search as a service
How are Azure Logic Apps and Azure Functions different?
Functions execute code Logic Apps execute workflows designed to automate business scenarios. Logic Apps are built from predefined logic blocks.
In the Portal settings, what is the default tab that is displayed?
General
What is the name given to a feature that has been evaluated and tested successfully, and has been be released to customers as part of Azure's default product set.
General Availability (GA)
How do you share a dashboard?
Go to the dashboard (pancake icon --> Dashboard --> select the dashboard from the My Dashboard drop-down) Select the Share icon at the top of the dashboard pane. This displays the Sharing + access control pane Then click Manage users to specify the users who have access to that dashboard.
How do you complete a support request?
Go to: Azure Portal > question mark icon (Help) > Help + support button > Create a support request link Complete the form by using provided dropdown lists and text-entry fields. Once you've filled out the form, select Create to submit your support request. The Azure support team will contact you after you submit your request.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA is a US federal law that regulates patient Protected Health Information (PHI). Azure offers customers a HIPAA Business Associate Agreement (BAA), stipulating adherence to certain security and privacy provisions in HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act. To assist customers in their individual compliance efforts, Microsoft offers a BAA to Azure customers as a contract addendum.
hardware initialization
Hardware Initialization[edit] Typically, when a CPU starts up, it does some internal consistency checks and transfers control to a PROM or EPROM device that contains permanent coding meant to survive a power loss. In some computers, this is all the code they need. However, in many general computing devices, this read-only memory defines a BIOS or Basic I/O System, capable of finding a boot sector on a standard secondary memory device. In some cartridge type game machines, the BIOS transfers control to the cartridge after doing some preliminary tests to make sure the machinery is working correctly. On other machines like the PC and Mac, the BIOS calls a utility from read only memory and lets that check the machinery. Power On Self-Test[edit] The POST, or Power On Self-Test triggers the initialization of peripheral devices and the memory of the computer, and may, if preset parameters are set to allow it, do a preliminary memory check. It also sets the bottom of memory so that the operating system knows how much memory it has to work with. Once the Power On Self-Test is completed, the computer attempts to pass control to the boot sector of the secondary memory device. In cases like the PC where you may have multiple secondary memory devices, it can sample each device in turn, according to either a standard pattern, or according to parameters set in a battery protected static RAM device. The boot sector is part of the bootstrap system that loads the specific operating system. Boot Sector[edit] Before boot sectors, the operating system had to be fully loaded before it could be run. The utility of the boot-strap process is that it uses a process analogous to a technique developed for climbing: climber's spare boots were used as weights to sling a light line called the bootstrap up over a promontory, and then by tying the bootstrap to a heavier line and pulling on the light line, eventually allow the climber to sling his heavier climbing rope up and over the promontory. What the bootstrap program does is allow a small sector-sized program to load a loader that eventually loads the operating system. The exact number of intermediate loaders needed depends on the operating system. In DOS, the boot sector loads IO.sys and Msdos.sys, which loads config.sys to configure the computer, then loads command.com, and runs Autoexec.bat on it. The sector sized program is called the boot sector. Kernel Initialization[edit] Once the kernel is fully loaded, the next step in initialization is to set the kernel parameters and options, and add any modules that have been selected in the kernel set-up file. Once the kernel is fully initialized it takes over control of the computer and continues initialization with the file-systems and processes. File System Initialization[edit] The kernel starts up the processes, and loads the file-systems. The main file-system then includes initialization files, which can be used to set up the operating systems environment, and initialize all the services, daemons, and applications. Plug and Play[edit] The idea of Plug and Play is that during initialization, the system builds up a database of devices and afterwards an application can access the database, to find out details about any device on the system. Along with this form of initialization comes an extended BIOS on the device, which allows it to detect the operating system and set its parameters to be more compatible with that operating system. This combination is especially useful, for secondary initialization where you might want to initialize an application (like windows) to accept the drivers for that device. Hot Socketing[edit] A further extension of this concept was developed for the Universal Serial Bus, which allows devices to be hot socketed, or installed while the computer is running. The USB bus contacts the new device and learns from it the necessary information to match it to a driver. This information gets put into the database, and whenever that device is again plugged in, the same driver is found for it. When the device is unsocketted, the driver shuts itself down and removes itself from the list of active devices. It can do this because it can monitor the USB controller to make sure it's device is still attached.
What global infrastructure allows Azure to provide a high guarantee of availability?
Having a broadly distributed set of datacenters
How can you get notified about GA releases?
Help menu (?) --> What's New link The Azure portal "What's New" link on the help menu (?) provides a list of recent updates you can periodically check to see what's changed in Azure. Alternatively, you can use the Azure Updates page at https://azure.microsoft.com/en-us/updates. This page provides additional information and features including: - Which updates are in general availability, preview, or development. - Browse updates by product category or update type, by using the provided dropdown lists. - Search for updates by keyword by entering search terms into a text-entry field. - Subscribe to get Azure update notifications by RSS.
What are the advantages of a public cloud deployment?
High scalability/agility - you don't have to buy a new server in order to scale Pay-as-you-go pricing - you pay only for what you use, no CapEx costs You're not responsible for maintenance or updates of the hardware Minimal technical knowledge to set up and use - you can leverage the skills and expertise of the cloud provider to ensure workloads are secure, safe, and highly available
What are the three tiers for blob storage in Azure?
Hot storage tier: optimized for storing data that is accessed frequently. Cool storage tier: optimized for data that are infrequently accessed and stored for at least 30 days. Archive storage tier: for data that are rarely accessed and stored for at least 180 days with flexible latency requirements.
What are some questions customers ask cloud providers regarding compliance with regulations and standards?
How compliant is the cloud provider when it comes to handling sensitive data? How compliant are the services offered by the cloud provider? How can I deploy my own cloud-based solutions to scenarios that have accreditation or compliance requirements? What terms are part of the privacy statement for the provider?
Which category of cloud services is the most flexible? Why?
IaaS It aims to give you the most control over the provided hardware that runs your application: - IT infrastructure servers and virtual machines (VMs) - storage - operating system(s)
Provide two examples of how cloud computing eliminates the burden of keeping current?
If a disk fails, the disk will be replaced by the cloud provider. If a new hardware update becomes available, you don't have to go through the process of replacing your hardware. The cloud provider will ensure that the hardware updates are made available to you automatically.
Take an example where you have one Web app with two independent fallback paths. If the SQL Database is unavailable, you can put transactions into a queue for processing at a later time. Web app SLA = 99.95% SQL database SLA = 99.99% Queue = 99.9% With this design, the application is still available even if it can't connect to the database. However, it fails if both the database and the queue fail simultaneously.
If the expected percentage of time for a simultaneous failure is 0.0001 × 0.001, the composite SLA for this combined path of a database or queue would be: 1.0 − (0.0001 × 0.001) = 99.99999 percent Therefore, if we add the queue to our web app, the total composite SLA is: 99.95 percent × 99.99999 percent = ~99.95 percent Notice that the SLA behavior has improved with the addition of the Queue.
How does bring your own SQL Server license work to reduce cost?
If you are a customer on an Enterprise Agreement and already have an investment in SQL Server licenses, and they have freed up as part of moving resources to Azure, you can provision bring your own license (BYOL) images off the Azure Marketplace, giving you the ability to take advantage of these unused licenses and reduce your Azure VM cost. You've always been able to use these licenses by provisioning a Windows VM and manually installing SQL Server, but this process simplifies the creation process by leveraging Microsoft certified images. Search for BYOL in the Marketplace to find these images.
If you have multiple Azure subscriptions, how might you organize them on the invoice?
If you have multiple subscriptions, you can organize them into invoice sections. Each invoice section is a line item on the invoice that shows the charges incurred that month. For example, you might need a single invoice for your organization but want to organize charges by department, team, or project.
How can you save a lot of money if you have resources that are not location-sensitive?
If you have resources that are not location-sensitive, you can save a lot of money by locating them in less expensive regions. Checking the pricing calculator can help you determine the most cost-effective place to put these services.
How can you deallocate virtual machines in off hours to reduce cost?
If you have virtual machine workloads that are only used during certain periods, but you're running them every hour of every day, you're wasting money. These VMs are great candidates to shut down when not in use and start back up on a schedule, saving you compute costs while the VM is deallocated. This approach is an excellent strategy for development environments. It's often the case that development may happen only during business hours, giving you the flexibility to deallocate these systems in the off hours and stopping your compute costs from accruing. Azure now has an automation solution fully available for you to leverage in your environment. You can also use the auto-shutdown feature on a virtual machine to schedule automated shutdowns.
What are reserved instances and how can they help reduce costs?
If you have virtual machine workloads that are static and predictable, using reserved instances is a fantastic way to potentially save up to 70 to 80 percent off the pay-as-you-go cost. The savings can be significant, depending on the VM size and duration the machine runs. The following illustration shows that using Azure reserved instances saves you up to 72 percent and using reserved instance plus Azure Hybrid Benefit saves up to 80 percent in costs. You commit to reserved instances in one-year or three-year terms. Payment can be made in full for the entire commitment period, or the commitment can be billed monthly. After it's reserved, Microsoft matches up the reservation to running instances and decrements the hours from your reservation. Reservations can be purchased through the Azure portal. And because reserved instances are a compute discount, they are available for both Windows and Linux VMs.
Describe how you could use tags as part of an automation task.
If you want to automate the shutdown and startup of virtual machines in development environments during off-hours to save costs, you can use tags to assist in this automation. Add a shutdown:6PM and startup:7AM tag to the virtual machines, then create an automation job that looks for these tags, and shuts them down or starts them up based on the tag value. There are several solutions in the Azure Automation Runbooks Gallery that use tags in a similar manner to accomplish this result.
Azure Vision
Image-processing algorithms to smartly identify, caption, index, and moderate your pictures and videos.
Give an example where as a result of a business decision, you would expect a huge spike in traffic during this time.
Imagine your marketing team wants to have a flash sale to promote a new line of vitamin supplements. You might expect a huge spike in traffic during this time. This spike could overwhelm your processing system, causing it to slow down or halt, disappointing your users.
Azure Firewall
Implement high-security, high-availability firewall with unlimited scalability
How do add a column to show tags on resources within a resource group?
In Azure Portal Home, navigate to Resource Groups. In the Overview section, click Edit columns. Or, click on Tags in the panel in the left side.
Give an example of how you could use tags in combination with alerts to know who is impacted by an issue
In an example, say you applied the Department tag with a value of Finance to the msftlearn-vnet1 resource. If an alarm was thrown on msftlearn-vnet1 and the alarm included the tag, you'd know that the finance department may be impacted by the condition that triggered the alarm. This contextual information can be valuable if an issue occurs.
Where are credentials for services (or applications) often stored? Why is this a problem?
In configuration files. This is a problem because with no security around these configuration files, anyone with access to the systems or repositories can access these credentials and risk exposure.
How can you reset any Azure Portal dashboard back to the default state?
In edit mode, right-click the dashboard background and select Reset to default state. A dialog box will ask you to confirm that you want to reset that dashboard.
Consider an App Service web app that writes to Azure SQL Database. These Azure services currently have the following SLAs: Web app SLA = 99.95% SQL Database SLA = 99.99% In this example, if either service fails the whole application will fail. What is the composite SLA?
In general, the individual probability values for each service are independent. However, the composite SLA value for this application is: 99.95 percent × 99.99 percent = 99.94 percent This means the combined probability of failure is higher than the individual SLA values. This isn't surprising, because an application that relies on multiple services has more potential failure points.
In most zones, how much outbound data per month is free? What are billed after that?
In most zones, the first outbound 5 gigabytes (GB) per month are free. After that amount, you are billed a fixed price per GB.
switch
In the context of networking, this is a high-speed device that receives incoming data packets and redirects them to their destination on a local area network (LAN). One of these on a LAN operates at the data link layer (Layer 2) or the network layer of the OSI Model and, as such it can support all types of packet protocols. Essentially, theseare the traffic cops of a simple local area network. One of these in an Ethernet-based LAN reads incoming TCP/IP data packets/frames containing destination information as they pass into one or more input ports. The destination information in the packets is used to determine which output ports will be used to send the data on to its intended destination. These are similar to hubs, only smarter. A hub simply connects all the nodes on the network -- communication is essentially in a haphazard manner with any device trying to communicate at any time, resulting in many collisions. One of these, on the other hand, creates an electronic tunnel between source and destination ports for a split second that no other traffic can enter. This results in communication without collisions. These are similar to routers as well, but a router has the additional ability to forward packets between different networks, whereas one of these is limited to node-to-node communication on the same network.
What is the benefit of included a policy in a blueprint?
Including a policy in a blueprint enables the creation of the right pattern or design during assignment of the blueprint. The policy inclusion makes sure that only approved or expected changes can be made to the environment to protect ongoing compliance to the intent of the blueprint.
What are the three major categories of cloud services?
Information as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS)
What are the characteristics of Azure Disk Storage?
It allows data to be persistently stored and accessed from an attached virtual hard disk. The disks can be managed or unmanaged by Azure, and therefore managed and configured by the user. Typical scenarios for using this type of storage are if you want to lift and shift applications that read and write data to persistent disks, or if you are storing data that is not required to be accessed from outside the virtual machine to which the disk is attached. They come in many different sizes and performance levels, from solid-state drives (SSDs) to traditional spinning hard disk drives (HDDs), with varying performance abilities. When working with VMs, you can use standard SSD and HDD disks for less critical workloads, and premium SSD disks for mission-critical production applications. This type of storage has consistently delivered enterprise-grade durability, with an industry-leading ZERO% annualized failure rate.
What are characteristics of Azure Data Lake Storage?
It allows you to perform analytics on your data usage and prepare reports. It is a large repository that stores both structured and unstructured data. It combines the scalability and cost benefits of object storage with the reliability and performance of the Big Data file system capabilities
How can the orchestrator's web API be called?
It be called by many tools, including the user interface of the Azure Portal
What are disadvantages of a hybrid cloud deployment?
It can be more expensive than selecting one deployment model since it involves some CapEx cost up front It can be more complicated to set up and manage
What are characteristics of Azure Queue Storage?
It can be used to help build flexible applications and separate functions for better durability across large workloads. When application components are decoupled, they can scale independently. It provides asynchronous message queueing for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices. Typically, there are one or more sender components and one or more receiver components. Sender components add messages to the queue, while receiver components retrieve messages from the front of the queue for processing.
In some cases, what can cloud-based storage do automatically?
It can expand and contract automatically - so you pay for exactly what you need at any given point in time.
What does Cloning a dashboard do?
It creates an instant copy called "Clone of <dashboard name>" and switches to that copy as the current dashboard.
On what does the cloud deployment model you choose depend?
It depends on your requirements for: - budget - security - scalability - maintenance
What is an N-tier architecture do?
It divides an application into two or more logical tiers. Architecturally, a higher tier can access services from a lower tier, but a lower tier should never access a higher tier. Tiers help separate concerns and are ideally designed to be reusable. Using a tiered architecture also simplifies maintenance. Tiers can be updated or replaced independently, and new tiers can be inserted if needed.
What does the Azure Data Migration Assistant do?
It generates assessment reports that provide recommendations to help guide you through required changes prior to performing a migration.
What are the advantages of having many global regions?
It gives you the flexibility to bring applications closer to your users no matter where they are. It provides better scalability, redundancy, and preserves data residency for your services.
In addition to administrative tools, what other tools are available using Azure Cloud Shell?
It has a suite of developer tools, text editors, and other tools available, including: Developer Tools .NET Core Python Java Node.js Go Editors code (Cloud Shell Editor) vim nano emacs Other tools git maven make npm and more...
What does a virtual machine include?
It includes an operating system and hardware. You can then install whatever software you need to do the tasks you want to run in the cloud
What does Azure Advanced Threat Protection (Azure ATP) do?
It is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. It is capable of detecting known malicious attacks and techniques, security issues, and risks against your network.
How does the Azure pricing calculator work?
It is a free web-based tool that allows you to input Azure services and modify properties and options of the services. It outputs the costs per service and total cost for the full estimate.
How do you access the Azure Portal?
It is a public website that you can access with any web browser. You sign in using your Azure account at https://portal.azure.com/
In security terms, what is a principal?
It is an identity acting with certain roles or claims. Usually, it is not useful to consider identity and this separately, but think of using 'sudo' on a Bash prompt in Linux or on Windows using "run as Administrator." In both those cases, you are still logged in as the same identity as before, but you've changed the role under which you are executing. Groups are often also considered these because they can have rights assigned.
When you are in edit mode in a dashboard in the Azure Portal, what is the name of the pane on the left-hand side?
It is the Tile Gallery, with several possible tiles. You can filter the Tile Gallery by category and resource type.
What are the customer and Azure security responsibilities at the lowest level, Infrastructure as a Service (IaaS)?
It is the customer's responsibility to patch and secure your operating systems and software, including the applications, the identity and directory infrastructure, accounts, access management, as well as configure your network to be secure. Azure protects the physical parts of the network.
What are the components of Azure Disk Encryption?
It leverages the industry-standard BitLocker feature of Windows and the dm-crypt feature of Linux to provide volume encryption for the OS and data disks. The solution is integrated with Azure Key Vault to help you control and manage the disk encryption keys and secrets (and you can use managed service identities for accessing Key Vault).
What is the advantage of using a standard means of accessing data, such as REST endpoints?
It makes the data available to a huge range of application types and application platforms.
What must an effective monitoring do in addition to allowing you to analyze your monitoring data interactively?
It must respond proactively to any critical conditions that are identified within the data it collects. This might involve, for example, sending a text or email to an administrator who is responsible for investigating an issue, or launching an automated process that attempts to correct an error condition.
In the Azure Portal, what does clicking the smiley face icon do?
It opens the Send us feedback pane. Here you can send feedback to Microsoft about Azure. You can decide as part of your feedback whether Microsoft can respond to your feedback by email.
What are the key aspect of Transparent Database Encryption (TDE)?
It performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application. By default, it is enabled for all newly deployed Azure SQL Database instances. It encrypts the storage of an entire database by using a symmetric key called the database encryption key. By default, Azure provides a unique encryption key per logical SQL Server instance and handles all the details. Bring your own key (BYOK) is also supported with keys stored in Azure Key Vault (see below).
What is multi-factor authentication?
It provides additional security for your identities by requiring two or more elements for full authentication. These elements fall into three categories: Something you know Something you possess Something you are Something you know would be a password or the answer to a security question. Something you possess could be a mobile app that receives a notification or a token-generating device. Something you are is typically some sort of biometric property, such as a fingerprint or face scan used on many mobile devices. Using MFA increases security of your identity by limiting the impact of credential exposure. An attacker who has a user's password would also need to have possession of their phone or their security token generator in order to fully authenticate. Authentication with only a single factor verified is insufficient, and the attacker would be unable to use only those credentials to authenticate. The benefits this brings to security are huge, and we can't emphasize enough the importance of enabling MFA wherever possible. Azure AD has MFA capabilities built in and will integrate with other third-party MFA providers. MFA should be used for users in the Global Administrator role in Azure AD, because these are highly sensitive accounts. All other accounts can also have MFA enabled.
What does the Azure Cloud Shell allow you the flexibility to do?
It provides the flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash experience, while Windows users can opt for PowerShell.
What does the cloud provide on-demand to power your services and deliver innovative and novel user experiences more quickly?
It provides: - A nearly limitless pool of raw compute, storage, and networking components. - Speech recognition and other cognitive services that help make your application stand out from the crowd. - Analytics services that enable you to make sense of telemetry data coming back from your software and devices.
What does clicking Delete in a dashboard do?
It removes it from your list of available dashboards. You are prompted to confirm that you want to delete the dashboard. Note that there is no facility to recover a dashboard that has been deleted.
Where do cloud providers run your virtual machine?
It runs on a physical server in one of their datacenters
How does Azure employ virtualization technology?
It takes virtualization technology and repeats it on a massive scale in Microsoft datacenters throughout the world.
What is an Azure Policy initiative?
It works alongside policies in Azure Policy. It is a set or group of policy definitions to help track your compliance state for a larger goal. Even if you have a single policy, we recommend using one of these if you anticipate increasing the number of policies over time. Like a policy assignment, an the assignment of one of these is a definition assigned to a specific scope. These assignments reduce the need to make several definitions for each scope. This scope could also range from a management group to a resource group. Once defined, these can be assigned just as policies can - and they apply all the associated policy definitions.
