1 Flashcards
What is “application migration”?
The process of moving applications from one computing environment to another, often as part of a cloud adoption strategy.
What is “application modernization”?
Updating legacy applications, processes, and data management with cloud computing technologies.
Modernization can help organizations improve IT performance, enhance customer and employee experiences, and accelerate time to market for new offerings and updates.
What is “artificial intelligence (AI)”?
The capability of a computer system to imitate human intelligence. Using math and logic, the computer system simulates the reasoning that humans use to learn from new information and make decisions.
What is “artificial intelligence (AI) vs. machine learning (ML)”?
“Intelligent” computers use AI to process information like humans do and complete tasks on their own. Machine learning—which is an application of AI—uses algorithms to enable computer systems to learn without human instruction and develop their own intelligence.
What is “big data analytics”?
Consists of the tools, systems, and applications that companies use to gather, process, and gain insights from vast, high-velocity datasets.
These complex datasets originate from various sources, including the internet, emails, social media, and smart devices.
What are “business analytics tools”?
Tools that extract data from business systems and integrate it into a repository, such as a data warehouse, where it can be analyzed.
Analytics tools range from spreadsheets with statistical functions to sophisticated data mining and predictive modeling tools.
What are “business intelligence (BI) tools”?
Tools that process large amounts of unstructured data in books, journals, documents, health records, images, files, email, video, and so forth, to help you discover meaningful trends and identify new business opportunities.
What is “caching”?
The process of storing important data in temporary memory more quickly and efficiently than conventionally stored data.
Caching helps to optimize database costs, improve throughput, reduce latency, and boost app performance.
What is a “cloud”?
A metaphor for a global computing network of remote servers that run applications, store data, and deliver content and services.
The cloud enables data to be accessed online from internet-enabled devices, rather than solely from local computers.
What is “cloud bursting”?
A configuration between a private cloud and a public cloud to manage demand for cloud resources. If 100 percent of the resource capacity in a private cloud is used, overflow traffic is directed to the public cloud using cloud bursting.
What is “cloud computing”?
A delivery model for computing resources in which various servers, applications, data, and other resources are integrated and provided as a service over the internet.
Resources are often virtualized, and users typically only pay for the services they use.
What are “cloud computing types”?
The three most popular ones are:
+ (SaaS) for web-based applications
+ (PaaS) to give developers the tools to build and host web applications.
+ (IaaS) for internet-based access to storage and computing, and platform as a service
What is “cloud migration”?
The process of moving some or all of a company’s resources to one or multiple locations in the cloud. Although cloud migration often entails moving resources from on-premises locations to a cloud provider’s servers, it can also entail moving resources between clouds.
What are “cloud migration benefits”?
The benefits of cloud migration include optimized IT costs, greater flexibility and scalability, enhanced security and compliance, improved business continuity, and simplified resource management and monitoring.
What is a “cloud service provider”?
A company that provides a cloud-based platform, infrastructure, application, or storage service, usually for a fee.
What are “computer grids”?
Groups of networked computers that act together to perform large tasks, such as analyzing huge sets of data and weather modeling.
Cloud computing lets you use vast computer grids for specific time periods and purposes, paying only for your usage, and saving the time and expense of purchasing and deploying the necessary resources yourself.
What is “computer vision”?
A form of AI that emulates the way that humans see, understand, and recognize images.
Computer vision uses algorithms and automation to enable computers to identify and interpret the people and objects that appear in images and videos.
What is a “container”?
A unit of software that groups an application’s code with the configuration files, libraries, and dependencies it needs to run. Containers allow IT teams to deploy applications across different environments with minimal adjustments.
What is “data governance”?
Data governance refers to the unique processes, policies, and standards that an organization uses to help keep its data secure, private, and accurate.
Organizations that rely on data for business growth need a strategy to manage that data effectively and efficiently.
What is “data integration”?
The process of combining and consolidating data from several different sources into a single system with a unified view.
What is a “data lake”?
A type of data repository that captures both relational and non-relational data from a variety of sources.
Unlike a data warehouse, which can only store structured data, a data lake can store semi-structured and unstructured data in addition to structured data.
What is “data migration”?
Transferring data from one storage location, like an on-premises server, to a different location, like the server of a cloud provider.
Data migration encompasses selecting, preparing, extracting, and transferring data from one computer storage system to another.
What are “data science scientists”?
Scientists who use technology, mathematical, business, and communication expertise to extract valuable information from large datasets. Data scientists use big data to uncover patterns, make predictions, and create strategies in a wide variety of fields.
What is a “data warehouse”?
A central storage location for structured and semi-structured data used for reporting and analysis.
Information can be sent to a data warehouse from a variety of sources, including point-of-sale systems, applications, and relational databases.
What is “database security”?
The processes, tools, and controls that organizations use to secure and protect their databases against threats and security risks.
Database security protects the database itself, database management systems, physical and virtual servers, and network infrastructure.
What is “database sharing”?
A type of partitioning that lets you divide a large database into smaller databases, which can be managed faster and more easily across servers.
What are “databases”?
At its broadest definition, a database is a collection of information that is related.
In computer science, a database refers to a collection of data that is stored on a computer system. The most basic types of databases are relational and nonrelational.
What is “deep learning”?
A type of machine learning in which artificial neural networks process, learn, and make decisions based on unstructured data.
It’s often used to analyze large, complex datasets, complete nonlinear tasks, and respond to inputs faster and more accurately than humans.
