Az-104 Flashcards
This expresses what to evaluate and what action to take.
Policy Definition
What tool allows you to capture packet data from the Azure services you use, help you understand the flow of data in network traffic patterns, and troubleshoot network-related problems?
Azure Network Watcher
Which service is designed to monitor the performance of container workloads, which are deployed to managed Kubernetes clusters, hosted on Azure Kubernetes Service (AKS)? It gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers, which are available in Kubernetes through the metrics API. Container logs are also collected.
Azure Monitor for Containers
A a set or group of policy definitions to help track your compliance state for a larger goal.
Initiative Definition
What records when resources are created or modified and has metrics to tell you how the resource is performing and the resources that it’s consuming?
Activity Logs
What is the cloud-based identity management solution that helps your company’s internal users to access internal and external resources while keeping your user identities and applications safe?
Azure AD
What represents an organization, and is where Azure AD stores your users?
Tenant
What is the PowerShell Command to create New Azure VMs?
New-AzVM
What reports on service problems that affect a broad set of Azure customers, and gives up to the minute information on service availability?
Azure Status
What provides you with a customizable dashboard that tracks the state of your Azure services in the regions where you use them and can be used to create and manage service health alerts?
Service Health
What is the score that reveals how effective your security is and gives an overall value between 1 and 223 that represents how well you match the recommendations and best practices that Microsoft suggests for tenant security?
Identity secure score in Azure AD
What allows users to have the same credentials to access resources and applications both on-premises and in the cloud because the user’s password is hashed twice and synchronized between the on-premises Active Directory and Azure AD?
Azure AD password hash synchronization (PHS)
What does PHS stand for?
Password Hash Synchronization
What is Windows default authentication protocol that can be used across different operating systems?
Kerberos
What allows an Azure AD user account to authenticate to on-premsies servers and Active Directory by way of an installed agent?
Azure AD pass-through authentication (PTA)
What does PTA stand for?
Pass-Through Authentication
What authentication method allows you to use advanced measures like smart card-based authentication for users?
Federated Authentication
What does AD FS stand for?
Active Directory Federation Services
What allows federates authentication?
The authentication process is performed by an on-premises Active Directory Federation Services (AD FS) server that validates users’ passwords.
This is a workflow-based risk assessment dashboard within the Service Trust Portal that enables you to track, assign, and verify your organization’s regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Microsoft 365, Dynamics 365, and Azure
Compliance Manager
What does Azure Active Directory Premium P1 give you in addition to the features of the free tier?
- Users can access on-prem and cloud-based services and resources
- Use of self-service group management or dynamic groups, which adds and removes users automatically based on your criteria
- Supports on-prem identity management suites like Microsoft Identity Manager
- Self-service password reset is also supported to on-prem users
What does Azure Active Directory Premium P2 give you in addition to the features of the free and P1 tiers?
- Active Directory Identity Protection
- Privileged Identity Management
This feature helps you configure risk-based conditional access to protect applications from identity risks. You can also monitor and put detailed restrictions on administrators.
Active Directory Identity Protection
Something that has to be identified and authenticated.
Identity
These are containers for managing access, policies, and compliance across multiple Azure subscriptions.
They provide a further level of classification that is above the level of subscriptions by allowing you to order your Azure resources hierarchically into collections. They give you enterprise-grade management at a large scale.
Azure Management Groups
What lets you monitor and put detailed restrictions on administrators?
Privileged Identity Management
What helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on?
Azure Monitor
What do you use to securely authenticate the user through their preferred identity provider, as well as to manage your customers’ identities and access?
Azure AD B2C
What lets you add virtual machines to a domain without needing domain controllers?
Azure AD DS
What require users to pass additional authentication challenges before they access an app?
Conditional-Access Policies
What expresses what to evaluate and what action to take?
Policy Definition
What service monitors your Azure VMs at scale, by analyzing the performance and health of your Windows and Linux VMs (including their different processes and interconnected dependencies on other resources, and external processes)
Azure Monitor for VMs
What is the logical feature used to ensure that a group of related VMs are deployed so that they aren’t all subject to a single point of failure and not all upgraded at the same time during a host operating system upgrade in the datacenter. These VMs should perform an identical set of functionalities and have the same software installed.
