02-Governance and Compliance

Question 1

What are Datacenters organized into

Answer 1

Organized into Regions

Question 2

What are Regions

Answer 2

Geographical locations that create multiple Datacenters

Question 3

What to think about when deploying resources to a region

Answer 3

1 - When selecting Region, do you have legal authority to deploy resources to location

2 - Does that region have all the services I require to complete my mission

3 - Is that region as close as possible to my users (minimize latency)

4 - Are the services cheaper in that region (cost of doing business with Microsoft varies by region)

Question 4

How is planned maintenance done on region pairs

Answer 4

It is done one region at a time

Question 5

How far apart are region pairs

Answer 5

300 miles apart

Question 6

Who can create an Azure subscription

Answer 6

Only identities in Azure AD or in a directory that is trusted by Azure AD

Question 7

What is Azure Subscription

Answer 7

Logical unit of Azure services that is linked to an Azure account

Security and Billing Boundary

Question 8

How do you get a Subscription

Answer 8

1. Enterprise Agreement - customers make upfront commitment and user services
2. Resellers - provide simple way to purchase
3. Partners can design and implement your solution
4. Personal free account - start right away

Question 9

List subscription types

Answer 9

1. Free - $200 credit for first 30 days, free limited access for 12 months
2. Pay-as-you-go - monthly charge
3. CSP - Cloud Solutions Provider gives discounts
4. Enterprise - discounts for new licenses and Software Assurance
5. Student - $100 for 12 months

Question 10

What does Cost Management include

Answer 10

1. Conduct cost analysis
2. Create a budget
3. Review recommendations
4. Export the data

Question 11

What are Resource Tags?

Answer 11

Logically organize resources into categories

Use name-value pair

Gives metadata to resources

Helpful for rolling up billing informations

Question 12

What are Azure Reservations

Answer 12

Save money by pre-paying for services

Question 13

What are Azure Hybrid Benefits

Answer 13

Use Windows Server and SQL Server on-prem licenses with Software Assurances

Question 14

What are Azure Credits

Answer 14

Monthly credit benefit that allows you to experiment with, develop, and test new solutions on Azure

Question 15

How should you choose Regions to save money

Answer 15

Use low-cost locations and regions

Question 16

What are spot instances?

Answer 16

Take advantage of unused capacity and very low cost

Use for operations that can afford operation, such as batch processing.

You get 30 minute notice before eviction.

No SLA

Question 17

What are Management Groups

Answer 17

Manage multiple subscriptions.

Apply governance conditions and policies at scale

Targeting of policies and spend budgets across subscriptions and inheritance down the hierarchies

Compliance and cost reporting by organization (business/teams)

Question 18

What is Azure Policy

Answer 18

Service in Azure that you use to create, assign and manage policies

Runs evaluations and scans for non-compliant resources

Question 19

What are advantages of Azure Policy

Answer 19

1. Enforcement and compliance
2. Apply policies at scale
3. Remediation

Question 20

What are some things you can set with Azure policy

Answer 20

1. Allowed resource types
2. Allowed virtual machine SKUs
3. Allowed locations
4. Require tag and its value
5. Azure Backup should be enabled for Virtual Machines

Question 21

How to Implement Azure Policy

Answer 21

1. Browse Policy Definitions
2. Create Initiative Definitions
3. Scope the Initiative Definition
4. View Policy evaluation results

Question 22

What is scoping?

Answer 22

To what level do you want to assign an initiative definition, i.e. subscription, resource group?

Question 23

What is PCI

Answer 23

Payment Card Industry

Question 24

What are Initiative Definitions?

Answer 24

Set of Policies

Example: Initiative Definitions complies with PCI

Question 25

Policy Definitions

Answer 25

Many policy definitions are available

Import policies from GitHUB

Have specific JSON format

Require planning

Question 26

How do you Scope the Initiative Definition

Answer 26

Assign definition to Scope

Scope enforces Policy

Select subscription, and optionally the Resource Group

Question 27

How do you determine Compliance

Answer 27

See non-compliant initiatives, policies and resources in Dashboard

Question 28

What is Role Based Access Control

Answer 28

Fine-grained access management of resources in Azure

Helps you manage who has access to your resources, what they can do, and at what level

Who is the security principle
What specific operation can they carry out
Where is the scop

Question 29

What is Security Principle

Answer 29

Object that represents something that is requesting access to resources

Question 30

What is Role Definition

Answer 30

Collection of permissions that lists the operations that can be performed

Question 31

What is Scope

Answer 31

Boundary for the level of access that is requested

Question 32

What is Assignment

Answer 32

Attach a role definition to a security principle at a particular scope

Question 33

What is Role Definition

Answer 33

Is the what

What operations can or cannot be performed

Question 34

What is Role Assignment

Answer 34

Process of binding a role definition to a user, group, or service principal at a scope for the purpose of granting access

Binds the what to the who and the where

Question 35

What are Azure RBAC roles

Answer 35

Manage access to Azure RESOURCES

Scope specified at multiple levels

Question 36

What are Azure AD roles

Answer 36

Manage access to Azure AD OBJECTS

Scope is tenant level

Question 37

By default does Global Admin have access to Subscription resources

Answer 37

As Global Admin, they don’t have access to Subscription resources

They need to elevate their access first

Question 38

Fundamental RBAC Roles

Answer 38

1. Owner
2. Contributor
3. Reader
4. User Access Administrator

Question 39

Owner Permission

Answer 39

fill in

Question 40

Contributor

Answer 40

fill in

Question 41

Reader

Answer 41

fill in

Question 42

User Access Administrator

Answer 42

fill in

Question 43

ARM Template Advantages

Answer 43

Improves consistency

Express complex deployment

Less error - no fat fingering

Code based

Promotes reuse

Modular and can be linked

Simplifies orchestration

Question 44

Describe Template Schema

Answer 44

Defines all Resource manage resources in deployment

Written in JSON

Collection of key-value pairs

Each key is a string

Each value can be a string, number, Boolean expression, list of values, object

Question 45

Describe Template Parameters

Answer 45

Which values are configurable when template is run