Azure Cloud Architect (AZ300)
Each major process or workload that's implemented by an app should have separate RPO and RTO values. A. True B. False
A. True
The act of adding more capacity to the instance increases the resources available to your application, but it does come with a limit. Virtual machines are limited to the capacity of the host they run on, and hosts themselves have physical limitations. This is known as: A. Scaling up B. Scaling out
A. Scaling up
A disaster recovery plan is a single document that details the procedures that are required to recover from data loss and downtime caused by a disaster, and identifies who's in charge of directing those procedures. A. True B. False
A. True
Different Azure services support various levels and concepts of replication. For example, This replication can be local (within a datacenter), zonal (between data centers within a region), or regional (between regions). A. Azure Storage B. Azure Recovery Services C. Azure SQL Database D. Azure Cosmos DB
A. Azure Storage replication capabilities depend on the replication type of selected for the storage account. This replication can be local (within a datacenter), zonal (between data centers within a region), or regional (between regions). Neither your application nor your operators interact with it directly. Failovers are automatic and transparent, and you simply need to select a replication level that balances cost and risk.
Which two are a part of Scalability and performance patterns and practices A. Use a messaging layer between services B. Implement scale units C. Performance monitoring D. Data partitioning E. none of these
A. B. C. D. - All are correct
Scalability and performance patterns and practices Many types of applications require background tasks that run independently of the user interface (UI). Examples include batch jobs, intensive processing tasks, and long-running processes such as workflows. Background jobs can be executed without requiring user interaction--the application can start the job and then continue to process interactive requests from users. This can help to minimize the load on the application UI, which can improve availability and reduce interactive response times. This describes which practice and pattern: A. Decouple resource-intensive tasks as background jobs B. Caching C. Auto Scaling D. Data partitioning E. none of these
A. Decouple resource-intensive tasks as background jobs
Which of the following would be an example of something you might address in the availability & recoverability pillar? A. Defining a policy for virtual machine backup B. Enabling multi-factor authentication for all administrative accounts C. Evaluating your cloud spend to identify areas of cost savings D. Moving to an autoscaling service to dynamically handle fluctuations in load
A. Defining a policy for virtual machine backup
Which of the following is an example of an attack you might see at the policies & access layer? A. Exposed credentials posted online B. A SYN flood attack C. Following an employee into a datacenter without presenting credentials D. Ransomware that encrypts the disks of a virtual machine
A. Exposed credentials posted online
Scalability and performance patterns and practices Look across all layers of your application and identify and remediate performance bottlenecks in your application. These bottlenecks could be poor memory handling in your application, or even the process of adding indexes into your database. This is a part of A. Performance monitoring B. Networking C. Performance measuring D. Data Partitioning E. none of the above
A. Performance monitoring
High-availability designs typically aim to eliminate the impact of incidents quickly and automatically and ensure that the system can continue to process requests with little to no impact. A. True B. False
A. True
Recovery Point Objective (RPO): The maximum duration of acceptable data loss. RPO is measured in units of time, not volume: "30 minutes of data", "four hours of data", and so on. A. True B. False
A. True
Scalability and performance patterns and practices With a thorough approach to performance monitoring, you'll be able to determine what types of patterns and practices your architecture will benefit from. A. True B. False
A. True
Scaling out requires some type of load distribution. A. True B. False
A. True
Scaling up is concerned with adding more resources, such as CPU or memory, to a single instance. This instance could be a virtual machine or a PaaS service. A. True B. False
A. True
The act of adding more capacity to the instance increases the resources available to your application, but it does come with a limit. A. True B. False
A. True
The common principles used to define a security posture are confidentiality, integrity, and availability. Availability - Ensure services are available to authorized users. Denial of service attacks are a prevalent cause of loss of availability to users. Natural disasters also drive system design to prevent single points of failure and deploy multiple instances of an application to geo-dispersed locations. A. True B. False
A. True
The exact nature of a disaster isn't as important to the risk analysis as its potential impact through data loss and application downtime. Explore various kinds of hypothetical disasters and try to be specific when thinking about their effects. For example, a targeted malicious attack may modify code or data that results in a different kind of impact than an earthquake that disrupts network connectivity and datacenter availability. A. True B. False
A. True
The process of specifying an RPO and RTO is effectively the creation of disaster recovery requirements for your application. A. True B. False
A. True
Virtual machines are limited to the capacity of the host they run on, and hosts themselves have physical limitations. Eventually, when you scale up an instance, you can run into these limits, restricting your ability to add further resources to the instance. A. True B. False
A. True
When scaling out: The advantage of scaling out is that you can conceivably scale out forever if you have more machines to add to the architecture. A. True B. False
A. True
_______________ is a globally distributed database system, and replication is central to its implementation. With __________________ , instead of configuring replication directly, you configure options related to partitioning and data consistency.
