Az-104 Flashcards by scott gausling

This expresses what to evaluate and what action to take.

Policy Definition

How well did you know this?

Not at all

Perfectly

What tool allows you to capture packet data from the Azure services you use, help you understand the flow of data in network traffic patterns, and troubleshoot network-related problems?

Azure Network Watcher

How well did you know this?

Not at all

Perfectly

Which service is designed to monitor the performance of container workloads, which are deployed to managed Kubernetes clusters, hosted on Azure Kubernetes Service (AKS)? It gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers, which are available in Kubernetes through the metrics API. Container logs are also collected.

Azure Monitor for Containers

How well did you know this?

Not at all

Perfectly

A a set or group of policy definitions to help track your compliance state for a larger goal.

Initiative Definition

How well did you know this?

Not at all

Perfectly

What records when resources are created or modified and has metrics to tell you how the resource is performing and the resources that it’s consuming?

Activity Logs

How well did you know this?

Not at all

Perfectly

What is the cloud-based identity management solution that helps your company’s internal users to access internal and external resources while keeping your user identities and applications safe?

Azure AD

How well did you know this?

Not at all

Perfectly

What represents an organization, and is where Azure AD stores your users?

Tenant

How well did you know this?

Not at all

Perfectly

What is the PowerShell Command to create New Azure VMs?

New-AzVM

How well did you know this?

Not at all

Perfectly

What reports on service problems that affect a broad set of Azure customers, and gives up to the minute information on service availability?

Azure Status

How well did you know this?

Not at all

Perfectly

What provides you with a customizable dashboard that tracks the state of your Azure services in the regions where you use them and can be used to create and manage service health alerts?

Service Health

How well did you know this?

Not at all

Perfectly

What is the score that reveals how effective your security is and gives an overall value between 1 and 223 that represents how well you match the recommendations and best practices that Microsoft suggests for tenant security?

Identity secure score in Azure AD

How well did you know this?

Not at all

Perfectly

What allows users to have the same credentials to access resources and applications both on-premises and in the cloud because the user’s password is hashed twice and synchronized between the on-premises Active Directory and Azure AD?

Azure AD password hash synchronization (PHS)

How well did you know this?

Not at all

Perfectly

What does PHS stand for?

Password Hash Synchronization

How well did you know this?

Not at all

Perfectly

What is Windows default authentication protocol that can be used across different operating systems?

Kerberos

How well did you know this?

Not at all

Perfectly

What allows an Azure AD user account to authenticate to on-premsies servers and Active Directory by way of an installed agent?

Azure AD pass-through authentication (PTA)

How well did you know this?

Not at all

Perfectly

What does PTA stand for?

Pass-Through Authentication

How well did you know this?

Not at all

Perfectly

What authentication method allows you to use advanced measures like smart card-based authentication for users?

Federated Authentication

How well did you know this?

Not at all

Perfectly

What does AD FS stand for?

Active Directory Federation Services

How well did you know this?

Not at all

Perfectly

What allows federates authentication?

The authentication process is performed by an on-premises Active Directory Federation Services (AD FS) server that validates users’ passwords.

How well did you know this?

Not at all

Perfectly

This is a workflow-based risk assessment dashboard within the Service Trust Portal that enables you to track, assign, and verify your organization’s regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Microsoft 365, Dynamics 365, and Azure

Compliance Manager

How well did you know this?

Not at all

Perfectly

What does Azure Active Directory Premium P1 give you in addition to the features of the free tier?

Users can access on-prem and cloud-based services and resources
Use of self-service group management or dynamic groups, which adds and removes users automatically based on your criteria
Supports on-prem identity management suites like Microsoft Identity Manager
Self-service password reset is also supported to on-prem users

How well did you know this?

Not at all

Perfectly

What does Azure Active Directory Premium P2 give you in addition to the features of the free and P1 tiers?

Active Directory Identity Protection

- Privileged Identity Management

How well did you know this?

Not at all

Perfectly

This feature helps you configure risk-based conditional access to protect applications from identity risks. You can also monitor and put detailed restrictions on administrators.

Active Directory Identity Protection

How well did you know this?

Not at all

Perfectly

Something that has to be identified and authenticated.

Identity

How well did you know this?