Availability Set
What helps you to automatically detect, investigate, and remediate identity risks for users? It also lets you export all the information that was collected about risks to third-party tools and solutions so that you can further analyze it.
Azure AD Identity Protection
What is the workflow-based risk assessment dashboard within the Service Trust Portal that enables you to track, assign, and verify your organization’s regulatory compliance activities related to Microsoft professional services and Microsoft cloud services?
Compliance Manager
What allows you to collaborate with external users by inviting them to your Azure AD tenant?
Azure AD B2B
What is a logical group of hardware in Azure that shares a common power source and network switch?
A Fault Domain
What is the command to create a VM in Azure using CLI?
az vm create
What allows you to manage your customers’ identities and access, giving them protected access to resources and services?
Azure AD B2C
What is a loosely isolated environment that allows us to build and run software packages?
These software packages include the code and all dependencies to run applications quickly and reliably on any computing environment.
Container
What is the containerization platform used to develop, ship, and run containers
Docker
What are containers for managing access, policies, and compliance across multiple Azure subscriptions
Azure Management Groups
What is a set or group of policy definitions to help track your compliance state for a larger goal?
Initiative Definition
What is the process that creates secure remote access for your on-premises apps?
Azure AD Application Proxy
What does Azure AD DS stand for?
Azure Active Directory Domain Services
What is the Azure service endpoint that support sets of HTTP operations (methods), which provide create, retrieve, update, or delete access to the service’s resources?
Azure REST API
What allows you to organize resources into named resource groups that let you deploy, update, or delete all of the resources together and also allows you to create templates, which can be used to create and deploy specific configurations?
Azure Resource Manager
What consists of several components configured as a client-server implementation where the client and server run simultaneously on the same host and the client communicates with the server using a REST API, which allows the client to also communicate with a remote server instance
Docker Engine
What responds to requests from the client via a REST API and can interact with other daemons and is also responsible for tracking the lifecycle of our containers?
Docker server/Dockerd daemon
What is a computer program that runs as a background process, rather than being under the direct control of an interactive user?
daemon
What are the networks, storage volumes, plugins, and other service objects that you’ll create and configure to support your container deployments?
Docker objects
What is the Docker server?
a daemon named dockerd
What is the Software-as-a-Service (SaaS) Docker container registry that we use to store and distribute the container images we create?
Docker Hub
What a central location in which data is stored and managed?
Repository
What makes it possible for development teams to rapidly build and deploy new environments with the trust they’re building within organizational compliance using a set of built-in components, such as networking, to speed up development and delivery?
Azure Blueprints
What is a secure point-to-point service that uses a third-party connectivity partner to provide and host circuits on your behalf?
ExpressRoute
What does Unionfs stand for?
Stackable Unification File System
What is the file system used to create Docker images?
Unionfs
What file system allows you to stack several directories, called branches, in such a way that it appears as if the content is merged but the content is physically kept separate and allows you to add and remove branches as you build out your file system?
Unionfs
What service protects your physical or virtual machines in case of failure no matter where they reside: on-premises or in the cloud
Azure Backup
What is an image that uses the Docker scratch image?
Base Image
What is an empty container image that doesn’t create a filesystem layer and assumes that the application you’re going to run can directly use the host OS kernel?
Scratch Image
What is the container image from which you create your images called?
Parent Image
What is the name for data that adheres to a strict schema, so all of the data has the same fields or properties?
Structured/Relational Data
What is the name of data where the fields do not neatly fit into tables, rows, and columns so it contains tags that make the organization and hierarchy of the data apparent?
Semi-Structured Data
What is a logical group of database operations that execute together?
A Transaction
What kind of database supports semi-structured data, or NoSQL data, by design?
Azure Cosmos DB
What are small applications that allow you to configure and automate tasks on Azure VMs after initial deployment?
Azure VM Extensions
What do you get with the Azure Active Directory Free tier?
- Manage users and groups
- On-premises AD synchronization
- Self-service password reset for Azure AD users (not on-prem AD)
- Basic reports
- Single sign on for Microsoft 365, Azure Services, and many third-party SaaS applications
What is the value between 1 and 223 given by Azure AD that reveals how effective your security is by showing how well you match the recommendations and best practices that Microsoft suggests for tenant security?