Azure Cosmos DB
Which two are a part of Scalability and performance patterns and practices A. Use a messaging layer between services B. Cloud Migrations C. Decouple resource-intensive tasks as on premise jobs D. Data partitioning E. none of these
A. Use a messaging layer between services D. Data partitioning
Which two are a part of Scalability and performance patterns and practices A. Use a messaging layer between services B. Seamless Integration C. Service Level Agreements D. Data partitioning E. all of the above
A. Use a messaging layer between services D. Data partitioning
At each layer, there are some common attacks that you will want to protect against. These are not all-inclusive, but can give you an idea of how each layer can be attacked and what types of protections you may need to look at. Common attacks include SQL injection and cross-site scripting (XSS).
Application layer: Malicious code injection and execution are the hallmarks of application-layer attacks. Common attacks include SQL injection and cross-site scripting (XSS).
At each layer, there are some common attacks that you will want to protect against. These are not all-inclusive, but can give you an idea of how each layer can be attacked and what types of protections you may need to look at. Malicious code injection and execution are the hallmarks of this layer. Common attacks include SQL injection and cross-site scripting (XSS).
Application layer: Malicious code injection and execution are the hallmarks of application-layer attacks. Common attacks include SQL injection and cross-site scripting (XSS).
The common principles used to define a security posture are confidentiality, integrity, and availability, known collectively as CIA. _________________ - Ensure services are available to authorized users. Denial of service attacks are a prevalent cause of loss of availability to users. Natural disasters also drive system design to prevent single points of failure and deploy multiple instances of an application to geo-dispersed locations.
Availability - Ensure services are available to authorized users. Denial of service attacks are a prevalent cause of loss of availability to users. Natural disasters also drive system design to prevent single points of failure and deploy multiple instances of an application to geo-dispersed locations.
To use Azure datacenters that are made available with power, cooling, and networking capabilities independent from other datacenters in a region, choose a region that supports _________? Geography distribution Service-Level Agreements (SLAs) Availability Zones
Availability Zones
_______________ replication is automatic at a small scale, but recovery from a full Azure datacenter or regional outage requires geo-replication. Setting up geo-replication is manual, but it's a first-class feature of the service and well supported by documentation.
Azure SQL Database
___________________ replication capabilities depend on the replication type of selected for the storage account. This replication can be local (within a datacenter), zonal (between data centers within a region), or regional (between regions). Neither your application nor your operators interact with it directly. Failovers are automatic and transparent, and you simply need to select a replication level that balances cost and risk.
Azure Storage
Azure general-purpose storage accounts have four internal services: ■ Blob Binary Large Object data; Intended for text and binary data, including log fi les, media fi les, database fi les, VM disks, and so forth ■ Table NoSQL data storage that is now part of Azure Cosmos DB product family ■ Queue Reliable messaging service to support a microservices application architecture ■ File Managed Server Message Block (SMB) fi le shares for cloud and on-premises servers
Azure general-purpose storage accounts have four internal services: ■ Blob Binary Large Object data; Intended for text and binary data, including log fi les, media fi les, database fi les, VM disks, and so forth ■ Table NoSQL data storage that is now part of Azure Cosmos DB product family ■ Queue Reliable messaging service to support a microservices application architecture ■ File Managed Server Message Block (SMB) fi le shares for cloud and on-premises servers
Principle used to define a security posture: Ensure services are available to authorized users. Denial of service attacks are a prevalent cause of loss of availability to users. Natural disasters also drive system design to prevent single points of failure and deploy multiple instances of an application to geo-dispersed locations. A. Confidentiality B. Availability C. Scalability D. Redundancy E. none of the above
B. Availability
Different Azure services support various levels and concepts of replication. For example, With _____________________, instead of configuring replication directly, you configure options related to partitioning and data consistency. A. Azure SQL Database B. Azure Cosmos DB C. Azure Storage D. Azure Recovery Services
B. Azure Cosmos DB is a globally distributed database system, and replication is central to its implementation. With Azure Cosmos DB, instead of configuring replication directly, you configure options related to partitioning and data consistency.