Describe the Security Development Lifecycle recommendation to kdefine metrics and compliance reporting
It's essential for an organization to define the minimum acceptable levels of security quality, and to hold engineering teams accountable to meeting that criteria. Defining these expectations early helps a team understand the risks that are associated with security issues, identify and fix security defects during development, and apply the standards throughout the entire project. Setting a meaningful security bar involves clearly defining the severity thresholds of security vulnerabilities, and helps to establish a plan of action when vulnerabilities are encountered. For example, all known vulnerabilities discovered with a "critical" or "important" severity rating must be fixed with a specified time frame. To track key performance indicators (KPIs) and ensure security tasks are completed, bug tracking and/or work tracking mechanisms used by an organization (such as Azure DevOps) should allow for security defects and security work items to be clearly labeled as security, and marked with their appropriate security severity. This tracking allows for accurate tracking and reporting of security work.
How can you delete unused virtual machines to reduce cost?
It's not uncommon to find non-production or proof-of-concept systems that are no longer needed following the completion of a project. Regularly review your environment and work to identify these systems. Shutting down these systems can have a multifaceted benefit by saving you not only on infrastructure costs but also potential savings on licensing and operations.
Once you have placed tiles on a dashboard that you are editing, how do you access the shortcut menu?
Just hover over the item and look for the ... tile edit menu. Alternatively, right-click on the tile
How can you use customer and subscription offers to reduce cost?
Keep up to date with the latest Azure customer and subscription offers, and switch to offers that provide the most significant cost-saving benefit. You can check the Azure Updates page for information about the latest updates to Azure products, services, and features, as well as product roadmaps and announcements.
How can you migrate to PaaS or SaaS services to reduce cost?
Lastly, as you move workloads to the cloud, a natural evolution is to start with infrastructure-as-a-service (IaaS) services and then move them to platform-as-a-service (PaaS) services, as appropriate, in an iterative process. PaaS services typically provide substantial savings in both resource and operational costs. The challenge is that depending on the type of service, varying levels of effort will be required to move to these services, from both a time and resource perspective. You might be able to move a SQL Server database to Azure SQL Database easily, but it might take substantially more effort to transfer your multi-tier application to a container or serverless-based architecture. It's a good practice to continuously evaluate the architecture of your applications to determine if there are efficiencies to be gained through PaaS services. Azure makes it easy to test these services with little risk, giving you the ability to try out new architecture patterns relatively easily. That said, it's typically a longer journey and might not be of immediate help if you're looking for quick wins from a cost-savings perspective. The Azure Architecture Center is a great place to get ideas for transforming your application, as well as best practices across a wide array of architectures and Azure services.
Describe the Contoso Shipping security scenario.
Let's say you work at a company called Contoso Shipping, and you're spearheading the development of drone deliveries in rural areas-while having truck drivers leverage mobile apps to deliver to urban areas. You're in the process of moving much of Contoso Shipping's infrastructure to the cloud to maximize efficiency, as well as moving several physical servers in the company's data center to Azure virtual machines. Your team plans on creating a hybrid solution, with some of the servers remaining on-premises, so you'll need a secure, high-quality connection between the new virtual machines and the existing network. Additionally, Contoso Shipping has some out-of-network devices that are part of your operations. You are using network-enabled sensors in your drones that send data to Azure Event Hubs, while delivery drivers use mobile apps to get route maps and record signatures for receipt of shipments. These devices and apps must be securely authenticated before data can be sent to or from them.
How do you use the Azure price calculator?
Let's start with the Products tab. You'll see the full listing of service categories down the left-hand side. Clicking on any of the categories will display the services in that category. There's also a search box where you can search through all services for the service you're looking for. Clicking on the service will add it to your estimate. You can add just one service, or you can add as many as you need, including multiples of the same service. For example, you can add multiple virtual machines. After you've added the services, you'll want to price them. Scrolling down on the Pricing Calculator page will show you customizable details for that service that apply to pricing. For example, on virtual machines, you can select details such as the region, operating system, and instance size. These options all impact the pricing for the VM. You'll see a subtotal for the service. Further down the page, you'll see the full total for all services included in the estimate. Along with the total, you'll see buttons where you can export, save, and share the estimate.
The key function of Azure networking.
Lining up compute resources and providing access to applications
How do you switch to a shared dashboard in the Azure Portal?
Login in to the Azure Portal --> On the left-hand pane, select Dashboard --> At the top of the Dashboard pane, select the My Dashboard drop-down --> Click "Browse all dashboards" --> Select the shared dashboard
In the Azure Portal, how do you enable/disable notifications to appear as pop-up "toast"-style notifications?
Login the to Azure Portal > Select the gear icon for Settings > At the bottom of the Settings pane, select or deselect the "Enable pop-up notifications" checkbox
How do you navigate to Quickstarts + tutorials for Azure Marketplace resources?
Login to Azure Portal > Click '+ Create a resource' button > In the New pane, select Get started from the Azure Marketplace column > In the right-hand column, select the Quickstart + tutorials link under the resource you want
How do you search for virtual machine resources available in the Azure Marketplace?
Login to the Azure Portal > Click '+ Create a resource' > In the search box at the top, type 'virtual machine' > press Enter --- OR --- click the category 'Compute' --> select the type of virtual machine resource you want on the right pane
How do you navigate to the Cost Management + Billing | Invoices pane?
Login to the Azure Portal > Click on your name at the top right-hand of the window > Select the ellipses "..." > Select View my bill
How do you view a list of categories of resources available in the Azure Marketplace?
Login to the Azure Portal > Click the '+ Create a resource' button > view the categories under 'Azure Marketplace'
What is the Azure Resource Manager hierarchy, from highest to lowest?
Management group > Subscription > Resource Group > Resource
How can you use constrained instance sizes for database workloads to reduce costs?
Many customers have high requirements for memory, storage, or I/O bandwidth. But they also often have low requirements for CPU core counts. Based on this popular request, Microsoft has made available the most popular VM sizes (DS, ES, GS, and MS) in new sizes that constrain the vCPU count to one half or one-quarter of the original VM size, while maintaining the same memory, storage, and I/O bandwidth. USE CONSTRAINED INSTANCE SIZES FOR DATABASE WORKLOADSVM SizevCPUsMemoryMax disksMax I/O throughputSQL Server Enterprise licensing cost per yearTotal cost per year (compute + licensing)Standard_DS14v216112 GB3251,200 IOPS or 768 MB/sStandard_DS14-4v24112 GB3251,200 IOPS or 768 MB/s75% lower57% lowerStandard_GS532448 GB6480,000 IOPS or 2 GB/sStandard_GS5-88448 GB6480,000 IOPS or 2 GB/s75% lower42% lower Because database products like SQL Server and Oracle are licensed per CPU, customers can reduce licensing cost by up to 75 percent and still maintain the high performance their database requires.
What is Azure Hybrid Benefit for Windows Server
Many customers have invested in Windows Server licenses and would like to repurpose this investment on Azure. The Azure Hybrid Benefit gives customers the right to use these licenses for virtual machines on Azure. To be eligible for this benefit, your Windows licenses must be covered by Software Assurance. The following guidelines will also apply: Each two-processor license or each set of 16-core licenses is entitled to two instances of up to eight cores or one instance of up to 16 cores. Standard Edition licenses can only be used either on-premises or in Azure, but not both. That means you can't use the same license for an Azure VM and a local computer. Datacenter Edition benefits allow for simultaneous usage both on-premises and in Azure so that the license will cover two running Windows machines. Note Most customers are typically licensed by core, so you'll use that model for your calculation. If you have questions about what licenses you have, reach out to your license reseller or your Microsoft account team.
How can you use SQL Server Developer Edition to reduce costs?
Many people are unaware that SQL Server Developer Edition is a free product for nonproduction use. Developer Edition has all the same features that Enterprise Edition has, but for nonproduction workloads, you can save dramatically on your licensing costs. Look for SQL Server images for Developer Edition on the Azure Marketplace and use them for development or testing purposes to eliminate the additional cost for SQL Server in these cases. Tip For full licensing information, take a look at the documented pricing guidance.
Azure Knowledge mapping
Map complex information and data in order to solve tasks such as intelligent recommendations and semantic search.
Azure IoT Hub
Messaging hub that provides secure communications between and monitoring of millions of IoT devices
What services do not require you to select a particular region?
Microsoft Azure Directory Microsoft Azure Traffic Manager Azure DNS
International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 27018
Microsoft is the first cloud provider to have adopted the ISO/IEC 27018 code of practice, covering the processing of personal information by cloud service providers.
How does Azure provide digital security, when data can travel in many different ways in the cloud, within a datacenter, between datacenters, and all over the Internet?
Microsoft provides tools that help customers mitigate security threats, but customers must use these tools to protect the resources used. For example, you use one of Azure's database services to store important data. Microsoft will manage the hardware and software patches for you, so you need not worry about physical security or about having the latest software updates. Microsoft does not know how you intend to use your data, nor does Microsoft access your data. But it does provide ways for you to ensure it only accessed by approved users. To do that, Microsoft provides: - two-factor authentication - role-base access control Microsoft can also encrypt your data, which provides a second layer of security in case of a breach. When data must travel outside of Azure to businesses or mobile devices, Microsoft provides ways to transmit data over a TLS security layer, while you (the customer) determine which accounts can receive and decrypt that data. Microsoft also provides tools to monitor access to your resources for things like login failures and suspicious locations. But, it is up to the customer to interpret login attempts and suspend accounts that may have been compromised. Microsoft also provides: - automatic Denial of Service (DoS) protection. - real-time telemetry to see where requests are coming from - firewalls to help you prevent potentially malicious traffic
Azure Active Directory
Microsoft's cloud-based identity and access management service, which helps your employees sign in and access resources in: - External resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications. - Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization.
Service Organization Controls (SOC) 1, 2, and 3.
Microsoft-covered cloud services are audited at least annually against the SOC report framework by independent third-party auditors. The Microsoft cloud services audit covers controls for: - data security - availability - processing integrity - confidentiality ...as applicable to in-scope trust principles for each service.
Azure Database Migration Service
Migrates your databases to the cloud with no application code changes
What are the three scenarios in which IaaS is commonly used?
Migrating workloads. Typically, IaaS facilities are managed in a similar way as on-premises infrastructure and provide an easy migration path for moving existing applications to the cloud. Test and development. Teams can quickly set up and dismantle test and development environments, bringing new applications to market faster. IaaS makes scaling development and testing environments, fast and economical. Storage, backup, and recovery. Organizations avoid the capital outlay and complexity of storage management, which typically requires skilled staff to manage data and meet legal and compliance requirements. IaaS is useful for managing unpredictable demand and steadily growing storage needs. IaaS can also simplify the planning and management of backup and recovery systems.
Azure Network Watcher
Monitors and diagnoses network issues using scenario-based analysis
network switch
More functional than a hub; records and recognizes the local network addresses (MAC or IP) or all computers connected to it
What does the serverless runtime do?
Most, but not all, serverless vendors offer compute runtimes, also known as function as a service (FaaS) platforms, which execute application logic but do not store data.
With Docker, how many containers can be run on a machine?
Multiple containers can be run on a single machine
What is an architectural pattern that can be used to build loosely coupled systems?
N-tier
National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).
NIST CSF is a voluntary Framework that consists of: - standards - guidelines - best practices ...to manage cybersecurity-related risks. Microsoft cloud services have undergone independent, third-party Federal Risk and Authorization Management Program (FedRAMP) Moderate and High Baseline audits, and are certified according to the FedRAMP standards. Additionally, through a validated assessment performed by the Health Information Trust Alliance (HITRUST), a leading security and privacy standards development and accreditation organization, Office 365 is certified to the objectives specified in the NIST CSF.
Network costs in an on-premises datacenter.
Networking costs include all on-premises hardware components including: - cabling - switches - access points - routers This also includes wide area network (WAN) and Internet connections.
Are tags inherited from parent resources?
No
Can tags be applied to any type of resource on Azure?
No
Can you create a resource group in a sandbox environment?
No
Do all resource types support tags?
No
What are some of the benefits of the consumption-based model of cloud computing?
No upfront infrastructure costs No need to purchase and manage costly infrastructure that you may not use to its fullest The ability to pay for additional resources only when they are needed The ability to stop paying for resources that are no longer needed
Is the Azure pricing calculator found in the Azure portal?
No. It is at https://azure.microsoft.com/en-us/pricing/calculator/
If your application SLA defines four 9's (99.99%) performance targets, will recovering from failures by manual intervention be enough to fulfill your SLA?
No. It is difficult to respond to failures quickly enough to meet SLA performance targets above four 9's. Your Azure solution must be self-diagnosing and self-healing instead.
NoSQL
Not only SQL - used for non-relational, distributed database systems - using JSON data, unstructured data can be stored - the schemas are dynamic - schemas are non-rigid, they are flexible - no interface to prepare complex query a table is know as a collection; a collection has multiple documents, and documents are represented in the form of key-value pairs; documents can have sub-documents common platforms for NoSQL are MongoDB and CosmosDB
Describe the scenario as a developer at a new space technology firm
On your first day, you're assigned to help researchers analyze a large dataset being generated for a cutting-edge research project to explore water on Mars — and time is of the essence. But there's a problem; you don't have any free servers to do the work. And even if they did appear, you'd need to invest a lot of time to set them up and install software. Of course you could ask to buy new equipment, but your department's budget is tight. Plus, you don't want to buy more hardware than needed, not only because you want to make a good impression with leadership, but also because you just don't know how much data will be generated by this project. Ideally, you'd obtain the resources you need to do the work without too much administration — and simply configure them to do the work. And you'd pay only for the compute resources you need while you're using them. Your research team has collected massive amounts of image data that might lead to a discovery on Mars. They need to perform computationally intense data processing but don't have the equipment to do the work. This is exactly what we can do in Azure. We can create compute resources, configure them to do the work we need, and pay only for what we use.
artificial intelligence
One of the 8 main categories of Azure services. a subdiscipline of computer science that attempts to simulate human thinking A scientific field that focuses on creating machines capable of performing activities that require intelligence when they are done by people. includes machine learning and pre-built Cognitive Services help you search and analyze existing data to forecast future behaviors, outcomes, and trends. Those predictions can even be used to make apps and devices smarter in Azure, a broad range of services, the core of which is Machine Learning.
app hosting
One of the 8 main categories of Azure services. allows you to run your entire web application on a managed platform in Windows or Linux. Also, the Azure Marketplace has a range of third party products you can run in Azure, including SAP, and SQL database solutions.
networking
One of the 8 main categories of Azure services. allows you to: - set up private network connections to your on-premise environments and configure - control traffic into and out of Azure efficiently, helping to optimize performance and scalability.
cloud storage
One of the 8 main categories of Azure services. discs attached to virtual machines as well as structured formats such as file shares or databases These services can expand and shrink as necessary
security
One of the 8 main categories of Azure services. it is integrated into every aspect of Azure, include the H@$#@$@ of structure and global security intelligence monitoring. With Azure's identity management, you have tight control over who has access to each service and the data in it.
integration
One of the 8 main categories of Azure services. logic apps and service bus connect to applications and services, and allow for workflows to orchestrate business processes, whether those connected systems are on-premises or in the cloud.
compute services
One of the 8 main categories of Azure services. virtual machines containers serverless computing, including microservices these services are primarily for: - performing calculations - executing logic - running applications
Hadoop
Open-source software framework that enables distributed parallel processing of huge amounts of data across many inexpensive computers. an open source program supported by the Apache Foundation that manages thousands of computers and that implements MapReduce A Java based, open source, high speed, fault-tolerant distributed storage and computational framework. Hadoop uses low-cost hardware to create clusters of thousands of computer nodes to store and process data.
What factor can play into the strategy used to organize resource groups?
Organizing for authorization Since resource groups are a scope of RBAC, you can organize resources by who needs to administer them. If your database administration team is responsible for managing all of your Azure SQL Database instances, putting them in the same resource group would simplify administration. You could give them the proper permissions at the resource group level to administer the databases within the resource group. Similarly, the database administration team could be denied access to the resource group with virtual networks, so they don't inadvertently make changes to resources outside the scope of their responsibility. Organizing for life cycle We mentioned earlier that resource groups serve as the life cycle for the resources within it. If you delete a resource group, you delete all the resources in it. Use this to your advantage, especially in areas where resources are more disposable, like non-production environments. If you deploy 10 servers for a project that you know will only last a couple of months, you might put them all in a single resource group. One resource group is easier to clean up than 10 or more resource groups. Organizing for billing Lastly, placing resources in the same resource group is a way to group them for usage in billing reports. If you're trying to understand how your costs are distributed in your Azure environment, grouping them by resource group is one way to filter and sort the data to better understand where costs are allocated.
PaaS
PaaS provides an environment for building, testing, and deploying software applications.
Describe the Security Development Lifecycle recommendation to perform penetration testing.
Penetration testing is a security analysis of a software system that is performed by skilled security professionals who simulate the actions of a hacker. The objective of a penetration test is to uncover potential vulnerabilities resulting from coding errors, system configuration faults, or other operational deployment weaknesses. Penetration tests typically find the broadest variety of vulnerabilities, and are often performed in conjunction with automated and manual code reviews to provide a greater level of analysis than would ordinarily be possible
Describe the Security Development Lifecycle recommendation to establish a standard incident response process.
Preparing an incident response plan is crucial for addressing new threats that can emerge over time, and your plan should be created in coordination with your organization's dedicated Product Security Incident Response Team (PSIRT). Your incident response plan should: - Include who to contact if a security emergency occurs - Establish the protocol for security servicing (including plans for code inherited from other groups within the organization and for third-party code) - Be tested before it is needed
If you choose to work with a dashboard in Full screen mode, how do you get out of Full screen mode?
Press the ESC key or click Exit Full Screen next to the Dashboard name at the top of the screen
Describe how the consumption-based model of cloud computing allows for better cost prediction.
Prices for individual resources and services are provided so you can predict how much you will spend in a given billing period based on your expected usage. You can also perform analysis based on future growth using historical usage data tracked by your cloud provider.
What are the two types of Microsoft Azure preview?
Private Preview. An Azure feature marked "private preview" is available to specific Azure customers for evaluation purposes. This is typically by invite only and issued directly by the product team responsible for the feature or service. Public Preview. An Azure feature marked "public preview" is available to all Azure customers for evaluation purposes. These previews can be turned on through the preview features page as detailed below.
Azure HDInsight
Process massive amounts of data with managed clusters of Hadoop clusters in the cloud
How is resource pricing often broken out?
Products often have different pricing tiers based on the size or capacity of the resource.
Describe the output of the Cloud Shell command 'az account list' --output table'.
Provides a table containing the Azure subscription, CloudName, SubscriptionId, State ('Enabled', ), IsDefault.
Describe the output of the Cloud Shell command 'az group list --output table'.
Provides a table containing the resource group Name, Location, and Status for the current subscription.
IoT Edge
Push your data analysis model directly onto your IoT devices, allowing them to react quickly to state changes without needing to consult cloud-based AI models.
Is RBAC a core service? How much does it cost?
RBAC is considered a core service and is included with all subscription levels at no cost.
What is the primary equipment in a datacenter?
Racks filled with servers
Provide an example of how right-sizing underutilized virtual machines can reduce cost?
Recall from our previous discussion that Azure Cost Management and Azure Advisor might recommend right-sizing or shutting down VMs. Right-sizing a virtual machine is the process of resizing it to a proper size. Let's imagine you have a server running as a domain controller that is sized as a Standard_D4sv3, but your VM is sitting at 90 percent idle the vast majority of the time. By resizing this VM to a Standard_D2sv3, you reduce your compute cost by 50 percent. Costs are linear and double for each size larger in the same series. In this case, you might even benefit from changing the instance series to go to a less expensive VM series. The following illustration shows a 50 percent savings achieved by moving one size down within the same series. Over-sized virtual machines are a common unnecessary expense on Azure, and one that can be easily fixed. You can change the size of a VM through the Azure portal, Azure PowerShell, or the Azure CLI. Tip Resizing a VM requires it to be stopped, resized, and then restarted. This may take a few minutes depending on how significant the size change is. Plan for an outage, or shift your traffic to another instance while you perform this task.
abstraction
Reducing information and detail to focus on essential characteristics. Abstraction (from the Latin abs, meaning away from and trahere , meaning to draw) is the process of taking away or removing characteristics from something in order to reduce it to a set of essential characteristics. In object-oriented programming, abstraction is one of three central principles (along with encapsulation and inheritance). Through the process of abstraction, a programmer hides all but the relevant data about an object in order to reduce complexity and increase efficiency. In the same way that abstraction sometimes works in art, the object that remains is a representation of the original, with unwanted detail omitted.