Identity Secure Score
What are the JSON files that define the resources you need to deploy for your solution called?
Resource Manager Templates
What are the advantages of using Azure Backup?
- Unlimited data transfer
- Data encryption
- Application-consistent backups
- Long-term retention
- Automatic storage management
- High availability due to unlimited scaling
- Multiple storage options: locally redundant vs geo-redundant storage
- Pay-as-you-use model
What is the name given to a recovery point that has all required data to restore the backup copy?
Application-Consistent Backup
What is a backup as a service offering that protects physical or virtual machines no matter where they reside: on-premises or in the cloud through the use of Azure Recovery Services?
Azure Backup
What is a storage entity in Azure that houses data which is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations?
Azure Recovery Services Vault
What replicates workloads from a primary site to a secondary location, so in the case of an outage at your primary site, you can fail over to a secondary location?
Azure Site Recovery
What are the benefits of Azure Site Recovery?
- Uses Azure as your recovery site, eliminating the cost and complexity of maintaining a secondary physical data center
- Makes it incredibly simple to test failovers for recovery drills without impacting your production environments
What is the reference architecture where (usually) an Azure virtual network acts as a central connection point between the cloud and on-premises network?
Azure Hub-Spoke
What is used to capture packet data from the Azure services you use, help you understand the flow of data in network traffic patterns, and troubleshoot network-related problems on your network?
Azure Network Watcher
What is an architecture where multiple tenants share the same physical instance of the app, and although tenants share physical resources (such as VMs or storage), each tenant gets its own logical instance of the app?
Azure Multi-Tenant
What is a domain that you customize for your Azure AD directory?
Custom Domain
What role do you use to manage all resources in Azure, including the access levels that users need for resources?
Owner Role
What role gives you access to all administrative capabilities in Azure AD and is automatically granted to the creator of a tenant?
Global Administrator
What provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication?
- These Azure services remove the need to deploy, manage, and patch domain controllers (DCs) in the cloud
Azure AD DS
What does Azure AD DS stand for?
Azure Active Directory Domain Services
What require users to pass additional authentication challenges, such as multi-factor authentication, before they access an app?
Conditional-Access Policies
What notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime, and allows you to configure customizable cloud alerts and use your personalized dashboard to analyze health issues?
Azure Service Health
What helps you diagnose and get support for service problems that affect your Azure resources and reports on the current and past health of your resources?
Azure Resource Health
Is RBAC or Azure Policy default allow and explicit deny?
Azure Policy
What allows users to be added and removed from groups automatically based on your criteria?
Dynamic Groups
In Azure AD what allows users elevated access to control who is allowed to do what?
Administrator roles
What are the Powershell and Azure CLI commands for creating a new user in Azure AD?
PS - New-AzureADUser
CLI - az ad user create
What Azure AD role allows you to create and modify users in Azure AD?
User Administrator
What type of account does a native member of the Azure AD organization that has a set of default permissions like being able to manage their profile information have?
Member User Account
What type of account has restricted Azure AD organization permissions and is given to someone invited to collaborate with your organization?7
Guest Users Account
When a user is deleted, how long does the account remain in a suspended state that allows the user to be restored?
30 days
What are the PowerShell and Azure CLI commands for creating a new user in Azure?
PS - New-AzureADUser
CLI - az ad user create
What is used to manage Azure AD-related resources like users, groups, billing, licensing, application registration and more?
Azure AD Roles
What is used to manage access to Azure resources like virtual machines, SQL databases, or storage?
RBAC Roles
What is assigning a user the required access rights by directly assigning a role that has those access rights?
Direct Assignment
What is assigning a group the required access rights, and members of the group will inherit those rights?
Group Assignment
What is using rules to determine a group membership based on user or device properties?
Rule-Based Assignment
What is Microsoft’s cloud-based identity and access management service which provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks?
Azure AD
What represents the organization and the default directory assigned to it?
Tenant
What service allows you to synchronize a traditional Active Directory with your Azure AD instance?
Azure AD Connect
How do most enterprises add users to their Azure directory?
Azure AD Connect
Why do most Enterprises sync their on-premises Active Directory to Azure AD?