Different Azure services support various levels and concepts of replication. For example, For this service replication capabilities depend on the replication type of selected for the storage account. A. Azure SQL Database B. Azure Storage C. Azure Cosmos DB D. Azure Kerbernetes
B. Azure Storage replication capabilities depend on the replication type of selected for the storage account. This replication can be local (within a datacenter), zonal (between data centers within a region), or regional (between regions). Neither your application nor your operators interact with it directly. Failovers are automatic and transparent, and you simply need to select a replication level that balances cost and risk.
Scalability and performance patterns and practices A mechanism to store frequently used data or assets (web pages, images) for faster retrieval. This is part of: A. Decouple resource-intensive tasks as background jobs B. Caching C. Implement scale units D. Data partitioning E. none of these
B. Caching
Which of the following would be an example of something you might address in the security pillar? A. Defining a policy for virtual machine backup B. Enabling multi-factor authentication for all administrative accounts c. Evaluating your cloud spend to identify areas of cost savings D. Moving to an autoscaling service to dynamically handle fluctuations in load
B. Enabling multi-factor authentication for all administrative accounts
Designing for availability focuses on maintaining data through small-scale incidents and temporary conditions like partial network outages. A. True B. False
B. False
Recovery Point Objective (RPO): The minimum duration of acceptable data loss. RPO is measured in units of time, not volume: "30 minutes of data", "four hours of data", and so on. A. True B. False
B. False - Recovery Point Objective (RPO): The maximum duration of acceptable data loss. RPO is measured in units of time, not volume: "30 minutes of data", "four hours of data", and so on. RPO is about limiting and recovering from data loss, not data theft.
The common principles used to define a security posture are confidentiality, integrity, and availability. Integrity - The prevention of authorized changes to information at deletion. A common approach used in data transmission is for the sender to create a unique fingerprint of the data using a two-way hashing algorithm. The hash is sent to the receiver and the secret store along with the data. The data's hash is recalculated and compared to the original by the sender to ensure the data wasn't lost or modified in transit. A. True B. False
B. False Integrity - The prevention of unauthorized changes to information at rest or in transit. A common approach used in data transmission is for the sender to create a unique fingerprint of the data using a one-way hashing algorithm. The hash is sent to the receiver along with the data. The data's hash is recalculated and compared to the original by the receiver to ensure the data wasn't lost or modified in transit.
The common principles used to define a security posture are confidentiality, integrity, and availability. Confidentiality - Principle of least privilege. Restricts access to buildings only to individuals explicitly granted access. This includes protection of user homes, remote access, and email addresses. A. True B. False
B. False Confidentiality - Principle of least privilege. Restricts access to information only to individuals explicitly granted access. This information includes protection of user passwords, remote access certificates, and email content.
Each major process or workload that's implemented by an app should have a single RPO and RTO value. A. True B. False
B. False - Each major process or workload that's implemented by an app should have separate RPO and RTO values.
High-availability designs typically aim to eliminate the impact of incidents manually and ensure that the systems can continue to process requests with little to no impact. A. True B. False
B. False - High-availability designs typically aim to eliminate the impact of incidents quickly and automatically and ensure that the system can continue to process requests with little to no impact.
Recovery Point Objective (RPO): The maximum amount of acceptable data loss. RPO is measured in units of data, not time: "30 megabytes of data", "four GB of data", and so on. A. True B. False
B. False - Recovery Point Objective (RPO): The maximum duration of acceptable data loss. RPO is measured in units of time, not volume: "30 minutes of data", "four hours of data", and so on. RPO is about limiting and recovering from data loss, not data theft.
Which two are a part of Scalability and performance patterns and practices A. Performance B. Scaling in C. Caching D. Autoscaling E. none of these
C. Caching D. Autoscaling
Recovery Time Objective (RTO) The maximum duration of acceptable data loss. RTO is measured in units of time, not volume: "30 minutes of data", "four hours of data", and so on. RTO is about limiting and recovering from data loss, not data theft. A. True B. False
B. False - Recovery Time Objective (RTO): The maximum duration of acceptable downtime, where "downtime" needs to be defined by your specification. For example, if the acceptable downtime duration is eight hours in the event of a disaster, then your RTO is eight hours.
Recovery Time Objective (RTO): The maximum duration of acceptable downtime, where "downtime" is defined by the Azure SLA. For example, if the acceptable downtime duration is eight hours in the event of a disaster, then the Azure RTO is eight hours. A. True B. False
B. False - Recovery Time Objective (RTO): The maximum duration of acceptable downtime, where "downtime" needs to be defined by your specification. For example, if the acceptable downtime duration is eight hours in the event of a disaster, then your RTO is eight hours.