Not at all

Perfectly

These are containers for managing access, policies, and compliance across multiple Azure subscriptions. They provide a further level of classification that is above the level of subscriptions by allowing you to order your Azure resources hierarchically into collections. They give you enterprise-grade management at a large scale.

Azure Management Groups

What lets you monitor and put detailed restrictions on administrators?

Privileged Identity Management

What helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on?

Azure Monitor

What do you use to securely authenticate the user through their preferred identity provider, as well as to manage your customers' identities and access?

Azure AD B2C

What lets you add virtual machines to a domain without needing domain controllers?

Azure AD DS

What require users to pass additional authentication challenges before they access an app?

Conditional-Access Policies

What expresses what to evaluate and what action to take?

Policy Definition

What service monitors your Azure VMs at scale, by analyzing the performance and health of your Windows and Linux VMs (including their different processes and interconnected dependencies on other resources, and external processes)

Azure Monitor for VMs

What is the logical feature used to ensure that a group of related VMs are deployed so that they aren't all subject to a single point of failure and not all upgraded at the same time during a host operating system upgrade in the datacenter. These VMs should perform an identical set of functionalities and have the same software installed.

Availability Set

What helps you to automatically detect, investigate, and remediate identity risks for users? It also lets you export all the information that was collected about risks to third-party tools and solutions so that you can further analyze it.

Azure AD Identity Protection

What is the workflow-based risk assessment dashboard within the Service Trust Portal that enables you to track, assign, and verify your organization's regulatory compliance activities related to Microsoft professional services and Microsoft cloud services?

Compliance Manager

What allows you to collaborate with external users by inviting them to your Azure AD tenant?

Azure AD B2B

What is a logical group of hardware in Azure that shares a common power source and network switch?

A Fault Domain

What is the command to create a VM in Azure using CLI?

az vm create

What allows you to manage your customers' identities and access, giving them protected access to resources and services?

Azure AD B2C

What is a loosely isolated environment that allows us to build and run software packages? These software packages include the code and all dependencies to run applications quickly and reliably on any computing environment.

Container

What is the containerization platform used to develop, ship, and run containers

Docker

What are containers for managing access, policies, and compliance across multiple Azure subscriptions

Azure Management Groups

What is a set or group of policy definitions to help track your compliance state for a larger goal?

Initiative Definition

What is the process that creates secure remote access for your on-premises apps?

Azure AD Application Proxy

What does Azure AD DS stand for?

Azure Active Directory Domain Services

What is the Azure service endpoint that support sets of HTTP operations (methods), which provide create, retrieve, update, or delete access to the service's resources?

Azure REST API

What allows you to organize resources into named resource groups that let you deploy, update, or delete all of the resources together and also allows you to create templates, which can be used to create and deploy specific configurations?

Azure Resource Manager

What consists of several components configured as a client-server implementation where the client and server run simultaneously on the same host and the client communicates with the server using a REST API, which allows the client to also communicate with a remote server instance

Docker Engine

What responds to requests from the client via a REST API and can interact with other daemons and is also responsible for tracking the lifecycle of our containers?

Docker server/Dockerd daemon

What is a computer program that runs as a background process, rather than being under the direct control of an interactive user?

daemon

What are the networks, storage volumes, plugins, and other service objects that you'll create and configure to support your container deployments?

Docker objects

What is the Docker server?

a daemon named dockerd

What is the Software-as-a-Service (SaaS) Docker container registry that we use to store and distribute the container images we create?

Docker Hub

What a central location in which data is stored and managed?

Repository

What makes it possible for development teams to rapidly build and deploy new environments with the trust they're building within organizational compliance using a set of built-in components, such as networking, to speed up development and delivery?

Azure Blueprints

What is a secure point-to-point service that uses a third-party connectivity partner to provide and host circuits on your behalf?

ExpressRoute

What does Unionfs stand for?

Stackable Unification File System

What is the file system used to create Docker images?

Unionfs

What file system allows you to stack several directories, called branches, in such a way that it appears as if the content is merged but the content is physically kept separate and allows you to add and remove branches as you build out your file system?

Unionfs

What service protects your physical or virtual machines in case of failure no matter where they reside: on-premises or in the cloud

Azure Backup

What is an image that uses the Docker scratch image?

Base Image

What is an empty container image that doesn't create a filesystem layer and assumes that the application you're going to run can directly use the host OS kernel?

Scratch Image

What is the container image from which you create your images called?

