1 Flashcards

Question

What is "database security"?

Answer 1

The processes, tools, and controls that organizations use to secure and protect their databases against threats and security risks. Database security protects the database itself, database management systems, physical and virtual servers, and network infrastructure.

Answer 2

A type of partitioning that lets you divide a large database into smaller databases, which can be managed faster and more easily across servers.

Answer 3

At its broadest definition, a database is a collection of information that is related. In computer science, a database refers to a collection of data that is stored on a computer system. The most basic types of databases are relational and nonrelational.

Answer 4

A type of machine learning in which artificial neural networks process, learn, and make decisions based on unstructured data. It’s often used to analyze large, complex datasets, complete nonlinear tasks, and respond to inputs faster and more accurately than humans.

Answer 5

The union of people, process, and technology to enable continuous delivery of value to customers. The practice of DevOps brings development and operations teams together to speed software delivery and make products more secure and reliable.

Answer 6

A technology that allows Internet of Things (IoT) devices to process data at the “edge” of a network, either by the device itself or by a local server. This improves response time on remote devices and allows businesses to get more timely insights from device data.

Answer 7

The ability to dynamically provision and de-provision computer processing, memory, and storage resources to meet changing demands without worrying about capacity planning and engineering for peak usage.

Answer 8

A personal identification technology that relies on optical analysis to analyze an image. Face recognition can be used for face identification, grouping, and verification.

Answer 9

A service that uses a group of networked computers working together as a virtual supercomputer to perform large or data-intensive tasks.

Answer 10

A type of computing where on-premises data centers are combined with cloud computing products and services in order to modernize legacy resources. This allows businesses to improve IT performance, optimize costs, and instantly scale capacity up or down.

Answer 11

A virtualized computer environment delivered as a service over the internet by a cloud provider. Infrastructure can include servers, network equipment, and software.

Answer 12

The Internet of Things, or IoT, refers to equipment, machines, products, and devices that are connected to the cloud and configured to collect and securely transmit data. IoT helps many industries analyze data and make informed decisions about that data in real-time.

Answer 13

A multi-platform, object-oriented programming language that powers applications, smartphone operating systems, enterprise software, and many well-known programs on billions of devices worldwide.

Answer 14

The process of using mathematical models to predict outcomes instead of relying on a set of instructions. Is a subcategory of AI where computer software is “taught” to draw conclusions and make predictions from data. The process bears similarity to how humans learn, in that increased experience can increase accuracy.

Answer 15

Help data scientists identify patterns within sets of data. Machine learning algorithms are selected based on the desired outcome—predicting values, identifying anomalies, finding structure, or determining categories—and are commonly divided by whether they’re used for supervised learning, unsupervised learning, or reinforcement learning.

Answer 16

The Microsoft cloud platform features a vast collection of products and services designed to help you bring new solutions to life. Azure enables you to build, run, and manage applications across multiple clouds, on-premises, and at the edge.

Answer 17

Software that lies between an operating system and the applications running on it. Middleware enables communication and data management for distributed applications. Examples include web servers, application servers, and content management systems.

Answer 18

All of the processes involved in the development, coding, and release of a mobile application for use on portable electronic devices like smartphones, tablets, laptops, e-readers, smart watches, and handheld game consoles.

Answer 19

NoSQL is a set of nonrelational database technologies developed with unique capabilities to handle high volumes of unstructured and changing data. NoSQL technology offers dynamic schema, horizontal scaling, and the ability to store and retrieve data as columns, graphs, key-values, or documents.

Answer 20

A computing platform (operating system and other services) is delivered as a service over the internet by a cloud provider like Azure. An application development environment that you can subscribe to and use immediately is an example of PaaS.

Answer 21

An open-source relational database that’s popular with developers and administrators for its flexibility and integrity. PostgreSQL is used across a range of fields, including financial services, manufacturing, retail, and logistics.

Answer 22

Cloud computing services offered over the internet or over a private internal network to only select users and not the general public.

Answer 23

+ A public cloud relies on cloud resources that are owned and operated by a third-party service provider. + While a private cloud is used exclusively by one organization. + A hybrid cloud combines on-premises infrastructure—or a private cloud—with a public cloud.