Scaling out is concerned with adding more resources, such as CPU or memory, to a single instance to make it more powerful. This instance could be a virtual machine or a PaaS service. A. True B. False
B. False - Scaling out is concerned with adding additional instances to a service. These can be virtual machines or PaaS services, but instead of adding more capacity by making a single instance more powerful, we add capacity by increasing the overall total number of instances
Scaling up is concerned with adding more resources, such as CPU or memory, to a single instance. This instance could be a virtual machine or an IaaS service. A. True B. False
B. False - Scaling up is concerned with adding more resources, such as CPU or memory, to a single instance. This instance could be a virtual machine or a PaaS service.
Scaling up is concerned with adding more resources, such as CPU or memory, to a single resource pool. This resource pool could be a virtual machine or a PaaS service. The act of adding more capacity to the resource pool increases the resources available to your application, but it does come with a limit. Virtual machines are limited to the capacity of the host they run on, and hosts themselves have physical limitations. Eventually, when you scale up a resource pool, you can run into these limits, restricting your ability to add further resources to the instance. A. True B. False
B. False - Scaling up is concerned with adding more resources, such as CPU or memory, to a single instance. This instance could be a virtual machine or a PaaS service. The act of adding more capacity to the instance increases the resources available to your application, but it does come with a limit. Virtual machines are limited to the capacity of the host they run on, and hosts themselves have physical limitations. Eventually, when you scale up an instance, you can run into these limits, restricting your ability to add further resources to the instance.
The act of adding more capacity to the instance increases the resources available to your application, and it does not come with a limit. A. True B. False
B. False - The act of adding more capacity to the instance increases the resources available to your application, but it does come with a limit.
When scaling up: The act of adding more capacity to the instance increases the resources available to your storage account, but it does come with a limit. A. True B. False
B. False - The act of adding more capacity to the instance increases the resources available to your application, but it does come with a limit.
The advantage of scaling out is that you can conceivably scale out forever if you have more disk space to add to the architecture. Scaling out requires no load distribution. A. True B. False
B. False - The advantage of scaling out is that you can conceivably scale out forever if you have more machines to add to the architecture. Scaling out requires some type of load distribution.
Principle used to define a security posture: Principle of least privilege. Restricts access to information only to individuals explicitly granted access. This information includes protection of user passwords, remote access certificates, and email content. A. Recovery B. Integrity C. Confidentiality D. Availability E. none of the above
C. Confidentiality
The process of specifying an RPO and RTO is effectively the creation of disaster recovery requirements for your storage account. It requires establishing the priority of each resource group and category of users and performing a cost-benefit analysis. A. True B. False
B. False - The process of specifying an RPO and RTO is effectively the creation of disaster recovery requirements for your application. It requires establishing the priority of each workload and category of data and performing a cost-benefit analysis.
When you deploy a VM, Azure applies several default security rules to the VM that allow or deny traffic to or from the VM. You might override Azure's default rules or create additional rules. At some point, a VM may become unable to communicate with other resources, because of ________________ ____________ ____________ A. active directory awareness B. a security rule C. recovery time objectives D. azure service health E. none of the above
B. a security rule
Which of the following is an example of scaling out? A. Updating a virtual machine to a larger size B. Adding more storage to a virtual machine C. Adding more web servers into a web farm D. Replicating backups to another region
C. Adding more web servers into a web farm
Scalability and performance patterns and practices For each resource, determine the impact that a scaling activity may have on dependent systems. This makes applying scale-out operations easier, and less prone to negative impact on the application. For example, adding x number of web and worker roles might require y number of additional queues and z number of storage accounts to handle the additional workload generated by the roles. This is part of: A. Decouple resource-intensive tasks as background jobs B. Caching C. Implement scale units D. Data partitioning E. none of these
C. Implement scale units
The first step in creating a disaster recovery plan is ________________ _____________ _____________ _____________ that examines the impact of different kinds of disasters on the application. A. setting up Azure Recovery B. defining a natural disaster C. performing a risk analysis D. defining RTO and RPO
C. performing a risk analysis
Scaling up is concerned with adding more resources, such as ________________ or __________________ , to a single instance. This instance could be a virtual machine or a PaaS service.
CPU or memory
The common principles used to define a security posture are confidentiality, integrity, and availability, known collectively as CIA. ___________________ - Principle of least privilege. Restricts access to information only to individuals explicitly granted access. This information includes protection of user passwords, remote access certificates, and email content.
Confidentiality - Principle of least privilege. Restricts access to information only to individuals explicitly granted access. This information includes protection of user passwords, remote access certificates, and email content.