Parent Image

What is the name for data that adheres to a strict schema, so all of the data has the same fields or properties?

Structured/Relational Data

What is the name of data where the fields do not neatly fit into tables, rows, and columns so it contains tags that make the organization and hierarchy of the data apparent?

Semi-Structured Data

What is a logical group of database operations that execute together?

A Transaction

What kind of database supports semi-structured data, or NoSQL data, by design?

Azure Cosmos DB

What are small applications that allow you to configure and automate tasks on Azure VMs after initial deployment?

Azure VM Extensions

What do you get with the Azure Active Directory Free tier?

- Manage users and groups - On-premises AD synchronization - Self-service password reset for Azure AD users (not on-prem AD) - Basic reports - Single sign on for Microsoft 365, Azure Services, and many third-party SaaS applications

What is the value between 1 and 223 given by Azure AD that reveals how effective your security is by showing how well you match the recommendations and best practices that Microsoft suggests for tenant security?

Identity Secure Score

What are the JSON files that define the resources you need to deploy for your solution called?

Resource Manager Templates

What are the advantages of using Azure Backup?

1. Unlimited data transfer 2. Data encryption 3. Application-consistent backups 4. Long-term retention 5. Automatic storage management 6. High availability due to unlimited scaling 7. Multiple storage options: locally redundant vs geo-redundant storage 8. Pay-as-you-use model

What is the name given to a recovery point that has all required data to restore the backup copy?

Application-Consistent Backup

What is a backup as a service offering that protects physical or virtual machines no matter where they reside: on-premises or in the cloud through the use of Azure Recovery Services?

Azure Backup

What is a storage entity in Azure that houses data which is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations?

Azure Recovery Services Vault

What replicates workloads from a primary site to a secondary location, so in the case of an outage at your primary site, you can fail over to a secondary location?

Azure Site Recovery

What are the benefits of Azure Site Recovery?

1. Uses Azure as your recovery site, eliminating the cost and complexity of maintaining a secondary physical data center 2. Makes it incredibly simple to test failovers for recovery drills without impacting your production environments

What is the reference architecture where (usually) an Azure virtual network acts as a central connection point between the cloud and on-premises network?

Azure Hub-Spoke

What is used to capture packet data from the Azure services you use, help you understand the flow of data in network traffic patterns, and troubleshoot network-related problems on your network?

Azure Network Watcher

What is an architecture where multiple tenants share the same physical instance of the app, and although tenants share physical resources (such as VMs or storage), each tenant gets its own logical instance of the app?

Azure Multi-Tenant

What is a domain that you customize for your Azure AD directory?

Custom Domain

What role do you use to manage all resources in Azure, including the access levels that users need for resources?

Owner Role

What role gives you access to all administrative capabilities in Azure AD and is automatically granted to the creator of a tenant?

Global Administrator

What provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication? - These Azure services remove the need to deploy, manage, and patch domain controllers (DCs) in the cloud

Azure AD DS

What does Azure AD DS stand for?

Azure Active Directory Domain Services

What require users to pass additional authentication challenges, such as multi-factor authentication, before they access an app?

Conditional-Access Policies

What notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime, and allows you to configure customizable cloud alerts and use your personalized dashboard to analyze health issues?

Azure Service Health

What helps you diagnose and get support for service problems that affect your Azure resources and reports on the current and past health of your resources?

Azure Resource Health

Is RBAC or Azure Policy default allow and explicit deny?

Azure Policy

What allows users to be added and removed from groups automatically based on your criteria?

Dynamic Groups

In Azure AD what allows users elevated access to control who is allowed to do what?

Administrator roles

What are the Powershell and Azure CLI commands for creating a new user in Azure AD?

PS - New-AzureADUser | CLI - az ad user create

What Azure AD role allows you to create and modify users in Azure AD?

User Administrator

What type of account does a native member of the Azure AD organization that has a set of default permissions like being able to manage their profile information have?

Member User Account

What type of account has restricted Azure AD organization permissions and is given to someone invited to collaborate with your organization?7

Guest Users Account

When a user is deleted, how long does the account remain in a suspended state that allows the user to be restored?

30 days

What are the PowerShell and Azure CLI commands for creating a new user in Azure?

PS - New-AzureADUser | CLI - az ad user create

What is used to manage Azure AD-related resources like users, groups, billing, licensing, application registration and more?

