Azure Fundamentals (AZ-900)
How should you calculate the monthly uptime percentage?
(Maximum Available Minutes - Downtime in Minutes) / Maximum Available Minutes x 100 References: https://azure.microsoft.com/en-au/support/legal/sla/cloud-services/v1_0/
The feature which enables only authorized users to sign into Azure portal. In the "sign-in risk policy" we can enable both the Multi-factor Authentication (MFA) and the location too (here it is on-premises).
Azure Active Directory feature called "Identity Protection"
Gives subscription-level events that have occurred in Azure. This can be got from the "Monitor" section of the Azure portal. Can also be used to look for the activity of a Azure resource.
Azure Activity logs
Has built-in sensors to monitor user activities across the Azure network, detect suspicious user activities, malicious attacks within an org. Protects user identities in Azure AD.
Azure Advanced Threat Protection (ATP)
Gives recommendations on - Cost, Security, Performance, Operational Excellence and High Availability
Azure Advisor
PaaS offering that provides data models. Helps perform ad hoc data analysis using tools like Power BI and Excel.
Azure Analysis Service
A service that enables you to build and host web apps, mobile back ends, and RESTful APIs in the programming language of your choice without managing infrastructure.
Azure App Service
Allows you to route traffic based on the incoming URL. So if /images is in the incoming URL, you can route traffic to a specific set of servers (known as a pool) configured for images. If /video is in the URL, that traffic is routed to another pool that's optimized for videos.
Azure Application Gateway
Web traffic load balancer that enables you to manage traffic to your web apps. Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source and destination IP address and port
Azure Application Gateway
A feature of Azure Monitor is an extensible Application Performance Management (APM) service for web developers on multiple platforms
Azure Application Insights. Use it to monitor your live web application. It will automatically detect performance anomalies. (Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview)
Provides help to build decision intelligence into applications. This includes speech, vision, language, search, and decision.
Azure Cognitive Service
An Azure NoSQL data store where you don't define any schema at all for the table, and each item or row within the table can have different values, or different schema itself.
Azure Cosmos DB
Azure Security Center auto-configs the Network Security Groups (NSGs) and Azure Firewall to allow inbound traffic to the destination ports and requested source IP addresses or ranges, for a specified time. After it has expired, the Security Center restores the NSGs to their previous states.
Just-in-Time (JIT) access
What object is used to manage compliance, policies and even access across those multiple Azure subscriptions. All subscriptions within this object automatically inherit the conditions applied to this parent object.
Management Group
Service which can be enabled for your firewall to alert and deny traffic from/to known malicious IP addresses and domains.
Microsoft Threat Intelligence
Provides information to users on security, privacy, and compliance regulations and how the user's information that is collected is kept secure, and how Microsoft maintains integrity in collecting user's data.
Microsoft Trust Center (https://www.microsoft.com/en-in/trust-center)
Azure Synapse populat capacity mgmt feature (fka Azure SQL Data Warehouse)
Automatic Scaling is one of the features and benefits of Azure SQL Data Warehouse now known as "Azure Synapse". Azure Synapse is an analytics service that is used for enterprise data warehousing and Big Data analytics.
Enables the identities stored in Azure AD, third-party cloud services and on-premises AD to access the Azure resources
Azure AD Identity Governance
A service that allows developers to retrieve security tokens
Azure Active Directory (Azure AD)
Used only for "administrative" purposes of Azure AD accounts. Not used to store secrets related to Azure AD user accounts.
Azure Active Directory (Azure AD)
A service that has "MLib": a Machine Learning library consisting of common learning algorithms and utilities, including classification, regression, clustering, collaborative filtering, dimensionality reduction, as well as underlying optimization primitives.
Azure Databricks (Reference: https://docs.microsoft.com/en-us/azure/azure-databricks/what-is-azure-databricks)
Enables developers to efficiently manage virtual machines (VMs) and other PaaS resources without waiting for approvals
Azure DevTest Labs
Used to transfer data from an on-premises data center to the Azure Public Cloud. When using this service to transfer data from an on-premises data center to Azure Public cloud, the user is NOT charged for the inbound data transfer.
Azure Express Route
Allows you to restrict traffic to multiple virtual networks in multiple subscriptions. It's a managed, cloud-based network security service that protects your Azure Virtual Network resources. It is fully stateful with built-in high availability and unrestricted cloud scalability.
Azure Firewall
Used to add watermarks to e-mails and Microsoft Word documents by tagging them or by applying labels on them. Administrators classify the assets by specifying conditions. After the labels are applied, then those assets are tracked to prevent any information or data misuse or leakage.
Azure Information Protection
Enables Microsoft Azure applications and users to store and use several types of secret/key data
Azure Key Vault
Used to store secrets such as passwords related to Azure Active Directory (Azure AD) user accounts. Also store other secrets such as certificates, token, keys related to other Azure API services etc.
Azure Key Vault
Collects data on apps, guest OS, Azure resources, Azure subscriptions and also about the Azure tenant. Data types are: Logs and Metrics. "Log Analytics" helps to analyze the logs that are collected and "Metrics Explorer" helps to analyze the metrics that are collected
Azure Monitor
Helps users in drill-down of performance data, create visualizations, detect and diagnose issues across applications, etc. It also helps in collecting, analyzing, and acting on telemetry from Azure
Azure Monitor (https://docs.microsoft.com/en-us/azure/azure-monitor/overview)
Azure storage used to store random access files up to 8 TB in size, virtual hard drive (VHD) files and serve as disks for Azure virtual machines
Azure Page Blob storage
Allows a org to enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Evaluates your resources for non-compliance with assigned rules.