Answer 24

Cloud computing services offered over the internet by a third-party provider and available to anyone who wants to purchase them.

Answer 25

The use of quantum mechanics to run calculations on specialized hardware. Quantum computers apply the behaviors of quantum physics to computing, including superposition, entanglement, and quantum interference.

Answer 26

The basic unit of information in quantum computing. While a classical binary bit can only represent a single binary value, such as 1 or 0, a qubit (also known as a quantum bit) can represent 0 or 1 or any proportion of 0 and 1 in the superposition of both states.

Answer 27

An efficient, flexible type of database that stores and organizes data points with defined relationships for fast access. Data is organized into tables that hold information about each entity and display predefined categories as rows and columns.

Answer 28

Vertical scaling (scaling up) lets you increase or decrease computing power or databases as needed. Horizontal scaling (scaling out) entails adding more databases or dividing a large database into smaller nodes, using a data partitioning approach called sharding.

Answer 29

A computing model in which the cloud provider provisions and manages servers. It enables developers to spend more time building apps and less time managing infrastructure.

Answer 30

An application delivered over the internet by a software provider. The application doesn’t have to be purchased, installed, or run on users’ computers and instead operates in the cloud.

Answer 31

IT infrastructure that allows you to access computer systems from almost any device (such as a personal computer, smartphone, or tablet). This service eliminates the need for your company to provide you with a physical machine.

Answer 32

A computer file (typically called an image) that behaves like an actual computer. Multiple virtual machines can run simultaneously on the same physical computer.

Answer 33

A virtual private network that establishes a connection between your computer and a remote server owned by a VPN provider. This connection creates a point-to-point tunnel that encrypts your personal data, masks your IP address, and lets you get around website blocks and firewalls.

Answer 34

The act of creating a virtual version of a computing environment, including computer hardware, operating system, and storage devices. Organizations use virtualization to turn a single physical computer into multiple virtual machines that share the resources of the host machine.

Answer 35

High availability focuses on ensuring maximum availability, regardless of disruptions or events that may occur.

Answer 36

Scalability refers to the ability to adjust resources to meet demand.

Answer 37

This is adding or deleting CPUs or RAM to the virtual machine for more or less power. This is increasing or decreasing the power of machines.

Answer 38

This is deploying less or more resources, more nodes, more servers, etc.

Answer 39

Reliability is the ability of a system to recover from failures and continue to function.

Answer 40

Moving forward with confidence. This is crucial in both performance and cost.

Answer 41

Performance predictability focuses on predicting the resources needed to deliver a positive experience for your customers.

Answer 42

Cost predictability is focused on predicting or forecasting the cost of the cloud spend.

Answer 43

This involves managing cloud resources, possibly to: + Automatically scale resource deployment based on need. + Deploy resources based on a preconfigured template, removing the need for manual configuration. + Monitoring the health of resources and automatically replacing failing resources. + receiving automatic alerts based on configured metrics; real-time dashboard.

Answer 44

How we are able to manage our cloud environment and resources: + through a web portal + using a command line interface + using API's + using PowerShell.

Answer 45

on-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user.

Answer 46

A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.

Answer 47

Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations)

Answer 48

The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.

Answer 49

Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear unlimited and can be appropriated in any quantity at any time.

Answer 50

Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.

Answer 51

Enables sharing of resources and costs across a large pool of users

Answer 52

Serverless computing is a cloud computing code execution model in which the cloud provider fully manages starting and stopping virtual machines as necessary to serve requests.

Answer 53

service-hosted remote procedure call that utilizes serverless computing to enable deploying individual functions in the cloud to run in response to events

Answer 54

cloud infrastructure operated solely for a single organization, whether managed internally or by a third party, and hosted either internally or externally.

Answer 55

Cloud services are considered "public" when they are delivered over the public Internet, and they may be offered as a paid subscription, or free of charge.

Answer 56

a composition of a public cloud and a private environment, such as a private cloud or on-premises resources, that remain distinct entities but are bound together, offering the benefits of multiple deployment models.

Answer 57

shares infrastructure between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party, and either hosted internally or externally.

Answer 58

use of multiple cloud computing services in a single heterogeneous architecture to reduce reliance on single vendors, increase flexibility through choice, mitigate against disasters, etc.