So their users can use single-sign-on (SSO) to access local and cloud-based resources
How do you manually add new users to your directory in Azure?
You can manually add new users through the Azure portal, but you need to be in the User Administrator role to perform this function
What groups provide collaboration opportunities by giving members access to a shared mailbox, calendar, files, SharePoint site, and more?
Microsoft 365 Groups
Which role has full access to all resources, including the right to delegate access to others?
Owner Role
Which role can create and manage all types of Azure resources but can’t grant access to others?
Contributor Role
Which role can only view existing Azure resources?
Reader Role
How data operations are specified, either with or separately from management operations, preventing current role assignments with wildcards (*) from suddenly having access to data.
DataActions and NotDataActions Properties
What tier of Azure AD is required for custom role creation?
Azure AD Premium P1 or P2
What is the free tool you can download and install to synchronize your local AD with your Azure directory?
Azure AD Connect
What component is responsible for creating users, groups, and other objects, and also makes sure that identity information for your on-premises users and groups matches that in the cloud?
Azure AD Connect
What’s included in Azure AD Connect?
- Syncing your on-Premises AD to your Azure AD
- Health Monitoring
- Active Directory Federation Services (AD FS)
- Password hash synchronization
- Pass-through authentication
What can be used to address complex deployments, such as domain join SSO, enforcement of the Active Directory sign-in policy, and smart card or third-party multi-factor authentication?
AD Federation Services (AD FS)
What feature is a sign-in method that synchronizes a hash of a user’s on-premises Active Directory password with Azure AD?
Password Hash Synchronization
What allows users to sign in to both on-premises and cloud-based applications using the same passwords and allows organizations to enforce their security and password complexity policies?
Pass-Through Authentication
What role can manage access to Azure resources?
User Access Administrator Role
What are the RBAC roles?
- Owner
- Contributor
- Reader
- User Access Administrator
What Azure AD tier is required for the use of Dynamic User Membership?
Azure AD Premium P1 or P2
What are the Azure AD Roles?
- Global Administrator
- User Administrator
- Billing Administrator
What are the different Azure scope levels?
- Management Group
- Subscription
- Resource Group
- Resource
What are the different ways to access Azure role information?
- Azure Portal
- Command Line - PowerShell or Azure CLI
- Azure Resource Manager Templates
- REST API
What is the logical container for anything you create in an Azure subscription like virtual machines, Application Gateways, and CosmosDB instances?
Resource Groups
What provides fine-grained access management for Azure resources, enabling you to grant users the specific rights they need to perform their jobs?
RBAC - Role Based Access Control
What tier of Azure AD grants you access to use the RBAC service?
RBAC is considered a core service and is included with all subscription levels at no cost
How does RBAC defines access?
RBAC uses an allow model for access. When you are assigned to a role, RBAC allows you to perform specific actions, such as read, write, or delete. Therefore, if one role assignment grants you read permissions to a resource group, and a different role assignment grants you write permissions to the same resource group, you will have both read and write permissions on that resource group.
What is a setting that can be applied to any resource to block modification or deletion?
Resource Locks
What are the different types of resource locks?
- Delete - will allow all operations against the resource but block the ability to delete it
- Read-Only - will only allow read activities to be performed against it, blocking any modification or deletion of the resource
What can resource locks be applied to?
- Subscriptions
- Resource Groups
- Individual Resources
How many Azure AD directories can a subscription be associated with?
1
How many subscriptions can an Azure AD directory be associated with?
Many
What is the authorization system built on Azure Resource Manager that provides fine-grained access management of resources in Azure, allowing you to grant the exact access that users need for their jobs?
RBAC (Role-Based Access Control)
What are the possible scopes of a role assignment?
- Subscription
- Resource Group
- Single Resource
What is the name for a user, group or application that you want to grant access to?
Security Principal
What component of Azure AD Connect is responsible for creating users, groups, and other objects, and making sure that identity information for your on-premises users and groups matches that in the cloud?
Sync Services
What is a collection of permissions that lists the permissions that can be performed, such as read, write, and delete?
Role or Role Definition
What role has full access to all resources, including the right to delegate access to others?
