AZ-900 Flashcards
What is cloud computing?
delivery of services over the internet
What is a private cloud?
A cloud used by a single entity
What is a public cloud?
a cloud that is built, controlled, and maintained by a third party provider
What is a multi-cloud model?
Where you use multiple public cloud providers
What is the set of technologies that helps to manage your environment called?
Azure Arc
What is CapEx?
Capital Expenditures
What is OpEx?
Operational Expenditures
Which cloud model uses some datacenters focused on providing cloud services to anyone that wants them, and some data centers that are focused on a single customer?
Hybrid Cloud
According to the shared responsibility model, which cloud service type places the most responsibility on the customer?
IaaS
What is vertically scaling in a cloud environment?
Gaining new features
What is horizontal scaling in a cloud environment?
Creating more of what you have deployed
Which type of scaling involves adding or removing resources (such as virtual machines or containers) to meet demand?
Horizontal Scaling
What is characterized as the ability of a system to recover from failures and continue to function?
Reliability
In IaaS, what is the cloud provider responsible for?
physical security, networking, hardware
What more does the cloud provider maintain in PaaS when compared to IaaS?
operating systems, middleware, development tools, and business intelligence services
Which cloud service type is most suited to a lift and shift migration from an on-premises datacenter to a cloud deployment?
IaaS
What type of cloud service type would a Finance and Expense tracking solution typically be in?
SaaS
Can Bash be used to control Azure?
Yes
Can PowerShell be used to control Azure?
Yes
What is Azure CLI interactive mode?
a way to interact with CLI in a way that more resembles an IDE
What is a region?
a geographical area that contains at least one datacenter
What are availability zones?
physically separate datacenters within an Azure region
Does each availability zone have independent cooling, power, and networking?
Yes
What is a resource in Azure?
a basic building block of Azure. Anything you create is a resource
Are all resources required to be in a resource group?
Yes
How many resource groups can a resource be a part of?
1
What is an Azure subscription?
a unit of management, billing, and scale
Must every Azure account have a subscription?
Yes
Can an account have multiple subscriptions?
Yes
What are the two types of subscription boundaries?
Billing boundary and access control boundary
What are resource groups grouped under?
subscriptions
What can manage subscriptions?
Management groups
What happens to the resources within a resource group when an action or setting at the Resource Group level is applied?
The setting is applied to current and future resources
What Azure feature replicates resources across regions that are at least 300 miles away from each other?
Region Pairs
Are VM’s IaaS, PaaS, or SaaS?
IaaS
What are VM scale sets?
Allows you to create and manage a group of identical load balanced VM’s
What are VM availability sets?
allows you to build a more resilient, highly available environment by staggering updates and having different power and network sources
What are the two domains in an availability set
Update domain and fault domain
What is Azure Virtual Desktop?
A type of virtual machine that is a desktop and application virtualization service
What should you use if you want to run multiple instances of an application on a single host machine?
Containers
What are containers?
A virtualization enviroment
What is Azure’s container orchestration service?
Axure Kubernetes Service
What is Azure’s container service that has load balancing and scaling?
Azure Container Apps
What is Azure functions?
an event driven, serverless compute option that doesn’t require maintaining virtual machines or containers
What does it mean for a Function to be stateless?
Every time it is triggered, it acts as if it is restarted
What does it mean for a Function to be stateful?
Durable functions track prior activity
What is Azure App Service?
enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure
What is Azure virtual networking?
enable Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with your on-prem client computers
What does a VPN do?
creates an encrypted tunnel in an untrusted network for two or more trusted networks to commuincate
What is a VPN gateway?
a type of virtual network gateway
How many VPN gateways can you provision in a virtual network?
one
What authentication type is employed for Azure VPN’s?
a pre-shared key
What are the two types of VPN’s in Azure?
policy based and route based
What is Azure ExpressRoute?
lets you extend your on-prem networks into the microsoft cloud over a private connection
Does your data travel over the public internet with ExpressRoute?
No
What is Azure DNS?
Azure DNS is a hosting service for DNS domains that provides name resolution by using MS Azure infrastructure
Which Azure Virtual Machine feature staggers updates across VMs based on their update domain and fault domain?
Availability sets
Which Azure service allows users to use a cloud hosted version of Windows from any location and connect from most modern browsers?
Azure Virtual Desktop
What is Microsoft Entra ID?
a directory service that enables you to sign in and access both Microsoft cloud applications and cloud applications that you develop
True or False: Azure always stores multiple copies of your data
True
How many times is data replicated in the primary region?
three times
What is LRS?
Locally redundant storage replicates your data three times in a single datacenter
How many nines of durability is LRS?
11
What is the lowest redundancy storage option?
LRS
What is ZRS?
Zone redundant storage replicates your data across three different availability zones
How many nines of durability does ZRS have?
12 nines
What is GRS?
Geo-redudant storage is when there is a LRS in two regions
How many nines of durability is GRS?
16 nines
What is GZRS?
Geo-zone redundant storage is ZRS in the primary region and LRS in the secondary
How many nines of durability is GZRS?
16 nines
What is an Azure blob?
a massively scalable object store for text and binary data. Also includes support for big data analytics through Data Lake Storage Gen2
What is Azure Files?
managed file share for cloud and on-prem
What is Azure Queues?