Which of the following types of data may need to have security protections? A. Customer data that contains personal information B. Financial data supporting business operations C. Intellectual property D. All of the above may need security protections
D. All of the above may need security protections
Different Azure services support various levels and concepts of replication. For example, This service is a globally distributed database system, and replication is central to its implementation. A. Azure Storage RBAC (Role Based Access) B. Azure Recovery Services C. Azure mySQL Database D. Azure Cosmos DB
D. Azure Cosmos DB is a globally distributed database system, and replication is central to its implementation. With Azure Cosmos DB, instead of configuring replication directly, you configure options related to partitioning and data consistency.
Different Azure services support various levels and concepts of replication. For example, For this service replication is automatic at a small scale, but recovery from a full Azure datacenter or regional outage requires geo-replication. A. Azure Site-to-Site Recovery B. Azure Full Replication C. Azure Cosmos DB D. Azure SQL Database
D. Azure SQL Database replication is automatic at a small scale, but recovery from a full Azure datacenter or regional outage requires geo-replication. Setting up geo-replication is manual, but it's a first-class feature of the service and well supported by documentation.
Different Azure services support various levels and concepts of replication. For example, Failovers are automatic and transparent, and you simply need to select a replication level that balances cost and risk. A. Azure SQL Database B. Azure Cosmos DB C. Azure Storage D. Azure Recovery Services
D. Azure Storage replication capabilities depend on the replication type of selected for the storage account. This replication can be local (within a datacenter), zonal (between data centers within a region), or regional (between regions). Neither your application nor your operators interact with it directly. Failovers are automatic and transparent, and you simply need to select a replication level that balances cost and risk.
Principle of least privilege. Restricts access to information only to individuals explicitly granted access. This information includes protection of user passwords, remote access certificates, and email content. A. Hashing B. Denial C. Certificate D. Confidentiality E. none of the above
D. Confidentiality
Scalability and performance patterns and practices In many large-scale solutions, data is divided into separate partitions that can be managed and accessed separately. The partitioning strategy must be chosen carefully to maximize the benefits while minimizing adverse effects. Partitioning can help improve scalability, reduce contention, and optimize performance. This describes which practice and pattern: A. Disk partitioning B. Caching C. Auto Scaling D. Data partitioning E. none of these
D. Data partitioning
Principle used to define a security posture: The prevention of unauthorized changes to information at rest or in transit. A common approach used in data transmission is for the sender to create a unique fingerprint of the data using a one-way hashing algorithm. The hash is sent to the receiver along with the data. The data's hash is recalculated and compared to the original by the receiver to ensure the data wasn't lost or modified in transit. A. Caching B. Confidentiality C. Cosmos D. Integrity E. none of the above
D. Integrity
Scalability and performance patterns and practices Look across all layers of your application and identify and remediate performance bottlenecks in your application. These bottlenecks could be poor memory handling in your application, or even the process of adding indexes into your database. It may be an iterative process as you relieve one bottleneck and then uncover another that you were unaware of. This describes which practice and pattern: A. Decouple resource-intensive tasks as background jobs B. Use a messaging layer between services C. Implement scale units D. Performance monitoring E. none of these
D. Performance monitoring
Which of the following is an example of scaling up? A. Updating your application to use a queuing service B. Adding more web servers into a web farm C. Adding another virtual machine into a database cluster D. Updating a virtual machine to a larger size E. all of the above
D. Updating a virtual machine to a larger size
Scaling out is concerned with adding additional instances to a service. These can be virtual machines or PaaS services, but instead of adding more capacity by making a single instance more powerful, we add capacity by increasing the overall total number of instances. The advantage of scaling out is that you can conceivably scale out forever if you have more machines to add to the _________________. Scaling out requires some type of load distribution. This could be in the form of a load balancer distributing requests across available servers, or a service discovery mechanism for identifying active servers to send requests to. A. SQL Server B. application C. region D. architecture E. none of the above
D. architecture
Designing for recoverability focuses on recovery from data loss and from larger scale disasters. Recovery from these types of incidents often involves active intervention, though ____________________ recovery steps can reduce the time needed to recover. These types of incidents may result in some amount of downtime or permanently lost data. Disaster recovery is as much about careful planning as it is about execution. A. manual B. runbook C. auxillary D. automated
D. automated
At each layer, there are some common attacks that you will want to protect against. These are not all-inclusive, but can give you an idea of how each layer can be attacked and what types of protections you may need to look at. Exposing an encryption key or using weak encryption can leave your data vulnerable should unauthorized access occur.