Azure AD Roles

What is used to manage access to Azure resources like virtual machines, SQL databases, or storage?

RBAC Roles

What is assigning a user the required access rights by directly assigning a role that has those access rights?

Direct Assignment

What is assigning a group the required access rights, and members of the group will inherit those rights?

Group Assignment

What is using rules to determine a group membership based on user or device properties?

Rule-Based Assignment

What is Microsoft's cloud-based identity and access management service which provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks?

Azure AD

What represents the organization and the default directory assigned to it?

Tenant

What service allows you to synchronize a traditional Active Directory with your Azure AD instance?

Azure AD Connect

How do most enterprises add users to their Azure directory?

Azure AD Connect

Why do most Enterprises sync their on-premises Active Directory to Azure AD?

So their users can use single-sign-on (SSO) to access local and cloud-based resources

How do you manually add new users to your directory in Azure?

You can manually add new users through the Azure portal, but you need to be in the User Administrator role to perform this function

What groups provide collaboration opportunities by giving members access to a shared mailbox, calendar, files, SharePoint site, and more?

Microsoft 365 Groups

Which role has full access to all resources, including the right to delegate access to others?

Owner Role

Which role can create and manage all types of Azure resources but can’t grant access to others?

Contributor Role

Which role can only view existing Azure resources?

Reader Role

How data operations are specified, either with or separately from management operations, preventing current role assignments with wildcards (*) from suddenly having access to data.

DataActions and NotDataActions Properties

What tier of Azure AD is required for custom role creation?

Azure AD Premium P1 or P2

What is the free tool you can download and install to synchronize your local AD with your Azure directory?

Azure AD Connect

What component is responsible for creating users, groups, and other objects, and also makes sure that identity information for your on-premises users and groups matches that in the cloud?

Azure AD Connect

What's included in Azure AD Connect?

1. Syncing your on-Premises AD to your Azure AD 2. Health Monitoring 3. Active Directory Federation Services (AD FS) 4. Password hash synchronization 5. Pass-through authentication

What can be used to address complex deployments, such as domain join SSO, enforcement of the Active Directory sign-in policy, and smart card or third-party multi-factor authentication?

AD Federation Services (AD FS)

What feature is a sign-in method that synchronizes a hash of a user’s on-premises Active Directory password with Azure AD?

Password Hash Synchronization

What allows users to sign in to both on-premises and cloud-based applications using the same passwords and allows organizations to enforce their security and password complexity policies?

Pass-Through Authentication

What role can manage access to Azure resources?

User Access Administrator Role

What are the RBAC roles?

1. Owner 2. Contributor 3. Reader 4. User Access Administrator

What Azure AD tier is required for the use of Dynamic User Membership?

Azure AD Premium P1 or P2

What are the Azure AD Roles?

1. Global Administrator 2. User Administrator 3. Billing Administrator

What are the different Azure scope levels?

1. Management Group 2. Subscription 3. Resource Group 4. Resource

What are the different ways to access Azure role information?

1. Azure Portal 2. Command Line - PowerShell or Azure CLI 3. Azure Resource Manager Templates 4. REST API

What is the logical container for anything you create in an Azure subscription like virtual machines, Application Gateways, and CosmosDB instances?

Resource Groups

What provides fine-grained access management for Azure resources, enabling you to grant users the specific rights they need to perform their jobs?

RBAC - Role Based Access Control

What tier of Azure AD grants you access to use the RBAC service?

RBAC is considered a core service and is included with all subscription levels at no cost

How does RBAC defines access?

RBAC uses an allow model for access. When you are assigned to a role, RBAC allows you to perform specific actions, such as read, write, or delete. Therefore, if one role assignment grants you read permissions to a resource group, and a different role assignment grants you write permissions to the same resource group, you will have both read and write permissions on that resource group.

What is a setting that can be applied to any resource to block modification or deletion?

Resource Locks

What are the different types of resource locks?

1. Delete - will allow all operations against the resource but block the ability to delete it 2. Read-Only - will only allow read activities to be performed against it, blocking any modification or deletion of the resource

What can resource locks be applied to?

1. Subscriptions 2. Resource Groups 3. Individual Resources

How many Azure AD directories can a subscription be associated with?

How many subscriptions can an Azure AD directory be associated with?