What is “DevOps”?
The union of people, process, and technology to enable continuous delivery of value to customers.
The practice of DevOps brings development and operations teams together to speed software delivery and make products more secure and reliable.
What is “edge computing”?
A technology that allows Internet of Things (IoT) devices to process data at the “edge” of a network, either by the device itself or by a local server. This improves response time on remote devices and allows businesses to get more timely insights from device data.
What is “elastic computing”?
The ability to dynamically provision and de-provision computer processing, memory, and storage resources to meet changing demands without worrying about capacity planning and engineering for peak usage.
What is “face recognition”?
A personal identification technology that relies on optical analysis to analyze an image. Face recognition can be used for face identification, grouping, and verification.
What is “grid computing”?
A service that uses a group of networked computers working together as a virtual supercomputer to perform large or data-intensive tasks.
What is “hybrid cloud computing”?
A type of computing where on-premises data centers are combined with cloud computing products and services in order to modernize legacy resources. This allows businesses to improve IT performance, optimize costs, and instantly scale capacity up or down.
What is “infrastructure as a service (Iaas)”?
A virtualized computer environment delivered as a service over the internet by a cloud provider. Infrastructure can include servers, network equipment, and software.
What is “Internet of Things (IoT)”?
The Internet of Things, or IoT, refers to equipment, machines, products, and devices that are connected to the cloud and configured to collect and securely transmit data.
IoT helps many industries analyze data and make informed decisions about that data in real-time.
What is “Java programming language”?
A multi-platform, object-oriented programming language that powers applications, smartphone operating systems, enterprise software, and many well-known programs on billions of devices worldwide.
What is “machine learning”?
The process of using mathematical models to predict outcomes instead of relying on a set of instructions. Is a subcategory of AI where computer software is “taught” to draw conclusions and make predictions from data.
The process bears similarity to how humans learn, in that increased experience can increase accuracy.
What are “machine learning algorithms”?
Help data scientists identify patterns within sets of data. Machine learning algorithms are selected based on the desired outcome—predicting values, identifying anomalies, finding structure, or determining categories—and are commonly divided by whether they’re used for supervised learning, unsupervised learning, or reinforcement learning.
What is “Microsoft Azure”?
The Microsoft cloud platform features a vast collection of products and services designed to help you bring new solutions to life. Azure enables you to build, run, and manage applications across multiple clouds, on-premises, and at the edge.
What is “middeware”?
Software that lies between an operating system and the applications running on it. Middleware enables communication and data management for distributed applications. Examples include web servers, application servers, and content management systems.
What is “mobile app development”?
All of the processes involved in the development, coding, and release of a mobile application for use on portable electronic devices like smartphones, tablets, laptops, e-readers, smart watches, and handheld game consoles.
What is “NoSQL”?
NoSQL is a set of nonrelational database technologies developed with unique capabilities to handle high volumes of unstructured and changing data. NoSQL technology offers dynamic schema, horizontal scaling, and the ability to store and retrieve data as columns, graphs, key-values, or documents.
What is “platforms as a service (PaaS)”?
A computing platform (operating system and other services) is delivered as a service over the internet by a cloud provider like Azure.
An application development environment that you can subscribe to and use immediately is an example of PaaS.
What is “PostgreSQL”?
An open-source relational database that’s popular with developers and administrators for its flexibility and integrity. PostgreSQL is used across a range of fields, including financial services, manufacturing, retail, and logistics.
What is “private cloud”?
Cloud computing services offered over the internet or over a private internal network to only select users and not the general public.
What are “private, public, vs hybrid clouds”?
+ A public cloud relies on cloud resources that are owned and operated by a third-party service provider.
+ While a private cloud is used exclusively by one organization.
+ A hybrid cloud combines on-premises infrastructure—or a private cloud—with a public cloud.
What is a “public cloud”?
Cloud computing services offered over the internet by a third-party provider and available to anyone who wants to purchase them.
What is “quantum computing”?
The use of quantum mechanics to run calculations on specialized hardware. Quantum computers apply the behaviors of quantum physics to computing, including superposition, entanglement, and quantum interference.
What is a “qubit”?
The basic unit of information in quantum computing. While a classical binary bit can only represent a single binary value, such as 1 or 0, a qubit (also known as a quantum bit) can represent 0 or 1 or any proportion of 0 and 1 in the superposition of both states.
What is a “relational database”?
An efficient, flexible type of database that stores and organizes data points with defined relationships for fast access. Data is organized into tables that hold information about each entity and display predefined categories as rows and columns.
What is “scaling out vs. scaling up”?
Vertical scaling (scaling up) lets you increase or decrease computing power or databases as needed. Horizontal scaling (scaling out) entails adding more databases or dividing a large database into smaller nodes, using a data partitioning approach called sharding.
What is “serverless computing”?
A computing model in which the cloud provider provisions and manages servers. It enables developers to spend more time building apps and less time managing infrastructure.
What is “software as a service (Saas)”?
An application delivered over the internet by a software provider. The application doesn’t have to be purchased, installed, or run on users’ computers and instead operates in the cloud.
What is “virtual desktop infrastructure (VDI)”?
IT infrastructure that allows you to access computer systems from almost any device (such as a personal computer, smartphone, or tablet). This service eliminates the need for your company to provide you with a physical machine.
What is a “virtual machine (VM)”?