Azure Policy
Service designed to add rules relating to tagging of resources and groups, add restrictions on storage account SKUs, virtual machine instance types.
Azure Policy
All the policy definitions in Azure are grouped together and are called the "Initiative". It is a JSON document that contains all the policy definitions in it
Azure Policy Initiative definition (Reference: https://docs.microsoft.com/en-us/azure/governance/policy/concepts/initiative-definition-structure)
Blade to view a list of planned maintenance events that can affect the availability of an Azure subscription
Help+Support blade is CORRECT because under this you can find the details regarding the "Planned Maintenance"
An Azure service for storing large numbers of messages
Azure Queue Storage
A set of version control tools (software that help you track changes you make in your code over time ) that you can use to manage your code.
Azure Repos
Azure features is most likely to deliver the most immediate savings when it comes to reducing Azure costs?
Azure Reserved Instances often offer 40% or more savings off of the price of pay-as-you-go virtual machines
Azure Synapse was fka?
Azure SQL Data Warehouse
An advanced, unified infrastructure security management solution that provides features such as: >security health monitoring for both cloud and on-premises workloads; >security threat blocking through access and app controls. >adjustable security policies for maintaining regulatory and standards compliance; >security vulnerability discovery tools and patches; >advanced threat detection through security alerts and analytics
Azure Security Center
Provides alert detection, threat response, and helps in threat detection. Scalable and srtves as a Security Information Event Management (SIEM) solution.
Azure Sentinel
A distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices and containers.
Azure Service Fabric
A service that stores structured NoSQL data in the cloud, providing a key/attribute store with a schemaless design
Azure Table storage
A DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions
Azure Traffic Manager
Uses DNS to direct client requests to the most appropriate service endpoint based on a traffic-routing method and the health of the endpoints
Azure Traffic Manager
Used to notify you when spending exceeds the amount defined in the alert condition of the budget.
Budget alerts
Grow and shrink your resources based on demand
Elasticity
TRUE or FALSE?: An Azure virtual machine can be in multiple Resource Groups
FALSE: A VM can only be a part of a single resource group, at a time
TRUE or FALSE?: You can create an Azure support request from support.microsoft.com
FALSE: Azure Portal must be used.
TRUE or FALSE?: An Azure Storage account can contain up to 2 TB of data and up to one million files
FALSE: Azure Storage accounts are not limited by the size of the data or the number of files.
TRUE or FALSE?: Availability Zones are used to replicate data and applications to multiple regions
FALSE: By default Availability zones in Azure are used for replicating the applications and data within an Azure region only.
Data that is stored in the Archive access tier of an Azure Storage account must be __________ before the data can be accessed
Must be rehydrated before the data can be accessed is CORRECT because you must first change the tier of the blob to hot or cool. This process is known as rehydration and takes a matter of hours to complete.
Filter for network traffic to and from Azure resources in an Azure virtual network. Contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.
Network security groups (NSGs)
The company's migration plan states that only platform as a service (PaaS) solutions must be used in Azure. Solution: You create an Azure App Service and Azure Storage accounts. Does this meet the goal?
No, Azure Storage accounts are IaaS services, not PaaS services.
Expenditure model for an Azure pay-as-you-go subscription
Operational is CORRECT because the question says that the 1,000 virtual machines need to be migrated to Azure cloud and is asking which expenditure model would suit the most. Operational is obviously the correct answer because in Azure we pay only for what we use and therefore there would be a big savings in the operational expenditure of the project or for the company migrating to Azure cloud.
Use the combinations of prefixes from both networks to define how traffic is encrypted/decrypted through IPsec tunnels. It is typically built on firewall devices that perform packet filtering. IPsec tunnel encryption and decryption are added to the packet filtering and processing engine.
Policy-based VPN devices
Azure Portal method for moving a VM to a different host hypervisor
Possible by clicking "Redeploy" on the "Redeploy" blade of the virtual machine
Use any-to-any (wildcard) traffic selectors, and let routing/forwarding tables direct traffic to different IPsec tunnels. It is typically built on router platforms where each IPsec tunnel is modeled as a network interface or VTI (virtual tunnel interface).
Route-based VPN devices (e.g. Virtual Network Gateways)
The ability to dynamically leverage loadbalancers and event monitoring of CPU, Memory, Storage, and Bandwidth latency to grow or shrink your resources based on the demand of the application
Scalability
Blade that gives details on - Policy and Compliance, Threat Protection and Resource Security Hygiene.
Security Center blade
TRUE or FALSE?: A resource group can contain resources from multiple Azure regions
TRUE
TRUE or FALSE?: An Azure VM is a resource that CANNOT be deployed across multiple Resource Groups in an Azure subscription
TRUE
TRUE or FALSE?: Every Azure region has multiple data centers
TRUE
TRUE or FALSE?: Via Azure portal, you can use "Bash" is a viable option through "Cloud Shell"?
TRUE
TRUE or FALSE?: Azure provides flexibility between capital expenditure (CapEx) and operational expenditure (OpEx).
TRUE (see: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/business-outcomes/fiscal-outcomes)
TRUE or FALSE?: Data traffic between Azure services within the same Azure region is always Free
TRUE: For the same Azure Service, if it is in the same region, Azure does NOT charge the user for the data transfer and is always available for free.
Used to configure notifications to the user when Microsoft plans to perform maintenance activities on Azure
This can be checked from the "Service Health" in the user's Azure subscription.
Non-HTTP/S load-balancing services that can handle non-HTTP(S) traffic and are recommended for non-web workloads
Traffic Manager (Global) & Azure Load Balancer (Global) NOTE: HTTP(S) recommended LBs are Azure Front Door (Global) and Application Gateway (Regional)