Data layer: Exposing an encryption key or using weak encryption can leave your data vulnerable should unauthorized access occur.
Scalability and performance patterns and practices Adding a messaging layer in between services can have a benefit to performance and scalability. Adding a messaging layer creates a buffer for requests between the services so that requests can continue to flow in without error if the application can't keep up. As the application works through the requests, they will be answered in the order in which they were received. This describes which practice and pattern: A. Decouple resource-intensive tasks as background jobs B. Caching C. Auto Scaling D. Data partitioning E. none of these
E. none of these
The common principles used to define a security posture are confidentiality, integrity, and availability, known collectively as CIA. _________________ - The prevention of unauthorized changes to information at rest or in transit. A common approach used in data transmission is for the sender to create a unique fingerprint of the data using a one-way hashing algorithm. The hash is sent to the receiver along with the data. The data's hash is recalculated and compared to the original by the receiver to ensure the data wasn't lost or modified in transit.
Integrity - The prevention of unauthorized changes to information at rest or in transit. A common approach used in data transmission is for the sender to create a unique fingerprint of the data using a one-way hashing algorithm. The hash is sent to the receiver along with the data. The data's hash is recalculated and compared to the original by the receiver to ensure the data wasn't lost or modified in transit.
KNOW YOUR TERM In the context of: The common principles used to define a security posture. Availability
MEANING Ensure services are available to authorized users. Denial of service attacks are a prevalent cause of loss of availability to users. Natural disasters also drive system design to prevent single points of failure and deploy multiple instances of an application to geo-dispersed locations.
KNOW YOUR TERM In the context of: The common principles used to define a security posture. Confidentiality
MEANING Principle of least privilege. Restricts access to information only to individuals explicitly granted access. This information includes protection of user passwords, remote access certificates, and email content.
KNOW YOUR TERM In the context of:The common principles used to define a security posture. Integrity
MEANING The prevention of unauthorized changes to information at rest or in transit. A common approach used in data transmission is for the sender to create a unique fingerprint of the data using a one-way hashing algorithm. The hash is sent to the receiver along with the data. The data's hash is recalculated and compared to the original by the receiver to ensure the data wasn't lost or modified in transit.
At each layer, there are some common attacks that you will want to protect against. These are not all-inclusive, but can give you an idea of how each layer can be attacked and what types of protections you may need to look at. These attacks attempt to overwhelm network resources, forcing them to go offline or making them incapable of responding to legitimate requests.
Perimeter layer: Denial-of-service (DoS) attacks are often seen at this layer. These attacks attempt to overwhelm network resources, forcing them to go offline or making them incapable of responding to legitimate requests.
RPO
Recovery Point Objective (RPO): The maximum duration of acceptable data loss. RPO is measured in units of time, not volume: "30 minutes of data", "four hours of data", and so on. RPO is about limiting and recovering from data loss, not data theft.
The common principles used to define a security posture are confidentiality, integrity, and availability, known collectively as CIA. _________________ - The prevention of unauthorized deletion to information at rest or in transit. A common approach used in data transmission is for the receiver to create a unique fingerprint of the data using a one-way hashing algorithm. The hash is sent to the sender along with the data. The data's hash is accepted and compared to the original by the sender to ensure the data wasn't lost or modified in transit.
NOT CORRECT!!! Integrity - The prevention of unauthorized changes to information at rest or in transit. A common approach used in data transmission is for the sender to create a unique fingerprint of the data using a one-way hashing algorithm. The hash is sent to the receiver along with the data. The data's hash is recalculated and compared to the original by the receiver to ensure the data wasn't lost or modified in transit.
Neither replication nor backup are complete _________________ ________________ solutions on their own. A. data security B. database recovery C. scaling out D. disaster recovery
Neither replication nor backup are complete disaster recovery solutions on their own. Data recovery is only one component of disaster recovery, and replication will not fully satisfy many kinds of disaster recovery scenarios. For example, in a data corruption scenario, the nature of the corruption may allow it to spread from the primary data store to the replicas, rendering all the replicas useless and requiring a backup for recovery.
At each layer, there are some common attacks that you will want to protect against. These are not all-inclusive, but can give you an idea of how each layer can be attacked and what types of protections you may need to look at. Unnecessary open ports to the Internet are a common method of attack. These could include leaving SSH or RDP open to virtual machines. When open, these could allow brute-force attacks against your systems as attackers attempt to gain access.
Networking layer: Unnecessary open ports to the Internet are a common method of attack. These could include leaving SSH or RDP open to virtual machines. When open, these could allow brute-force attacks against your systems as attackers attempt to gain access.