A computer file (typically called an image) that behaves like an actual computer. Multiple virtual machines can run simultaneously on the same physical computer.
What is a “virtual private network (VPN)”?
A virtual private network that establishes a connection between your computer and a remote server owned by a VPN provider. This connection creates a point-to-point tunnel that encrypts your personal data, masks your IP address, and lets you get around website blocks and firewalls.
What is “virtualization”?
The act of creating a virtual version of a computing environment, including computer hardware, operating system, and storage devices. Organizations use virtualization to turn a single physical computer into multiple virtual machines that share the resources of the host machine.
What is “high availability”?
High availability focuses on ensuring maximum availability, regardless of disruptions or events that may occur.
What is “scalability”?
Scalability refers to the ability to adjust resources to meet demand.
What is “vertical scaling”?
This is adding or deleting CPUs or RAM to the virtual machine for more or less power. This is increasing or decreasing the power of machines.
What is “horizontal scaling”?
This is deploying less or more resources, more nodes, more servers, etc.
What is “reliability”?
Reliability is the ability of a system to recover from failures and continue to function.
What is “predictability”?
Moving forward with confidence. This is crucial in both performance and cost.
What is “performance predictability”?
Performance predictability focuses on predicting the resources needed to deliver a positive experience for your customers.
What is “cost predictability”?
Cost predictability is focused on predicting or forecasting the cost of the cloud spend.
What is “management OF the cloud”?
This involves managing cloud resources, possibly to:
+ Automatically scale resource deployment based on need.
+ Deploy resources based on a preconfigured template, removing the need for manual configuration.
+ Monitoring the health of resources and automatically replacing failing resources.
+ receiving automatic alerts based on configured metrics; real-time dashboard.
What is “management IN the cloud”?
How we are able to manage our cloud environment and resources:
+ through a web portal
+ using a command line interface
+ using API’s
+ using PowerShell.
What is “Cloud computing”?
on-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user.
What is “On-demand self-service”?
A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
What is “broad network access”?
Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations)
What is “Resource pooling”?
The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.
What is “Rapid elasticity”?
Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear unlimited and can be appropriated in any quantity at any time.
What is “measured service”?
Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts).
Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.
What is “multitenancy”?
Enables sharing of resources and costs across a large pool of users
What is “serverless computing”?
Serverless computing is a cloud computing code execution model in which the cloud provider fully manages starting and stopping virtual machines as necessary to serve requests.
What is “Function as a Service (Faas)”?
service-hosted remote procedure call that utilizes serverless computing to enable deploying individual functions in the cloud to run in response to events
What is a “private cloud”?
cloud infrastructure operated solely for a single organization, whether managed internally or by a third party, and hosted either internally or externally.
What is a “public cloud”?
Cloud services are considered “public” when they are delivered over the public Internet, and they may be offered as a paid subscription, or free of charge.
What is a “hybrid cloud”?
a composition of a public cloud and a private environment, such as a private cloud or on-premises resources, that remain distinct entities but are bound together, offering the benefits of multiple deployment models.
What is a “community cloud”?
shares infrastructure between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party, and either hosted internally or externally.
What is a “multi-cloud”?
use of multiple cloud computing services in a single heterogeneous architecture to reduce reliance on single vendors, increase flexibility through choice, mitigate against disasters, etc.
What is “agility”?
ability to react fast (scale quickly)
What is “fault tolerance”?
ability to maintain system uptime while physical and service component failures happen
What is “disaster recovery”?
The process and design principle that allows a system to recover from natural or human-induced disasters.
How to calculate “availability”?
availability = uptime/(uptime + downtime)
What is “shared responsibility”?
The shared responsibility model is the sharing of responsibilities for the cloud between you and your cloud provider.
What is a “development framework”?
PaaS provides a framework which can be built upon.
What are “economies of scale”?
as the companies grow they become more effective at managing shared operations.
Be that HR and hiring, taxes, accounting, internal operations, marketing, big purchases via contracts meaning better discounts, etc. etc.
What is a key distinction between IaaS and Paas?
With PaaS, the cloud provider is responsible for the operating system and middleware.
What is “middleware”?
software that different applications use to communicate with each other
What is “Saas”?
This means that the cloud provider manages everything, including the application. Customers just buy the license and use it - they don’t maintain anything.
What is a “cloud development model”?
A model that describes where the company resources are deployed.
Which cloud deployment model allows for the greatest degree of flexibility?
Hybrid, because customers can choose to use the public cloud or private cloud depending on individual scenarios.
What is a “region”?
- Geographical area of the planet.
- 1+ data centers connected with a low-latency network of <2 milliseconds.
- 50+ regions on the planet
- Special government regions (DOD, etc.)
- Special partnered regions (China East, China North)
What is an “availability zone”?
- Designed to help customers protect from data center failures by logically grouping physically separate facilities which have their own data structure.
- Regional feature, one or more data centers.
- Grouping of physically separate facilities
designed to protect from data center failures - If the zone goes down, others continue working
- 2 service categories:
** Zonal (VMs, Disks, etc.)
** Zone-redundant (SQL, storage, etc.) - Not all regions supported
- Supported regions have 3 or more zones
What is a “region pair”?
- Each region is paired with another region
- Region pairs are static and cannot be chosen or changed.
- Each region pair resides within the same geography, except for Brazil’s south.
- Physical location with at least 300 miles distance if possible to prevent destruction from a natural disaster.