Many

What is the authorization system built on Azure Resource Manager that provides fine-grained access management of resources in Azure, allowing you to grant the exact access that users need for their jobs?

RBAC (Role-Based Access Control)

What are the possible scopes of a role assignment?

1. Subscription 2. Resource Group 3. Single Resource

What is the name for a user, group or application that you want to grant access to?

Security Principal

What component of Azure AD Connect is responsible for creating users, groups, and other objects, and making sure that identity information for your on-premises users and groups matches that in the cloud?

Sync Services

What is a collection of permissions that lists the permissions that can be performed, such as read, write, and delete?

Role or Role Definition

What role has full access to all resources, including the right to delegate access to others?

Owner

What role can create and manage all types of Azure resources, but can’t grant access to others?

Contributor

What role can view existing Azure resources?

Reader

What role lets you manage user access to Azure resources?

User Access Administrator

What is the process of binding a role to a security principal at a particular scope, for the purpose of granting access?

Role Assignment

What countries are in Azure Billing Zone 1?

United States, US Government, Europe, Canada, UK, France, Switzerland

What countries are in Azure Billing Zone 2?

East Asia, Southeast Asia, Japan, Australia, India, Korea

What countries are in Azure Billing Zone 3?

Brazil, South Africa, UAE

What countries are in Azure Billing DE Zone 1?

Germany

What is the free service built into Azure that provides recommendations on high availability, security, performance, operational excellence, and cost by analyzing your deployed services and looking for ways to improve your environment across each of these areas

Azure Advisor

What built-in Azure tool can be used to gain greater insights into where your cloud money is going by showing you historical breakdowns of what services you are spending your money on and how it is tracking against budgets that you have set?

Azure Cost Management

What built-in Azure tool allows you to set budgets, schedule reports, and analyze your cost areas?

Azure Cost Management

Which Azure tool might help you consider purchase and licensing optimizations or infrastructure deployment changes based on your findings?

Cost Analysis Tool

What does Azure Advisor provide recommendations on?

1. High availability 2. Security 3. Performance 4. Operational excellence 5. Cost

What Azure Resources can be moved?

1. Azure storage accounts 2. Azure virtual machines 3. Azure virtual networks

What Azure resources can not be moved?

1. Azure Active Directory domain services 2. Azure Backup vaults 3. Azure App Service gateways

What are some important factors to consider when moving virtual machines in Azure?

If you want to move a virtual machine, all of its dependents must go with it. You can't move virtual machines with certificates in Azure Key Vault between subscriptions. You can't move virtual machine scale sets with standard load balancers or a standard public IP. You can't move any managed disks that are in availability zones to different subscriptions.

What are some important factors to consider when moving networking resources in Azure?

When moving a virtual network, you must also move its dependent resources For VPN Gateways, you must move IP addresses, virtual network gateways, and all associated connection resources Local network gateways can be in a different resource group

What else must be moved when moving a virtual machine with a network interface card?

1. All dependent resources 2. The virtual network for the network interface card 3. All other network interface cards for the virtual network 4. The VPN gateways

Does the location of the resource change when being moved?

No, if you have a storage account in the East US region, and you move it to another resource group, it keeps its East US region location.

How do you move a peered virtual network?

To move a peered virtual network, you must first disable the virtual network peering. Once disabled, you can move the virtual network. After the move, reenable the virtual network peering.

What do you need to know about how subnet links affect moving resources?

You can't move a virtual network to a different subscription if the virtual network contains a subnet with resource navigation links.

What should you do before attempting to move a resource?

You should test whether it will be successful by calling the validate move operation from the Azure REST API.

What helps you control the devices that you add to your organization's Azure AD instance?

Device identity in Azure AD

What allows you to "Bring Your Own Device" where security is typically provided from a password, a PIN, a pattern, or Windows Hello?

Azure AD Registered

What allows users to access your cloud-based Azure AD instance through their work account on devices owned by your organization?

Azure AD Joined

What allows users access to an organization's on-premises and cloud resources, where the users devices and Azure AD accounts belong to that organization?

Hybrid Azure AD Joined

What uses data from sources known as signals, validates them against a user-definable rule base, and chooses the best outcome to enforce your organization's security policies?

Conditional Access in Azure AD

What allows you to join devices to your Azure Active Directory organization without needing to sync with an on-premises Active Directory instance?

Azure AD Join

What devices does Azure AD Join work with?