Owner
What role can create and manage all types of Azure resources, but can’t grant access to others?
Contributor
What role can view existing Azure resources?
Reader
What role lets you manage user access to Azure resources?
User Access Administrator
What is the process of binding a role to a security principal at a particular scope, for the purpose of granting access?
Role Assignment
What countries are in Azure Billing Zone 1?
United States, US Government, Europe, Canada, UK, France, Switzerland
What countries are in Azure Billing Zone 2?
East Asia, Southeast Asia, Japan, Australia, India, Korea
What countries are in Azure Billing Zone 3?
Brazil, South Africa, UAE
What countries are in Azure Billing DE Zone 1?
Germany
What is the free service built into Azure that provides recommendations on high availability, security, performance, operational excellence, and cost by analyzing your deployed services and looking for ways to improve your environment across each of these areas
Azure Advisor
What built-in Azure tool can be used to gain greater insights into where your cloud money is going by showing you historical breakdowns of what services you are spending your money on and how it is tracking against budgets that you have set?
Azure Cost Management
What built-in Azure tool allows you to set budgets, schedule reports, and analyze your cost areas?
Azure Cost Management
Which Azure tool might help you consider purchase and licensing optimizations or infrastructure deployment changes based on your findings?
Cost Analysis Tool
What does Azure Advisor provide recommendations on?
- High availability
- Security
- Performance
- Operational excellence
- Cost
What Azure Resources can be moved?
- Azure storage accounts
- Azure virtual machines
- Azure virtual networks
What Azure resources can not be moved?
- Azure Active Directory domain services
- Azure Backup vaults
- Azure App Service gateways
What are some important factors to consider when moving virtual machines in Azure?
If you want to move a virtual machine, all of its dependents must go with it.
You can’t move virtual machines with certificates in Azure Key Vault between subscriptions.
You can’t move virtual machine scale sets with standard load balancers or a standard public IP.
You can’t move any managed disks that are in availability zones to different subscriptions.
What are some important factors to consider when moving networking resources in Azure?
When moving a virtual network, you must also move its dependent resources
For VPN Gateways, you must move IP addresses, virtual network gateways, and all associated connection resources
Local network gateways can be in a different resource group
What else must be moved when moving a virtual machine with a network interface card?
- All dependent resources
- The virtual network for the network interface card
- All other network interface cards for the virtual network
- The VPN gateways
Does the location of the resource change when being moved?
No, if you have a storage account in the East US region, and you move it to another resource group, it keeps its East US region location.
How do you move a peered virtual network?
To move a peered virtual network, you must first disable the virtual network peering. Once disabled, you can move the virtual network. After the move, reenable the virtual network peering.
What do you need to know about how subnet links affect moving resources?
You can’t move a virtual network to a different subscription if the virtual network contains a subnet with resource navigation links.
What should you do before attempting to move a resource?
You should test whether it will be successful by calling the validate move operation from the Azure REST API.
What helps you control the devices that you add to your organization’s Azure AD instance?
Device identity in Azure AD
What allows you to “Bring Your Own Device” where security is typically provided from a password, a PIN, a pattern, or Windows Hello?
Azure AD Registered
What allows users to access your cloud-based Azure AD instance through their work account on devices owned by your organization?
Azure AD Joined
What allows users access to an organization’s on-premises and cloud resources, where the users devices and Azure AD accounts belong to that organization?
Hybrid Azure AD Joined
What uses data from sources known as signals, validates them against a user-definable rule base, and chooses the best outcome to enforce your organization’s security policies?
Conditional Access in Azure AD
What allows you to join devices to your Azure Active Directory organization without needing to sync with an on-premises Active Directory instance?
Azure AD Join
What devices does Azure AD Join work with?
Windows 10 or Windows Server 2019 devices
What type of environment uses pass-through authentication or password hash sync to provide single sign-on (SSO) to your devices?
Managed Environment
What type of environments require the use of an identity provider that must support the WS-Trust and WS-Fed protocols for Azure AD join to work natively with Windows devices?
Federated Environments
What two protocols must be supported by the identity provider for Azure AD join to work natively with Windows devices?
- WS-Fed is required to join a device to Azure AD.