- Some services have platform-provided replication
- planned updates across the pairs
- data residency maintained for disaster recovery.
What geographies are in “Region Pair A”?
1) East US
2) UK West
3) North Europe (Ireland)
4) East Asia (Hong Kong)
What geographies are in “Region Pair B”?
1) West US
2) UK South
3) West Europe (Netherlands)
4) Southeast Asia (Singapore)
What are “geographies”?
- discrete markets
- Typically contains two or more regions.
- Ensures data residency, sovereignty, resiliency, and compliance requirements are met.
- Fault tolerant to protect from region-wide failures
- Broken up into areas:
a) Americas
b) Europe
c) Asia Pacific
d) Middle East and Africa - Each region belongs to only one geography.
Zone-enabled Azure regions must have how many Availability Zones?
3
Zonal services allow customers to choose Availability Zone placement for their services, true or false?
True
What are 6 components of “resource groups”?
1) Type
2) Lifecycle (app, environment)
3) Department
4) Billing
5) Location
6) Combo of any
What is a “Resource Manager”?
1) Management Layer for all resources and resources groups.
2) Unified language
3) Controls access and resources.
What are the unique features of resource groups?
- Each resource group is in 1 and only 1 resource group.
- Resource groups have their own location assigned.
- Resources in groups can reside in different locations.
- Resources can be moved between resource groups.
- Resource groups cannot be nested.
- Organize based on your organization’s departments including billing, security, and access management, application lifecycle.
What is “virtualization”?
- emulation of physical machines.
- different virtual hardware configuration per machine/app
- different operating systems per machine/app
- total separation of environments: file systems, services, ports, middleware, configuration.
What are “virtual machines”?
- These are Infrastructure as a Service (IaaS).
- Total control over the operating system and the software
- Supports marketplace and custom images.
- Best suited for 1) custom software requiring custom system configuration 2) life-and-shift scenarios
- Can run any application/scenario 1) web apps and web services, 2) databases, 3) desktop applications, 4) jumpboxes, 5) gateways, etc.
What are “containers”?
- The use of the host’s operating system.
- Emulate operating system (VMs emulate hardware)
- Lightweight (no O/S) 1) Development effort, 2) maintenance, 3) compute and storage requirements.
- Respond quicker to demand changes
- Designed for almost any scenario
What are “Azue container instances”?
- Simplest and fastest way to run a container in Azure.
- Platform as a Service (PaaS)
- Serverless Containers
- Designed for 1) small and simple web apps/services, 2) background jobs, 3) scheduled scripts.
What is “Azure Kubernetes Service (AKS)”?
- Open-sources container orchestration platform.
- Platform as a Service (PaaS)
- Highly scalable and customizable.
- Designed for high-scale container deployments (anything really)
What is “App Service”?
- Designed as an enterprise-grade web application service (web applications)
- Platform as a Service (PaaS)
- Supports multiple programming languages and containers
What are “Azure Function Apps”?
- Platform as a Service (Paas)
- Serverless
- Two hosting/pricing models 1) consumption-based plan, 2) dedicated plan.
- Designed for micro/nano-services
What is “Azure networking”?
- Connect cloud and on-premises
- On-premise networking functionality
What is “Azure virtual networking”?
- Logically isolated networking components
- Segmented into one or more subnets which cannot be nested.
- Subnets are discrete sections
- Enable communication of resources with each other, internet, and on-premises.
- Scoped to a single region
- VNET peering allows cross-region communication
- Isolation, segmentation, communication, filtering, routing.
- Allows customers to represent and extend their on-premise networking infrastructure on the cloud.
What is “Azure Load Balancer”?
- Even traffic distriution.
- Supports both inbound and outbound scenarios.
- High-availability scenarios.
- Both TCP (transmission control protocol) and UDP (user datagram protocol) applications.
- internal and external traffic.
- Port forwarding
- High scale with up to millions of flows.
What is a “VPN Gateway”?
A specific type of virtual network gateway for on-premises to Azure traffic over the public internet.
What is an “Application Gateway”?
- Web traffic load balancer
- web application firewall.
- redirection
- session affinity
- URL routing
- SSL termination
What is a “Content Delivery Network”?
- Defining content across web
- minimize legacy
- POP (points of presence)
What are “structured data types”?
- Data can be represented using tables with very strict schema.
- Each row must follow a defined schema.
- Some tables have defined relationships between them.
- Typically used in relational databases.
What are “semi-structured data types”?
Data can be represented using tables but without strict defined schema.
Rows must only have a unique key identifier.
What is “unstructured data types”?
Any files in any format.
What are “storage accounts”?
- These are groups of services which include 1) blob storage, 2) queue storage, 3) table storage, and 4) file storage.
- Used to store 1) files, 2) messages, and 3) semistructured data.
- Highly scalable (up to petabytes of data)
- Highly durable (11 nines - 16 nines)
- Cheapest GB storage.
What is “blob storage”?
- BLOB = binary large object - file.
- Designed for storage of files of any kind
- 3 storage tiers 1) Hot = frequently accessed data. 2) Cool = infrequently accessed data, 3) archive = rarely (if-ever) accessed data.
What is “queue storage”?
- Storage for small pieces of data (messages)
- Designed for scalable asynchronous processing.
What is “table storage”?
- Storage for semi-structured data (NoSWQL): no need for foreign joins, keys, relationships, or strict schema. Designed for fast access.
