AZ-104 Microsoft Azure Administrator Flashcards
Azure’s cloud-based identity and access management service that provides authentication and authorization for users, groups, and applications.
Azure Active Directory
A dedicated instance of Azure AD that represents an organization or a single directory.
Azure AD Tenants
Custom domains that can be added to Azure AD to allow users to sign in using their organization’s domain name.
Azure Custom Domains
User accounts created in Azure AD for authentication and access control.
Azure AD Users
Groups created in Azure AD to manage and organize users for easier administration and access control.
Azure AD Groups
Subscriptions or licenses assigned to Azure AD users to grant access to specific features and services.
Azure AD Licenses
A logical grouping mechanism in Azure AD that allows for more granular administrative control over resources.
Azure Administrative Units
A feature in Azure AD that enables users to reset their passwords without the need for assistance from IT administrators.
Azure Self-Service Password Reset
A security model in Azure that assigns permissions to users based on their roles and responsibilities.
Role-based access control (RBAC)
Predefined roles in Azure that grant specific administrative permissions to users or groups.
Azure Administrative Roles
Custom-defined roles in Azure that allow for more fine-grained control over permissions by specifying specific actions and resources.
Custom RBAC Roles
The scope at which resource groups are defined and used to organize and manage Azure resources.
Resource Group Scope
Containers used to organize and manage Azure resources based on a common lifecycle or application.
Resource Groups
The main interface in the Azure portal where users can view and manage their Azure subscriptions and resources.
Subscription Dashboard
A service in Azure that helps users monitor and control their Azure spending and optimize resource usage.
Cost Management
A feature in Azure that allows users to lock resources to prevent accidental deletion or modification.
Resource Locks
A service in Azure that enables users to define and enforce rules and policies for resource compliance and governance.
Azure Policy
A secure and scalable Azure service that provides storage for various types of data.
Storage Account
The networking configuration of a storage account that allows public access to the storage resources.
Storage Account: Public Networking
The networking configuration of a storage account that restricts access to the storage resources within a virtual network.
Storage Account: Private Networking
Advanced Options: Additional configuration settings for a storage account, such as data lake storage, hierarchical namespace, etc.
Storage Account: Advanced Options
Mechanisms and features provided by Azure for ensuring the integrity and durability of data stored in a storage account.
Storage Account: Data Protection
The process of encrypting data stored in a storage account to protect it from unauthorized access.
Storage Account: Encryption
The completion and activation of a storage account after all the necessary settings and configurations have been defined.
Storage Account: Final Creation
Binary Large Objects (Blobs) are a type of storage object in Azure used for storing unstructured data.
Storage Account: Blobs
Azure Files is a storage service that provides fully managed file shares in the cloud.
Storage Account: Files
Azure Queue storage is a messaging service that enables reliable and asynchronous communication between components of distributed applications.
Storage Account: Queues
Azure Table storage is a NoSQL key-value store that provides schema-less storage of structured data.
Storage Account: Tables
Authentication keys associated with a storage account that can be used to access and manage the storage resources.
Access Keys
A secure way to provide limited access to storage resources in a storage account without sharing the account keys.
SAS (Shared Access Signature)
A feature in Azure storage that allows users to define fine-grained access permissions for shared access signatures.
Stored Access Policies
Storage redundancy options in Azure that provide data replication and fault tolerance for high availability and durability.
Redundant Storage
Different storage performance and cost options available in Azure, such as hot, cool, and archive tiers.
Access Tiers
A service in Azure that collects and analyzes log and performance data from various resources for monitoring and troubleshooting.
Log Analytics
Azure AD integration with Azure storage that enables granular access control based on user identities and groups.
Azure AD Access Control for Storage
A feature in Azure storage that automates the movement and deletion of data based on specified rules and policies.
Lifecycle Management
A virtual hard disk attached to an Azure virtual machine for storing data.
Azure Data Disk
A command-line utility used for copying data to and from Azure storage.
AzCopy
A web-based tool in the Azure portal for managing and interacting with storage accounts and their contents.
Storage Browser
A feature in Azure storage that enables automatic replication of data between storage accounts in different regions for redundancy.
Object Replication
A fully managed file share in Azure that can be accessed and shared across multiple virtual machines.
Azure file share
A service that enables synchronization of on-premises file servers with Azure file shares for seamless access and backup.
Azure File Sync
A high-performance storage offering in Azure for storing and accessing large amounts of unstructured data.
Premium Storage: Blobs
A high-performance storage offering in Azure for hosting file shares with low latency and high throughput.
Premium Storage: Files
A virtualized computing instance in Azure that runs an operating system and applications.
Virtual Machine
Different disk options available for Azure virtual machines, such as managed disks, unmanaged disks, and premium disks.
Azure VM Disk Options
Networking configurations and options available for Azure virtual machines, such as virtual networks, subnets, and network security groups.
Azure VM Networking Options
The process of provisioning, configuring, monitoring, and maintaining Azure virtual machines.
Azure VM Management
The level of availability and resilience provided by Azure for virtual machines through features like availability sets and availability zones.
VM Availability
Additional storage disks attached to an Azure virtual machine for data storage.
VM Additional Disks
A fully managed service in Azure that provides secure and seamless RDP and SSH access to virtual machines.
Azure Bastion Service
A feature in Azure that allows for the deployment and management of a set of identical virtual machines.
Virtual Machine Scale Sets (VMSS)
The process of manually adjusting the number of virtual machines in a virtual machine scale set based on workload requirements.