Answer 59

ability to react fast (scale quickly)

Answer 60

ability to maintain system uptime while physical and service component failures happen

Answer 61

The process and design principle that allows a system to recover from natural or human-induced disasters.

Answer 62

availability = uptime/(uptime + downtime)

Answer 63

The shared responsibility model is the sharing of responsibilities for the cloud between you and your cloud provider.

Answer 64

PaaS provides a framework which can be built upon.

Answer 65

as the companies grow they become more effective at managing shared operations. Be that HR and hiring, taxes, accounting, internal operations, marketing, big purchases via contracts meaning better discounts, etc. etc.

Answer 66

With PaaS, the cloud provider is responsible for the operating system and middleware.

Answer 67

software that different applications use to communicate with each other

Answer 68

This means that the cloud provider manages everything, including the application. Customers just buy the license and use it - they don't maintain anything.

Answer 69

A model that describes where the company resources are deployed.

Answer 70

Hybrid, because customers can choose to use the public cloud or private cloud depending on individual scenarios.

Answer 71

* Geographical area of the planet. * 1+ data centers connected with a low-latency network of <2 milliseconds. * 50+ regions on the planet * Special government regions (DOD, etc.) * Special partnered regions (China East, China North)

Answer 72

* Designed to help customers protect from data center failures by logically grouping physically separate facilities which have their own data structure. * Regional feature, one or more data centers. * Grouping of physically separate facilities designed to protect from data center failures * If the zone goes down, others continue working * 2 service categories: ** Zonal (VMs, Disks, etc.) ** Zone-redundant (SQL, storage, etc.) * Not all regions supported * Supported regions have 3 or more zones

Answer 73

* Each region is paired with another region * Region pairs are static and cannot be chosen or changed. * Each region pair resides within the same geography, except for Brazil's south. * Physical location with at least 300 miles distance if possible to prevent destruction from a natural disaster. * Some services have platform-provided replication * planned updates across the pairs * data residency maintained for disaster recovery.

Answer 74

1) East US 2) UK West 3) North Europe (Ireland) 4) East Asia (Hong Kong)

Answer 75

1) West US 2) UK South 3) West Europe (Netherlands) 4) Southeast Asia (Singapore)

Answer 76

* discrete markets * Typically contains two or more regions. * Ensures data residency, sovereignty, resiliency, and compliance requirements are met. * Fault tolerant to protect from region-wide failures * Broken up into areas: a) Americas b) Europe c) Asia Pacific d) Middle East and Africa * Each region belongs to only one geography.

Answer 77

1) Type 2) Lifecycle (app, environment) 3) Department 4) Billing 5) Location 6) Combo of any

Answer 78

1) Management Layer for all resources and resources groups. 2) Unified language 3) Controls access and resources.

Answer 79

* Each resource group is in 1 and only 1 resource group. * Resource groups have their own location assigned. * Resources in groups can reside in different locations. * Resources can be moved between resource groups. * Resource groups cannot be nested. * Organize based on your organization's departments including billing, security, and access management, application lifecycle.

Answer 80

* emulation of physical machines. * different virtual hardware configuration per machine/app * different operating systems per machine/app * total separation of environments: file systems, services, ports, middleware, configuration.

Answer 81

* These are Infrastructure as a Service (IaaS). * Total control over the operating system and the software * Supports marketplace and custom images. * Best suited for 1) custom software requiring custom system configuration 2) life-and-shift scenarios * Can run any application/scenario 1) web apps and web services, 2) databases, 3) desktop applications, 4) jumpboxes, 5) gateways, etc.

Answer 82

* The use of the host's operating system. * Emulate operating system (VMs emulate hardware) * Lightweight (no O/S) 1) Development effort, 2) maintenance, 3) compute and storage requirements. * Respond quicker to demand changes * Designed for almost any scenario

Answer 83

* Simplest and fastest way to run a container in Azure. * Platform as a Service (PaaS) * Serverless Containers * Designed for 1) small and simple web apps/services, 2) background jobs, 3) scheduled scripts.