- Many programming interfaces and SDK’s
What is “file storage”?
- Storage for files accessed via shared drive protocols.
- Designed to extend on-premise file shares and implement lift-and-share scenarios.
What is “disk storage”?
- Disk emulation in the cloud.
- Persistent storage for VMs
- Different sizes, different types (SSD, HDD), different performance tiers.
- Disks can be unmanaged or managed.
What are “functions”?
- A serverless web service hosting platform. It scales nicely and with consumption-based pricing, and is ideal for hosting applications with an unpredictable workload demand.
- These are the least configurable.
What is “separation by application lifecycle”?
Naming resource groups by application name and environment names (among others). This strategy allows customers to have separate groups per application and environment name to assign separate privileges to their employees and vendors. Making sure they don’t impact each other while working with Azure.
What is a “zonal service”?
one that provides the ability to specify which Availability Zone the resources are deployed into.
What is a “structured data type”?
Data that can be represented using tables with very strict schema. Each row must follow a defined schema. Some tables have defined relationships between them. Typically used in relational databases.
What is a “semi-structured data type”?
Data can be represented using tables but without a strictly defined schema. Rows must only have unique key identifiers.
What is a “unstructured data type”?
Any files in any format. i.e. binary, application, images, movies, etc.
What is a “Cosmos DB”?
- Globally distributed NoSQL (semi-structured data) DataBase service.
- Schema-less
- Multiple APIs (SQL, MongoDB, Cassandra, Gremlin, Table Storage)
- Designed for 1) highly responsive real-time applications with super-low latencies < 10 ms. 2) multi-regional applications.
What is a “SQL Database”?
- Relational database service in the cloud (PaaS) (DBaaS - Database as a service.
- Structured data service defined using schema and relationships.
- Rich Query Capabilities (SQL)
- High-performance, reliable, fully managed, and secure database for building and applications.
What is the “Azure SQL product family”?
1) Azure SQL Database - reliable relational database on SQL Server.
2) Azure Database for MySQL - SQL version for MySQL database engine.
3) Azure Database for PostgreSQL - Azure SQL version for PostgreSQL database engine.
4) Azure SQL Managed Instance - Fully fledged SQL Server on Iaas.
5) Azure SQL DW (Synapse) - Massively Parallel Processing (MPP) version of SQL Server.
What is the “Azure Marketplace”?
- Like an “Azure Shop” where you purchase services and solutions for the Azure platform.
- Each product is a template that contains one or multiple services.
- Products are delivered by first and third-party vendors.
- solutions can leverage all service categories like Iaas, Paas, and Saas.
What is “Internet of Things (IOT)”?
It is a network of internet-connected devices (IoT Devices) embedded in everyday objects enabling sending and receiving data such as settings and telemetry.
What is “data telemetry”?
Telemetry automatically collects, transmits, and measures data from remote sources, using sensors and other devices to collect data.
What is “IoT Hub”?
- Managed service for bi-directional communication.
- Platform as a Service (Paas).
- Highly secure, scalable, and reliable.
- Integrates with a lot of Azure Services.
- Programmable SDKs for popular languages (C, C#, Java, Python, Node.js).
- Multiple protocols (HTTPS, AMQP, MQTT)
What is “Azure IoT Central”?
- IoT App Platform - Software as a Service (Saas)
- Industry-specific app templates
- No deep technical knowledge required.
- Service for connecting, management, and monitoring IoT devices
- Highly secure, scalable, and reliable.
- Built on top of the IoT Hub service and 30+ other services.
What is “Azure IoT Sphere”?
*Secure end-to-end IoT Solutions
* Where developers go to build apps.
(certified chips, OS based on Linux, Security Service Trusted device-to-cloud communication)
What is “big data”?
It is a field in tech that helps with the extraction, processing, and analysis of information that is too large or complex to be dealt with, by TRADITIONAL SOFTWARE.
What are the “big data 3 Vs”?
Velocity, Volume, Variety
What is “data velocity”?
how fast data is coming in or how fast we are processing it.
(batch, periodic, near real-time, real-time)
What is “data volume”?
how much data we are processing
(megabytes, gigabytes, terabytes, petabytes)
What is “data variety”?
how structured or complex the data is
(tables, databases, photo, audio, video, social media)
What is “Azuer Synapse Analytics”?
- enterprise analytics service that accelerates time to insight across data warehouses and big data systems. It brings together the best of SQL technologies used in enterprise data warehousing, Apache Spark technologies for big data, and Azure Data Explorer for log and time series analytics.
- Big data analytics platform (PaaS)
- Has multiple components (Spartk, Synapse SQL a) SQL pools - which are dedicated - pay for performance, b) SQL on-demand - ad-hoc- pay for processing, Synapse Pipelines - data factory, Studio - unified experience)
What is “Azure HDInsight”?
- a customizable, enterprise-grade service for open-source analytics platform. Effortlessly process massive amounts of data and get all the benefits of the broad open-source project ecosystem with the global scale of Azure. Easily migrate your big data workloads and processing to the cloud.
- Flexible multi-purpose big data platform (PaaS)
- Multiple technologies supported (Hadoop, spark, Kafka, HBase, Hive, Store, Machine Learning)
What is “Azure Databricks”?
- fully managed first-party service that enables an open data lakehouse in Azure.
- Big data collaboration platform (PaaS)
- Unified workspace for notebook, cluster, data, access management, and collaboration.