VMSS Manual Scaling
A repository of pre-built virtual machine images and templates available in Azure for easy deployment.
Azure Compute Gallery
Azure Resource Manager (ARM) templates are JSON files used to define and deploy Azure resources and configurations.
ARM Template
A domain-specific language (DSL) for defining Azure resources that provides a cleaner and more concise syntax compared to ARM templates.
Azure Bicep
An open-source infrastructure as code (IaC) tool that can be used to define and provision infrastructure resources in Azure.
Terraform
A feature in Azure that allows running custom scripts on virtual machines during deployment or after provisioning.
ARM Custom Script Extensions
A file format used for representing virtual machine disks in Azure.
VHD (Virtual Hard Disk)
Encryption of virtual machine disks at the server level for enhanced security.
VM Server-Side Encryption (SSE)
A feature in Azure that enables encryption of virtual machine disks at the OS level.
Azure Disk Encryption (ADE)
Scheduled or manual processes in Azure for backing up virtual machines and their data.
VM Backup Jobs
The process of recovering and restoring a virtual machine from a backup to its previous state.
VM Restores
A service in Azure that allows for hosting and managing web applications.
Web App
A fully managed platform in Azure for building, deploying, and scaling web, mobile, and API applications.
App Service
An integration between Azure and GitHub that allows for automating workflows and CI/CD pipelines.
GitHub Actions
A managed container orchestration service in Azure that simplifies the deployment, management, and scaling of Kubernetes clusters.
Azure Kubernetes Services (AKS)
Lightweight, isolated units of software packaging that encapsulate applications and their dependencies.
Containers
A Kubernetes cluster managed by Azure Kubernetes Service (AKS).
AKS Cluster
A command-line tool used to interact with and manage Kubernetes clusters.
Kubectl
Different storage options available for persistent data storage in AKS, such as Azure Disks, Azure Files, and Azure Blob storage.
AKS Storage Options
A tool that allows for running and managing Docker containers on a local machine for development and testing.
Docker Desktop
A serverless container offering in Azure that allows for running containers without managing underlying infrastructure.
ACI (Azure Container Instances)
A collection of containers managed and deployed together as a group in Azure Container Instances.
ACI Container Groups
A service in Azure that simplifies the deployment and management of containerized applications using Azure Container Registry and Azure Container Instances.
Azure Container Apps
A logically isolated network in Azure that allows for secure communication between Azure resources.
VNet (Virtual Network)
A smaller address space within a virtual network where resources can be deployed.
Virtual Network Subnet
A virtual or physical network interface attached to a virtual machine or other Azure resources for network connectivity.
Network Interface Card
Remote Desktop Protocol (RDP) is a protocol used to access and control Windows-based virtual machines.
RDP Access
Secure connections established over the internet that allow users to access private networks remotely.
VPNs (Virtual Private Networks)
A dedicated and private network connection between on-premises infrastructure and Azure data centers for secure and reliable communication.
ExpressRoute
The process of connecting two virtual networks in Azure to enable resources in one virtual network to communicate with resources in another.
VNet Peering
A feature in Azure that allows virtual networks in different Azure regions to be connected for global-scale deployments.
Global Peering
A service in Azure that enables secure and encrypted communication between virtual networks in Azure.
Azure-to-Azure Virtual Network Gateway
A connection established between an on-premises network and an Azure virtual network using a VPN or ExpressRoute.
Network Gateway Connection
Services in Azure that provide domain name system (DNS) management for translating domain names to IP addresses.
Azure DNS Services
A DNS zone in Azure that resolves names to private IP addresses within a virtual network.
Private DNS Zone
A DNS zone in Azure that resolves names to public IP addresses accessible over the internet.
Public DNS Zone
Security groups in Azure that act as a virtual firewall for controlling inbound and outbound traffic to Azure resources.
NSGs (Network Security Groups)
Rules defined within a network security group that allow or deny specific types of network traffic.
NSG Rules
The process of distributing incoming network traffic across multiple resources or servers for improved performance and availability.
Load Balancing
A load balancer service in Azure that provides application-level load balancing and other advanced traffic management capabilities.
Application Gateway
A monitoring and diagnostic service in Azure that provides insights into network traffic and helps troubleshoot network issues.
Network Watcher
A feature in Azure Network Watcher that enables monitoring and troubleshooting of network connectivity between resources.
Connection Monitor
A feature in Azure Network Watcher that helps verify network traffic flow between resources.
IP Flow Verify
Logs generated by Network Security Groups (NSGs) that capture information about inbound and outbound network traffic.
NSG Flow Logs
Logs generated by Azure resources that provide diagnostic information about network-related activities.
Network Diagnostic Logs
A network architecture in Azure where a central “hub” virtual network is connected to multiple “spoke” virtual networks.
Hub and Spoke Network Design
A service in Azure that provides monitoring and analytics capabilities for applications, infrastructure, and networks.
Azure Monitor
Diagnostic information collected from the guest operating system of virtual machines for troubleshooting purposes.
Guest OS Host Diagnostics
Queries written in the Kusto Query Language (KQL) used to analyze and retrieve data from Azure Monitor logs.
Kusto Queries on Logs
A disaster recovery solution in Azure that provides replication and recovery services for on-premises and Azure virtual machines.
Azure Site Recovery
Site-to-Site replication using Azure Site Recovery (ASR) to replicate data between on-premises sites for disaster recovery.
ASR to Site-to-Site Replication
A feature in Azure Site Recovery that allows for testing the failover process without impacting production environments.
ASR Test Failover