Windows 10 or Windows Server 2019 devices

What type of environment uses pass-through authentication or password hash sync to provide single sign-on (SSO) to your devices?

Managed Environment

What type of environments require the use of an identity provider that must support the WS-Trust and WS-Fed protocols for Azure AD join to work natively with Windows devices?

Federated Environments

What two protocols must be supported by the identity provider for Azure AD join to work natively with Windows devices?

1. WS-Fed is required to join a device to Azure AD. | 2. WS-Trust is needed to sign in to an Azure AD joined device.

What authentication methods aren't valid ways to join devices to Azure AD, but can be used to sign in to Azure AD joined devices, if you have Active Directory Federation Services configured?

Smart Cards and Certificate-Based Authentication

What additional setup step is required when using manual user configuration to create users in your on-premises Active Directory instance?

You need to synchronize the accounts to Azure AD by using Azure AD Connect.

What provides a means to enforce organization-required configurations like requiring storage to be encrypted, password complexity, software installations, and software updates?

Device Management and/or Mobile Device Management (MDM)

What are the two approaches to Azure AD joined devices?

1. MDM Only | 2. Co-Management

What is the Azure AD join approach where all joined devices are managed exclusively through a provider, like Intune?

MDM Only Approach

What is the Azure AD join approach where all joined devices use a combination of a locally installed System Center Configuration Manager agent and your MDM provider to manage devices?

Co-Management Approach

What needs to be done to grant access to on-premises web applications?

Each user needs to add the app to their trusted sites or intranet zone, depending on where the app exists.

What two groups can the Azure Data Box family be divided into?

1. Offline data transfer | 2. Online data transfer

What allows you to move large amounts of data to Azure whenever you have time, network bandwidth, or cost constraints so you don't tie up your organization's network bandwidth while shifting the vehicle data to Azure?

Offline Data Transfer

Which offline data transfer option provides one ~35-TB transfer to Azure usingUSB?

Data Box Disk

Which offline data transfer option provides one ~80-TB transfer to Azure per order using standard network interface protocols like SMB and NFS?

Data Box

Which offline data transfer option provides one ~800-TB transfer to Azure using high-throughput network interfaces to connect and copy data to the device with standard network interface protocols like SMB and NFS?

Data Box Heavy

What are the three offline data transfer options?

1. Data Box Disk 2. Data Box 3. Data Box Heavy

What enables a link between your on-premises assets and Azure in order to transfer huge amounts of Data to Azure?

Online Data Transfer

What device is a dedicated appliance with 12 TB of local SSD storage that can preprocess and run machine learning on data before uploading it to Azure?

Data Box Edge

What device is an entirely virtual appliance that is based on a virtual machine that you provision in your on-premises environment?

Data Box Gateway

What Azure service enables you to organize, move, and transform large quantities of data from many different sources?

Azure Data Factory

How does Azure Data Factory work?

In Data Factory, you create data pipelines that ingest data from relational databases, NoSQL databases, and other systems. You can use Azure Machine Learning, Hadoop, Spark, and other services to process and transform that data. Then, at the end of the pipeline, you can publish the transformed data to Azure SQL Data Warehouse, Azure SQL Database, Azure Cosmos DB, and Azure Storage.

What allows you to extend your on-premises file shares into Azure by working with your existing on-premises file shares to expand your storage capacity and provide redundancy in the cloud?

Azure File Sync

What is an optional feature of Azure File Sync that allows frequently accessed files to be cached locally on the server?

Cloud Tiering

What is the high-level Azure resource for Azure File Sync, is a peer of the storage account, and can also be deployed to Azure resource groups?

Storage Sync Service

What outlines the replication topology for a set of files or folders?

Sync Group

How does a sync group work?

All endpoints located in the same sync group are kept in sync with each other. If you have different sets of files that must be in sync and managed with Azure File Sync, you would create two sync groups and different endpoints.

What represents the trust relationship between the on-premises server and the Storage Sync Service?

A server being registered to the Storage Sync Service

What is the downloadable package that enables Windows Server to be synced with an Azure file share?

Azure File Sync Agent

What are the three components of the Azure File Sync agent?

1. FileSyncSvc.exe. Service that monitors changes on endpoints. 2. StorageSync.sys. Azure file system filter driver. 3. PowerShell management cmdlets.