At each layer, there are some common attacks that you will want to protect against. These are not all-inclusive, but can give you an idea of how each layer can be attacked and what types of protections you may need to look at. When open, these could allow brute-force attacks against your systems as attackers attempt to gain access.
Networking layer: Unnecessary open ports to the Internet are a common method of attack. These could include leaving SSH or RDP open to virtual machines. When open, these could allow brute-force attacks against your systems as attackers attempt to gain access.
The maximum duration of acceptable data loss.
Recovery Point Objective (RPO)
At each layer, there are some common attacks that you will want to protect against. These are not all-inclusive, but can give you an idea of how each layer can be attacked and what types of protections you may need to look at. Denial-of-service (DoS) attacks are often seen at this layer. These attacks attempt to overwhelm network resources, forcing them to go offline or making them incapable of responding to legitimate requests.
Perimeter layer: Denial-of-service (DoS) attacks are often seen at this layer. These attacks attempt to overwhelm network resources, forcing them to go offline or making them incapable of responding to legitimate requests.
At each layer, there are some common attacks that you will want to protect against. These are not all-inclusive, but can give you an idea of how each layer can be attacked and what types of protections you may need to look at. Unauthorized access to facilities through methods such as door drafting and theft of security badges can be seen at this layer.
Physical layer: Unauthorized access to facilities through methods such as door drafting and theft of security badges can be seen at this layer.
At each layer, there are some common attacks that you will want to protect against. These are not all-inclusive, but can give you an idea of how each layer can be attacked and what types of protections you may need to look at. Exposed credentials are a risk here and it's important to limit the permissions of identities. We also want to have monitoring in place to look for possible compromised accounts, such as logins coming from unusual places.
Policies & access layer: This is where authentication occurs for your application. This could include modern authentication protocols such as OpenID Connect, OAuth, or Kerberos-based authentication such as Active Directory. Exposed credentials are a risk here and it's important to limit the permissions of identities. We also want to have monitoring in place to look for possible compromised accounts, such as logins coming from unusual places.
At each layer, there are some common attacks that you will want to protect against. These are not all-inclusive, but can give you an idea of how each layer can be attacked and what types of protections you may need to look at. This is where authentication occurs for your application. This could include modern authentication protocols such as OpenID Connect, OAuth, or Kerberos-based authentication such as Active Directory.
Policies & access layer: This is where authentication occurs for your application. This could include modern authentication protocols such as OpenID Connect, OAuth, or Kerberos-based authentication such as Active Directory. Exposed credentials are a risk here and it's important to limit the permissions of identities. We also want to have monitoring in place to look for possible compromised accounts, such as logins coming from unusual places.
At each layer, there are some common attacks that you will want to protect against. These are not all-inclusive, but can give you an idea of how each layer can be attacked and what types of protections you may need to look at. This is where authentication occurs for your application. This could include modern authentication protocols such as OpenID Connect, OAuth, or Kerberos-based authentication such as Active Directory. Exposed credentials are a risk here and it's important to limit the permissions of identities. We also want to have monitoring in place to look for possible compromised accounts, such as logins coming from unusual places.
Policies & access layer: This is where authentication occurs for your application. This could include modern authentication protocols such as OpenID Connect, OAuth, or Kerberos-based authentication such as Active Directory. Exposed credentials are a risk here and it's important to limit the permissions of identities. We also want to have monitoring in place to look for possible compromised accounts, such as logins coming from unusual places.
Designing for _____________________ focuses on recovery from data loss and from larger scale disasters. Recovery from these types of incidents often involves active intervention, though automated recovery steps can reduce the time needed to recover. These types of incidents may result in some amount of downtime or permanently lost data. Disaster recovery is as much about careful planning as it is about execution.
Recoverability
Measured in units of time, not volume: "30 minutes of data", "four hours of data", and so on.
Recovery Point Objective (RPO)
The maximum duration of acceptable data loss. ________________ is measured in units of time, not volume: "30 minutes of data", "four hours of data", and so on and is about limiting and recovering from data loss, not data theft.
Recovery Point Objective (RPO): The maximum duration of acceptable data loss. RPO is measured in units of time, not volume: "30 minutes of data", "four hours of data", and so on. RPO is about limiting and recovering from data loss, not data theft.
For example, if the acceptable downtime duration is eight hours in the event of a disaster, then your _________________ is eight hours.
Recovery Time Objective (RTO): The maximum duration of acceptable downtime, where "downtime" needs to be defined by your specification. For example, if the acceptable downtime duration is eight hours in the event of a disaster, then your RTO is eight hours.