Answer 84

* Open-sources container orchestration platform. * Platform as a Service (PaaS) * Highly scalable and customizable. * Designed for high-scale container deployments (anything really)

Answer 85

* Designed as an enterprise-grade web application service (web applications) * Platform as a Service (PaaS) * Supports multiple programming languages and containers

Answer 86

* Platform as a Service (Paas) * Serverless * Two hosting/pricing models 1) consumption-based plan, 2) dedicated plan. * Designed for micro/nano-services

Answer 87

* Connect cloud and on-premises * On-premise networking functionality

Answer 88

* Logically isolated networking components * Segmented into one or more subnets which cannot be nested. * Subnets are discrete sections * Enable communication of resources with each other, internet, and on-premises. * Scoped to a single region * VNET peering allows cross-region communication * Isolation, segmentation, communication, filtering, routing. * Allows customers to represent and extend their on-premise networking infrastructure on the cloud.

Answer 89

* Even traffic distriution. * Supports both inbound and outbound scenarios. * High-availability scenarios. * Both TCP (transmission control protocol) and UDP (user datagram protocol) applications. * internal and external traffic. * Port forwarding * High scale with up to millions of flows.

Answer 90

A specific type of virtual network gateway for on-premises to Azure traffic over the public internet.

Answer 91

* Web traffic load balancer * web application firewall. * redirection * session affinity * URL routing * SSL termination

Answer 92

* Defining content across web * minimize legacy * POP (points of presence)

Answer 93

* Data can be represented using tables with very strict schema. * Each row must follow a defined schema. * Some tables have defined relationships between them. * Typically used in relational databases.

Answer 94

Data can be represented using tables but without strict defined schema. Rows must only have a unique key identifier.

Answer 95

Any files in any format.

Answer 96

* These are groups of services which include 1) blob storage, 2) queue storage, 3) table storage, and 4) file storage. * Used to store 1) files, 2) messages, and 3) semistructured data. * Highly scalable (up to petabytes of data) * Highly durable (11 nines - 16 nines) * Cheapest GB storage.

Answer 97

* BLOB = binary large object - file. * Designed for storage of files of any kind * 3 storage tiers 1) Hot = frequently accessed data. 2) Cool = infrequently accessed data, 3) archive = rarely (if-ever) accessed data.

Answer 98

* Storage for small pieces of data (messages) * Designed for scalable asynchronous processing.

Answer 99

* Storage for semi-structured data (NoSWQL): no need for foreign joins, keys, relationships, or strict schema. Designed for fast access. * Many programming interfaces and SDK's

Answer 100

* Storage for files accessed via shared drive protocols. * Designed to extend on-premise file shares and implement lift-and-share scenarios.

Answer 101

* Disk emulation in the cloud. * Persistent storage for VMs * Different sizes, different types (SSD, HDD), different performance tiers. * Disks can be unmanaged or managed.

Answer 102

* A serverless web service hosting platform. It scales nicely and with consumption-based pricing, and is ideal for hosting applications with an unpredictable workload demand. * These are the least configurable.

Answer 103

Naming resource groups by application name and environment names (among others). This strategy allows customers to have separate groups per application and environment name to assign separate privileges to their employees and vendors. Making sure they don't impact each other while working with Azure.

Answer 104

one that provides the ability to specify which Availability Zone the resources are deployed into.

Answer 105

Data that can be represented using tables with very strict schema. Each row must follow a defined schema. Some tables have defined relationships between them. Typically used in relational databases.

Answer 106

Data can be represented using tables but without a strictly defined schema. Rows must only have unique key identifiers.

Answer 107

Any files in any format. i.e. binary, application, images, movies, etc.

Answer 108

* Globally distributed NoSQL (semi-structured data) DataBase service. * Schema-less * Multiple APIs (SQL, MongoDB, Cassandra, Gremlin, Table Storage) * Designed for 1) highly responsive real-time applications with super-low latencies < 10 ms. 2) multi-regional applications.

Answer 109

* Relational database service in the cloud (PaaS) (DBaaS - Database as a service. * Structured data service defined using schema and relationships. * Rich Query Capabilities (SQL) * High-performance, reliable, fully managed, and secure database for building and applications.

Answer 110

1) Azure SQL Database - reliable relational database on SQL Server. 2) Azure Database for MySQL - SQL version for MySQL database engine. 3) Azure Database for PostgreSQL - Azure SQL version for PostgreSQL database engine. 4) Azure SQL Managed Instance - Fully fledged SQL Server on Iaas. 5) Azure SQL DW (Synapse) - Massively Parallel Processing (MPP) version of SQL Server.