- Based on Apache Spark
- Integrates very well with common Azure data services.
What is “Apache Spark”?
a PaaS offering that helps customers build data transformation solutions based on Apache Storm.
What is “artificial intelligence (AI)”?
The simulation of human intelligence and capabilities by computer software.
What is “Azure Machine Learning”?
- Cloud-based platform for creating, managing, and publishing machine learning models
- Platform as a Service (PaaS)
- Machine Learning Workspace – top-level resource
- Machine Learning Studio – web portal for end-2-end development
- Features:
+ Notebooks – using Python and R
+ Automated ML – run multiple algorithms/parameters combinations, choose the best model
+ Designer – a graphical interface for no-code development
+ Data & Compute – management of storage and compute resources
+ Pipelines – orchestrate model training, deployment, and management tasks
What is “Azure Machine Learning Studio”?
This allows customers to manage a Machine Learning Workspace using a single and concise web portal interface.
What is “Azure Designer”?
A feature of Azure Machine Learning that enables customers to build their machine learning pipelines visually.
What is “serverless computing”?
Is a cloud-based execution environment that allows the customer to run their applications in the cloud while completely abstracting the underlying structure.
What is “Asure Functions”?
- For deploying custom code as a web service in Azure.
- Serverless coding platform (Functions as a Service, Faas).
- Designed for nano-service architectures and event-based applications.
- Scales up and down very quickly.
- Highly scalable.
- Supports popular languages and frameworks (.NET & .NET core, Java, Node.js., Python, Powershell, etc.)
What are “Azure Logic Apps”?
- Serverless enterprise integration service (PaaS)
- 200+ connectors for popular services
- Designed for orchestration of a) business processes, b) integration workflows for applications, data, systems, and services.
- No-code solution.
What is a “Azure Event Grid”?
- Route messages between services.
- it is a fully managed serverless event-routing service
- Uses publish-subscribe model
- Designed for event-based and near-real-time applications
- Supports dozen of built-in events from most common Azure services.
What is “DevOps”?
A set of practices that combine both development (Dev) and operations (Ops). It is a set of practices for building applications quickly while maintaining high quality.
DevOps aims to shorten the development life cycle by providing continuous integration and delivery (CI/CD) capabilities while ensuring high-quality of deliverables.
What is “Azure DevOps”?
- It is a collection of services for building solutions using DevOps practices
- Includes the following services:
+ a) boards - for tracking work
+ b) pipelines for continuous integration and delivery workflows - building, testing, and deploying apps
+ c) Repos - code collaboration and versioning with Git.
+ d) Test Plans - manual and exploratory testing.
+ e) Artifacts - manage project deliverables. - Extensible with Marketplace - over 1,000 of available apps.
- Evolved from TFS (Team Foundation Server), through VSTS (Visual Studio Team Services)
What is “TFS”?
Team Foundation Server (Microsoft TFS) provides teams with tools and technologies to better collaborate and manage their projects. It’s because Microsoft TFS offers a combo of version control, issue tracking, and application lifecycle management.
What is “VSTS”?
Visual Studio Team Services - Microsoft VSTS is an Application Lifecycle Management (ALM) system that helps the entire project team to capture Requirements, Agile /Traditional Project Planning, Work Item Management, Version Control, Build, Deployment, and manual Testing all in a single platform.
What is “Azure DevTest Labs”?
- Service for creation of sandbox environments for developers/testers (Paas)
- Quick setup of self-managed virtual machines.
- Preconfigured templates for VMs.
- Plenty of additional artifacts (tools, apps, custom actions)
- Lab policies like quotas, sizes, and auto-shutdowns.
- Share and automate labs via custom images.
- Premade plugins/API/tools for CI/CD pipeline automation.
What is “Azure Portal”?
- Public web-based interface for management of Azure platform.
- Designed for self-service
- Customizable
- Simple tasks.
What is “Azure Powershell”?
- Powershell and module.
- Designed for automation
- Multi-platform with PowerShell Core
- Simple to use
+ Connect-AzAccount = log into Azure
+ Get-AzResourceGroup = list resource groups.
+ New-AZResourceGroup = create a new resource group
+ New-AzVm = create a new virtual machine
What is “Azure CLI”?
- command line interface for Azure
- Designed for automation
- Multi-platform (Python)
Simple to use:
+ az login = log into Azure
+ az group list = list resource groups
+ az group create = create new resource groups
+ az vm create = create virtual machine - Native OS terminal scripting
What is “Azure Cloud Shell”?
- Cloud-based scripting environment
- Completely free
- Supports both Azure PowerShell and Azure CLI
- Dozens of additional tools
- Multiple client interfaces
+ Azure Portal integration (portal.azure.com)
+ Shell Portal (shell.azure.com)
+ Visual Studio Code Extension
+ Windows Terminal
+ Azure Mobile App
+ Microsoft Docs integration
What is “Azure Advisor”?
- Personalized consultant service
- Designed to provide recommendations and best practices for
+ Cost (SKU sizes, idle services, reserved instances, etc.)
+ Security (MFA settings, vulnerability settings, agent installations, inc)
+ Reliability (redundancy settings, soft delete on blobs, etc.)
+ Performance (SKU sizes, SDK versions, IT throttling, etc.)
+ Operational Excellence (service health, subscription limits, etc.) - Actionable recommendations
- Free!
Is Azure Advisor proactive or reactive?