What represents a specific location on a registered File Sync server, like a folder on a local disk?

Server Endpoint

What is the name for the Azure file share that is part of a sync group?

Cloud Endpoint

What are the system requirements for you local file server in order to use Azure File Sync?

1. Operating system: Windows Server 2012 R2 or newer 2. Memory: 2 GB of RAM or more 3. Patches: Latest Windows patches applied 4. Storage: Locally attached volume formatted in the NTFS file format

What features does NTFS support?

1. Access Control Lists (ACLs) 2. NTFS Compression 3. Sparse Files

What is the advantage of using sparse files?

Sparse files are stored in a more efficient way than normal files.

What in Azure is used to store the file share where all Azure Storage data objects are stored?

Storage Account

What are the main Azure Storage data objects that are stored in a storage account?

1. Blobs 2. Files 3. Queues 4. Disks

What do you specify to control the size of your Azure file share?

Quota Size

What is responsible for establishing trust between your company's server and Azure allowing you to connect the file share in Azure with the file directory on your server?

Storage Sync Service

What must a sync group contain in order to function?

1. One cloud endpoint that represents an Azure file share | 2. One or more server endpoints that map to a path on a registered Windows file server

How does the sync group manage the storage sync process?

By using metadata stored in a hidden folder: .SystemShareInformation. Don't delete this folder.

What is the link to the Azure portal?

portal.azure.com

What do most Azure CLI commands begin with?

What are the 5 types of Azure Storage Replication?

1. LRS - Locally-Redundant Storage 2. ZRS - Zone-Redundant Storage 3. GRS - Geo-Redundant Storage 4. RA-GRS - Read-Access Geo-Redundant Storage 5. Object Replication for Block Blob Storage

How long do you have to recover files with a soft delete?

6 days

How does a SAS Shared Access Signature work?

Token signed by keys

What is the container that groups a set of Azure Storage services together.

Azure Storage Account

What Azure Storage services can be grouped into Azure Storage?

1. Azure Blobs 2. Azure Files 3. Azure Queues 4. Azure Tables

What defines a policy that applies to all the storage services in the account?

Storage Account Settings

What settings can be controlled by a storage account?

1. Subscription 2. Location 3. Performance 4. Standard vs Premium

What is the difference between the standard and premium storage account settings?

Standard allows you to have any data service (Blob, File, Queue, Table) and uses magnetic disk drives, while premium introduces additional services for storing data.

What determines the strategy used to make copies of your data to protect against hardware failure or natural disaster?

Data Replication

What is the minimum number of copies of your data that Azure will maintain within a storage account's data center?

What controls how quickly you will be able to access the blobs in this storage account?

Access Tier

What is the security feature that determines the supported protocols for access to storage?

Secure Transfer Required

What is the storage security feature that allows inbound access requests only from the virtual network(s) you specify?

Virtual Networks

What is the system Azure uses to organize your resources and defines the API that you use to create, configure, and manage those resources?

Deployment Model

What are the 3 Azure Storage Account types?

1. StorageV2 (general purpose v2): the current offering that supports all storage types and all of the latest features Recommended 2. Storage (general purpose v1): a legacy kind that supports all storage types but may not support all features 3. Blob storage: a legacy kind that allows only block blobs and append blobs

What are the two Azure Deployment Model types?

1. Resource Manager: the current model that uses the Azure Resource Manager API 2. Classic: a legacy offering that uses the Azure Service Management API

What deployment model and account kind should you use for all newly created storage accounts?

The core advice here is to choose the Resource Manager deployment model and the StorageV2 (general purpose v2) account kind for all your storage accounts. The other options still exist primarily to allow existing resources to continue operation. For new resources, there are few reasons to consider the other choices.

What is the one disk in each virtual machine that contains the operating system files?

OS Disk

What type of virtual disks can be added to a virtual machine to store data?

Data Disk

What type of virtual disk is used for short-term storage applications such as page files and swap files?

Temporary Disk

What type of disk has faster read-and-write latency than a managed disk and is also faster to reset the image to the original boot state if you're using an ephemeral disk?

Ephemeral OS Disks

What is a virtual hard disk for which Azure manages all the required physical infrastructure and since Azure takes care of the underlying complexity they are easy to use?

Managed Disks

How are virtual hard disks stored in Azure?

They are stored as page blobs in an Azure Storage account, but you don't have to create storage accounts, blob containers, and page blobs yourself or maintain this infrastructure later.