Answer 111

* Like an "Azure Shop" where you purchase services and solutions for the Azure platform. * Each product is a template that contains one or multiple services. * Products are delivered by first and third-party vendors. * solutions can leverage all service categories like Iaas, Paas, and Saas.

Answer 112

It is a network of internet-connected devices (IoT Devices) embedded in everyday objects enabling sending and receiving data such as settings and telemetry.

Answer 113

Telemetry automatically collects, transmits, and measures data from remote sources, using sensors and other devices to collect data.

Answer 114

* Managed service for bi-directional communication. * Platform as a Service (Paas). * Highly secure, scalable, and reliable. * Integrates with a lot of Azure Services. * Programmable SDKs for popular languages (C, C#, Java, Python, Node.js). * Multiple protocols (HTTPS, AMQP, MQTT)

Answer 115

* IoT App Platform - Software as a Service (Saas) * Industry-specific app templates * No deep technical knowledge required. * Service for connecting, management, and monitoring IoT devices * Highly secure, scalable, and reliable. * Built on top of the IoT Hub service and 30+ other services.

Answer 116

*Secure end-to-end IoT Solutions * Where developers go to build apps. (certified chips, OS based on Linux, Security Service Trusted device-to-cloud communication)

Answer 117

It is a field in tech that helps with the extraction, processing, and analysis of information that is too large or complex to be dealt with, by TRADITIONAL SOFTWARE.

Answer 118

Velocity, Volume, Variety

Answer 119

how fast data is coming in or how fast we are processing it. (batch, periodic, near real-time, real-time)

Answer 120

how much data we are processing (megabytes, gigabytes, terabytes, petabytes)

Answer 121

how structured or complex the data is (tables, databases, photo, audio, video, social media)

Answer 122

* enterprise analytics service that accelerates time to insight across data warehouses and big data systems. It brings together the best of SQL technologies used in enterprise data warehousing, Apache Spark technologies for big data, and Azure Data Explorer for log and time series analytics. * Big data analytics platform (PaaS) * Has multiple components (Spartk, Synapse SQL a) SQL pools - which are dedicated - pay for performance, b) SQL on-demand - ad-hoc- pay for processing, Synapse Pipelines - data factory, Studio - unified experience)

Answer 123

* a customizable, enterprise-grade service for open-source analytics platform. Effortlessly process massive amounts of data and get all the benefits of the broad open-source project ecosystem with the global scale of Azure. Easily migrate your big data workloads and processing to the cloud. * Flexible multi-purpose big data platform (PaaS) * Multiple technologies supported (Hadoop, spark, Kafka, HBase, Hive, Store, Machine Learning)

Answer 124

* fully managed first-party service that enables an open data lakehouse in Azure. * Big data collaboration platform (PaaS) * Unified workspace for notebook, cluster, data, access management, and collaboration. * Based on Apache Spark * Integrates very well with common Azure data services.

Answer 125

a PaaS offering that helps customers build data transformation solutions based on Apache Storm.

Answer 126

The simulation of human intelligence and capabilities by computer software.

Answer 127

* Cloud-based platform for creating, managing, and publishing machine learning models * Platform as a Service (PaaS) * Machine Learning Workspace – top-level resource * Machine Learning Studio – web portal for end-2-end development * Features: + Notebooks – using Python and R + Automated ML – run multiple algorithms/parameters combinations, choose the best model + Designer – a graphical interface for no-code development + Data & Compute – management of storage and compute resources + Pipelines – orchestrate model training, deployment, and management tasks

Answer 128

This allows customers to manage a Machine Learning Workspace using a single and concise web portal interface.

Answer 129

A feature of Azure Machine Learning that enables customers to build their machine learning pipelines visually.

Answer 130

Is a cloud-based execution environment that allows the customer to run their applications in the cloud while completely abstracting the underlying structure.

Answer 131

* For deploying custom code as a web service in Azure. * Serverless coding platform (Functions as a Service, Faas). * Designed for nano-service architectures and event-based applications. * Scales up and down very quickly. * Highly scalable. * Supports popular languages and frameworks (.NET & .NET core, Java, Node.js., Python, Powershell, etc.)