2. WS-Trust is needed to sign in to an Azure AD joined device.
What authentication methods aren’t valid ways to join devices to Azure AD, but can be used to sign in to Azure AD joined devices, if you have Active Directory Federation Services configured?
Smart Cards and Certificate-Based Authentication
What additional setup step is required when using manual user configuration to create users in your on-premises Active Directory instance?
You need to synchronize the accounts to Azure AD by using Azure AD Connect.
What provides a means to enforce organization-required configurations like requiring storage to be encrypted, password complexity, software installations, and software updates?
Device Management and/or Mobile Device Management (MDM)
What are the two approaches to Azure AD joined devices?
- MDM Only
2. Co-Management
What is the Azure AD join approach where all joined devices are managed exclusively through a provider, like Intune?
MDM Only Approach
What is the Azure AD join approach where all joined devices use a combination of a locally installed System Center Configuration Manager agent and your MDM provider to manage devices?
Co-Management Approach
What needs to be done to grant access to on-premises web applications?
Each user needs to add the app to their trusted sites or intranet zone, depending on where the app exists.
What two groups can the Azure Data Box family be divided into?
- Offline data transfer
2. Online data transfer
What allows you to move large amounts of data to Azure whenever you have time, network bandwidth, or cost constraints so you don’t tie up your organization’s network bandwidth while shifting the vehicle data to Azure?
Offline Data Transfer
Which offline data transfer option provides one ~35-TB transfer to Azure usingUSB?
Data Box Disk
Which offline data transfer option provides one ~80-TB transfer to Azure per order using standard network interface protocols like SMB and NFS?
Data Box
Which offline data transfer option provides one ~800-TB transfer to Azure using high-throughput network interfaces to connect and copy data to the device with standard network interface protocols like SMB and NFS?
Data Box Heavy
What are the three offline data transfer options?
- Data Box Disk
- Data Box
- Data Box Heavy
What enables a link between your on-premises assets and Azure in order to transfer huge amounts of Data to Azure?
Online Data Transfer
What device is a dedicated appliance with 12 TB of local SSD storage that can preprocess and run machine learning on data before uploading it to Azure?
Data Box Edge
What device is an entirely virtual appliance that is based on a virtual machine that you provision in your on-premises environment?
Data Box Gateway
What Azure service enables you to organize, move, and transform large quantities of data from many different sources?
Azure Data Factory
How does Azure Data Factory work?
In Data Factory, you create data pipelines that ingest data from relational databases, NoSQL databases, and other systems. You can use Azure Machine Learning, Hadoop, Spark, and other services to process and transform that data. Then, at the end of the pipeline, you can publish the transformed data to Azure SQL Data Warehouse, Azure SQL Database, Azure Cosmos DB, and Azure Storage.
What allows you to extend your on-premises file shares into Azure by working with your existing on-premises file shares to expand your storage capacity and provide redundancy in the cloud?
Azure File Sync
What is an optional feature of Azure File Sync that allows frequently accessed files to be cached locally on the server?
Cloud Tiering
What is the high-level Azure resource for Azure File Sync, is a peer of the storage account, and can also be deployed to Azure resource groups?
Storage Sync Service
What outlines the replication topology for a set of files or folders?
Sync Group
How does a sync group work?
All endpoints located in the same sync group are kept in sync with each other. If you have different sets of files that must be in sync and managed with Azure File Sync, you would create two sync groups and different endpoints.
What represents the trust relationship between the on-premises server and the Storage Sync Service?
A server being registered to the Storage Sync Service
What is the downloadable package that enables Windows Server to be synced with an Azure file share?
Azure File Sync Agent
What are the three components of the Azure File Sync agent?
- FileSyncSvc.exe. Service that monitors changes on endpoints.
- StorageSync.sys. Azure file system filter driver.
- PowerShell management cmdlets.
What represents a specific location on a registered File Sync server, like a folder on a local disk?
Server Endpoint
What is the name for the Azure file share that is part of a sync group?
Cloud Endpoint
What are the system requirements for you local file server in order to use Azure File Sync?
- Operating system: Windows Server 2012 R2 or newer
- Memory: 2 GB of RAM or more
- Patches: Latest Windows patches applied
- Storage: Locally attached volume formatted in the NTFS file format
What features does NTFS support?