What does encryption of data at rest ensure?
Regardless of the storage mechanism, encryption of data at rest ensures that the stored data is unreadable without the keys and secrets needed to decrypt it. If an attacker was to obtain a hard drive with encrypted data and did not have access to the encryption keys, the attacker would not compromise the data without great difficulty.
In the Azure pricing calculator, what are the basic options can you configure?
Region Lists the regions from which you can provision a product. Southeast Asia, central Canada, the western United States, and northern Europe are among the possible regions available for some resources. Tier Sets the type of tier you wish to allocate to a selected resource, such as Free Tier, Basic Tier, etc. Billing Options Highlights the billing options available to different types of customers and subscriptions for a chosen product. Support Options Allows you to pick from included or paid support pricing options for a selected product. Programs and Offers Allows you to choose from available price offerings according to your customer or subscription type. Azure Dev/Test Pricing Lists the available development and test prices for a product. Dev/Test pricing applies only when you run resources within an Azure subscription that is based on a Dev/Test offer.
What are examples of non-HTTP/S protocols?
Remote Desktop Protocol (RDP) Secure Shell (SSH) File Transfer Protocol (FTP)
When one or more Azure policies have been assigned, what happens when you create or update a resource?
Requests through the Azure Resource Manager are evaluated by Azure Policy first.
To which RBAC permissions do resource locks apply?
Resource locks apply regardless of RBAC permissions. Even if you are an owner of the resource, you must still remove the lock before you'll actually be able to perform the blocked activity.
What elements will affect your monthly costs when using Azure services?
Resource type Costs are resource-specific, so the usage that a meter tracks and the number of meters associated with a resource depend on the resource type. Note Each meter tracks a particular kind of usage. For example, a meter might track bandwidth usage (ingress or egress network traffic in bits-per-second), the number of operations, size (storage capacity in bytes), or similar items. The usage that a meter tracks correlates to a number of billable units. The rate per billable unit depends on the resource type you are using. Those units are charged to your account for each billing period. Services Azure usage rates and billing periods can differ between Enterprise, Web Direct, and Cloud Solution Provider (CSP) customers. Some subscription types also include usage allowances, which affect costs. The Azure team develops and offers first-party products and services, while products and services from third-party vendors are available in the Azure Marketplace . Different billing structures apply to each of these categories. Location Azure has datacenters all over the world. Usage costs vary between locations that offer particular Azure products, services, and resources based on popularity, demand, and local infrastructure costs. For example, you might want to build your Azure solution by provisioning resources in locations that offer the lowest prices. This approach, though, would require transferring data between locations if any dependent resources and their users are located in different parts of the world. If there are meters tracking the volume of data moving between the resources you provision, any potential savings you make from choosing the cheapest location could be offset by the additional cost of transferring data between those resources. Azure billing zones Bandwidth refers to data moving in and out of Azure datacenters. Most of the time inbound data transfers (data going into Azure datacenters) are free. For outbound data transfers (data going out of Azure datacenters), the data transfer pricing is based on Billing Zones.
What is the key takeaway with resource charges?
Resources are always charged based on usage
How do you protect resources once they are deployed? For example, IT personnel need to manage settings, developers need to have read-only access, and administrators need to be able to control them completely.
Role-Based Access Control (RBAC)
What is SQL Server AlwaysOn?
SQL Server AlwaysOn is a marketing term which refers to the high availability and disaster recovery solution introduced when SQL Server 2012 was launched. To be more specific, SQL Server AlwaysOn consists of two technologies: AlwaysOn Failover Clustering Instances (AlwaysOn FCI) AlwaysOn Availability Groups (AlwaysOn AG)
SaaS
SaaS is software that is centrally hosted and managed for the end customer. It is usually based on an architecture where one version of the application is used for all customers, and licensed through a monthly or annual subscription. EXAMPLES Office 365 Skype Dynamics CRM Online
Azure Virtual Machine Scale Sets
Scaling for Windows or Linux VMs hosted in Azure
What are some of the scenarios that Azure Key Vault is useful?
Secrets management. You can use Key Vault to securely store and tightly control access to tokens, passwords, certificates, Application Programming Interface (API) keys, and other secrets. Key management. You also can use Key Vault as a key management solution. Key Vault makes it easier to create and control the encryption keys used to encrypt your data. Certificate management. Key Vault lets you provision, manage, and deploy your public and private Secure Sockets Layer/ Transport Layer Security (SSL/ TLS) certificates for your Azure, and internally connected, resources more easily. Store secrets backed by hardware security modules (HSMs). The secrets and keys can be protected either by software, or by FIPS 140-2 Level 2 validated HSMs.
What are the layers that data in transit can be secured?
Secure transfer can be handled by several different layers. For example: - It could be done by encrypting the data at the application layer prior to sending it over a network. HTTPS is an example of application layer in transit encryption. - You can also set up a secure channel, like a virtual private network (VPN), at a network layer, to transmit data between two systems.
Describe the Security Development Lifecycle recommendation to define security requirements.
Security and privacy is a fundamental aspect of developing highly secure applications and systems. Regardless of development methodology in use, security requirements must be updated continuously in order to address changes in required functionality and changes to the threat landscape. The optimal time to define the security requirements is during the initial design and planning stages. Early planning allows development teams to integrate security in ways that minimize disruption. Factors that influence security requirements include, but are not limited to: - Legal and industry requirements - Internal standards and coding practices - Review of previous incidents - Known threats These requirements should be tracked through a work-tracking system, or through telemetry that is derived from the engineering pipeline.
Describe the Security Development Lifecycle recommendation to provide training.
Security is everyone's job. Developers, service engineers, and program and project managers must understand security basics. They all must know how to build security into software and services to make products more secure, while still addressing business needs and delivering user value. Effective training will complement and reinforce security policies, SDL practices, standards, and requirements of software security, and be guided by insights derived through data or newly available technical capabilities. Although security is everyone's job, it's important to remember that not everyone needs to be a security expert nor strive to become a proficient penetration tester. However, ensuring everyone understands the attacker's perspective, their goals, and the art of the possible will help capture the attention of everyone and raise the collective knowledge bar.
How do you specify a resource group for a dashboard?
Select Share from the top of the dashboard window --> In the Sharing + access control pane that opens, you have two choices: 1) check the box that says "Publish to the [resource group] resource group 2) leave the above checkbox unchecked, and select a Resource group from the Resource group drop-down.
Once you are in edit mode in a dashboard, how do you edit?
Select a tile from the list on the left and then drag it to the work area. You can then move each tile about, resize it, or change the data that it displays.
What are the two types of certificates used in Azure?
Service certificates are used for cloud services Management certificates are used for authenticating with the management API
How can you use the Azure Portal to find preview features?
Sign in to Azure portal. > Select 'Create a resource' in the resources panel to open the New pane. > Enter the word 'preview' into the search box at the top of the New pane. > A list of available preview features is displayed, with the word (preview) next to each one.
What is stateless communication? Give an example
Software that does not keep track of configuration settings, transaction information or any other data for the next session. When a program "does not maintain state" (is stateless) or when the infrastructure of a system prevents a program from maintaining state, it cannot take information about the last session into the next, such as settings the user chose or conditions that arose during processing. The Perfect Example The most ubiquitous stateless environment is the World Wide Web. The HTTP protocol, which is the communications vehicle for Web transactions, is stateless. After a Web page is delivered to the user, the connection is closed. Counter measures, such as the use of cookies, have been developed to maintain the state of a user moving from page to page on a website. Contrast with "stateful," which means that continuity is maintained from session to session. See HTTP and cookie.
What do experts believe the longevity of containers will be? Of serverless?
Some industry experts believe that we'll be skipping right over containers soon and going straight to serverless while containerization goes the way of the dodo. I see the allure of going straight to serverless. However, I'm not convinced that's what is going to happen due to many of the pros and cons I've listed above and throughout this containers series. It also comes back to the argument of cloud vs. on-prem. Some organizations what the ability to run containers and microservices on-prem and not in the cloud. Currently there is not way to do serverless on-prem to my knowledge.
When can applying Read-only resource locks lead to unexpected results?
Some operations that seem like read operations actually require additional actions. For example, placing a Read-only lock on a storage account prevents all users from listing the keys. The list keys operation is handled through a POST request because the returned keys are available for write operations.
In what cases might there be limited regions to choose from?
Some services or virtual machine features are only available in certain regions, such as specific virtual machine sizes or storage types.
What are the benefits of integrating Application Insights, Azure Monitor for containers, or Azure Monitor for VMs with Azure Service Health?
Staying informed of the health status of Azure services will help you understand if, and when, an issue affecting an Azure service is impacting your environment. What may seem like a localized problem could be the result of a more widespread issue, and Azure Service Health provides this kind of insight. Azure Service Health identifies any issues with Azure services that might affect your application. Azure Service Health also helps you to plan for scheduled maintenance.
What else might you consider when creating additional Azure subscriptions?
Subscription limits: Subscriptions are bound to some hard limitations. For example, the maximum number of Express Route circuits per subscription is 10. Those limits should be considered as you create subscriptions on your account. If there is a need to go over those limits in particular scenarios, then you might need additional subscriptions.
Give an example of scale using an Azure web app service
Suppose you deployed a website using an app service an it becomes popular. By looking at the graphs in the resource overview (login --> all resources --> app service), you realize that your site can't effectively manage all the requests it's receiving. To solve the problem, you'll need to increase the server's hardware capacity.
Give an example where you might want to automate a task using the Azure Cloud Shell.
Suppose you have several websites deployed and want to stop or start each of these websites without accessing each App service individually using the portal. This effort is an easy task that you can convert into a script.
Describe a scenario in which Azure storage would provide a solution.
Suppose you manage an online sales learning portal for your organization. The majority of your sales team is often in different geographical areas, so the online learning portal is an essential requirement. It's even more important as your organization continues to increase the skills and knowledge enhancement training for the sales staff. Your training data includes high-quality video, detailed sales simulations, and large repositories for maintaining student data and progress. Currently, all the training content is stored in your on-premises storage. You have an aggressive plan to add new courses and would like to avoid the need to continuously increase the local storage capacity. You're looking for a storage solution that is secure, durable, scalable, and easily accessible from across the globe. Azure provides storage features that will meet all of your business needs.
In the Azure Portal, what do the following steps do? select your name in the top right-hand corner > select the "..." button > select View your bill
Takes you to the Cost Management + Billing - Invoices page, which helps you analyze where Azure is generating costs.
How are Blueprints different from Resource Manager templates?
The Azure Blueprints service is designed to help with environment setup. This setup often consists of a set of resource groups, policies, role assignments, and Resource Manager template deployments. A blueprint is a package to bring each of these artifact types together and allow you to compose and version that package—including through a CI/CD pipeline. Ultimately, each setup is assigned to a subscription in a single operation that can be audited and tracked. Nearly everything that you want to include for deployment in Blueprints can be accomplished with a Resource Manager template. However, a Resource Manager template is a document that doesn't exist natively in Azure. Resource Manager templates are stored either locally or in source control. The template gets used for deployments of one or more Azure resources, but once those resources deploy there's no active connection or relationship to the template. With Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved tracking and auditing of deployments. Blueprints can also upgrade several subscriptions at once that are governed by the same blueprint. There's no need to choose between a Resource Manager template and a blueprint. Each blueprint can consist of zero or more Resource Manager template artifacts. This support means that previous efforts to develop and maintain a library of Resource Manager templates are reusable in Blueprints.
What is Azure Hybrid Benefit for SQL Server?
The Azure Hybrid Benefit for SQL Server helps you maximize the value from your current licensing investments and accelerate your migration to the cloud. Azure Hybrid Benefit for SQL Server is an Azure-based benefit that enables you to use your SQL Server licenses with active Software Assurance to pay a reduced rate. You can use this benefit even if the Azure resource is active, but the reduced rate will only be applied from the time you select it in the portal. No credit will be issued retroactively. The benefit works differently in Azure SQL Database and SQL Server in Azure Virtual Machines.
What is a great learning tool since you can survey all available resources and use guided wizards to create the ones you need?
The Azure Portal
What tool allows you to create and manage all your Azure resources?
The Azure Portal
Where can you can set up a new database, increase the compute power of your virtual machines, and monitor your monthly costs?
The Azure Portal
Where is a great place to look for information on the resources that are internet-facing,
The Azure Security Center Provides information on: - which resources are internet-facing - whether or not they are secured behind a firewall - which resources don't have network security groups associated with them - what traffic is being allowed
What is an Azure free account?
The Azure free account includes: - free access to popular Azure products for 12 months - $200 USD credit to spend for the first 30 days - access to more than 25 products that are always free.
How does the Azure Storage Service Encryption work?
The Azure storage platform automatically encrypts your data before persisting it to Azure Managed Disks, Azure Blob storage, Azure Files, or Azure Queue storage, and decrypts the data before retrieval. The handling of encryption, encryption at rest, decryption, and key management is transparent to applications using the services.
What is Azure Security Center part of?
The Center for Internet Security (CIS) recommendations.
With what do you automate search, install, and access of various Azure offerings.
The Command Line Interface (CLI)
How can you use Dev/Test subscription offers to save cost?
The Enterprise Dev/Test and Pay-As-You-Go (PAYG) Dev/Test offers are a benefit you can take advantage of to save costs on your non-production environments. This benefit gives you several discounts, most notably for Windows workloads, eliminating license charges and only billing you at the Linux rate for virtual machines. SQL Server and other Microsoft software covered under a Visual Studio subscription (formerly known as MSDN) are also included. There are a few requirements for this benefit. First, it's only for non-production workloads. This benefit also requires any users of these environments (excluding testers) must be covered under a Visual Studio subscription. In short, for non-production workloads, this benefit allows you to save money on your Windows, SQL Server, and other Microsoft virtual machine workloads. For full details of each offer, check out the offer links above. If you are a customer on an Enterprise Agreement, you'd want to leverage the Enterprise Dev/Test offer, and if you are a customer without an Enterprise Agreement and are instead using PAYG accounts, you'd leverage the Pay-As-You-Go Dev/Test offer.
What is a Domain Name System?
The Internet's system for converting alphabetic names into numeric IP addresses. a way to map user-friendly names to their IP addresses. You can think of it as the phonebook of the internet. For example, your domain name, contoso.com, might map to the IP address of the load balancer at the web tier, 40.65.106.192. You can bring your own DNS server or use Azure DNS, a hosting service for DNS domains that runs on Azure infrastructure.
In the Azure Portal, what is the name of left-hand sidebar which lists the main resource types. It has a stack-of-pancakes icon
The Resource Panel
Describe the Security Development Lifecycle recommendation to establish design requirements.
The SDL is typically thought of as assurance activities that help engineers implement more secure features, meaning the features are well engineered for security. To achieve this assurance, engineers typically rely on security features such as cryptography, authentication, and logging. In many cases, selecting or implementing security features has proven to be so complicated that design or implementation choices are likely to result in vulnerabilities. Therefore, it's crucial that they are applied consistently and with a consistent understanding of the protection they provide.
UK Government G-Cloud.
The UK Government G-Cloud is a cloud computing certification for services used by government entities in the United Kingdom. Azure has received official accreditation from the UK Government Pan Government Accreditor.
What is a common security problem with Transport Layer Security used for webistes?
The certificates used to encrypt data expire. These certificates have a lifecycle that requires administrator management.
What resources must the user manage with PaaS?
The cloud provider manages the operating systems, and the user is responsible for the applications and data they run and store.
How can using low-cost regions reduce cost?
The cost of Azure products, services, and resources can vary across locations and regions, and if possible, you should use them in those locations and regions where they cost less. Note Some resources are metered and billed according to how much outgoing network bandwidth they consume (egress). You should provision connected resources that are bandwidth metered in the same region to reduce egress traffic between them.
What do you see when you first create a new dashboard in the Azure Portal?
The dashboard workspace appears, with no tiles present.
What is cloud computing?
The delivery of computing services over the Internet on a pay-as-you-go pricing model. It's a way to rent computer power and storage from someone else's datacenter.
How do you verify that you are in the Microsoft Learn Sandbox directory when working within the Azure portal.
The directory name is listed either under your email at the top of page or above your account information when you select the user icon. Additionally, make sure you have activated the sandbox at the start of any exercise that uses the sandbox. This will ensure you are allocated an Azure subscription and your own resource group to use for resources created in the exercise.
What is the goal of PaaS? Provide an example.
The goal of PaaS is to help you create an application quickly without managing the underlying infrastructure. For example, when deploying a web application using PaaS, you DO NOT have to install: - operating system - web server - system updates
What are the advantages of Single Sign On (SSO)?
The more identities a user has to manage, the greater the risk of a credential-related security incident. More identities mean more passwords to remember and change. Password policies can vary between applications and, as complexity requirements increase, it becomes increasingly difficult for users to remember them. Now, consider the logistics of managing all those identities. Additional strain is placed on help desks as they deal with account lockouts and password reset requests. If a user leaves an organization, tracking down all those identities and ensuring they are disabled can be challenging. If an identity is overlooked, this could allow access when it should have been eliminated. With single sign-on (SSO), users need to remember only one ID and one password. Access across applications is granted to a single identity tied to a user, simplifying the security model. As users change roles or leave an organization, access modifications are tied to the single identity, greatly reducing the effort needed to change or disable accounts. Using single sign-on for accounts will make it easier for users to manage their identities and will increase the security capabilities in your environment.
What happens when a user makes a request to create a virtual machine?
The orchestrator packages everything that is needed, identifies the best server rack, then sends the request to the fabric controller, which creates the virtual machine. Once the virtual machine has been created, the user can connect to it.
Policy assignments can take up to 30 minutes to take effect. What may happen if you attempt to deploy a resource that should fail the policy validation?
The policy validation may succeed but the deployment will still fail. If this happens, allow for additional time and retry your deployment.
Can Docker containers be deployed to multiple environments without changing the application?
The portability of the container makes it easy for applications to be deployed in multiple environments, either on-premises or in the cloud, often with no changes to the application.
What is authentication?
The process of verifying the identity of a user who logs on to a system, or the integrity of transmitted data. the process of establishing the identity of a person or service looking to access a resource. It involves the act of challenging a party for legitimate credentials, and provides the basis for creating a security principal for identity and access control use. It establishes if they are who they say they are.
On what does the rate per billable unit depend?
The rate per billable unit depends on the resource type you are using. Those units are charged to your account for each billing period.
What does the Total Cost of Ownership (TCO) report allow you to compare?
The report allows you to compare the costs of your on-premises infrastructure with the costs of using Azure products and services to host your infrastructure in the cloud.
What resources are shown in the Azure Portal's Resource Panel?
The resources listed are part of your favorites. Note that Azure has more resource types than just those shown.
How is Azure security like the security provided on-premises?
The security issues are the same, just Azure is dealing with these issues at a larger scale. Common issue include: - physical security - building and server access - digital security - who can connect to your systems and data over the network
How is the serverless business model different than the VM and container models?
The serverless model differs from VMs and containers in that you only pay for the processing time used by each function as it executes. VMs and containers are charged while they're running - even if the applications on them are idle. This architecture doesn't work for every app - but when the app logic can be separated to independent units, you can test them separately, update them separately, and launch them in microseconds, making this approach the fastest option for deployment.
Billing at the user or organizational level in cloud computing
The subscription (pay-per-use) model is a computing billing method that is designed for both organizations and users. The organization or user is billed for the services used, typically on a recurring basis. You can scale, customize, and provision computing resources, including software, storage, and development platforms. For example, when using a dedicated cloud service, you could pay based on server hardware and usage.
Describe the Security Development Lifecycle recommendation to manage security risks
The vast majority of software projects today are built using third-party components (both commercial and open source). When selecting which third-party components to use, it's important to understand the impact that a security vulnerability in them could have to the security of the larger system into which they are integrated. Having an accurate inventory of these components, and a plan to respond when new vulnerabilities are discovered, will go a long way toward mitigating risks. However, you should also consider additional validation, depending on your organization's risk tolerance, the type of component being used, and potential impact of a security vulnerability.
Describe the work area in the dashboard editor, and how tiles behave.
The work area in edit mode is divided into squares. Each tile must occupy at least one square, and tiles will snap to the nearest largest set of tile dividers. Any overlapping tiles are moved out of the way. When you make a tile smaller, the surrounding tiles will move back up against it.