Answer 132

* Serverless enterprise integration service (PaaS) * 200+ connectors for popular services * Designed for orchestration of a) business processes, b) integration workflows for applications, data, systems, and services. * No-code solution.

Answer 133

* Route messages between services. * it is a fully managed serverless event-routing service * Uses publish-subscribe model * Designed for event-based and near-real-time applications * Supports dozen of built-in events from most common Azure services.

Answer 134

A set of practices that combine both development (Dev) and operations (Ops). It is a set of practices for building applications quickly while maintaining high quality. DevOps aims to shorten the development life cycle by providing continuous integration and delivery (CI/CD) capabilities while ensuring high-quality of deliverables.

Answer 135

* It is a collection of services for building solutions using DevOps practices * Includes the following services: + a) boards - for tracking work + b) pipelines for continuous integration and delivery workflows - building, testing, and deploying apps + c) Repos - code collaboration and versioning with Git. + d) Test Plans - manual and exploratory testing. + e) Artifacts - manage project deliverables. * Extensible with Marketplace - over 1,000 of available apps. * Evolved from TFS (Team Foundation Server), through VSTS (Visual Studio Team Services)

Answer 136

Team Foundation Server (Microsoft TFS) provides teams with tools and technologies to better collaborate and manage their projects. It's because Microsoft TFS offers a combo of version control, issue tracking, and application lifecycle management.

Answer 137

Visual Studio Team Services - Microsoft VSTS is an Application Lifecycle Management (ALM) system that helps the entire project team to capture Requirements, Agile /Traditional Project Planning, Work Item Management, Version Control, Build, Deployment, and manual Testing all in a single platform.

Answer 138

* Service for creation of sandbox environments for developers/testers (Paas) * Quick setup of self-managed virtual machines. * Preconfigured templates for VMs. * Plenty of additional artifacts (tools, apps, custom actions) * Lab policies like quotas, sizes, and auto-shutdowns. * Share and automate labs via custom images. * Premade plugins/API/tools for CI/CD pipeline automation.

Answer 139

* Public web-based interface for management of Azure platform. * Designed for self-service * Customizable * Simple tasks.

Answer 140

* Powershell and module. * Designed for automation * Multi-platform with PowerShell Core * Simple to use + Connect-AzAccount = log into Azure + Get-AzResourceGroup = list resource groups. + New-AZResourceGroup = create a new resource group + New-AzVm = create a new virtual machine

Answer 141

* command line interface for Azure * Designed for automation * Multi-platform (Python) Simple to use: + az login = log into Azure + az group list = list resource groups + az group create = create new resource groups + az vm create = create virtual machine * Native OS terminal scripting

Answer 142

* Cloud-based scripting environment * Completely free * Supports both Azure PowerShell and Azure CLI * Dozens of additional tools * Multiple client interfaces + Azure Portal integration (portal.azure.com) + Shell Portal (shell.azure.com) + Visual Studio Code Extension + Windows Terminal + Azure Mobile App + Microsoft Docs integration

Answer 143

* Personalized consultant service * Designed to provide recommendations and best practices for + Cost (SKU sizes, idle services, reserved instances, etc.) + Security (MFA settings, vulnerability settings, agent installations, inc) + Reliability (redundancy settings, soft delete on blobs, etc.) + Performance (SKU sizes, SDK versions, IT throttling, etc.) + Operational Excellence (service health, subscription limits, etc.) * Actionable recommendations * Free!

Answer 144

Proactive - offering suggestions to counter future issues, not current or past issues.

Answer 145

* Designed to filter traffic to (inbound) and from (outbound) Azure resources located in Azure Virtual Network. * Filtering controlled by rules. * Ability to have multiple inbound and outbound rules * Rules are created by specifying: + Source/Destination (IP addresses, service tags, application security groups) + Protocol (TCP, UDP, any) + Port (or port ranges i.e. 3389 for RDP, 22 for SSH, 80 for HTTP, etc) + Direction (inbound or outbound) + Priority (order of evaluation)

Answer 146

* Feature that allows grouping of virtual machines located in Azure virtual network. * designed to reduce the maintenance effort - by assigning ASG instead of explicit IP addresses.