- Access Control Lists (ACLs)
- NTFS Compression
- Sparse Files
What is the advantage of using sparse files?
Sparse files are stored in a more efficient way than normal files.
What in Azure is used to store the file share where all Azure Storage data objects are stored?
Storage Account
What are the main Azure Storage data objects that are stored in a storage account?
- Blobs
- Files
- Queues
- Disks
What do you specify to control the size of your Azure file share?
Quota Size
What is responsible for establishing trust between your company’s server and Azure allowing you to connect the file share in Azure with the file directory on your server?
Storage Sync Service
What must a sync group contain in order to function?
- One cloud endpoint that represents an Azure file share
2. One or more server endpoints that map to a path on a registered Windows file server
How does the sync group manage the storage sync process?
By using metadata stored in a hidden folder: .SystemShareInformation.
Don’t delete this folder.
What is the link to the Azure portal?
portal.azure.com
What do most Azure CLI commands begin with?
AZ
What are the 5 types of Azure Storage Replication?
- LRS - Locally-Redundant Storage
- ZRS - Zone-Redundant Storage
- GRS - Geo-Redundant Storage
- RA-GRS - Read-Access Geo-Redundant Storage
- Object Replication for Block Blob Storage
How long do you have to recover files with a soft delete?
6 days
How does a SAS Shared Access Signature work?
Token signed by keys
What is the container that groups a set of Azure Storage services together.
Azure Storage Account
What Azure Storage services can be grouped into Azure Storage?
- Azure Blobs
- Azure Files
- Azure Queues
- Azure Tables
What defines a policy that applies to all the storage services in the account?
Storage Account Settings
What settings can be controlled by a storage account?
- Subscription
- Location
- Performance
- Standard vs Premium
What is the difference between the standard and premium storage account settings?
Standard allows you to have any data service (Blob, File, Queue, Table) and uses magnetic disk drives, while premium introduces additional services for storing data.
What determines the strategy used to make copies of your data to protect against hardware failure or natural disaster?
Data Replication
What is the minimum number of copies of your data that Azure will maintain within a storage account’s data center?
3
What controls how quickly you will be able to access the blobs in this storage account?
Access Tier
What is the security feature that determines the supported protocols for access to storage?
Secure Transfer Required
What is the storage security feature that allows inbound access requests only from the virtual network(s) you specify?
Virtual Networks
What is the system Azure uses to organize your resources and defines the API that you use to create, configure, and manage those resources?
Deployment Model
What are the 3 Azure Storage Account types?
- StorageV2 (general purpose v2): the current offering that supports all storage types and all of the latest features
Recommended - Storage (general purpose v1): a legacy kind that supports all storage types but may not support all features
- Blob storage: a legacy kind that allows only block blobs and append blobs
What are the two Azure Deployment Model types?
- Resource Manager: the current model that uses the Azure Resource Manager API
- Classic: a legacy offering that uses the Azure Service Management API
What deployment model and account kind should you use for all newly created storage accounts?
The core advice here is to choose the Resource Manager deployment model and the StorageV2 (general purpose v2) account kind for all your storage accounts. The other options still exist primarily to allow existing resources to continue operation. For new resources, there are few reasons to consider the other choices.
What is the one disk in each virtual machine that contains the operating system files?
OS Disk
What type of virtual disks can be added to a virtual machine to store data?
Data Disk
What type of virtual disk is used for short-term storage applications such as page files and swap files?
Temporary Disk
What type of disk has faster read-and-write latency than a managed disk and is also faster to reset the image to the original boot state if you’re using an ephemeral disk?
Ephemeral OS Disks
What is a virtual hard disk for which Azure manages all the required physical infrastructure and since Azure takes care of the underlying complexity they are easy to use?
Managed Disks
How are virtual hard disks stored in Azure?
They are stored as page blobs in an Azure Storage account, but you don’t have to create storage accounts, blob containers, and page blobs yourself or maintain this infrastructure later.
How many managed disks can you create per region and type within you subscription?
50,000
What % of availability do managed disks support and how does it accomplish this?
- 99.999%
2. By storing data 3 times
What do you use to protect sensitive data on a managed disk from unauthorized access?