What are the other options for managing and controlling Azure resources programmatically?
There are also Azure SDKs for a range of languages and frameworks, and REST APIs
Describe some of the broad range of tools and platforms you can configure and manage in the Azure Portal.
There are tools available for the command line, language-specific Software Development Kits (SDKs), developer tools, tools for migration, and many others. Tools that are commonly used for day-to-day management and interaction include: - Azure portal for interacting with Azure via a Graphical User Interface (GUI) - Azure PowerShell and Azure Command-Line Interface (CLI) for command line and automation-based interactions with Azure - Azure Cloud Shell for a web-based command-line interface - Azure mobile app for monitoring and managing your resources from your mobile device
What are the disadvantages of a public cloud deployment?
There may be specific security requirements that cannot be met by using public cloud There may be government policies, industry standards, or legal requirements which public clouds cannot meet You don't own the hardware or services and cannot manage them as you may want to Unique business requirements, such as having to maintain a legacy application might be hard to meet
What are Azure Event Hubs?
These allow you to receive and process millions of events of real-time data each second via dynamic data pipelines. Event Hubs also integrates seamlessly with other Azure services.
What are Azure Management Groups?
These are containers for managing access, policies, and compliance across multiple Azure subscriptions. They allow you to order your Azure resources hierarchically into collections, which provide a further level of classification that is above the level of subscriptions. All subscriptions within one of these automatically inherit the conditions applied to these. They give you enterprise-grade management at a large scale no matter what type of subscriptions you might have.
What is a network endpoint?
These devices can include desktop or laptop computers, as well as portable devices like tablets and smart phones. Other types of hardware installations, like retail kiosks, also may fall under the category of endpoint devices. One of the biggest issues with these devices involves comprehensive security for a network or enterprise system. Security managers must determine whether various endpoint devices could be security gaps for a network; that is, whether unauthorized users can access an endpoint device and use it to pull off important or sensitive data. Many security architectures look at how to handle these devices in order to safeguard the data assets that be accessed through these systems. Companies that allow employees to "Bring Your Own Device (BYOD)" - i.e., laptops or smart phones - for use at work, usually face endpoint device security issues.
What are update domains?
These indicate groups of VMs and underlying physical hardware that can be rebooted at the same time. They are a logical part of each data center and are implemented with software and logic.
Azure Container Instances
These run containerized apps on Azure without provisioning servers or VMs
How do Docker containers provide an efficient, lightweight approach to application deployment?
They allow different components of the application to be deployed independently into different containers. Multiple containers can be run on a single machine, and containers can be moved between machines. The portability of the container makes it easy for applications to be deployed in multiple environments, either on-premises or in the cloud, often with no changes to the application.
How can resource groups be used for authorization?
They are a scope for applying role-based access control (RBAC) permissions. By applying RBAC permissions to a resource group, you can ease administration and limit access to allow only what is needed.
What are service certificates? Provide an example.
They are attached to cloud services and enable secure communication to and from the service. Service certificates are associated with a specific cloud service. They are assigned to a deployment in the service definition file. For example, if you deploy a web site, you would want to supply one of these that can authenticate an exposed HTTPS endpoint. These are defined in your service definition, are automatically deployed to the VM that is running an instance of your role.
What are the characteristics of blobs?
They are highly scalable and apps work with them in much the same way as they would work with files on a disk, such as reading and writing data. They aren't limited to common file formats. One of these could contain gigabytes of binary data streamed from a scientific instrument, an encrypted message for another application, or data in a custom format for an app you're developing. They allow you to stream large video or audio files directly to the user's browser from anywhere in the world. This type of storage is also used to store data for backup, disaster recovery, and archiving. It has the ability to store up to 8 TB of data for virtual machines.
How are microservices organized?
They are organized around individual business capabilities. They are NOT organized around software layers, such as the web application, business logic, and database.
What is a virtual machine?
They are software emulations of physical computers. They include a virtual processor, memory, storage, and networking resources. They host an operating system (OS), and you're able to install and run software just like a physical computer. And by using a remote desktop client, you can use and control it as if you were sitting in front of it. A software based emulation of a computer
Why is a loosely coupling your Azure services within a complex solution containing multiple components that must communicate with one another?
They can be updated independently. This means that development changes can be made as long as the communication strategy stays consistent. This means that features and performance can continue to be improved without breaking the existing Azure solution. It also allows services to be replaced without significant impact to the rest of the system. For example, imagine a faster storage option was released. If that new storage component could understand the same data and send and receive standard messages, it could be changed without updating or replacing other components in your solution. This architecture also allows you to add components to your system with ease. For instance, if you recognize a need to do data processing before storage, you can your data messaging flow to route through a new component that processes the data and sends it back to your data storage services. This can be done with minimal updates required. This architecture allows you to scale services proportionally to the amount of data traffic. It allows you manage performance and cost on services independently. This means you can scale-up or scale-out only those services that would truly benefit from the addition of resources, while avoiding paying for resources you are not using.
What do the 'Upload' and 'Download' buttons in the default Azure Portal dashboard enable you to do?
They enable you to download your current dashboard as a JSON file, customize it, and then distribute it and upload it or have someone else upload that file back to the Azure portal, thereby replacing their current dashboard. If you click Download, the current dashboard downloads the JSON code as a file you can edit locally. You can then upload it back to Azure by clicking the Upload button.
What do the controls at the top of the default Azure Portal dashboard allow you to do?
They enable you to: - create - upload - download - edit - share a dashboard You can also switch a dashboard to full screen, clone it, or delete it.
What resources does a virtual machine provide?
They include a virtual processor, memory, storage, and networking resources.
What are some of the characteristics of Azure Virtual Machines?
They provide infrastructure as a service (IaaS) in the form of a virtualized server and can be used in many ways. Just like a physical computer, you can customize all of the software running on them.
What are the benefits of Azure geographies?
They: - allow customers with specific data residency and compliance needs to keep their data and applications close. - ensure that data residency, sovereignty, compliance, and resiliency requirements are honored within geographical boundaries. - are fault-tolerant to withstand complete region failure through their connection to dedicated high-capacity networking infrastructure.
Storage costs in an on-premises datacenter.
This area includes all storage hardware components and the cost of supporting it. Based on the application and level of fault tolerance, centralized storage can be expensive. For larger organizations, you can create tiers of storage where more expensive fault‐tolerant storage is used for critical applications and lower expense storage is used for lower priority data.
What is an unplanned maintenance event?
This involves a hardware failure in the data center, such as a power outage or disk failure. VMs that are part of an availability set automatically switch to a working physical server so the VM continues to run. The group of virtual machines that share common hardware are in the same fault domain. A fault domain is essentially a rack of servers. It provides the physical separation of your workload across different power, cooling, and network hardware that support the physical servers in the data center server racks. In the event the hardware that supports a server rack becomes unavailable, only that rack of servers is affected by the outage.
What is a domain controller?
This is a server that manages all the computers and user accounts connected to the network. All accounts are created in a domain database and all logins are verified against this database. It is a server that responds to security authentication requests within a Windows Server domain. It is a server on a Microsoft Windows or Windows NT network that is responsible for allowing host access to Windows domain resources. A domain controller is the centerpiece of the Windows Active Directory service. It authenticates users, stores user account information and enforces security policy for a Windows domain. It allows hierarchical organization and protection of users and computers operating on the same network. In simpler terms, when a user logs into their domain, the DC authenticates and validates their credentials (usually in the form of username, password and/or IP location) and then allows or denies access.
What does Azure Active Directory's ability to synchronize with your existing on-premises Active Directory mean for users, developers, and administrators?
This means that all your applications, whether on-premises, in the cloud (including Office 365), or even mobile can share the same credentials. Administrators and developers can control access to internal and external data and applications using centralized rules and policies configured in Azure AD.
What is unstructured data?
This type of data encompasses data that has no designated structure to it. This lack of structure also means that there are no restrictions on the kinds of data it can hold. For example, a blob can hold a PDF document, a JPG image, a JSON file, video content, etc. As such, this type of data is becoming more prominent as businesses try to tap into new data sources. Data is data that is not stored in any organized way. As new data is acquired it is just added without trying to fit in with existing data.
Describe the Security Development Lifecycle recommendation to perform threat modeling.
Threat modeling should be used in environments where there is a meaningful security risk. As a practice, it allows development teams to consider, document, and discuss the security implications of designs in the context of their planned operational environment, and in a structured fashion. Applying a structured approach to threat scenarios helps a team more effectively and less expensively identify security vulnerabilities, determine risks from those threats, and then make security feature selections and establish appropriate mitigations. You can apply threat modeling at the component, application, or system level.
Describe a three-tiered architecture commonly used in e-commerce applications
Three-tier refers to an n-tier application that has three tiers. 1) web tier - provides the web interface to your users through a browser. 2) application tier - runs business logic. 3) data tier - includes databases and other storage that hold product information and customer orders.
Where can you delete Azure policy requirements
Through the portal or through the PowerShell command Remove-AzPolicyAssignment
boot
To boot (as a verb; also "to boot up") a computer is to load an operating system into the computer's main memory or random access memory (RAM). Once the operating system is loaded (and, for example, on a PC, you see the initial Windows or Mac desktop screen), it's ready for users to run applications. Sometimes you'll see an instruction to "reboot" the operating system. This simply means to reload the operating system (the most familiar way to do this on PCs is pressing the Ctrl, Alt, and Delete keys at the same time).
What is the purpose of Azure policies?
To enforce different rules and effects over your resources so that those resources stay compliant with your corporate standards and service level agreements.
What is an initiative definition purpose?
To simplify the process of managing and assigning policy definitions by grouping a set of policies into a single item. For example, you could create an one of these named Enable Monitoring in Azure Security Center, with a goal to monitor all the available security recommendations in your Azure Security Center. This could have the following policy definition within it: - Monitor unencrypted SQL Database in Security Center -For monitoring unencrypted SQL databases and servers. - Monitor OS vulnerabilities in Security Center - For monitoring servers that do not satisfy the configured baseline. - Monitor missing Endpoint Protection in Security Center - For monitoring servers without an installed endpoint protection agent.
If you are starting to migrate to the cloud, what tool can you use to predict your cost savings?
Total Cost of Ownership (TCO) calculator
What is the concept of micro-billing found in serverless computing?
Traditional computing has the notion of per-second billing, but often, that's not as useful as it seems. Even if a customer's website gets only one hit a day, they still pay for a full day's worth of availability. With serverless computing, they pay only for the time their code runs. If no active function executions occur, they're not charged. For example, if the code runs once a day for two minutes, they're charged for one execution and two minutes of computing time.
Describe how Azure Traffic Manager works.
Traffic Manager doesn't see the traffic that's passed between the client and server. Rather, it directs the client web browser to a preferred endpoint. Traffic Manager can route traffic in a few different ways, such as to the endpoint with the lowest latency. This setup could also include an on-premises deployment. You can connect Traffic Manager to your own on-premises networks, enabling you to maintain your existing data center investments. Or you can move your application entirely to the cloud. The choice is yours.
What feature helps protect Azure SQL Database and Azure Data Warehouse against the threat of malicious activity?
Transparent Database Encryption (TDE)
What is a loosely coupled architecture?
Typically, Azure solutions are built using multiple services or components that send and receive data to one another. Each components in the solution has little to no knowledge of the definitions of the other components. These components simply need to send and receive data. They do not need to know how that data is created or processed by the rest of the system. However, these components do need to agree on a standard for communication. A loosely couple architecture is one in which standards for communications between components in a system are established, without the components needing to know how data are created or processed by the rest of the system.
Which physical and logical network-isolated instances of Azure are used for US government agencies and partners? These datacenters are operated by screened US persons and include additional compliance certifications.
US DoD Central US Gov Virginia US Gov Iowa ...and more
What are some strategies to reduce Azure costs?
Use Azure credits Use spending limits Use reserved instances Choose low-cost locations and regions Research available cost-saving offers Right-size underutilized virtual machines Deallocate virtual machines in off hours Delete unused virtual machines Migrate to PaaS or SaaS services
What must cloud customers do to ensure digital security?
Use cloud provider tools to protect resources, allowing only authorized users to be able to log into virtual machines or storage systems running in the cloud.
When should you use resource locks?
Use resource locks to protect those key pieces of Azure that could have a large impact if they were removed or modified. Some examples are ExpressRoute circuits, and virtual networks, critical databases, and domain controllers. Evaluate your resources, and apply locks where you'd like to have an extra layer of protection from accidental actions.
How can you preview the latest version of the Azure Portal?
Use the URL https://preview.portal.azure.com
When navigating to other panes in the Azure Portal, what are two ways to return to where you came from?
Use the navigation trail at the top left to select a previous link Click the 'X' button at the top right to go back to the last pane in your navigation trail
How does the pricing model between VMs and Azure Functions compare?
Using a VM-based approach, you'd incur costs even when the VM is idle. With functions, Azure runs your code when it's triggered and automatically deallocates resources when the function is finished. In this model, you're only charged for the CPU time used while your function runs.
Leasing software and customized features in cloud computing.
Using a pay-per-use model requires actively managing your subscriptions to ensure that: - users do not misuse the services - provisioned accounts are being utilized and not wasted. As soon as the provider provisions resources, billing starts. It is your responsibility to de-provision the resources when they aren't in use so that you can minimize costs.
What are two ways to create and modify dashboards in the Azure Portal?
Using the Azure portal Modifying the underlying JSON file directly
What is the business model for VMs and containers?
VMs and containers are charged while they're running - even if the applications on them are idle.
What is the abbreviated name for a virtual network?
VNet
What are the four common techniques for performing compute in Azure?
Virtual machines Containers Azure App Service Serverless computing
What are a few key ways to handle integration and improve the security of your network when existing network infrastructure is integrated to provide communication from on-premises networks or to provide improved communication between services in Azure.
Virtual private network (VPN) connections are a common way of establishing secure communication channels between networks. Connections between Azure Virtual Network and an on-premises VPN device are a great way to provide secure communication between your network and your VNet on Azure. To provide a dedicated, private connection between your network and Azure, you can use Azure ExpressRoute. ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365. ExpressRoute connections improve the security of your on-premises communication by sending this traffic over the private circuit instead of over the public internet. You don't need to allow access to these services for your end users over the public internet, and you can send this traffic through appliances for further traffic inspection.
What are Azure credits?
Visual Studio subscribers can activate a monthly credit benefit that allows you to experiment with, develop, and test new solutions on Azure. Use Azure credits to try out new services such as App Service, Windows 10 VMs, Azure SQL Server databases, Containers, Cognitive Services, Functions, Data Lake, and more, without incurring any monetary costs. When you activate this benefit, you will own a separate Azure subscription under your account with a monthly credit balance that renews each month while you remain an active Visual Studio subscriber. The credit amount varies based on the program level, and you should check the documentation for more details on how much credit you receive for your specific subscription level. For example: $50 per month for Visual Studio Professional $150 per month for Visual Studio Enterprise Important The monthly Azure credit for Visual Studio subscribers is for development and testing only and does not carry a financially-backed SLA. Azure will suspend any instance (VM or cloud service) that runs continuously for more than 120 hours or if it's determined that the instance is being used for production. This benefit is made available to Visual Studio subscribers on a best efforts basis; there is no guarantee of capacity availability.
What are a few examples of regions?
West US Canada Central West Europe Australia East Japan West
What are challenges you face with a simple three-tiered web site solution that must run 24/7?
What happens when you need to do weekly maintenance? Your service will still be unavailable during your maintenance window. And because your site reaches users all over the world, there's no good time to take down your systems for maintenance. You may also run into performance issues if too many users connect at the same time.
Regarding the cost of an Azure solution, what questions must you be able to confidently answer?
What will this solution cost this fiscal year? Is there an alternate configuration you could use to save money? Can you estimate how a change would impact your cost and performance without putting it into a production system?
Describe how JSON parameters are used to define an Azure policy.
When a parameter is defined, it is given a name and optionally given a value. Parameters are a 'replacement token' that gets filled in when a policy definition is applied to a scope.
Give an example of Azure Information Protection (AIP).
When a user saves a Microsoft Word document containing a credit card number, a custom tooltip is displayed. The tooltip recommends labeling the file as Confidential \ All Employees. This label is configured by the administrator. Using this label classifies the document and protects it. After your content is classified, you can track and control how the content is used. For example, you can: - Analyze data flows to gain insight into your business - Detect risky behaviors and take corrective measures - Track access to documents - Prevent data leakage or misuse of confidential information
What are the security threats in a cloud solution environment?
When considering attacks, you must consider how attackers gain access by compromising each resource or communication. There are real security threats when you employ computer resources like VMs that run your applications and services in the cloud, as well as to the data that is stored in the cloud, and data traveling outside Azure and across the public Internet. There are also security threats at each endpoint, like user devices or computers that consume data or services.
Describe how an e-commerce web site works in a three-tiered architecture?
When the user clicks the button to place the order, the request is sent to the web tier, along with the user's address and payment information. The web tier passes this information to the application tier, which would validate payment information and check inventory. The application tier might then store the order in the data tier, to be picked up later for fulfillment.
What is the platform dependence with containers? With serverless?
When you deploy serverless functions in Azure Functions or AWS Lambda, you are marrying that platform. That serverless function is dependent on said platform and any attempt to "divorce" the platform could be painful and messy depending on how integrated the workload is. One of the beautiful things about containers is they can quite literally be moved and run anywhere and across multiple platforms. Additionally, this platform dependence also puts you at the mercy of the vendor as well. For example, let's say that you're using AWS Lambda, and AWS decides to make a change to one of their APIs. In most cases it's fine, but it could break your workflow as well in the worst-case scenario. Containers allows you to retain control of the entire stack.
How is Azure Load Balancer different than a manually configured load balancer on a VM?
When you manually configure typical load balancer software on a virtual machine, there's a downside: you now have an additional system that you need to maintain. If your load balancer goes down or needs routine maintenance, you're back to your original problem. If instead, however, you use Azure Load Balancer, there's no infrastructure or software for you to maintain. You define the forwarding rules based on the source IP and port to a set of destination IP/ports.
When should you scale out your deployment?
When you need additional virtual machines to speed up your application.
When are Azure VMs the ideal choice?
When you need: - total control over the operating system (OS) - the ability to run custom software, or - to use custom hosting configurations
How are resource costs calculated?
When you provision an Azure resource, Azure creates one or more meter instances for that resource. The meters track the resources' usage, and generate a usage record that is used to calculate your bill.
How can you monitor resource usage?
When you provision an Azure resource, Azure creates one or more meter instances for that resource. The meters track the resources' usage, and generate a usage record that is used to calculate your bill.
When are Azure Functions a good choice?
When you're concerned only about the code running your service and You are not concerned about the underlying platform or infrastructure
Technical personnel costs in an on-premises datacenter.
While not a capital expenditure, the personnel required to work on your infrastructure are specific to on-premises datacenters. You will need the technical expertise and workforce to - install - deploy - manage the systems in the datacenter and at the disaster recovery site.
What is the level of complexity of containers? Of serverless?
While some would call containerization complex and granular, serverless provides the ultimate in granular computing. This is both a pro and con of the serverless approach. Yes, you're only consuming the core resources you need to get the job done, but it can be easy to overdo it, and by the time you're done you have a complicated mess to manage and maintain if you're not careful.
What comes with an availability set?
With an availability set, you get: - Up to three fault domains that each have a server rack with dedicated power and network resources - Five logical update domains which then can be increased to a maximum of 20 - Your VMs are then sequentially placed across the fault and update domains.
What is the difference between shopping for your own computer and cloud computing?
With cloud computing, the PC is in a cloud provider's data center, instead of physically with you.
How do cloud providers accommodate storage for multiple data types? For example, storing large amounts of binary video data, or add, update, or delete highly structured data organized in tables.
With different cloud services. Using cloud storage allows you to create a storage services optimized for your data, and allows you to use multiple storage strategies at the same time.
What are the benefits of OpEx?
With the OpEx model - companies wanting to try a new product or service don't need to invest in equipment. Instead, they pay as much or as little for the infrastructure as required. - it is appealing if the demand fluctuates or is unknown. Cloud services are often said to be agile. Cloud agility is the ability to rapidly change an IT infrastructure to adapt to the evolving needs of the business. For example, if your service peaks one month, you can scale to demand and pay a larger bill for the month. If the following month the demand drops, you can reduce the used resources and be charged less. This agility lets you manage your costs dynamically, optimizing spending as requirements change.