Answer 147

Process of finding/selecting a path for traffic in one or across multiple networks.

Answer 148

* Custom (user-defined, static) routes (UDRs). * Designed to override Azure's default routing or add new routes. * Managed via Azure Route Take Resource. * Associated with Virtual Network subnets.

Answer 149

A Network security service that monitors and controls incoming and outgoing traffic.

Answer 150

* Managed, cloud-based firewall service (Paas, Firewall as a Service). * Built-in high availability. * Highly scalable. * Inbound & outbound traffic filtering rules. * Support for FQDN (fully qualified domain name, i.e. microsoft.com) * Fully integrated with Azure monitor for logging and analytics.

Answer 151

No. In this case use Azure Firewall.

Answer 152

Cyber-attach with intent to cause temporary or indefinite disruption of service.

Answer 153

DoS attach that is originating from multiple servers.

Answer 154

* DDoS protection service in Azure. * Designed to a) detect malicious traffic and block it while allowing legitimate users to connect, b) prevent additional costs for auto-scaling environment. * 2-tiers: + Basic = automatically enabled for the Azure platform. + Standard = additional mitigation and monitoring capabilities for Azure Virtual Network resources. * Standard tier uses machine learning to analyze traffic patterns for better accuracy.

Answer 155

* A user with a username and password. * Also applications or other services with secret keys or certificates. * The fact of being something or someone.

Answer 156

The process of verification/assertion of identity.

Answer 157

The process of ensuring that only authenticated identities get access to the resources for which they have been granted access.

Answer 158

The process of controlling, verifying, tracking and managing access to authorized users and applications.

Answer 159

* Identity and access management service in Azure. * Identities management - users, groups, and applications. * Access management - subscriptions, resource groups, roles, role assignments, authentication and authorization settings, etc. * Used by multiple Microsoft cloud platforms + Azure + Microsoft 365 + Office 365 + Live.com services (Skype, OneDrive, etc.)

Answer 160

* Process of authentication using more than one factor (a piece of evidence) to prove identity. * Factor types: + knowledge factor - something you know + possession factor - something you have + physical characteristic factor - something that is a part of you. + location factor - somewhere you are. * Supported by Azure AD by default (which can be turned off).

Answer 161

* Central/unified infrastructure and platform security management service. * Natively embedded in Azure services. * Integrated with Azure Advisor * 2 tiers 1) Free (Azure Defender OFF) - included in all Azure services, provides continuous assessments, security scores, and actionable security recommendations. 2) Paid (Azure Defencer ON) - hybrid security, threat protection alerts, vulnerability scanning, just-in-time (JIT) VM access, etc.

Answer 162

the visualization elements used to describe a resource or to display a form as part of a workflow.

Answer 163

It is calculated using available security recommendations. The higher the score, the more secure the environment is.

Answer 164

* Managed service for securing sensitive information (application/platform)(PaaS) * Secure storage service for keys, secrets, or certificates. * Highly integrated with other Azure Services (VMs, Logic Apps, Data Factory, Web Apps, etc) * Centralization * Access monitoring and logging.

Answer 165

No, it is not designed to replace application configuration files.

Answer 166

A collection of actions that the assigned identity will be able to perform. The definition is the answer to the question, "WHAT can be done?"

Answer 167

It is an Azure object (identity) that can be assigned to a role (i.e. users, groups, or applications). The assignment is an answer to a question of "WHO can do it?"

Answer 168

One or more Azure resources that the access applies to. It is an answer to "Where can it be done?"

Answer 169

It is a combination of the role definition, security principal, and scope.

Answer 170

* Authoritative system built on Azure Resource Manager (ARM). * Designed for fine-grained access management of Azure Resources. * Role assignment is a combo of 1) Role definition - list of permissions like create VM, delete SQL, assign permissions, etc. 2) Security Principal - user, group, service principal, and managed identity. 3) Scope - resource, resource groups, subscription, management group. * Hierarchical > Management groups > Subscriptions > Resource Groups > Resources. * Built-in and custom roles are supported.