- Azure Storage Service Encryption (SSE)
- Azure Disk Encryption (ADE), which uses BitLocker for Windows virtual machines, and DM-Crypt for Linux virtual machines
What measure the rate at which the disk can complete a mix of read and write operations?
Input/output operations per second (IOPS)
What measures the rate at which data can be moved onto the disk from the host computer and off the disk to the host computer and is measured in MBps?
Throughput (AKA Data Transfer Rate)
What provides the highest disk performance available in Azure.
Ultra SSD
What are the Ultra SSD limitations?
- They’re only available in a subset of Azure regions.
- They can only be attached to virtual machines that are in availability zones.
- They can only be attached to ES/DS v3 virtual machines.
- They can only be used as data disks and can only be created as empty disks.
- They don’t support disk snapshots, virtual machine images, scale sets, Azure Disk Encryption, Azure Backup, or Azure Site Recovery
What is the next tier down from ultra disks in terms of performance, but still provide high throughput and IOPS with low latency without the limitations?
Premium SSD
What is a cost-effective storage option for virtual machines that need consistent performance at lower speeds? (but they still have latencies in the range of 1 millisecond to 10 milliseconds and up to 6,000 IOPS)
Standard SSD
Which storage option stores data on conventional magnetic disk drives with moving spindles?
Standard HDD
What type of storage replication copies your data three times across separate racks of hardware in a datacenter, inside one region so even if there’s a hardware failure, or if maintenance work is happening in the datacenter, this replication type ensures data is available for use?
Locally redundant storage (LRS)
What type of storage replication copies your data three times within one region, and three times in a secondary region that’s paired with it so if your primary region is experiencing an outage, your secondary region is available for use?
Geographically Redundant Storage (GRS)
What type of storage replication grants you read access from your secondary region even if the primary region hasn’t failed?
Read-Access Geo-Redundant Storage (RA-GRS)
What type of storage replication copies your data in three storage clusters in a single region where each cluster is in a different physical location and is considered as a single availability zone? Each cluster uses its own separate utilities for things like networking and power so if one datacenter is experiencing outage, your data remains accessible.
Zone-Redundant Storage (ZRS)
What type of storage replication combines the high availability benefits of ZRS with GRS so your data is copied across three availability zones in one region as well as replicated three times to another secondary region that’s paired with it so your zone-redundant data is also secure from regional level outage?
Geo-Zone-Redundant Storage (GZRS)
What type of storage replication uses the same replication method as GZRS but lets you read from the secondary region even if your primary isn’t experiencing downtime?
Read-Access Geo-Zone-Redundant Storage (RA-GZRS)
What is it when an Azure region is paired with another in the same geographical location to protect against regional outage and are used with GRS and GZRS replication types?
Paired Regions
What do you use to avoid downtime or data loss when migrating your data to an account that uses ZRS, GZRS, or RA-GZRS?
Live Migration
What are the limitations for live migrations?
- Unlike a manual app, you won’t know exactly when a live migration will complete.
- Data can only be migrated to the same region.
- Live migration is only supported for data held in standard storage account types.
- If your account contains a large file share, live migration to GZRS isn’t supported.
What are the limitations for live migrations?
- Unlike a manual app, you won’t know exactly when a live migration will complete.
- Data can only be migrated to the same region.
- Live migration is only supported for data held in standard storage account types.
- If your account contains a large file share, live migration to GZRS isn’t supported.
Once the failover process is complete, what type of storage replication will you be using?
Locally Redundant Storage (LRS)
What should be used to track the health status of Azure Storage and other Azure services?
Azure Service Health
What is used to automatically encrypt all data written to Azure Storage?
Storage Service Encryption (SSE) with a 256-bit Advanced Encryption Standard (AES) cipher
How does Azure let you encrypt virtual hard disks?
By using Azure Disk Encryption which uses BitLocker for Windows images, and dm-crypt for Linux
What automatically stores keys to help you control and manage the disk-encryption keys and secrets so even if someone gets access to the VHD image and downloads it, they can’t access the data on the VHD?
Azure Key Vault
What is the optional flag that you can enable on storage accounts that adds the appropriate headers when you use HTTP GET requests to retrieve resources from the Storage account?
CORS Support