RTO
Recovery Time Objective (RTO): The maximum duration of acceptable downtime, where "downtime" needs to be defined by your specification. For example, if the acceptable downtime duration is eight hours in the event of a disaster, then your RTO is eight hours.
The maximum duration of acceptable downtime, where "downtime" needs to be defined by your specification.
Recovery Time Objective (RTO): The maximum duration of acceptable downtime, where "downtime" needs to be defined by your specification. For example, if the acceptable downtime duration is eight hours in the event of a disaster, then your RTO is eight hours.
Deploying an app can be done directly to what level of physical granularity? Region Datacenter Server rack
Region
________________ ______________ is concerned with adding more resources, such as CPU or memory, to a single instance. This instance could be a virtual machine or a PaaS service. The act of adding more capacity to the instance increases the resources available to your application, but it does come with a limit. Virtual machines are limited to the capacity of the host they run on, and hosts themselves have physical limitations.
Scaling up
A great architecture starts with a solid foundation built on four pillars: What are the four pillars?
Security Performance and scalability Availability and recoverability Efficiency and operations
Application availability refers to what? The service level agreement of the associated resource. Application support for an availability zone. The overall time that a system is functional and working.
The overall time that a system is functional and working.
At each layer, there are some common attacks that you will want to protect against. These are not all-inclusive, but can give you an idea of how each layer can be attacked and what types of protections you may need to look at. Malware is a common method of attacking an environment, which involves executing malicious code to compromise a system. Once malware is present on a system, further attacks leading to credential exposure and lateral movement throughout the environment can occur.
VM/compute layer: Malware is a common method of attacking an environment, which involves executing malicious code to compromise a system. Once malware is present on a system, further attacks leading to credential exposure and lateral movement throughout the environment can occur.
At each layer, there are some common attacks that you will want to protect against. These are not all-inclusive, but can give you an idea of how each layer can be attacked and what types of protections you may need to look at. Once malware is present on a system, further attacks leading to credential exposure and lateral movement throughout the environment can occur.
VM/compute layer: Malware is a common method of attacking an environment, which involves executing malicious code to compromise a system. Once malware is present on a system, further attacks leading to credential exposure and lateral movement throughout the environment can occur.
You can ensure your application can handle localized failures by integrating high availability into each component of an application and eliminating_______________ ____________ of failure. Such a design also minimizes the impact of infrastructure maintenance.
single points
Scalability and performance patterns and practices Distributed applications and services running in the cloud are, by their nature, complex pieces of software that comprise many moving parts. In a production environment, it's important to be able to track the way in which users utilize your system, trace resource utilization, and generally monitor the health and performance of your system. You can use this information as a __________________ aid to detect and correct issues, and also to help spot potential problems and prevent them from occurring.
diagnostic
Scaling out is concerned with ___________________ additional instances to a service. These can be virtual machines or PaaS services, but instead of adding more capacity by making a single instance more powerful, we add capacity by increasing the overall total number of instances. The advantage of scaling out is that you can conceivably scale out forever if you have more machines to add to the architecture. Scaling out requires some type of load distribution. This could be in the form of a load balancer distributing requests across available servers, or a service discovery mechanism for identifying active servers to send requests to.
adding
Designing for ____________________ focuses on maintaining uptime through small-scale incidents and temporary conditions like partial network outages.
availability
Scaling out is concerned with adding additional instances to a service. These can be _________________ or _________________ services, but instead of adding more capacity by making a single instance more powerful, we add capacity by increasing the overall total number of instances. The advantage of scaling out is that you can conceivably scale out forever if you have more machines to add to the architecture. Scaling out requires some type of load distribution. This could be in the form of a load balancer distributing requests across available servers, or a service discovery mechanism for identifying active servers to send requests to.
virtual machines or PaaS
■ A Switch between the Explorer and Accounts views. ■ B Browse your storage accounts and/or other local or remote Azure assets. ■ C View properties of selected item; the Actions window displays the same option as right-clicking an object. ■ D Multitab interface to view more than one storage object simultaneously. ■ E Robust toolbar with upload/download/query controls. ■ F Get into the habit of right-clicking objects to see which actions are possible.
■ A Switch between the Explorer and Accounts views. ■ B Browse your storage accounts and/or other local or remote Azure assets. ■ C View properties of selected item; the Actions window displays the same option as right-clicking an object. ■ D Multitab interface to view more than one storage object simultaneously. ■ E Robust toolbar with upload/download/query controls. ■ F Get into the habit of right-clicking objects to see which actions are possible.