Answer 171

* Designed to prevent accidental deletion and/or modification. * Used in conjunction with RBAC * 2 types of locks: 1) Read-only - only read actions are allowed. 2) Delete - all actions except delete are allowed. * Scopes are hierarchical or inherited. Subscriptions > Resource Groups > Resources * Management Groups cannot be locked * Only Owner and User Access Administrator roles can manage locks (these are built-in roles)

Answer 172

* Simple name (key) value pairs. * Designed to help with organization of resources * Used for resource governance, security, operations management, cost management, automation, etc. * Tyipical tagging strategies: 1) Functional - made by function (i.e. environment = production) 2) Classification - mark by policies (i.e. classification = restricted) 3) Finance/Accounting - mark for billing purposes (i.e. department = finance) 4) Partnership - mark by association of users/groups (i.e. owner = adam) * Applicable for resources, resource groups, and subscriptions. * NOT inherited by default.

Answer 173

* Designed to help with resource governance, security, compliance, cost management, etc. * Policies focus on resource properties (RBAC focused on user actions) * Policy definition defines what should happen a) Define the condition (if/else) and the effect (deny, audit, modify, etc.) b) Examples include resource types, allowed locations, allowed SKUs, inherited resource tags * Built-in and custom policies are supported. * Policity initiative - a group of policy definitions. * Policy assignment of a definition/initiative to a scope. Scopes can be assigned to a) management groups b) subscriptions c) resources groups d) resources * Policies allow for exclusions of scopes * Checked during resource creation or updates and existing ones with remediation tasks.

Answer 174

A single object that defines properties, conditions, and effects.

Answer 175

A group of policy definitions.

Answer 176

Assigning (or enabling) a policy definition.

Answer 177

* Packages of various Azure components (artifacts) a) Resource Groups b) ARM Templates c) Policy Assignments d) Role Assignments * Centralized storage for organizationally approved design patterns. * Blueprint definition - describing what should happen * Blueprint assignment - describing where it should happen aka package deployment

Answer 178

Describes a list of various Azure components and their configuration. Can be called a package or collection of Azure components.

Answer 179

Actually putting a Blueprint Definition into play.

Answer 180

It is a strategic move by an organization to leverage cloud in their business.

Answer 181

It is a set of tools, best practices, guidelines, and documentation. prepared by Microsoft to help companies with their cloud adoption journey.

Answer 182

1) Strategy 2) Plan 3) Ready 4) Adopt 5) Govern and Manage 6) Organize

Answer 183

1) Understand motivation 2) Business Outcome 3) Business Justification 4) First Project

Answer 184

* Answer the question, "WHY MOVE"? * Common motivational triggers include 1) migration a) cost savings on infrastructure b) reduction in complexity c) operational optimization d) increased business agility 2) Innovation a) reaching a global scale b) customer experience improvements c) transformation of products and service d) market disruption

Answer 185

* Answer the question WHAT TO MEASURE? * Defined, concise and observable outcome captured by a specific measure i.e. + increase in profit + increase in revenue + cost reduction + global access to customers + reaching new markets

Answer 186

* Answer the question WHAT'S MY RETURN ON INVESTMENT? * Develop a business case to validate the financial model that supports your motivations and outcomes. * Tools that support this process are + Azure TCO calculator - estimate current on-prem costs + Azure Pricing Calculator - estimate future Azure costs + Azure Cost Management - see current Azure costs

Answer 187

* Choose first project to validate your strategy (proof of concept) based on 1) Business criteria - current operations, dedicated owner, strong motivation to move. 2) Technical criteria - minimum dependencies and assets.

Answer 188

* Create an inventory of assets + Review the current landscape and list all digital assets (projects and solutions) + Choose one of the 5 R's of rationalization - Rehost - move as is; typically into containers or IaaS (VMs) - Refactor - make small code changes and move to Paas (Azure SQL, Azure App Service, etc.) - Rearchitect - make complex code changes to introduce new features or fix incompatible apps - Rebuild - create a new application using cloud-first design - Replace - review available SaaS solutions and replace legacy or unneeded applications. * Initial Organization Alignment - align people so they support your adoption plan; map people to capabilities. * Skills Readiness Plan - review current skills and address the gaps. * Cloud Adoption Plan - combine everything from steps 1 to 3 into a single cloud adoption plan.