Proactive - offering suggestions to counter future issues, not current or past issues.
What are “Network Security Groups (NSGs)”?
- Designed to filter traffic to (inbound) and from (outbound) Azure resources located in Azure Virtual Network.
- Filtering controlled by rules.
- Ability to have multiple inbound and outbound rules
- Rules are created by specifying:
+ Source/Destination (IP addresses, service tags, application security groups)
+ Protocol (TCP, UDP, any)
+ Port (or port ranges i.e. 3389 for RDP, 22 for SSH, 80 for HTTP, etc)
+ Direction (inbound or outbound)
+ Priority (order of evaluation)
What are “Application Security Groups (ASG)”?
- Feature that allows grouping of virtual machines located in Azure virtual network.
- designed to reduce the maintenance effort - by assigning ASG instead of explicit IP addresses.
Can ASG be used to filter traffic based on network protocols?
No
What is “routing”?
Process of finding/selecting a path for traffic in one or across multiple networks.
What are “user-delined routes”?
- Custom (user-defined, static) routes (UDRs).
- Designed to override Azure’s default routing or add new routes.
- Managed via Azure Route Take Resource.
- Associated with Virtual Network subnets.
What is a “firewall”?
A Network security service that monitors and controls incoming and outgoing traffic.
What is an “Azure Firewall”?
- Managed, cloud-based firewall service (Paas, Firewall as a Service).
- Built-in high availability.
- Highly scalable.
- Inbound & outbound traffic filtering rules.
- Support for FQDN (fully qualified domain name, i.e. microsoft.com)
- Fully integrated with Azure monitor for logging and analytics.
Do Network Security Groups (NSGs) allow rules based on fully qualified domain names (alpha-based domain names)?
No. In this case use Azure Firewall.
What is “Denial of Service (Dos)”?
Cyber-attach with intent to cause temporary or indefinite disruption of service.
What is “Distributed Denia of Service (DDoS)”?
DoS attach that is originating from multiple servers.
What is “Azure DDoS Protection”?
- DDoS protection service in Azure.
- Designed to a) detect malicious traffic and block it while allowing legitimate users to connect, b) prevent additional costs for auto-scaling environment.
- 2-tiers:
+ Basic = automatically enabled for the Azure platform.
+ Standard = additional mitigation and monitoring capabilities for Azure Virtual Network resources. - Standard tier uses machine learning to analyze traffic patterns for better accuracy.
What is “identity”?
- A user with a username and password.
- Also applications or other services with secret keys or certificates.
- The fact of being something or someone.
What is “authentication”?
The process of verification/assertion of identity.
What is “authorization”?
The process of ensuring that only authenticated identities get access to the resources for which they have been granted access.
What is “access management”?
The process of controlling, verifying, tracking and managing access to authorized users and applications.
What is “Azure Active Directory”?
- Identity and access management service in Azure.
- Identities management - users, groups, and applications.
- Access management - subscriptions, resource groups, roles, role assignments, authentication and authorization settings, etc.
- Used by multiple Microsoft cloud platforms
+ Azure
+ Microsoft 365
+ Office 365
+ Live.com services (Skype, OneDrive, etc.)
What is “Multi-Factor Authentication (MFA)”?
- Process of authentication using more than one factor (a piece of evidence) to prove identity.
- Factor types:
+ knowledge factor - something you know
+ possession factor - something you have
+ physical characteristic factor - something that is a part of you.
+ location factor - somewhere you are. - Supported by Azure AD by default (which can be turned off).
What is the “Azure Security Center”?
- Central/unified infrastructure and platform security management service.
- Natively embedded in Azure services.
- Integrated with Azure Advisor
- 2 tiers
1) Free (Azure Defender OFF) - included in all Azure services, provides continuous assessments, security scores, and actionable security recommendations.
2) Paid (Azure Defencer ON) - hybrid security, threat protection alerts, vulnerability scanning, just-in-time (JIT) VM access, etc.
What are “Azure Blades”?
the visualization elements used to describe a resource or to display a form as part of a workflow.
What is an “Azure Security Center Security Score”?
It is calculated using available security recommendations. The higher the score, the more secure the environment is.
What is “Azure Key Vault”?
- Managed service for securing sensitive information (application/platform)(PaaS)
- Secure storage service for keys, secrets, or certificates.
- Highly integrated with other Azure Services (VMs, Logic Apps, Data Factory, Web Apps, etc)
- Centralization
- Access monitoring and logging.
Can Azure disks be secured using customer-managed keys?
Yes
Are Azure Disks left unencrypted during provisioning?
No
Does Azure Key Vault store application configuration options?
No, it is not designed to replace application configuration files.
What is a “role”?
A collection of actions that the assigned identity will be able to perform. The definition is the answer to the question, “WHAT can be done?”
What is a “Security Professional”?
It is an Azure object (identity) that can be assigned to a role (i.e. users, groups, or applications). The assignment is an answer to a question of “WHO can do it?”
What is a “Scope”?
One or more Azure resources that the access applies to. It is an answer to “Where can it be done?”
What is a “Role Assignment”?
It is a combination of the role definition, security principal, and scope.
What is the “Azure Role-Based Access Control (RBAC)”?
- Authoritative system built on Azure Resource Manager (ARM).
- Designed for fine-grained access management of Azure Resources.
- Role assignment is a combo of
1) Role definition - list of permissions like create VM, delete SQL, assign permissions, etc.