Describe the Security Development Lifecycle recommendation to define and use cryptography standards.
With the rise of mobile and cloud computing, it's important to ensure all data - including security-sensitive information and management and control data - are protected from unintended disclosure or alteration when it's being transmitted or stored. Encryption is typically used to achieve this protection. However, making an incorrect choice when using any aspect of cryptography can be catastrophic. Therefore, it's best to develop clear encryption standards that provide specifics on every element of the encryption implementation. Encryption should be left to experts. A good general rule is to only use industry-vetted encryption libraries and ensure they're implemented in a way that allows them to be easily replaced if needed.
Are resource groups inherited when applied at higher levels?
Yes
Can the pricing options vary between products?
Yes
Can you create and switch between more than one Azure Portal dashboard
Yes
Can you share an Azure Portal dashboard with other team members?
Yes
Does Azure have more regions than any other provider?
Yes
Is a resource lock created on a resource group applied to the resources within the resource group?
Yes. The lock is inherited by all resources within the resource group.
If you are connected to the Azure Portal with the Microsoft Learn Sandbox, and you click 'New Resource', where are you directed to?
You are directed to the Azure Marketplace.
Can you mix and match Azure Functions and Azure Logic Apps?
You can call functions from Logic Apps and call Logic Apps from functions.
What can you do in the Portal settings pane?
You can change the Azure portal settings, including: - Inactivity sign out delay - Default view when you first sign in - Flyout or docked option for the portal menu - Color and contrast themes - Toast notifications (to a mobile device) - Language and regional format
What types of things can you use the Azure price calculator for?
You can create estimates for systems where you know the specific services you plan to use but also to compare how different services might impact your overall costs. An example is Microsoft SQL Server on a VM instead of an Azure SQL Database.
Go to the Azure Home Page and select Resource groups. You may see a resource group called NeworkWatcherRG. What is this?
You can ignore this resource group, it's created automatically to enable Network Watcher in Azure virtual networks.
What does the scalability of cloud computing allow you to do?
You can increase or decrease the resources and services used based on the demand or workload at any given time
What are advantages of a hybrid cloud deployment?
You can keep any systems running and accessible that use out-of-date hardware or an out-of-date operating system You have flexibility with what you run locally versus in the cloud You can take advantage of economies of scale from public cloud providers for services and resources where it's cheaper, and then supplement with your own equipment when it's not You can use your own equipment to meet security, compliance, or legacy scenarios where you need to completely control the environment
How can you purchase Azure Information Protection (AIP)?
You can purchase AIP either as a standalone solution, or through one of the following Microsoft licensing suites: Enterprise Mobility + Security, or Microsoft 365 Enterprise.
What choices might you make about the regions in which you replicate cloud services?
You can replicate your services into multiple regions for redundancy and locality, or select a specific region to ensure you meet data-residency and compliance laws for your customers.
How can you use a load balancer to run maintenance tasks?
You can stagger the maintenance window for each VM. During the maintenance window, the load balancer detects that the VM is unresponsive, and directs traffic to other VMs in the pool.
What do you do once you have clicked '+ New dashboard'?
You can then: - add - remove - adjust ...tiles however you like. When you are finished customizing the dashboard, click Done customizing to save and switch to that dashboard.
How can you automatically add or enforce tags?
You can use Azure Policy to automatically add or enforce tags for resources your organization creates based on policy conditions that you define. For example, you could require that a value for the Department tag is entered when someone in your organization creates a virtual network in a specific resource group.
What is an Application SLA?
You can use SLAs to evaluate how your Azure solutions meet business requirements and the needs of your clients and users. By creating your own SLAs, you can set performance targets to suit your specific Azure application.
How do Azure policies get applied?
You can use the Azure portal, or one of the command-line tools such as Azure PowerShell by adding the Microsoft.PolicyInsights extension. Below is an example using PowerShell, that includes the following information: Name - The actual name of the assignment. For this example, audit-vm-manageddisks was used. DisplayName - Display name for the policy assignment. In this case, you're using Audit VMs without managed disks Assignment. Definition - The policy definition, based on which you're using to create the assignment. In this case, it's the ID of policy definition Audit VMs that do not use managed disks. Scope - A scope determines what resources or grouping of resources the policy assignment gets enforced on. It could range from a subscription to resource groups. Be sure to replace <scope> with the name of your resource group. # Register the resource provider if it's not already registered: Register-AzResourceProvider -ProviderNamespace 'Microsoft.PolicyInsights' Once we have registered the provider, we can create a policy assignment. For example, here's a policy definition that identifies virtual machines not using managed disks. # Get a reference to the resource group that will be the scope of the assignment: $rg = Get-AzResourceGroup -Name '<resourceGroupName>' # Get a reference to the built-in policy definition that will be assigned $definition = Get-AzPolicyDefinition | Where-Object { $_.Properties.DisplayName -eq 'Audit VMs that do not use managed disks' } # Create the policy assignment with the built-in definition against your resource group: New-AzPolicyAssignment -Name 'audit-vm-manageddisks' -DisplayName 'Audit VMs without managed disks Assignment' -Sc
Describe how the cloud is elastic.
You could scale down or scale in your deployment if you needed to scale up or scale out only temporarily. Scaling down or scaling in can help you save money.
In what ways can you use policies to enforce standards?
You could use policy to restrict which Azure regions you can deploy resources to. For organizations that are heavily regulated or have legal or regulatory restrictions on where data can reside, policies help to ensure that resources aren't provisioned in geographic areas that would go against these requirements. You could use policy to restrict which types of virtual machine sizes can be deployed. You may want to allow large VM sizes in your production subscriptions, but maybe you'd like to ensure that you keep costs minimized in your dev subscriptions. By denying the large VM sizes through policy in your dev subscriptions, you can ensure they don't get deployed in these environments. You could also use policy to enforce naming conventions. If your organization has standardized on specific naming conventions, using policy to enforce the conventions helps us to keep a consistent naming standard across your Azure resources.
Give examples of Azure policy definitions.
You could: - ensure all public websites are secured with HTTPS - prevent a particular storage type from being created - force a specific version of SQL Server to be used
How do you set up serverless computing?
You create an instance of the service, and you add your code
How can you control who uses an Azure Portal dashboard?
You create dashboards for specific roles within the organization, and then use role-based access control (RBAC) to control who can access that dashboard.
What is available through Azure free support resources?
You have 24/7 access to: - the online documentation - community support - new Azure capabilities demo videos on YouTube. - Billing and subscription management support - Azure Quickstart Center, a guided experience in the Azure portal available to anyone who wants to improve their knowledge of Azure - Azure Service Health gives you insights on issues related to your Azure services - Azure Advisor gives you personalized recommendations on how to optimize your cost and performance About Azure capabilities demo videos Created by Azure engineers, these demo videos are available on Azure Friday, Microsoft Mechanics, and Azure portal how-to videos playlists. As an Azure customer, the following free support resources are available to you as well.
What is one aspect of abstraction in cloud services?
You have less control of the underlying hardware.
What are disadvantages of a private cloud deployment?
You have some initial CapEx costs and must purchase the hardware for startup and maintenance Owning the equipment limits the agility - to scale you must buy, install, and setup new hardware Private clouds require IT skills and expertise that's hard to come by
Once you assess and perform any remediation required, the Azure Database Migration Service performs all of the required steps. What is left for you to do?
You just change the connection string in your apps.
Describe a scenario in which your on-premise e-commerce site's data center is starting to struggle to keep up with user demand.
You just started working at a startup that's fundamentally disrupting the vitamin industry with simple customization and affordable monthly subscriptions. While business is booming on the e-commerce site, your data center is starting to struggle to keep up with user demand. Your service fails when too many users sign in at the same time, and you're facing more scheduled and unscheduled maintenance windows than you'd like. Your site is based in Silicon Valley, so you also find that a network delay is especially bad for users who are located in other regions, such as Europe and Asia. Therefore, you convince your team to move the site to the cloud to help save costs. But how can Azure, specifically, help your site run better? As it turns out, managing networks on Azure isn't entirely different from managing on-premises networks. Let's discover why.
Describe a scenario where a business uses each of the three levels of managed services.
You may easily use a combination of these types of infrastructure. - You could use Office 365 on your company's computers (SaaS) - Host your VMs (IaaS) - Use Azure SQL Database (PaaS) to store your data. With the cloud's flexibility, you can use any combination that provides you with the maximum result.
Provide a couple of scenarios in which Azure Management groups are applied.
You might create a hierarchy so you can apply a policy that, for example, limits VM locations to the US West Region for the "Geo Region 1" group. This policy will inherit onto both Enterprise Agreement (EA) subscriptions under that management group and will apply to all VMs under those subscriptions. This security policy cannot be altered by the resource or subscription owner allowing for improved governance. Another scenario where you would use management groups is to provide user access to multiple subscriptions. By moving many subscriptions under that management group, you can create one role-based access control (RBAC) assignment on the management group that will allow that access to all the subscriptions. One assignment on the management group can enable users to have access to everything they need instead of scripting RBAC rules over different subscriptions.You might create a hierarchy so you can apply a policy that, for example, limits VM locations to the US West Region for the "Geo Region 1" group. This policy will inherit onto both Enterprise Agreement (EA) subscriptions under that management group and will apply to all VMs under those subscriptions. This security policy cannot be altered by the resource or subscription owner allowing for improved governance. Another scenario where you would use management groups is to provide user access to multiple subscriptions. By moving many subscriptions under that management group, you can create one role-based access control (RBAC) assignment on the management group that will allow that access to all the subscriptions. One assignment on the management group can enable users to have access to everything they need instead of scripting RBAC rules over different subscriptions.
Give an example of an Azure policy?
You might have a policy that allows virtual machines of only a certain size in your environment. After this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy, existing resources can be brought into compliance. Imagine we allow anyone in our organization to create virtual machines (VMs). We want to control costs, so the administrator of our Azure tenant defines a policy that prohibits the creation of any VM with more than 4 CPUs. Once the policy is implemented, Azure Policy will stop anyone from creating a new VM outside the list of allowed stock keeping units (SKUs). Also, if you try to update an existing VM, it will be checked against policy. Finally, Azure Policy will audit all the existing VMs in our organization to ensure our policy is enforced. It can audit non-compliant resources, alter the resource properties, or stop the resource from being created. You can even integrate Azure Policy with Azure DevOps, by applying any continuous integration and delivery pipeline policies that affect the pre-deployment and post-deployment of your applications.
When a resource lock is applied, what must you do in order to perform that activity? What is the purpose of this?
You must first remove the lock. By putting an additional step in place before allowing the action to be taken on the resource, it helps protect resources from inadvertent actions, and helps protect your administrators from doing something they may not have intended to do.
What must be managed on a VM?
You must manage the software that runs on it: - configure - update - maintain
What is the abstraction of servers found in serverless computing?
You never explicitly reserve server instances; the platform manages that for you. Each function execution can run on a different compute instance, and this execution context is transparent to the code. With serverless architecture, you simply deploy your code, which then runs with high availability.
How is the computer power offered in cloud computing better than owning the computer?
You only pay for the resources you need and use Cloud providers manage the upkeep - backups, upgrades, high availability, scalability
What are the Azure App Service costs?
You pay for the Azure compute resources your app uses while it processes requests based on the App Service Plan you choose. The App Service plan determines how much hardware is devoted to your host - for example: - whether it's dedicated or shared hardware - how much memory is reserved for it. - There is even a free tier you can use to host small, low-traffic sites.
In the Azure Portal, in the Directory + subscription pane, what directory and subscription should you see while training?
You should see that you are in the Concierge Subscription of the Microsoft Learn Sandbox directory here. If you have other Azure directories tied to the same email address, those subscriptions will be available as well.
How is security provided by cloud storage providers?
You will be able to leverage security services that work with online storage services, giving you the tools you need to manage data access and safely store user data. Cloud storage providers give you the tools and the strategy that is responsive, flexible, and secure.
If one role assignment grants you read permissions to a resource group, and a different role assignment grants you write permissions to the same resource group, what permissions will you have on that resource group?
You will have both read and write permissions on that resource group.
How would you change the size of a dashboard tile using JSON?
You would edit the colSpan and rowSpan variables, then save the file and upload it back to Azure.
Describe how you would ensure that all resources have the Department tag associated with them and block creation if it doesn't exist.
You'll need to create a new policy definition and then assign it to a scope; in this case the scope will be our msftlearn-core-infrastructure-rg resource group. Policies can be created and assigned through the Azure portal, Azure PowerShell, or Azure CLI. This exercise takes you through creating a policy in the portal.
What is Azure billing like? What are some of the features?
You'll receive a monthly invoice with payment instructions provided. You may organize your invoice into line items that make sense to you and meet your budget and cost tracking needs. You also can get set up for multiple invoices.
Provide a scenario in which a business owner has IT problems with customers that are a great distance away.
You're a small business owner with a great set of web-based services that your clients love. The one difficulty you face is some clients are experiencing a network lag accessing your services from distant locations. This problem used to be expensive to solve - requiring new data centers and costly networks to connect them.
Provide examples of different role-based dashboards in the Azure Portal.
Your database administrator would have a dashboard that contains views of the SQL database service Your Azure Active Directory administrator would have views of the users and groups within Azure AD. You can even customize the portal between your production and development environments within the portal - creating a specific dashboard for each environment you are managing.
What are the two categories of Availability Zones that you pick from?
Zonal services - you pin the resource to a specific zone (for example, virtual machines, managed disks, IP addresses) Zone-redundant services - platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).
What is a database schema?
a "map" of data tables and their relationships to one another A description of the data and the organization of the data into tables in a relational database. Description of a database which is specified during database design and not expected to change frequently. Most data models have conventions for displaying schemas as diagrams.
What is Azure?
a Microsoft cloud platform that provides the compute, storage, and networking resources needed to build cloud-hosted applications
What is the Azure Service Fabric?
a Platform as a Service offering designed to facilitate the development, deployment and management of highly scalable and customizable applications for the Microsoft Azure cloud
event hub
a big data streaming platform and event ingestion service. It can receive and process millions of events per second. Data sent to an event hub can be transformed and stored by using any real-time analytics provider or batching/storage adapters. The following scenarios are some of the scenarios where you can use Event Hubs: - Anomaly detection (fraud/outliers) - Application logging - Analytics pipelines, such as clickstreams - Live dashboarding - Archiving data - Transaction processing - User telemetry processing - Device telemetry streaming
What security measures do cloud providers offer?
a broad set of policies, technologies, controls, and expert technical skills that can provide better security than most organizations can otherwise achieve.
Azure Cloud Shell
a browser-based command-line experience for managing and developing Azure resources. Think of it as an interactive console that you run in the cloud.
What is Azure Key Vault?
a centralized cloud service for storing your application secrets. It helps you control your applications' secrets by keeping them in a single, central location and by providing secure access, permissions control, and access logging capabilities.
Azure Batch
a cloud based job scheduling and compute management platform that enables running large-scale parallel and high performance computing applications efficiently in the cloud. It provides job scheduling and in automatically scaling and managing virtual machines running those jobs. It can automatically scale the cloud infrastructure /environment from a single node to thousands of virtual machines nodes instantly, on a scheduled time /date or on demand
Logic Apps
a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations.
data factory
a cloud-based data integration service that allows you to create data-driven workflows in the cloud for orchestrating and automating data movement and data transformation.
How does Azure Information Protection (AIP) protect shared documents?
a cloud-based solution that helps organizations classify and optionally protect documents and emails by applying labels. Labels can be applied automatically based on rules and conditions. Labels can also be applied manually. You can also guide users to choose recommended labels with a combination of automatic and manual steps.
What is serverless computing?
a cloud-hosted execution environment that runs your code but completely abstracts the underlying hosting environment. You create an instance of the service, and you add your code; no infrastructure configuration or maintenance is required, or even allowed.
What are network protocols?
a communication protocol for exchanging data between computers or processes, in a computer network computers are connected to each other. The arrangement consists of a set of rules and formats (syntax) that the communication behavior to determine the communicating entities in the computer ( semantics ).
data definition layer (DDL)
a computer language used to create and modify the structure of database objects in a database. These database objects include: - views - schemas - tables - indexes - etc. This term is also known as data description language in some contexts, as it describes the fields and records in a database table. The present database industry incorporates it into any formal language describing data. However, it is considered to be a subset of SQL (Structured Query Language). SQL often uses imperative verbs with normal English such as sentences to implement database modifications. Hence, it does not show up as a different language in an SQL database, but does define changes in the database schema. Commonly used syntax includes: CREATE: This command builds a new table and has a predefined syntax. The CREATE statement syntax is CREATE TABLE [table name] ([column definitions]) [table parameters]. CREATE TABLE Employee (Employee Id INTEGER PRIMARY KEY, First name CHAR (50) NULL, Last name CHAR (75) NOT NULL). ALTER: An alter command modifies an existing database table. This command can add an additional column, drop existing columns and even change the data type of columns involved in a database table. An alter command syntax is ALTER object type object name parameters. ALTER TABLE Employee ADD DOB Date. DROP: A drop command deletes a table, index or view. Drop statement syntax is DROP object type object name. DROP TABLE Employee.
application programming interface (API)
a computing interface defines interactions between multiple software intermediaries. It defines: - the kinds of calls or requests that can be made - how to make them - the data formats that should be used - the conventions to follow - etc. It can also provide extension mechanisms so that users can extend existing functionality in various ways and to varying degrees. It can be entirely custom, specific to a component, or it can be designed based on an industry standard to ensure interoperability. Some APIs have to be documented, others are designed so that they can be "interrogated" to determine supported functionality. Since other components/systems rely only on it, the system that provides it can (ideally) change its internal details "behind" it without affecting its users.
What is Azure CLI?
a cross-platform command-line program that connects to Azure and executes administrative commands on Azure resources.
What is PowerShell Core?
a cross-platform version of PowerShell that runs on Windows, Linux, or macOS
What is an Azure Portal dashboard?
a customizable collection of UI tiles displayed in the Azure portal. You add, remove, and position tiles to create the exact view you want, and then save that view as a dashboard.
What is a geography?
a discrete market typically containing two or more regions that preserve data residency and compliance boundaries
What is a Content Delivery Network?
a distributed network of servers that can efficiently deliver web content to users. It is a way to get content to users in their local region to minimize latency. It can be hosted in Azure or any other location. You can cache content at strategically placed physical nodes across the world and provide better performance to end users. Typical usage scenarios include web applications containing multimedia content, a product launch event in a particular region, or any event where you expect a high-bandwidth requirement in a region. Also, distributed servers (or a network of them) that deliver webpages & other web content to a user based on the geographic locations of the user, the origin of the webpage & a content delivery server
SQL Server Stretch Database
a feature of SQL Server where data can be split between on-premises storage and cloud storage. With Stretch Database, cold, historical data is kept in the cloud and active data is kept on-premises for maximum performance.
app gateway
a firewall proxy which provides network security. It filters incoming node traffic to certain specifications which mean that only transmitted network application data is filtered.
Azure Advisor
a free service built into Azure that provides recommendations on high availability, security, performance, operational excellence, and cost. It analyzes your deployed services and looks for ways to improve your environment across each of these areas, including cost.
What is the Advisor?
a free service built into Azure that provides recommendations on: It analyzes your deployed services and looks for ways to improve your environment across these areas: - high availability - security - performance - operational excellence - cost
Azure Cost Management
a free, built-in Azure tool that can be used to gain greater insights into where your cloud money is going. You can see historical breakdowns of what services you are spending your money on and how it is tracking against budgets that you have set. You can set budgets, schedule reports, and analyze your cost areas.
Resource Group
a fundamental element of the Azure platform. a logical container for resources deployed on Azure. Resources are anything you create in an Azure subscription like virtual machines, Application Gateways, and CosmosDB instances. All resources must be in one of these and a resource can only be a member of a single one. Many resources can be moved between these with some services having specific limitations or requirements to move. They can't be nested. Before any resource can be provisioned, you need one of these for it to be placed in. They exist to help manage and organize your Azure resources. By placing resources of similar usage, type, or location, you can provide some order and organization to resources you create in Azure. Logical grouping is the aspect that you're most interested in here, since there's a lot of disorder among our resources.
What is an Azure region?
a geographical area on the planet containing at least one, but potentially multiple datacenters that are nearby and linked together with a low-latency network.