How many managed disks can you create per region and type within you subscription?

50,000

What % of availability do managed disks support and how does it accomplish this?

1. 99.999% | 2. By storing data 3 times

What do you use to protect sensitive data on a managed disk from unauthorized access?

1. Azure Storage Service Encryption (SSE) 2. Azure Disk Encryption (ADE), which uses BitLocker for Windows virtual machines, and DM-Crypt for Linux virtual machines

What measure the rate at which the disk can complete a mix of read and write operations?

Input/output operations per second (IOPS)

What measures the rate at which data can be moved onto the disk from the host computer and off the disk to the host computer and is measured in MBps?

Throughput (AKA Data Transfer Rate)

What provides the highest disk performance available in Azure.

Ultra SSD

What are the Ultra SSD limitations?

1. They're only available in a subset of Azure regions. 2. They can only be attached to virtual machines that are in availability zones. 3. They can only be attached to ES/DS v3 virtual machines. 4. They can only be used as data disks and can only be created as empty disks. 5. They don't support disk snapshots, virtual machine images, scale sets, Azure Disk Encryption, Azure Backup, or Azure Site Recovery

What is the next tier down from ultra disks in terms of performance, but still provide high throughput and IOPS with low latency without the limitations?

Premium SSD

What is a cost-effective storage option for virtual machines that need consistent performance at lower speeds? (but they still have latencies in the range of 1 millisecond to 10 milliseconds and up to 6,000 IOPS)

Standard SSD

Which storage option stores data on conventional magnetic disk drives with moving spindles?

Standard HDD

What type of storage replication copies your data three times across separate racks of hardware in a datacenter, inside one region so even if there's a hardware failure, or if maintenance work is happening in the datacenter, this replication type ensures data is available for use?

Locally redundant storage (LRS)

What type of storage replication copies your data three times within one region, and three times in a secondary region that's paired with it so if your primary region is experiencing an outage, your secondary region is available for use?

Geographically Redundant Storage (GRS)

What type of storage replication grants you read access from your secondary region even if the primary region hasn't failed?

Read-Access Geo-Redundant Storage (RA-GRS)

What type of storage replication copies your data in three storage clusters in a single region where each cluster is in a different physical location and is considered as a single availability zone? Each cluster uses its own separate utilities for things like networking and power so if one datacenter is experiencing outage, your data remains accessible.

Zone-Redundant Storage (ZRS)

What type of storage replication combines the high availability benefits of ZRS with GRS so your data is copied across three availability zones in one region as well as replicated three times to another secondary region that's paired with it so your zone-redundant data is also secure from regional level outage?

Geo-Zone-Redundant Storage (GZRS)

What type of storage replication uses the same replication method as GZRS but lets you read from the secondary region even if your primary isn't experiencing downtime?

Read-Access Geo-Zone-Redundant Storage (RA-GZRS)

What is it when an Azure region is paired with another in the same geographical location to protect against regional outage and are used with GRS and GZRS replication types?

Paired Regions

What do you use to avoid downtime or data loss when migrating your data to an account that uses ZRS, GZRS, or RA-GZRS?

Live Migration

What are the limitations for live migrations?

1. Unlike a manual app, you won't know exactly when a live migration will complete. 2. Data can only be migrated to the same region. 3. Live migration is only supported for data held in standard storage account types. 4. If your account contains a large file share, live migration to GZRS isn't supported.

What are the limitations for live migrations?

Once the failover process is complete, what type of storage replication will you be using?

Locally Redundant Storage (LRS)

What should be used to track the health status of Azure Storage and other Azure services?

Azure Service Health

What is used to automatically encrypt all data written to Azure Storage?

Storage Service Encryption (SSE) with a 256-bit Advanced Encryption Standard (AES) cipher

How does Azure let you encrypt virtual hard disks?

By using Azure Disk Encryption which uses BitLocker for Windows images, and dm-crypt for Linux

What automatically stores keys to help you control and manage the disk-encryption keys and secrets so even if someone gets access to the VHD image and downloads it, they can't access the data on the VHD?

Azure Key Vault

What is the optional flag that you can enable on storage accounts that adds the appropriate headers when you use HTTP GET requests to retrieve resources from the Storage account?

CORS Support

Az-104 Flashcards

(261 cards)