A messaging store for reliable messaging between applications
What is Azure Disks?
block level storage volumes for VMs
What is Azure Tables?
A noSQL table option for structured, nonrelational data
What are the 4 storage tiers of blob storage?
Hot, cool, cold, and archive
What are services that can help you migrate your data to Azure?
Azure migrate or Azure Databox
Which is a physical migration service: Azure migrate or Azure Databox?
Azure databox
What is AzCopy?
a command line utility that you can use to copy blobs or files
Which tool automatically keeps files between an on-premises Windows server and an Azure cloud environment updated?
Azure File Sync
What provides a graphical user interface to manage storage solutions?
Azure storage explorer
Which Azure Storage service supports big data analytics, as well as handling text and binary data types?
Azure Blob
What is the on prem identity and access management service on Window servers?
Active Directory
Can Active Directory and Entra ID connect?
Yes
What is the service that provides managed domain services such as domain join, group policy lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication?
Entra Domain Service
Define authentication
the process of establishing the identity of a person, service, or device
What is an external identity?
a person, device, service, etc. that is outside of your organization
What is the tool Entra ID can leverage to allow or deny access to resources based on identity signals?
Conditional access
What is zero trust?
a security model that assumes the worst case scenario and protects resources with that expectation.
What are the three guiding principles of Zero Trust?
Verify Explicitly, use least privilege access, assume breach
What are all the layers of the Defense in Depth framework?
Physical Security, Identity Access, Perimeter, Network, Compute, Application, Data
What is Microsoft Defender for Cloud?
a monitoring tool for security posture management and threat protection.
True or False: Microsoft Defender for Cloud can monitor on-prem, hybrid, and multi-cloud environments as well as non-azure resources and resources in other Cloud environments
True
Which Microsoft Entra tool can vary the credentials needed to log in based on signals, such as where the user is located?
Conditional Access
Which security model assumes the worst-case security scenario, and protects resources accordingly?
Zero Trust
A user is simultaneously assigned multiple roles that use role-based access control. What are their actual permissions? The role permissions are: Role 1 - read || Role 2 - write || Role 3 - read and write.
Read and Write
What is the pricing calculator?
designed to give you an estimated cost for provisioning resources in Azure
What is the Total Cost of Ownership (TCO) calculator?
designed to help you compare the costs for running an on-premises infrastructure compared to an Azure Cloud Infrastructure
What is Cost Management?
a tool that provides the ability to quickly check Azure resource costs, create alerts based on resource spend, and create budgets that can be used to automate managent of resources
What are the three types of cost alerts?
Budget alerts, credit alerts, and department spending quota alerts
What are resource tags?
A way to organize resources
What Azure feature can help stay organized and track usage based on metadata associated with resources?
Tags
What’s the best method to estimate the cost of migrating to the cloud while incurring minimal costs?
Use the total cost of ownership calculator to estimate expected costs
What is microsoft purview?
a family of data governance, risk, and compliance solutions that help you get a single, unified view into your data
What service allows you to create, manage, and assign policies that control or audit your resources?
Azure Policy
What is a something that will prevent resources from being altered or deleted?
Resource locks
What portal provides access to various content, tools, and other resources about Microsoft security, privacy, and compliance practices?
Microsoft Service Trust Portal
How can you prevent creation of non-compliant resources, without having to manually evaluate each resource?
Azure Policy
What’s the best way to prevent inadvertent deletion of a resource?
Azure resource locks
What allows you to extend your Azure compliance and monitoring to your hybrid and multi-cloud configurations?
Azure Arc
What are ARM templates?
Azure resource manager templates allow you to create resources that are identical to other created from the same JSON template
What service helps you manage your Azure, on-premises, and multicloud environments?
Azure Arc
What two components could you use to implement a “infrastructure as code” deployment?
Bicep and ARM templates
What service evaluates your Azure resources and makes recommendations to help improve reliability, security, performance, and reduce costs?
Azure advisor
What is Azure Service Health?
gives you a complete view of your Azure environemnt
What is Azure Monitor?
platform for collecting data on your resources, analyzing the data, visualizing the information, and acting on the results
What five categories does Azure Advisor address?
reliability, security, performance, operational excellence, cost
You receive an email notification that virtual machines (VMs) in an Azure region where you have VMs deployed is experiencing an outage. Which component of Azure Service Health will let you know if your application is impacted?
Resource Health
What operating systems does Microsoft supply Azure Virtual Machine images for?
Windows and Linux
What is a public endpoint?
Enables access to your data or application form outside the virtual network
True or False: Azure PowerShell scripts and Command line Interface scripts are entirely compatible with each other
False
True or False: An Azure Storage Account can have both a public endpoint and a private endpoint at the same time.
True
What type of documents does the Microsoft Service Trust Portal provide?
A list of documents that Microsoft follows, pen test results, security assessments, white papers, faqs, and other documents that can be used to show Microsoft compliance efforts
What affect does using a “read only” resource lock on a Azure Storage Account have?
The storage account cannot have its properties altered but it doesnt affect the data itself
What is the purpose of Azure Blueprints?
Allows you to create new subscriptions that already have policies, roles, resource groups, and ARM templates
