Architecture and Services (35%-40%) Flashcards
What are Azure regions, and what are region pairs?
- Regions are geographical areas with multiple datacenters connected by low-latency networks.
- Region pairs are two regions within the same geography, at least 300 miles apart, providing redundancy and disaster recovery.
Describe Azure regions, region pairs, and sovereign regions.
What are Azure sovereign regions, and why are they used?
Sovereign regions, like US Gov and China Azure, are isolated Azure instances for compliance and legal requirements.
These regions are operated under specific jurisdictional controls.
Describe Azure regions, region pairs, and sovereign regions.
What are Azure availability zones?
Availability zones are physically separate datacenters within a region, each with independent power, cooling, and networking, ensuring high availability and resiliency against failures.
Describe availability zones.
What is the role of Azure datacenters?
Datacenters house physical resources like servers, cooling, and networking. Azure organizes datacenters into regions and availability zones to ensure performance, reliability, and scalability.
Describe Azure datacenters.
What are Azure resources and resource groups?
Resources are the basic building blocks of Azure (e.g., VMs, Storage account, databases).
Resource groups organize resources for easy management; actions on a group apply to all its resources.
Resource - An Azure service you have access to
Describe Azure resources and resource groups.
What are Azure subscriptions, and how are they used?
Subscriptions manage Azure services, resources, and billing. They act as boundaries for billing and access control, allowing separate environments for development, production, or departments.
Describe subscriptions.
What are Azure management groups, and why are they useful?
Management groups are containers for organizing multiple subscriptions. They enable unified policy, governance, and access management across subscriptions.
Describe management groups.
What is the hierarchy of Azure resource groups, subscriptions, and management groups?
Resources belong to resource groups, which are contained in subscriptions.
Subscriptions are organized under management groups for enterprise-scale governance.
Top - Management Groups > Subscriptions > Resource Groups > Resources
Describe the hierarchy of resource groups, subscriptions, and management groups.
Azure Compute Types
- Virtual Machines (VM)
- VM Scale Sets (VMSS)
- App services (Web Apps)
- Azure Container Instances (ACI)
- Azure Container Apps
- Azure Kubernetes Service (AKS)
- Azure Virutal Desktop
What are Azure Virtual Machines, and what are their common use cases?
Azure VMs provide full control over OS and software.
Use cases include testing, running cloud applications, disaster recovery, and extending on-premises datacenters.
Describe virtual machine options, including Azure virtual machines, Azure Virtual Machine Scale Sets, availability sets, and Azure Virtual Desktop.
What are Azure Virtual Machine Scale Sets, and how do they work?
Scale sets manage a group of identical, load-balanced VMs. They auto-scale based on demand, deploy load balancers, and ensure efficient resource use.
Two or more virtual machines running the exact same code
Describe virtual machine options, including Azure virtual machines, Azure Virtual Machine Scale Sets, availability sets, and Azure Virtual Desktop.
What are availability sets, and how do they enhance resiliency?
Availability sets use fault domains (separate power/network sources) and update domains (staggered reboots) to ensure uptime during failures or maintenance.
Multiple VMs with identical function using fault+update domains
Describe virtual machine options, including Azure virtual machines, Azure Virtual Machine Scale Sets, availability sets, and Azure Virtual Desktop.
What is Azure Virtual Desktop, and what are its benefits?
Azure Virtual Desktop offers cloud-hosted Windows desktops, enabling centralized security, role-based access control, and multi-session support.
Describe virtual machine options, including Azure virtual machines, Azure Virtual Machine Scale Sets, availability sets, and Azure Virtual Desktop.
What is Azure App Service, and what application hosting styles does it
Azure App Service hosts web apps (PaaS), API apps, mobile back ends, and WebJobs with features like auto-scaling, high availability, and support for multiple languages.
Describe application hosting options, including web apps, containers, and virtual machines.
What are the differences between containers, virtual machines, and functions?
- Virtual Machines: Full OS and hardware emulation; customizable but resource-intensive.
- Containers: Lightweight, share OS, and scale quickly; ideal for microservices.
- Functions: Event-driven, serverless, and auto-scale; pay only for execution time.
Compare compute types, including containers, virtual machines, and functions.
What is the purpose of Azure virtual networks (VNets)?
Azure virtual networks enable secure communication between Azure resources, the internet, and on-premises networks, acting as an extension of your on-premises network.
Describe virtual networking, including the purpose of Azure virtual networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and ExpressRoute
What are Azure subnets, and why are they used?
Subnets divide a virtual network into smaller segments to improve organization, security, and traffic control within the VNet.
Describe virtual networking, including the purpose of Azure virtual networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and ExpressRoute
What is VNet peering, and what is its purpose?
VNet peering connects two Azure VNets (connecting 2 subnets together), enabling them to communicate privately and securely over the Microsoft backbone network without using the public internet.
Describe virtual networking, including the purpose of Azure virtual networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and ExpressRoute
What is Azure DNS, and what benefits does it provide?
Azure DNS is a DNS hosting service that provides reliable and scalable domain name resolution, with features like private domains, role-based access, and alias records.