What is Azure Cosmos DB?
a globally distributed database service. It supports schema-less data that lets you build highly responsive and Always On applications to support constantly changing data. You can use this feature to store data that is updated and maintained by users around the world.
server cluster
a group of servers connected both physically and logically to ensure constant service to clients
Domain Name System
a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. By providing a worldwide, distributed directory service, it has been an essential component of the functionality of the Internet since 1985.
What feature distributes traffic evenly among each system in a pool?
a load balancer A load balancer can help you achieve both high availability and resiliency
What feature distributes traffic in a multi-system solution in case one system goes down or is busy?
a load balancer The load balancer becomes the entry point to the user. The user doesn't know (or need to know) which system the load balancer chooses to receive the request. The load balancer receives the user's request and directs the request to one of the VMs in the web tier. If a VM is unavailable or stops responding, the load balancer stops sending traffic to it. The load balancer then directs traffic to one of the responsive servers.
What is Azure Application Gateway?
a load balancer designed for web applications. It uses Azure Load Balancer at the transport level (TCP) and applies sophisticated URL-based routing rules to support several advanced scenarios. This type of routing is known as application layer (OSI layer 7) load balancing since it understands the structure of the HTTP message.
What is Azure Load Balancer?
a load balancer service that Microsoft provides that helps take care of the maintenance for you. It supports inbound and outbound scenarios, provides low latency and high throughput, and scales up to millions of flows for all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) applications. You can use it with incoming internet traffic, internal traffic across Azure services, port forwarding for specific traffic, or outbound connectivity for VMs in your virtual network.
What is an Azure subscription?
a logical container used to provision resources in Azure. It holds the details of all your resources like virtual machines (VMs), databases, and more. When you create an Azure resource like a VM, you identify the one of these it belongs to. As you use the VM, the usage of the VM is aggregated and billed monthly.
What is an availability set?
a logical grouping of two or more VMs that help keep your application available during planned or unplanned maintenance.
What is a virtual network?
a logically isolated network on Azure. It allows Azure resources to securely communicate with each other, the internet, and on-premises networks. It is scoped to a single region; however, multiple of these from different regions can be connected together using peering. It is a software based network. It is formed when the physical network's bandwidth is partitioned
SQL Data Warehouse
a managed Data Warehouse-as-a Service ( DWaaS) offering provided by Microsoft Azure. A data warehouse is a federated repository for data collected by an enterprise's operational systems.
IoT Hub
a managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages.
HDInsight
a managed, full-spectrum, open-source analytics service in the cloud for enterprises. You can use open-source frameworks such as: - Hadoop - Apache Spark - Apache Hive - LLAP - Apache Kafka - Apache Storm - R - and more
Agility
a measurement of how efficiently the IT infrastructure of an organization can respond to external stimuli. This can mean how effectively it embraces the pressure to change or how successfully it creates a new opportunity.
What happens if you select on your name in the top right-hand corner of the Azure Portal?
a menu opens with a few options: - Sign in with another account, or sign out entirely - View your account profile, where you can change your password - Select the "..." button on the right-hand side for options to: - Check your permissions - View your bill - Update your contact information
What is a container?
a modified runtime environment built on top of a host OS that executes your application
What are some of the features of a container?
a modified runtime environment built on top of a host OS that executes your application. It doesn't use virtualization, so it doesn't waste resources simulating virtual hardware with a redundant OS. This environment typically makes them more lightweight than VMs. This design allows you to respond quickly to changes in demand or failure. Another benefit of them is you can run multiple isolated applications on a single host. Since they are secured and isolated, you don't need separate servers for each app.
What features allows or denies inbound network traffic to your Azure resources?
a network security group Think of a it as a cloud-level firewall for your network. You define this in order to control what traffic can flow through a virtual network.
What is an Azure policy assignment?
a policy definition that has been assigned to take place within a specific scope This scope could range from a full subscription down to a resource group. The assignments are inherited by all child resources. This inheritance means that if a policy is applied to a resource group, it is applied to all the resources within that resource group. However, you can exclude a subscope from the policy assignment. For example, we could enforce a policy for an entire subscription and then exclude a few select resource groups.
What do Cloud Solution Provider partners offer?
a range of complete managed cloud solutions for Azure. The Microsoft Cloud Solution Provider Program (CSP) enables partners to directly manage their entire Microsoft cloud customer lifecycle. Partners in this program utilize dedicated in-product tools to directly provision, manage, and support their customer subscriptions. Partners can easily package their own tools, products and services, and combine them into one monthly or annual customer bill. This program helps Microsoft partners become their customers' trusted advisors. Because by using CSP, partners are able to own and manage the end-to-end relationship with their customers.
When you deploy a resource in Azure, in what geographical unit might you need to choose to identify the location for your resources?
a region
Typically, what is the first thing you create in an Azure solution?
a resource group
dev/test lab
a self-service sandbox environment in Azure that enables you to quickly create dev/test environments while minimizing waste and controlling costs. Developers and testers need to spend considerable time configuring their self-service environments.
What is Azure Queue?
a service for storing large numbers of messages that can be accessed from anywhere in the world You can use this storage service to: - Create a backlog of work and to pass messages between different Azure web servers. - Distribute load among different web servers/infrastructure and to manage bursts of traffic. - Build resilience against component failure when multiple users access your data at the same time.
Application Insights
a service in Azure Monitor that monitors the availability, performance, and usage of your web applications, whether they're hosted in the cloud or on-premises. It leverages the powerful data analysis platform in Log Analytics to provide you with deeper insights into your application's operations. It can diagnose errors without waiting for a user to report them. It includes connection points to a variety of development tools, and integrates with Microsoft Visual Studio to support your DevOps processes.
Azure Monitor for containers
a service that is designed to monitor the performance of container workloads, which are deployed to managed Kubernetes clusters, hosted on Azure Kubernetes Service (AKS). It gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers, which are available in Kubernetes through the metrics API. Container logs are also collected.
Azure Monitor for VMs
a service that monitors your Azure VMs at scale, by analyzing the performance and health of your Windows and Linux VMs (including their different processes and interconnected dependencies on other resources, and external processes). Azure Monitor for VMs includes support for monitoring performance and application dependencies for VMs hosted on-premises, and for VMs hosted with other cloud providers.
express route
a service that provides a private connection between an organization's on-premises infrastructure and Microsoft Azure data centers.
Azure command-line interface (CLI)
a set of commands used to create and manage Azure resources. It is available across Azure services and is designed to get you working quickly with Azure, with an emphasis on automation.
What are resource locks?
a setting that can be applied to any resource to block modification or deletion. Resource locks can set to either Delete or Read-only. Delete will allow all operations against the resource but block the ability to delete it. Read-only will only allow read activities to be performed against it, blocking any modification or deletion of the resource. Resource locks can be applied to subscriptions, resource groups, and to individual resources, and are inherited when applied at higher levels.
imperative software development
a software development paradigm where functions are implicitly coded in every step required to solve a problem. In it, every operation is coded and the code itself specifies how the problem is to be solved, which means that pre-coded models are not called on. Imperative programming requires an understanding of the functions necessary to solve a problem, rather than a reliance on models that are able to solve it.
.NET data provider
a software library consisting of classes that provide data access services such as: - connecting to a data source - executing commands at a data source - fetching data from a data source with support to execute commands within transactions. It resides as a lightweight layer between data source and code, providing data access services with increased performance. It is a component of ADO.NET, a subset of the .NET framework class library.
fabric controller
a special piece of software in a server rack within a datacenter. it is connected to software called the orchestrator https://www.bing.com/videos/search?q=Azure+fabric+controller&&view=detail&mid=59665C4DD797562E115559665C4DD797562E1155&&FORM=VRDGAR
With containers, what is used to execute an application?
a standard runtime environment is used to execute the app.
data lake
a storage repository that holds a vast amount of raw data in its original format until the business needs it
declarative software development
a style of programming where you write your code in such a way that it describes what you want to do, and not how you want to do it. It is left up to the compiler to figure out the how. what you want to do, NOT how to do it
Service-oriented architecture (SOA)
a style of software design where services are provided to the other components by application components, through a communication protocol over a network. A SOA service is a discrete unit of functionality that can be accessed remotely and acted upon and updated independently, such as retrieving a credit card statement online. SOA is also intended to be independent of vendors, products and technologies.[1] A service has four properties according to one of many definitions of SOA:[2] It logically represents a business activity with a specified outcome. It is self-contained. It is a black box for its consumers, meaning the consumer does not have to be aware of the service's inner workings. It may consist of other underlying services.[3]
Azure Service Health
a suite of experiences that provide personalized guidance and support when issues with Azure services affect you. It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved. It can also help you prepare for planned maintenance and changes that could affect the availability of your resources.
What is a VM image?
a template used to create a VM. These templates already include an OS and often other software, like development tools or web hosting environments.
In terms of security, what does identity mean?
a thing that can be authenticated. Obviously, this includes users with a user name and password, but it can also include applications or other servers, which might authenticate with secret keys or certificates.
Azure Monitor
a tool that maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.
remote access server
a type of server that provides a suite of services to remotely connected users over a network or the Internet. It operates as a remote gateway or central server that connects remote users with an organization's internal local area network (LAN). It includes specialized server software used for remote connectivity. This software is designed to provide authentication, connectivity and resource access services to connecting users. It is deployed within an organization and directly connected with the organizaton's internal network and systems. Once connected with it, a user can access his or her data, desktop, application, print and/or other supported services. It is also the name of a Windows 2000 Server component that provides enterprise IT infrastructure access to remote users.
What are containers?
a virtualization environment for running applications. Just like virtual machines, they run on top of a host operating system. But unlike VMs, they don't include an operating system for the apps running inside them. Instead, they bundle the libraries and components needed to run the application and use the existing host OS running the container. For example, if five of them are running on a server with a specific Linux kernel, all five of them and the apps within them share that same Linux kernel.
What is a microservice?
a web service that is of a small, well-defined scope and is loosely coupled from any other web service. usually, you don't build one microservice, but instead your organization adopts a microservice architecture that consists of a collection of microservices, each one self-contained and implementing a single business capability. each service is a separate code-base which can be managed by a small development team microservices don't need to share the same technology stack, libraries, or frameworks, which allows each team to choose the right tool for the job microservices communicate with one another through well-defined APIs.
Microsoft Trust Center
a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services. It is an important part of the Microsoft Trusted Cloud Initiative, and provides support and resources for the legal and compliance community including: - In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products. - Recommended resources in the form of a curated list of the most applicable and widely used resources for each topic. - Information specific to key organizational roles, including business managers, tenant admins or data security teams, risk assessment and privacy officers, and legal compliance teams. - Cross-company document search, which is coming soon and will enable existing cloud service customers to search the Service Trust Portal. - Direct guidance and support for when you can't find what you're looking for.
What do cloud providers offer to meet the needs of unique businesses?
a wide range of services
Compliance Manager
a workflow-based risk assessment dashboard within the Service Trust Portal that enables you to track, assign, and verify your organization's regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure.
Each layer of cloud categories adds a layer of what?
abstraction
Once you select the Azure products and services that fit your requirements, how are you billed?
according to Azure's pay-for-what-you-use model
How do you convert the output of a Cloud Shell command such as 'az account list' to a table?
add '--output table' to the end of the command
Give examples of vertical scaling.
adding more CPUs, or adding more memory
What happens if you delete a resource group?
all resources contained within are also deleted. Organizing resources by life cycle can be useful in non-production environments, where you might try an experiment, but then dispose of it when done. Resource groups make it easy to remove a set of resources at once.
What are management certificates?
allow you to authenticate with the classic deployment model. Many programs and tools (such as Visual Studio or the Azure SDK) use these certificates to automate configuration and deployment of various Azure services. However, these types of certificates are not related to cloud services.
What do Network Security Groups do?
allow you to filter network traffic to and from Azure resources in an Azure virtual network. One of these can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol. They provide a list of allowed and denied communication to and from network interfaces and subnets, and are fully customizable.
What can you do using the Azure mobile app?
allows you to access, manage, and monitor all your Azure accounts and resources from your iOS or Android phone or tablet. Once installed, you can: - Check the current status and important metrics of your services - Stay informed with notifications and alerts about important health issues - Quickly diagnose and fix issues anytime, anywhere - Review the latest Azure alerts - Start, stop, and restart virtual machines or web apps - Connect to your virtual machines - Manage permissions with role-based access control (RBAC) - Use the Azure Cloud Shell to run saved scripts or perform ad hoc administrative tasks - and more...
What are Mobile back-ends in the Azure App Service?
allows you to quickly build a back-end for iOS and Android apps. With just a few clicks in the Azure portal you can: - Store mobile app data in a cloud-based SQL database - Authenticate customers against common social providers such as MSA, Google, Twitter, and Facebook - Send push notifications - Execute custom back-end logic in C# or Node.js - On the mobile app side, there is SDK support for native iOS & Android, Xamarin, and React native apps.
What is the communication type in microservices
almost always stateless
What is bandwidth?
amount of data that can be transferred in a given time refers to the amount of data that can fit on the connection.
What is used in the exercise to run a website hosted in Azure?
an App Service
What are you prompted to create when you access the Azure Cloud Shell?
an Azure Storage Account
What is Azure Policy?
an Azure service you use to create, assign and, manage policies. These policies enforce different rules and effects over your resources so that those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for noncompliance with assigned policies. For example, you might have a policy that allows virtual machines of only a certain size in your environment. After this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy, existing resources can be brought into compliance.
What do you need to create and use Azure services?
an Azure subscription
Azure App Service
an HTTP-based service that enables you to build and host many types of web-based solutions without managing infrastructure. For example, you can host web apps, mobile back ends, and RESTful APIs in several supported programming languages. Applications developed in .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python can run and scale with ease on both Windows and Linux-based environments.
What model does RBAC use for access?
an allow model When you are assigned to a role, RBAC allows you to perform specific actions, such as read, write, or delete. Therefore, if one role assignment grants you read permissions to a resource group, and a different role assignment grants you write permissions to the same resource group, you will have both read and write permissions on that resource group.
multi-factor authentication
an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: - knowledge (something the user and only the user knows) - possession (something the user and only the user has), - inherence (something the user and only the user is).
To what account are all Azure directories and subscriptions tied?
an email address
What is a virtual machine?
an emulation of a computer - just like your desktop or laptop you're using now.
Swagger
an open-source framework that helps you test your RESTful Windows Azure APIs without writing complex C# scripts. So, if you are developing an Azure-based REST service, it is here to help you speed the development and testing process.
What is Docker?
an open-source project that is one of the leading platforms for managing containers.
capital expenditure
an outlay of funds from which a firm is expected to produce benefits over a period of time greater than 1 year the spending of money on physical infrastructure up front, and then deducting that expense from a firm's tax bill over time. CapEx is an upfront cost, which has a value that reduces over time.
Which Azure management interfaces can you use to manage Azure resources?
any management interface, including: - the Azure portal - Azure CLI - Azure PowerShell
Which tiers in a multi-tier solution can have multiple systems managed by a load balancer?
any tier. It all depends on what your service requires
When is multi-factor authentication often used?
any time a user is signing in from a non-domain-connected computer
In what format are Azure Portal dashboards stored?
as JavaScript Object Notation (JSON) files
How is an Azure policy definition represented?
as a JSON file
How do Microsoft Partners use the Azure Marketplace?
as a launch point for all joint Go-To-Market activities
How can you purchase Azure Advanced Threat Protection (ATP)?
as part of the Enterprise Mobility + Security E5 suite (EMS E5) and as a standalone license. You can acquire a license directly from the Enterprise Mobility + Security Pricing Options page or through the Cloud Solution Provider (CSP) licensing model. It is not available to purchase via the Azure portal.
At what point does Azure Monitor start collecting data?
as soon as you create an Azure subscription and start adding resources such as virtual machines and webs apps.
What is the first step in securing the network perimeter?
assessing the resources that are internet-facing, and to only allow inbound and outbound communication where necessary. Make sure you identify all resources that are allowing inbound network traffic of any type, and then ensure they are restricted to only the ports and protocols required.
What do you do once you've defined one or more Azure policy definitions?
assign them
What are the two fundamental concepts in identity and access control
authentication and authorization
What is the term for how long your service is up and running without interruption?
availability
What Cloud Shell command shows you the account list?
az account list
In Cloud Shell, how do you list all the resource groups in a subscription?
az group list
What Cloud Shell command provides a list of all of the resources (on a subscription?)?
az resource list
What Cloud Shell command stops a web application running in the App Service?
az webapp stop \ < + ENTER > -- resource-group <resource group ID> \ < + ENTER > -- name <web app name>
What additional items should you include when planning cloud service?
backup traffic disaster recovery traffic
What maintenance is taken care of in cloud computing?
backups, upgrades, high availability, scalability
How is automatic scaling executed?
based on specific triggers such as CPU utilization or the number of requests and resources that can be allocated or de-allocated in minutes.
What kinds of support can all Azure customers access?
billing, quota, and subscription-management support
Azure managed disk
block-level storage volumes that are managed by Azure and used with Azure Virtual Machines. They like a physical disk in an on-premises server but virtualized. With these, all you have to do is specify the disk size, the disk type, and provision the disk. Once you provision the disk, Azure handles the rest. The available types of disks are ultra disks, premium solid-state drives (SSD), standard SSDs, and standard hard disk drives (HDD).
What does an Azure subscription allow you to do?
build and deploy cloud-based solutions use artificial intelligence solutions extract essential insights from your data
Regardless of the deployment type (IaaS, PaaS, SaaS), what security features does Microsoft provide?
built-in mechanisms for authentication and authorization. For example, Azure provides multi-factor authentication for sign-ins and transactions Azure provides role-based access control (RBAC), which gives customers the control to define roles for people to grant them only the amount of access they need There are additional services in place to help organizations ensure a tighter degree of control of security and active threat monitoring
What does a container do?
bundle a single app and its dependencies (referred to as containerizing the app), then deploys it as a unit to a container host. The container host provides a standardized runtime environment which abstracts away the operating system and infrastructure requirements, allowing the containerized application to run side-by-side with other containerized applications.
How can you integrate Azure Policy with Azure DevOps?
by applying any continuous integration and delivery pipeline policies that affect the pre-deployment and post-deployment of your applications.
How are Azure products and service arranged?
by category, with various resources that you can provision
How can you can improve the composite SLA with one Web app SLA and one SQL Database?
by creating independent fallback paths
In Azure Monitor, how can you extend the data you're collecting into the actual operation of the resources?
by enabling diagnostics and adding an agent to compute resources. Under resource settings, you can enable these Diagnostics: - Enable guest-level monitoring - Performance counters: collect performance data - Event Logs: enable various event logs - Crash Dumps: enable or disable - Sinks: send your diagnostic data to other services for more analysis - Agent: configure agent settings
How can you check the status and details of a support request?
by going to Help > Help +support > All support requests.
When you are logged into Azure, how can you tell which subscription you are using?
by looking at the tenant name under your profile picture
How can you customize the Azure Portal dashboard?
by moving and resizing tiles, and displaying services you're interested in.
How do many teams start exploring the cloud?
by moving their existing applications to virtual machines that run in Azure.
How does Azure AD and Managed Identities provide simple access management and fine-grained control, allowing administrators to ensure the minimum necessary permissions are granted?
by separating security principals, access permissions, and resources
In Azure Cloud Shell, how do you switch to PowerShell Core within Linux?
by typing 'pwsh'
How can you control a virtual machine as if you were sitting in front of it?
by using a remote desktop client
What is the basic error message you get when you try to delete a resource that has a lock on it?
cannot perform the delete because the following scope(s) are locked:
With CapEx, things like replacing or adding servers affect what financial element?
cash flow
What can the Azure Security Center do?
centralizes much of the help Azure has to offer. It provides a single dashboard, with a view into many of your services, and helps make sure you are following best practices. Continuously updated machine learning algorithms help identify whether the latest threats are aimed at your resources. And it helps your organization mitigate threats. - Provide security recommendations based on your configurations, resources, and networks. - Monitor security settings across on-premises and cloud workloads, and automatically apply required security to new services as they come online. - Continuously monitor all your services, and perform automatic security assessments to identify potential vulnerabilities before they can be exploited. - Use machine learning to detect and block malware from being installed on your virtual machines and services. You can also define a list of allowed applications to ensure that only the apps you validate are allowed to execute. - Analyze and identify potential inbound attacks, and help to investigate threats and any post-breach activity that might have occurred. - Provide just-in-time access control for ports, reducing your attack surface by ensuring the network only allows traffic that you require.