2) Security Principal - user, group, service principal, and managed identity.
3) Scope - resource, resource groups, subscription, management group. - Hierarchical > Management groups > Subscriptions > Resource Groups > Resources.
- Built-in and custom roles are supported.
‘what is an “Azure Resource Lock”?
- Designed to prevent accidental deletion and/or modification.
- Used in conjunction with RBAC
- 2 types of locks:
1) Read-only - only read actions are allowed.
2) Delete - all actions except delete are allowed. - Scopes are hierarchical or inherited. Subscriptions > Resource Groups > Resources
- Management Groups cannot be locked
- Only Owner and User Access Administrator roles can manage locks (these are built-in roles)
What are “Azure Resource Tags”?
- Simple name (key) value pairs.
- Designed to help with organization of resources
- Used for resource governance, security, operations management, cost management, automation, etc.
- Tyipical tagging strategies:
1) Functional - made by function (i.e. environment = production)
2) Classification - mark by policies (i.e. classification = restricted)
3) Finance/Accounting - mark for billing purposes (i.e. department = finance)
4) Partnership - mark by association of users/groups (i.e. owner = adam) - Applicable for resources, resource groups, and subscriptions.
- NOT inherited by default.
What is “Azure (Governance) Policy”?
- Designed to help with resource governance, security, compliance, cost management, etc.
- Policies focus on resource properties (RBAC focused on user actions)
- Policy definition defines what should happen
a) Define the condition (if/else) and the effect (deny, audit, modify, etc.)
b) Examples include resource types, allowed locations, allowed SKUs, inherited resource tags - Built-in and custom policies are supported.
- Policity initiative - a group of policy definitions.
- Policy assignment of a definition/initiative to a scope.
Scopes can be assigned to
a) management groups
b) subscriptions
c) resources groups
d) resources - Policies allow for exclusions of scopes
- Checked during resource creation or updates and existing ones with remediation tasks.
What is a “Policy Definition”?
A single object that defines properties, conditions, and effects.
What is a “Policy Initiative”?
A group of policy definitions.
What is a “Policy Assignment”?
Assigning (or enabling) a policy definition.
What are “Azure Blueprints”?
- Packages of various Azure components (artifacts)
a) Resource Groups
b) ARM Templates
c) Policy Assignments
d) Role Assignments - Centralized storage for organizationally approved design patterns.
- Blueprint definition - describing what should happen
- Blueprint assignment - describing where it should happen aka package deployment
What is a “Blueprint Definition”?
Describes a list of various Azure components and their configuration. Can be called a package or collection of Azure components.
What is a “Blueprint Assignment”?
Actually putting a Blueprint Definition into play.
What is “Cloud Adoption”?
It is a strategic move by an organization to leverage cloud in their business.
What is a “Cloud Adoption Framework”?
It is a set of tools, best practices, guidelines, and documentation. prepared by Microsoft to help companies with their cloud adoption journey.
What are 6 components of the Cloud Adoption Framework?
1) Strategy
2) Plan
3) Ready
4) Adopt
5) Govern and Manage
6) Organize
What are 4 phases of the Strategy component in the Cloud Adoption Framework?
1) Understand motivation
2) Business Outcome
3) Business Justification
4) First Project
What is the Understand Motivation phase of the Strategy phase in the Cloud Adoption Framework?
- Answer the question, “WHY MOVE”?
- Common motivational triggers include
1) migration
a) cost savings on infrastructure
b) reduction in complexity
c) operational optimization
d) increased business agility
2) Innovation
a) reaching a global scale
b) customer experience improvements
c) transformation of products and service
d) market disruption
What is the Business Outcome phase of the Strategy phase in the Cloud Adoption Framework?
- Answer the question WHAT TO MEASURE?
- Defined, concise and observable outcome captured by a specific measure i.e.
+ increase in profit
+ increase in revenue
+ cost reduction
+ global access to customers
+ reaching new markets
What is the Business Justification phase of the Strategy phase in the Cloud Adoption Framework?
- Answer the question WHAT’S MY RETURN ON INVESTMENT?
- Develop a business case to validate the financial model that supports your motivations and outcomes.
- Tools that support this process are
+ Azure TCO calculator - estimate current on-prem costs
+ Azure Pricing Calculator - estimate future Azure costs
+ Azure Cost Management - see current Azure costs
What is the First Project phase of the Strategy phase in the Cloud Adoption Framework?
- Choose first project to validate your strategy (proof of concept) based on
1) Business criteria - current operations, dedicated owner, strong motivation to move.
2) Technical criteria - minimum dependencies and assets.
What is the Plan Component in the Cloud Adoption Framework?
- Create an inventory of assets
+ Review the current landscape and list all digital assets (projects and solutions)
+ Choose one of the 5 R’s of rationalization - Rehost - move as is; typically into containers or IaaS (VMs)
- Refactor - make small code changes and move to Paas (Azure SQL, Azure App Service, etc.)
- Rearchitect - make complex code changes to introduce new features or fix incompatible apps
- Rebuild - create a new application using cloud-first design
- Replace - review available SaaS solutions and replace legacy or unneeded applications.
- Initial Organization Alignment - align people so they support your adoption plan; map people to capabilities.
- Skills Readiness Plan - review current skills and address the gaps.
- Cloud Adoption Plan - combine everything from steps 1 to 3 into a single cloud adoption plan.