DNS only applies internally to Azure to applied networks
Describe virtual networking, including the purpose of Azure virtual networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and ExpressRoute
What is Azure VPN Gateway, and how is it used?
Azure VPN Gateway connects Azure VNets to on-premises networks via secure, encrypted tunnels over the public internet for site-to-site (Called VPN peering), point-to-site, or VNet-to-VNet communication.
Describe virtual networking, including the purpose of Azure virtual networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and ExpressRoute
What is Azure ExpressRoute, and how does it differ from a VPN Gateway?
Azure ExpressRoute provides private, high-speed connections from your ISP to Azure without using the public internet, offering higher security, faster speeds, and consistent latencies compared to VPN Gateway.
Describe virtual networking, including the purpose of Azure virtual networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and ExpressRoute
What is the difference between public and private endpoints in Azure?
Public endpoints have public IPs for global access
Private endpoints use private IPs within a VNet for secure internal communication.
Define public and private endpoints
What is a BLOB storage?
Binary Large Object
* Can put file types of any types
* Stored Loosely in a container
* Unstructured data
Compare Azure storage services.
What are the 4 Storage Tiers?
- Hot: For frequently accessed, active data. (e.g., website assets).
- Cool: For infrequently accessed data with lower storage costs for at least 30 days (e.g., invoices).
- Cold: For infrequently accessed data stored for at least 90 days.
- Archive: For rarely accessed data with the lowest storage costs for at least 180 days (e.g., backups).
Describe storage tiers.
What tools can you use to move files to or from Azure?
- AzCopy: Command-line utility for copying files.
- Azure Storage Explorer: GUI tool for managing Azure storage.
- Azure File Sync: Syncs Windows file servers with Azure Files.
Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure File Sync.
What are the redundancy options for Azure storage?
-
LRS (Locally Redundant Storage):
Saves 3 copies of your data in one building. Good for basic protection, but if the whole building has an issue (like a fire), the data is lost. -
ZRS (Zone-Redundant Storage):
Saves 3 copies of your data in different buildings (zones) within the same region. If one building fails, your data is still safe. -
GRS (Geo-Redundant Storage):
Saves 3 copies in one building (like LRS) and also sends a copy to a faraway region. Protects against regional disasters but can only read the backup if you manually switch to it. -
GZRS (Geo-Zone-Redundant Storage):
Saves 3 copies in different buildings (like ZRS) and also sends a copy to a faraway region. Offers the best protection against zone and regional disasters.
Describe redundancy options.
What is Azure Migrate, and what does it provide?
Azure Migrate is a unified migration platform offering tools for discovery, assessment, and migration of on-premises servers, databases, and apps to Azure.
Describe migration options, including Azure Migrate and Azure Data Box.
What is Azure Data Box, and when should it be used?
Azure Data Box is a physical device for transferring large data volumes (40+ TB) to or from Azure when network connectivity is limited or unavailable.
Describe migration options, including Azure Migrate and Azure Data Box.
What is Microsoft Entra ID?
Microsoft Entra ID is a service that helps people sign in and use cloud apps securely, offering features like password resets and single sign-on.
Describe directory services in Azure, including Microsoft Entra ID and Microsoft Entra Domain Services.
What is Microsoft Entra Domain Services?
Formally known as Azure Active Directory
It provides tools like domain join and group policies, so you can use older apps in Azure without managing servers yourself.
Describe directory services in Azure, including Microsoft Entra ID and Microsoft Entra Domain Services.
What is multifactor authentication (MFA), and why is it important?
MFA adds extra security by asking for two or more proofs, like a password and a phone code
Describe authentication methods in Azure, including single sign-on (SSO), multifactor authentication (MFA), and passwordless.
What is single sign-on (SSO)
SSO lets you log in once and access multiple apps without needing to sign in again.
Describe authentication methods in Azure, including single sign-on (SSO), multifactor authentication (MFA), and passwordless.
What is the Zero Trust security model?
Zero Trust assumes no one can be trusted and checks every request for access.
Describe the concept of Zero Trust.
What is Microsoft Entra Conditional Access?
It lets you control access based on things like location or device, making it safer and more flexible.
Describe Microsoft Entra Conditional Access.
What is Azure Role-Based Access Control (RBAC)?
Azure RBAC lets you give people only the access they need to do their job.
Describe Azure Role Based Access Control (RBAC).
What is the purpose of the defense in depth model?
It adds layers of security to slow down attackers and protect your data.
Describe the purpose of the defense in depth model.
What is Microsoft Defender for Cloud?
It’s a tool that checks for threats, helps secure resources, and gives alerts if something’s wrong.
Describe the purpose of Microsoft Defender for Cloud.
What is passwordless authentication, and what are its benefits?
It replaces passwords with things like fingerprints or PINs, making logins safer and easier.
Describe authentication methods in Azure, including single sign-on (SSO), multifactor authentication (MFA), and passwordless.
What are external identities in Azure?
External identities let people outside your organization log in using their own accounts, like Google or Facebook.
Describe external identities and guest access in Azure.