What does Transport Layer Security (TLS) use to encrypt website data in transit?
certificates
How do certificates work to provide encryption to website data in transit.
certificates can contain a private or a public key and have a thumbprint that provides a means to identify a certificate in an unambiguous way. This thumbprint is used in the Azure configuration file to identify which certificate a cloud service should use
What can you do in the Directory + subscription pane?
change between subscriptions change directories
In the Portal settings pane, what must you do to accept your changes?
click the Apply button
hybrid cloud deployment
combines public and private clouds, allowing you to run your applications in the most appropriate location.
Azure Blueprint artifacts
compose templates, policies, role assignments, and resource groups based on common or organization-based patterns into re-usable blueprints
What two resources do you rent in cloud computing?
compute power (CPU cycles, RAM) storage -
Name some of the flow controls that can be used in Logic Apps
conditional statements switch statements loops branching
What does every Azure policy definition have?
conditions under which it is enforced an accompanying effect that takes place if the conditions are met
Into what are an application and its dependencies packaged?
container
What should you choose if you wish to run multiple instances of an application on a single host machine?
containers
What two factors increase as you increase availability
cost and complexity
Give an example of cloud solution where you want to have more control and responsibility over maintenance.
create a virtual machine (VM)
In larger organizations using CapEx, what is often done to reduce storage costs?
create tiers of storage where more expensive fault‐tolerant storage is used for critical applications and lower expense storage is used for lower priority data.
What does selecting the Cloud Shell icon (>_) do?
creates a new Azure Cloud Shell session
What does the process of creating and implementing an Azure Policy begin with?
creating a policy definition
What are the challenges of implementing service principals?
creation of service principals can be a tedious process, and there are a lot of touch points that can make maintaining them difficult.
What type of information do tags allow you to add to your resources?
custom contextual information
What is the most valuable and irreplaceable asset for most organizations?
data
What are four features that cloud computing provides to ensure reliable service?
data backup disaster recovery data replication redundancy
What do cloud providers do to ensure that services are reliable?
data backup, disaster recovery, and data replication services to make sure your data is always safe. In addition, redundancy is often built into cloud services architecture so if one component fails, a backup component takes its place. This is referred to as fault tolerance and it ensures that your customers aren't impacted when a disaster occurs.
What two types of laws does cloud computing allow you to meet
data residency compliance
What is structured data?
data that adheres to a schema, so all of the data has the same fields or properties. It can be stored in a database table with rows and columns. It relies on keys to indicate how one row in a table relates to data in another row of another table. It is also referred to as relational data, as the data's schema defines the table of data, the fields in the table, and the clear relationship between the two. It is straightforward in that it's easy to enter, query, and analyze. All of the data follows the same format. Examples of it include sensor data or financial data. It is data that consists of recognizable and predictable structures, such as data found in a database.
What is data at rest?
data that has been stored on a physical medium This data could be stored on the disk of a server, data stored in a database, or data stored in a storage account.
cloud deployment model
defines: - where your data is stored - how your customers interact with it - how they get to it - where the applications run - how much of your own infrastructure you want or need to manage.
open source
denoting software for which the original source code is made freely available and may be redistributed and modified.
Scalability
describes how well a system can adapt to the increased demands of growth
How can you purchase Azure access?
directly from Microsoft by signing up on the Azure website or through a Microsoft representative or through a Microsoft partner
What are two ways identities are mapped to roles?
directly or through group membership.
What types of reporting is provided with Azure AD Privileged Identity Management
directory activations by role type directory users by user status directory roles distribution recommendations pertaining to the number of administrators role type, authentication type, active status, eligibility
What does selecting the bell icon do?
displays the Notifications pane
What does the gear icon do?
displays the Portal settings pane
What is the first step in editing a dashboard JSON file
download the dashboard's JSON file using the Download button at the top of the default dashboard
What is required to ensure your services and data are redundant so you can protect your information in case of failure?
duplicating hardware environments
In the dashboard editor, how do you change the size of tiles?
edit tiles with a gray bottom right-hand corner by dragging the corner indicator. alternatively, right-click into the contextual menu and specify the size you want
When editing a dashboard, what do you do once you have made the changes you want?
either click 'Done customizing' --- or --- right-click and then click 'Done customizing'
horizontal scaling
employing multiple computers to share the workload to add extra virtual machines to power your application. For example, you might create many virtual machines configured in exactly the same way and use a load balancer to distribute work across them. also called scale out, or scaling out
Azure Blueprint
enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. makes it possible for development teams to rapidly build and deploy new environments with the trust they're building within organizational compliance using a set of built-in components, such as networking, to speed up development and delivery. enables quick creation of governed subscriptions allows Cloud Architects to design environments that comply with organization standards and best practices - enabling your app teams to get to production faster
What is Azure Batch?
enables large-scale job scheduling and compute management with the ability to scale to tens, hundreds, or thousands of VMs. When you're ready to run a job, this feature does the following: - Starts a pool of compute VMs for you - Installs applications and staging data - Runs jobs with as many tasks as you have - Identifies failures - Requeues work - Scales down the pool as work completes There may be situations in which you need raw computing power or supercomputer level compute power.
What is the Azure App Service?
enables you to build and host web apps, background jobs, mobile backends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability. It supports both Windows and Linux, and enables automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model. This platform as a service (PaaS) allows you to focus on the website and API logic while Azure handles the infrastructure to run and scale your web applications.
traffic manager
enables you to control the distribution of traffic across your application endpoints. An endpoint is any Internet-facing service hosted inside or outside of Azure. It provides two key benefits: 1) Distribution of traffic according to one of several traffic-routing methods 2) Continuous monitoring of endpoint health and automatic failover when endpoints fail
Once data leaves the data center and is stored for example on mobile devices that could potentially be hacked or stolen, what is the only protection on the data?
encryption
What serves as the last and strongest line of defense in a layered security strategy?
encryption
What do cloud infrastructures policies do?
enforce your rules for created resources, so your infrastructure stays compliant with your corporate standards, cost requirements, and any service-level agreements (SLAs) you have with your customers.
What is a fault domain?
essentially a rack of servers. It provides the physical separation of your workload across different power, cooling, and network hardware that support the physical servers in the data center server racks. In the event the hardware that supports a server rack becomes unavailable, only that rack of servers is affected by the outage.
Microsoft Privacy Statement
explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes. The statement applies to the interactions Microsoft has with you and Microsoft products such as Microsoft services, websites, apps, software, servers, and devices. It is intended to provide openness and honesty about how Microsoft deals with personal data in its products and services.
Define Azure Web services
first-class support to build and host web apps and HTTP-based web services.
What technologies are Availability Zones primarily used for?
for VMs, managed disks, load balancers, and SQL databases.
In which network layers does Azure provide security?
for internet-facing resources between internal resources communication between on-premises networks and Azure
Why might you want to create additional Azure subscriptions?
for resource or billing management purposes
Azure DevOps
formerly know as Visual Studio Team Services, or VTS provides development collaboration tools including high-performance pipelines, free private Git repositories, configurable Kanban boards, and extensive automated and cloud-based load testing
What is the range of ways that Azure provides to host your web applications.
from fully pre-configured environments that host your code, to virtual machines that you configure, customize, and manage.
What are Azure standard messaging strategies designed to do?
help you design your solution architecture and effectively manage changes brought by new development or services.
What do subnets on virtual networks help you do?
help you organize and secure your resources in discrete sections. For example, the web, application, and data tiers of a three-tier architecture could each have a single VM. All three VMs are in the same virtual network but are in separate subnets.
Can you recover a dashboard that has been deleted?
here is no facility to recover a dashboard that has been deleted
What term refers to a service that's up and running for a long period of time.
high availability
What can a group of VMs provide?
high availability scalability redundancy
What are two crucial components of resiliency?
high availability and disaster recovery
How are Availability Zones connected?
high-speed, private fiber-optic networks
Provide an example of a hybrid cloud deployment.
host a website in the public cloud and link it to a highly secure database hosted in your private cloud (or on-premises datacenter).
Service Trust Portal (STP)
hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft's cloud services. Its users can download audit reports produced by external auditors and gain insight from Microsoft-authored reports that provide details on how Microsoft builds and operates its cloud services. It also includes information about how Microsoft online services can help your organization maintain and track compliance with standards, laws, and regulations, such as: ISO SOC NIST FedRAMP GDPR It is a companion feature to the Trust Center, and allows you to: - Access audit reports across Microsoft cloud services on a single page. - Access compliance guides to help you understand how you can use Microsoft cloud service features to manage compliance with various regulations. - Access trust documents to help you understand how Microsoft cloud services help protect your data.
In the Azure Portal, how do you view the tooltip label on icons in the top menu bar?
hover your mouse pointer over each of the icons for a few seconds each
Where can you learn about the latest updates to Azure products?
https://azure.microsoft.com/en-us/updates
Where can you learn about preview features?
https://azure.microsoft.com/en-us/updates/?status=inpreview You can also use the RSS Feed button in the Azure Portal page to subscribe to notifications and stay informed.
Where (physically) does the free sandbox allow you to create resources?
in a subset of the Azure global regions
In what ways can encrypted data vary?
in its content, usage, and importance to the organization. Examples of different types are financial information that could be critical to the business, intellectual property that has been developed by the business, personal data about customers or employees that the business stores, and even the keys and secrets used for the encryption of the data itself.
How long does it take to setup a virtual machine?
in minutes
Where can you find the URL of a website you created?
in the overview of the App service in the portal.
In the Azure Portal, where are most configuration options displayed?
in the status bar at the top-right of the screen
Server costs in an on-premises datacenter.
includes all hardware components and the cost of supporting them. When purchasing servers, make sure to design fault tolerance and redundancy, such as server clustering, redundant power supplies, and uninterruptible power supplies. When a server needs to be replaced or added to a datacenter, you need to pay for the computer. This can affect your immediate cash flow because you must pay for the server up front.
What infrastructure decisions are handled by the Azure App Service?
infrastructure decisions you deal with in hosting web-accessible apps: - deployment and management are integrated into the platform - endpoints can be secured - sites can be scaled quickly to handle high traffic loads - the built-in load balancing and traffic manager provide high availability. All of the app styles (WebApps, API Apps, WebJobs, and Mobile Apps) are hosted in the same infrastructure and share these benefits. This flexibility makes App Service the ideal choice to host web-oriented applications.
What can you use to organize multiple Azure Policies?
initiatives
How are Azure datacenters organized?
into regions
What is the Microsoft Security Development Lifecycle (SDL)?
introduces security and privacy considerations throughout all phases of the development process. It helps developers build highly secure software, address security compliance requirements, and reduce development costs. The guidance, best practices, tools, and processes in the SDL are practices used internally at Microsoft to build more secure products and services. Since first sharing the SDL in 2008, the practices have been continuously updated to cover new scenarios such as cloud services, IoT, and AI. By introducing standardized security and compliance considerations throughout all phases of the development process, developers can reduce the likelihood of vulnerabilities in products and services, and avoid repeating the same security mistakes. Similarly, security integration throughout the operations lifecycle will assist in maintaining the integrity of those products and services. Operational Security Assurance practices should align with your development processes; this arrangement will result in less time and cost spent on triage and response after the fact, and provide your customers with assurance that your products are highly secure.
In the Azure Portal, other than the Resource Panel, what is the remainder or main area of the portal view for?
is for the specific elements you are working with
What does virtual networking help you do?
isolate network and compute resources
What is Kubernetes?
it combines container management automation with an extensible API to create a cloud-native application management powerhouse. it manages the placement of pods, which consist of one or more containers on a cluster node if a pod crashes, it can create a new instance of it if a cluster node is removed, it can move any effected workload to a different node in the cluster it can be scaled to provide more or less throughput to meet scale demands the scale operation can be triggered manually or automatically using pod autoscaling it can stagger update deployments to minimize downtime it can rollback problematic updates to a previous version it can manage container storage and networking
What does building an efficient and reliable Azure solution require?
knowing your workload requirements
What is Big Data?
large volumes of data large data sets examples: weather systems, communications systems, genomic research, imaging platforms, and many other scenarios where gigabytes of data are generated.
What approach is taken to network security?
layered so that if an attacker gets through one layer, there are further protections in place to limit further attack.
VM scale set
let you create and manage a group of identical, load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. They provide high availability to your applications, and allow you to centrally manage, configure, and update a large number of VMs. With these, you can build large-scale services for areas such as: - compute - big data - container workloads
What are Azure Virtual Machine Scale Sets?
let you create and manage a group of identical, load balanced VMs. Imagine you're running a website that enables scientists to upload astronomy images that need to be processed. If you duplicated the VM, you'd normally need to configure an additional service to route requests between multiple instances of the website. These could do that work for you. They allow you to centrally manage, configure, and update a large number of VMs in minutes to provide highly available applications. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. With Virtual Machine Scale Sets, you can build large-scale services for areas such as compute, big data, and container workloads.
How does ExpressRoute work?
lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365. ExpressRoute connections improve the security of your on-premises communication by sending this traffic over the private circuit instead of over the public internet. You don't need to allow access to these services for your end users over the public internet, and you can send this traffic through appliances for further traffic inspection.
What is de-allocating a VM like?
like turning off your physical computer. So, you will incur storage costs for the disks.
How can you manage service certificates?
manage service certificates separately from your services, and you can have different people managing them. For example, a developer could upload a service package that refers to a certificate that an IT manager has previously uploaded to Azure. An IT manager can manage and renew that certificate (changing the configuration of the service) without needing to upload a new service package. Updating without a new service package is possible because the logical name, store name, and location of the certificate is in the service definition file, while the certificate thumbprint is specified in the service configuration file. To update the certificate, it's only necessary to upload a new certificate and change the thumbprint value in the service configuration file.
What are two ways scaling can be done?
manually or automatically.
How long does it take to create and provision a VM?
minutes, when you select a preconfigured image
How many regions are distributed worldwide?
more than 60
What are larger enterprise systems are often composed of?
multiple inter-connected applications and services that work together. You might have a front-end web system that displays inventory and allows customers to create an order. That might talk to a variety of web services to provide the inventory data, manage user profiles, process credit cards, and request fulfillment of processed orders.
tags
name/value pairs of text data that you can apply to resources and resource groups. allow you to associate custom details about your resource or resource group
How can you navigate to the Azure Cloud Shell independent of the Azure Portal?
navigate to https://shell.azure.com to launch it in the browser
List the resources that are managed by either the customer or the cloud provider, depending on the category (On-premise, IaaS, PaaS, SaaS)
networking storage servers virtualization OS middleware runtime data applications
Do containers include an operating system for the apps running inside them?
no
In a public cloud, does the customer have hardware to manage?
no
What are the ways cloud computing can be billed?
number of users CPU usage time allocated RAM I/O operations per second IOPS storage space
What are characteristics of Azure File Storage
offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol. can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS. Applications running in Azure virtual machines or cloud services can mount one of these to access file data, just as a desktop application would mount a typical SMB share. Any number of Azure virtual machines or roles can mount and access one of these simultaneously. Typical usage scenarios would be to share files anywhere in the world, diagnostic data, or application data sharing. This storage type uses the Server Message Block (SMB) protocol that ensures the data is encrypted at rest and in transit.
What are Azure Container Instances (ACI)?
offers the fastest and simplest way to run a container in Azure. You don't have to manage any virtual machines or configure any additional services. It is a PaaS offering that allows you to upload your containers and execute them directly with automatic elastic scale.
Other than billing, quota, and subscription-management support, on what does other types of support available depend?
on the support plan you have
How many subscriptions can you have associated with one directory?
one or more
What does an Availability Zone contain?
one or more datacenters equipped with independent power, cooling, and networking.
When is the only time you should use self-signed certificates for the security of a website in Transport Layer Security.
only use them when developing and testing your cloud services. A self-signed certificate is signed by its own creator; therefore, it is not trusted by default. Most browsers can ignore this problem.
What do you pay for with Azure?
only what you use
Within the Help pane, what does clicking the Help + support button do?
opens the main help and support area for the Azure portal and includes documentation options for a variety of common questions.
What are benefits of moving some of the responsibility of security of the operational environment to a cloud provider?
organizations can reduce focus on activities that aren't core business competencies shift commodity responsibilities to the provider and re-allocate your resources leverage cloud-based security capabilities for more effectiveness Use Cloud intelligence to improve detection/response time
Besides VMs, what are the other two popular computing options?
other choices are containers and serverless computing
What does identity allow you to maintain security outside of?
outside our physical control
How many services does Azure currently provide?
over 100
How many Azure facilities are provided?
over 140
How many listings are included in the Azure Marketplace?
over 8,000
What is the pricing model for cloud computing
pay-as-you-go or consumption-based
What are the two types of security in cloud computing?
physical and digital
How is data secured?
physical security - building and server access digital security - who can connect to your systems and data over the network
What are Availability Zones?
physically separate datacenters within an Azure region
Where is the select dashboard drop-down and what does it allow you to do?
portal menu (pancake) --> Dashboard --> It is located at the top-left of the controls in the default Azure Portal dashboard. It allows you to select from dashboards that you have already defined for your account.
In the Azure Portal, where can you look at additional information exposed about your application and explore some of the available options to configure a website.
portal menu (stack-o-pancakes icon at top left) --> select Dashboard --> select the app service --> select Overview
What is the default privacy level for dashboards you create
private
What do these cloud-based servers do?
process each request and return a response
What is one simple way to reduce latency?
provide exact copies of your service in more than one region.
Azure API Management
provides a REST API for performing operations on selected entities, such as users, groups, products, and subscriptions. This reference provides a guide for working with the API Management REST API, as well as specific reference information for each available operation, grouped by entity.
What is Azure Disk Storage?
provides disks for virtual machines, applications, and other services to access and use as they need, similar to how they would in on-premises scenarios.
What is the Server Message Block (SMB) protocol?
provides file sharing, network browsing, printing services, and inter-process communication over a network. This protocol relies on lower-level protocols for transport.
What does Role-Based Access Control (RBAC) provide?
provides fine-grained access management for Azure resources, enabling you to grant users the specific rights they need to perform their jobs.
What are some the ways Azure encrypts data across services?
raw storage virtual machine disks databases secrets
What is likely your first step to deploying your site to Azure?
re-create your on-premise configuration in the cloud. This basic configuration will give you a sense of how networks are configured, and how network traffic moves in and out of Azure.
What are some of the challenges organizations face with securing their datacenters?
recruiting and keeping security experts using many security tools keeping pace with the volume and complexity of threats.
How is fault tolerance implemented by cloud providers?
redundancy is often built into cloud services architecture so if one component fails, a backup component takes its place
RAID
redundant array of independent disks - a way of storing the same data in different places on multiple hard disks or solid-state drives to protect data in the case of a drive failure. There are different RAID levels, however, and not all have the goal of providing redundancy. How RAID works RAID works by placing data on multiple disks and allowing input/output (I/O) operations to overlap in a balanced way, improving performance. Because the use of multiple disks increases the mean time between failures (MTBF), storing data redundantly also increases fault tolerance.
What is persistence?
refers to object and process characteristics that continue to exist even after the process that created it ceases or the machine it is running on is powered off. When an object or state is created and needs to be persistent, it is saved in a non-volatile storage location, like a hard drive, versus a temporary file or volatile random access memory (RAM).
High availability
refers to systems that are durable and likely to operate continuously without failure for a long time. The term implies that parts of a system have been fully tested and, in many cases, that there are accommodations for failure in the form of redundant components.
What is data residency?
refers to the physical or geographic location of an organization's data or information. It defines the legal or regulatory requirements imposed on data based on the country or region in which it resides. It is an important consideration when planning out your application data storage.
What are some of the characteristics of the Azure infrastructure
reliable redundant energy-efficient (reduced carbon footprint) secure compliant with local laws
What term refers to a system's ability to stay operational during abnormal conditions?
resiliency
Name the major features that allow greater organization across Azure resources.
resource groups tags policies resource locks
What can you use an applied Azure policy to identify? Where can you do this?
resources that aren't compliant with the policy assignment through the Azure portal or command-line tools.
What do you do create in the firewall?
rules that specify ranges of IP addresses. Only clients from these granted IP addresses will be allowed to access the server. Firewall rules, generally speaking, also include specific network protocol and port information.
In the Azure Portal, what is a quick way to get back to the home page
select on Microsoft Azure at the top-left of the window --- OR --- select the Home link in the navigation trail at the top left --- OR --- click the portal menu icon (stack of pancakes at the top-left) --> click 'Home'
In the Azure Portal, how do you check your permissions?
select your name in the top right-hand corner > select the "..." button > click Check your permissions
In the Azure Portal, how do you analyze where Azure is generating costs?
select your name in the top right-hand corner > select the "..." button > select View your bill
List some activities that require interaction with cloud-base servers to process a request and return a response?
send an email book a reservation on the Internet pay a bill online take this Microsoft Learn module
What does virtualization do?
separates the tight coupling between a computer's hardware and its operating system using an abstraction layer called a hypervisor.
What are the typical CapEx costs in an on-premises datacenter?
server costs storage costs network costs backup and archive costs organizational continuity and disaster recovery costs datacenter infrastructure costs technical personnel
What two methods are used in Azure AD to secure service credentials that might otherwise be stored in unsecured configuration files?
service principals managed identities
In security terms, what are roles?
sets of permissions, like "Read-only" or "Contributor", that users can be granted to access an Azure service instance. can be granted at the individual service instance level, but they also flow down the Azure Resource Manager hierarchy. When assigned at a higher scope, like an entire subscription, they are inherited by child scopes, like service instances.
What does planning out a consistent cloud infrastructure start with?
setting up policy
What does the Azure Marketplace solution catalog span?
several industry categories, including but not limited to: - open-source container platforms - virtual machine images - databases - application build and deployment software - developer tools - threat detection - blockchain
What does selecting the question mark icon do?
shows the Help pane
How can you navigate to view cost recommendations in the Azure Advisor?
sign-in to the Azure portal --> expand the left-hand navigation from the top-left menu and click on All Services --> click on the Management + governance category and find Advisor. Or, you can type Advisor in the services filter box to filter on just that name --> click on the Cost box --> click on any recommendation
With what to things can you be sure who has the ability to see and manipulate our data and infrastructure?
single sign-on appropriate role-based access configuration
orchestrator
software responsible for managing everything that happens in Azure, including responding to user requests
What is cross-platform software?
software that can be run on Windows, Linux, or macOS
middleware
software that lies between an operating system and the applications running on it. Essentially functioning as hidden translation layer, it enables communication and data management for distributed applications. It's sometimes called plumbing, as it connects two applications together so data and databases can be easily passed between the "pipe." Using it allows users to perform such requests as submitting forms on a web browser, or allowing the web server to return dynamic web pages based on a user's profile. Common examples include database, application server , message-oriented, web, and transaction-processing monitors. Each program typically provides messaging services so that different applications can communicate using messaging frameworks like simple object access protocol (SOAP), web services, representational state transfer (REST), and JavaScript object notation (JSON). While it performs communication functions, the type a company chooses to use will depend on what service is being used and what type of information needs to be communicated. This can include security authentication, transaction management, message queues, applications servers, web servers, and directories. It can also be used for distributed processing with actions occurring in real time rather than sending data back and forth.
operational expenditure
spending money on services or products now and being billed for them now. You can deduct operational expenses from your tax bill in the same year. There's no upfront cost. You pay for a service or product as you use it.
Describe stateless and stateful aspects of Azure Functions.
stateless (the default), where they behave as if they're restarted every time they respond to an event, or stateful (called "Durable Functions"), where a context is passed through the function to track prior activity.
What does cloud security protect?
strengthened security, which helps to protect data, apps, and infrastructure from potential threats.
At what level does access management occur?
subscription This control allows an organization to configure each division of the company in a specific fashion based on their responsibilities and requirements.
What can resource locks be applied to?
subscriptions, resource groups, and to individual resources
What is the event-driven scale feature of serverless computing?
suited for workloads that respond to incoming events. Events include triggers by timers. For example: - if a function needs to run every day at 10:00 AM UTC), - HTTP - API and webhook scenarios - queues - for example, with order processing - and much more Instead of writing an entire application, the developer authors a function, which contains both code and metadata about its triggers and bindings. The platform automatically schedules the function to run and scales the number of compute instances based on the rate of incoming events. Triggers define how a function is invoked and bindings provide a declarative way to connect to services from within the code.
What are the two top-level forms of encryptions
symmetric uses the same key to encrypt and decrypt the data. Consider a desktop password manager application. You enter your passwords and they are encrypted with your own personal key (your key is often derived from your master password). When the data needs to be retrieved, the same key is used, and the data is decrypted. asymmetric uses a public key and private key pair. Either key can encrypt but a single key can't decrypt its own encrypted data. To decrypt, you need the paired key. Asymmetric encryption is used for things like Transport Layer Security (TLS) (used in HTTPS) and data signing.
What is a stateful system?
system is described as such if it is designed to remember preceding events or user interactions; the remembered information is called the state of the system.
What does the replication feature in Azure ensure?
that your data is durable and always available. Azure provides regional and geographic replications to protect your data against natural disasters and other local disasters like fire or flooding.
What does Bash default to in Azure Cloud Shell?
the Azure CLI (with the az command pre-installed)
What browser-based terminal lets you control and administer all of your Azure resources in the current subscription through a command-line interface built right into the portal
the Azure Cloud Shell
Where do you often start when creating new resources in Azure, that allows you to find, try, purchase, and provision applications and services from hundreds of leading service providers, all certified to run on Azure
the Azure Marketplace
What is the name of the primary graphical user interface (GUI) for controlling Microsoft Azure?
the Azure Portal
Where can you: - create, manage, and monitor any available Azure services. - identify a service you're looking for, get links for help on a topic, and deploy, manage, and delete resources - be guided through complex administrative tasks using wizards and tooltips?
the Azure Portal
What must you understand in order to create achievable Application SLAs?
the Azure SLAs that define performance targets for the Azure products and services within your solution.
Where in the Azure portal can get high-level details about your Azure environment?
the Dashboard
What is resiliency?
the ability of a system to recover from failures and continue to function. It's not about avoiding failures, but responding to failures in a way that avoids downtime or data loss. The goal of resiliency is to return the application to a fully functioning state following a failure.
Define cloud agility. Provide an example.
the ability to rapidly change an IT infrastructure to adapt to the evolving needs of the business. For example, if your service peaks one month, you can scale to demand and pay a larger bill for the month. If the following month the demand drops, you can reduce the used resources and be charged less. This agility lets you manage your costs dynamically, optimizing spending as requirements change.
What three ideas are encompassed in serverless computing?
the abstraction of servers an event-driven scale micro-billing
What is serverless computing?
the abstraction of servers, infrastructure, and OSs. With it, Azure takes care of managing the server infrastructure and allocation/deallocation of resources based on demand. Infrastructure isn't your responsibility. Scaling and performance are handled automatically, and you are billed only for the exact resources you use. There's no need to even reserve capacity.
Where can you check your current usage and see any invoices from past billing cycles?
the billing page in the Azure portal
mixed reality
the combination of the real physical world with interactive virtual images or objects https://www.bing.com/videos/search?q=what+is+mixed+reality&&view=detail&mid=82A77D85E9FAA91A21AC82A77D85E9FAA91A21AC&&FORM=VRDGAR
access point
the computer or network device that serves as an interface between devices and the network the component of the LAN device that processes wireless traffic and communicates with the wired switch An access point is a device that creates a wireless local area network, or WLAN, usually in an office or large building. An access point connects to a wired router, switch, or hub via an Ethernet cable, and projects a Wi-Fi signal to a designated area. For example, if you want to enable Wi-Fi access in your company's reception area but don't have a router within range, you can install an access point near the front desk and run an Ethernet cable through the ceiling back to the server room.
What is the core idea with serverless computing regarding an application?
the core idea is that your application is broken into separate functions that run when triggered by some action.
What is data in transit?
the data actively moving from one location to another, such as across the internet or through a private network.
What does encrypting data in transit protect?
the data from outside observers and provides a mechanism to transmit data while limiting risk of exposure.
What is the difference between HTTP and HTTPS?
the difference between HTTP vs HTTPS is simply the presence of a SSL certificate. HTTP doesn't have SSL and HTTPS has SSL, which encrypts your information so your connections are secured. HTTPS also has TLS (Transport Layer Security) protocol that HTTP lacks. HTTPS is more secure than HTTP.
What happens when a Logic App trigger fires?
the engine creates an app instance that runs the actions in the workflow.
standard runtime environment
the execution environment provided to an application or software by the operating system. In it, the application can send instructions or commands to the processor and access other system resources such as RAM, which otherwise is not possible as most programming languages used are high level languages.
machine learning
the extraction of knowledge from data based on algorithms created from training data a data science technique that allows computers to use existing data to forecast future behaviors, outcomes, and trends. computers learn without being explicitly programmed
What does the term compute refer to?
the hosting model for the computing resources that your application runs on
What is the Internet of Things?
the interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data. the idea that everything / every device could be given an IP address and put on the internet. Ex. using your phone to turn on your microwave
If we start on the perimeter of the network, we're focused on limiting and eliminating attacks from what?
the internet
What engine is provided in Azure SQL Database?
the latest stable version
application dependencies
the libraries other than your project code that are required to create and run your application
In addition to managing Azure resource access with role-based access control (RBAC), a comprehensive approach to infrastructure protection should consider including what?
the ongoing audit of role members as their organization changes and evolves.
Why is the container approach more efficient than a full virtualized machine?
the operating system-level virtualization allows you to run multiple containers on a single host, without sacrificing the isolation that the virtual machine originally offered.
What is the format of the output of the Cloud Shell command az resource list \ --resource-group learn-080f4165-6fd2-46b7-a9b3-ed76d8d2cb3b \ --resource-type Microsoft.Web/sites?
the output is JSON
What is the cloud provider responsible for?
the physical hardware required to execute your work, and for keeping it up-to-date
What is vertical scaling?
the process of adding resources to increase the power of an existing server.
What is authorization?
the process of establishing what level of access an authenticated person or service has. It specifies what data they're allowed to access and what they can do with it. Defines what an individual or group of identities are allowed to do once authenticated. Uses a database to ID access level to give. Can be located on a central server such as RADIUS or TACACS+
What is encryption?
the process of making data unreadable and unusable to unauthorized viewers.
economies of scale
the property whereby long-run average total cost falls as the quantity of output increases the ability to do things more efficiently or at a lower-cost per unit when operating at a larger scale
Which computing model (VM, container, serverless) is fastest to deploy?
the serverless computing model is the fastest to deploy
What does the term five nines availability mean?
the service is guaranteed to be running 99.999 percent of the time. Although it's difficult to achieve 100 percent availability, many teams strive for at least five nines.
To what does the term "on-premises" refer?
the storage and maintenance of data on local hardware and servers.
In the Resource group's Overview panel, what information will you find?
the subscription it's in, the subscription ID, any tags that are applied, and a history of the deployments to this resource group.
To what does availability refer?
the time that a system is functional and working
In a three-tier architecture consisting of a web tier, application tier, and data tier, which tier does the user interact with? How is networking configured?
the web tier Users interact with the web tier directly, so that VM has a public IP address along with a private IP address. Users don't interact with the application or data tiers, so these VMs each have a private IP address only.
What happens to charges if, for example, you de-allocate a VM?
then you will not be billed for compute hours, I/O reads or writes or the private IP address since the VM is not running and has no allocated compute resources. However you will incur storage costs for the disks. NOTE: De-allocating a VM is not the same as deleting a VM. De-allocation means the VM is not assigned to a CPU or network in a datacenter. However, your persistent disks remain, and the resource is present in your subscription. It's similar to turning off your physical computer.
What should you keep in mind when using Availability Zones?
there could be a cost to duplicating your services and transferring data between these.
On what do the usage that a meter tracks and the number of meters associated with a resource depend?
they depend on the resource type
What can Blob Storage manage?
thousands of simultaneous uploads, massive amounts of video data, constantly growing log files, and can be reached from anywhere with an internet connection.
How do microservices communicate?
through a well-defined interface usually REST, or a messaging queue
If you are viewing the Azure portal on a screen with reduced horizontal space, where can you access the configuration options?
through an ellipsis (...) menu in the status bar at the top-right of the screen
How does Azure provide security and high availability?
through encryption and replication features.
How do you provide feedback on preview features?
through the "smiley" face icon on the portal or by posting ideas and suggestions on the Azure portal Feedback Forum.
How can tags be added and manipulated?
through the Azure portal, Azure CLI, Azure PowerShell, Resource Manager templates, and through the REST API. For example, to add a resource tag to a virtual network using the Azure CLI, you could use the following command: az resource tag --tags Department=Finance \ --resource-group msftlearn-core-infrastructure-rg \ --name msftlearn-vnet1 \ --resource-type "Microsoft.Network/virtualNetworks"
Where can you assign policy definitions?
through the Azure portal, PowerShell, or Azure CLI
In the Cloud Shell, how do you filter the resource list for a particular resource group and a particular type?
to 'az resource list', add ' \ ' + ENTER --resource-group [resource group ID] '\' + ENTER --resource-type [resource type] ' NOTE: '\' + ENTER allows the command to be continued to the next line
Scale (verb)
to add: - network bandwidth - memory - storage - compute power ...in order to achieve better performance
Why is placing each workload in an availability set highly recommended?
to avoid having a single point of failure in your VM architecture.
What can you use Azure SQL Database for?
to build data-driven applications and websites in the programming language of your choice without needing to manage infrastructure.
What does automating certificate management with Azure Key Vault help to do?
to reduce or eliminate the error prone task of manual certificate management
In what circumstance do you use Availability Zones?
to run mission-critical applications and build high-availability into your application architecture by co-locating your compute, storage, networking, and data resources within a zone and replicating in other zones.
What do cloud providers offer for digital security?
tools that help you mitigate security threats, and you must use these tools to protect the resources you use.
What can you do with several subscriptions that are governed by the same blueprint?
upgrade them at once
What can you do with Azure Portal dashboard JSON files?
upload and download them to other computers, or share with members of the Azure directory.
On what performance criteria are SLA targets measured?
uptime or response time for services
What happens at the end of each monthly billing cycle?
usage values will be charged to your payment method and the meters are reset.
How do you view access permissions, see a user's assigned role, and grant or remove access?
use the Access control (IAM) panel for the resource in Azure portal. On this panel, you can see who can access an area and their assigned role. Using this same panel, you can also grant or remove access.
How are you notified of a Distributed Denial of Service (DDoS) attack?
using Azure Monitor metrics
How do you create Azure Logic Apps?
using a visual designer in the Azure portal or in Visual Studio. The workflows are persisted as a JSON file with a known workflow schema.
Where can you define policy initiatives?
using the Azure portal, or command-line tools. In the portal, you use the "Authoring" section
How do users make requests in the cloud?
using the orchestrators web API
What do you need to supply when you assign policy definitions?
values for any parameters that are defined
What are the two types of scaling that cloud computing supports?
vertical and horizontal
From where are deployments from the Azure Marketplace store deployed? Using what?
via the Azure portal using a wizard-style user interface.
In the Total Cost of Ownership (TCO) calculator, after you have entered your workload and made adjustments to the calculator's assumptions, what do you do?
view the report The TCO calculator generates a detailed report based on the details you enter and the adjustments you make. The report allows you to compare the costs of your on-premises infrastructure with the costs of using Azure products and services to host your infrastructure in the cloud.
Which two compute services require a host operating system?
virtual machines containers
What is an easy way to differentiate between VMs and containers?
virtual machines virtualize the hardware, while containers virtualize the operating system
What physical security does Azure provide?
walls cameras gates security personnel strict procedures for employees ensures security rigor through independent security auditors
What are the ways the cloud providers provide physical security?
walls, cameras, gates, security personnel, and so on, to protect physical assets. They also have strict procedures in place to ensure employees have access only to those resources that they've been authorized to manage.
When is OpEx particularly appealing?
when demand fluctuates or is unknown
For which applications does serverless architecture work?
when the app logic can be separated to independent units, you can test them separately, update them separately, and launch them in microseconds, making this approach the fastest option for deployment.
What is a planned maintenance event?
when the underlying Azure fabric that hosts VMs is updated by Microsoft. It is done to: - patch security vulnerabilities - improve performance - add or update features Most of the time these updates are done without any impact to the guest VMs. But sometimes VMs require a reboot to complete an update. When the VM is part of an availability set, the Azure fabric updates are sequenced so not all of the associated VMs are rebooted at the same time. VMs are put into different update domains. Update domains indicate groups of VMs and underlying physical hardware that can be rebooted at the same time. Update domains are a logical part of each data center and are implemented with software and logic.
When is a replication type set up?
when you create a storage account
When editing a dashboard tile, how do you access the settings of a tile?
when you drag it onto the workspace, it opens the editor for that tile. Alternatively, you will find an Edit button on tiles that have settings
When can a hybrid cloud deployment be helpful?
when you have some things that cannot be put in the cloud, maybe for legal reasons. For example, you may have some specific pieces of data that cannot be exposed publicly (such as medical data) which needs to be held in your private datacenter. Another example is one or more applications that run on old hardware that can't be updated. In this case, you can keep the old system running locally, and connect it to the public cloud for authorization or storage.
When is Azure CLI a useful option when managing resource groups?
when you need to automate the process in the future.
When are Azure Functions commonly used?
when you need to perform work in response to an event, often via a REST request, timer, or message from another Azure service and when that work can be completed quickly, within seconds or less.
When editing a dashboard programmatically in the JSON file, when do you see the changes you have made?
when you upload the file back into Azure
What is a microservices architecture?
where you break solutions into smaller, independent pieces. For example, you may split a website into: - a container hosting your front end - another hosting your back end - a third for storage. This split allows you to separate portions of your app into logical sections that can be independently: - maintained - scaled - updated
What is physical security?
who can access the building, who can operate the server racks, and so on. cloud providers invest heavily in walls, cameras, gates, security personnel, etc. they have strict procedures in place to ensure employees have access only to those resources that they've been authorized to manage.
What is digital security?
who can connect to your systems and data over the network. cloud providers offer tools that help you mitigate security threats, and you must use these tools to protect the resources you use.
How have network perimeters become increasingly more porous?
with the explosion of bring your own device (BYOD), mobile apps, and cloud applications.
Where are Azure Portal dashboards stored?
within resource groups, just like virtual machines or storage accounts that you can manage within the portal.
Describe the certificates used in Azure.
x.509 v3 and can be signed by a trusted certificate authority, or they can be self-signed.
Can you store certificates in the Azure Key Vault?
yes
Could you use Azure containers or Azure Functions as part of a serverless architecture?
yes
In the Azure Portal, where can you change the default view to the customizable Dashboard?
you can change your default view to the customizable Dashboard from Settings.
What can you do with dashboards because they are stored as JSON files?
you can customize them programmatically. Also, some tile types can be query-based, so they update automatically when the source data changes.
If you are running in a serverless environment using Azure Functions, and the needs of the developer's app change, what can you do?
you can deploy the project in an environment that isn't serverless, which provides the flexibility to manage scaling, run on virtual networks, and even completely isolate the functions.
What is an advantage of the Azure Marketplace?
you can provision end-to-end solutions quickly and reliably, hosted in your own Azure environment.
What is the advantage of using cloud-based storage?
you can scale to meet your needs. If you find that you need more space to store your movie clips, you can pay a little more and add to your available space
What can be done to the independent units in a serverless architecture?
you can test them separately, update them separately, and launch them in microseconds, making this approach the fastest option for deployment.
Give an example where you combine multiple networking security services to manage your network security and provide an increased layered protection.
you can use Azure Firewall to protect inbound and outbound traffic to the Internet, and Network Security Groups to limit traffic to resources inside your virtual networks.
How is cloud computing like shopping for your own computer?
you choose the power and features you need to run your software
private cloud deployment
you create a cloud environment in your own datacenter and provide self-service access to compute resources to users in your organization. This offers a simulation of a public cloud to your users, but you remain completely responsible for the purchase and maintenance of the hardware and software services you provide.
What is the difference between renting a VM and owning a computer?
you don't have to buy any of the hardware or install the OS
What role do you need to upgrade a subscription to the Standard tier of Azure Security Center?
you must be assigned the role of Subscription Owner, Subscription Contributor, or Security Admin.
What are the customer and Azure security responsibilities at the Software as a Service (SaaS) level?
you outsource almost everything. SaaS is software that runs with an internet infrastructure. The code is controlled by the vendor but configured to be used by the customer. Azure is taking care of the operating system and of most foundational software like database management systems. Azure covers network security considerations, the application itself, and provides a mechanism for identity and directory infrastructure management. Everything is updated with the latest security patches and can be integrated with Azure Active Directory for access controls. For all cloud deployment types, you own your data and identities. You are responsible for helping secure your data and identities, your on-premises resources, and the cloud components you control (which vary by service type).