az-900 Flashcards

Question 1

Q

Scalability

Answer

A

adjust resources to meet demand. Pay for what you use.

Question 2

Q

Vertical scaling

Answer

A

adding more resources, add CPU or RAM to an existing server or VM to increase its capacity. (Up or Down)

Question 3

Q

Horizontal scaling (elastic scaling)

Answer

A

adding or removing servers or instances to handle increased load. (In & Out). Add VMs or containers. (Auto or manual)

Question 4

Q

Reliability

Answer

A

a system to recover from failures and continue to function

Question 5

Q

Elasticity

Answer

A

scale up or down their IT infrastructure to meet changing demands. (Automatic scaling)

Question 6

Q

Predictability

Answer

A

forecasting performance or cost.

Question 7

Q

Security

Answer

A

data encryption identity and access management.

Question 8

Q

Governance

Answer

A

teams provide oversight and monitoring features to maintain and improve security posture over time.

Question 9

Q

Manageability

Answer

A

managing cloud resources

Question 10

Q

Agility

Answer

A

cloud-based resources can be deployed and configured quickly as your application requirements change. Quickly and easily allocate and deallocate resources as needed. (Scale quickly)

Question 11

Q

Performance predictability

Answer

A

predict the resources needed to deliver to ensure a satisfying experience for your customers.

Question 12

Q

Cost predictability

Answer

A

predict the cost of the cloud spend.

Question 13

Q

Management of the cloud

Answer

A

managing your cloud resources.
- Automatically scale resource deployment based on need.
- Deploy resources based on a preconfigured template, removing the need for manual configuration.
- Monitor the health of resources and automatically replace failing resources.
- Receive automatic alerts based on configured metrics, so you’re aware of performance in real time.

Question 14

Q

Management in the cloud

Answer

A

how you’re able to manage your cloud environment & resources. You can manage these:
- Through a web portal.
- Using a command line interface.
- Using APIs. (Application programming interface)
- Using PowerShell.

Question 15

Q

IaaS

Answer

A

you manage Applications, runtimes, security & integration & databases, data, O/S, middleware

Question 16

Q

Region

Answer

A

a group of multiple datacenters (Availability zones) & will generally contain 3 AZ.

Question 17

Q

PaaS

Answer

A

you manage applications & data

Question 18

Q

Azure Region pairs

Answer

A

Most Azure regions are paired with another region within the same geography (such as US, Europe, or Asia).The paired regions are at least 300 miles apart.

Question 19

Q

Sovereign regions

Answer

A

Are a subset of Azure regions that are dedicated to hosting data that has specific compliance and regulatory requirements, such as data sovereignty, residency, and privacy. These regions are designed to provide additional data protection and compliance measures, including isolated network connectivity and data replication within the same geographic region.

Question 20

Q

Availability zones - Availability zones are primarily for VMs, managed disks, load balancers, and SQL databases.

Answer

A

a physical location made up of 1 or more data centers. Equipped with independent power, cooling, and networking. Set up to be an isolation boundary. If 1 zone goes down, the other continues working. They are connected through high-speed, private fiber-optic networks.

Question 21

Q

Azure datacenters

Answer

A

are unique physical buildings located all over the globe that house a group of networked computer servers.
Contains a number of physical servers with their own power, cooling, & networking infrastructure

Question 22

Q

A resource group and a resource can be in 2 different locations (T or F)

Question 23

Q

A resource can only be in 1 resource group. (T or F)

Question 24

Q

Subscription:

Answer

A

are a unit of management, billing, and scale, allow you to logically organize your resource groups and facilitate billing.

Question 25

Q

Billing boundary

Answer

A

how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.

Question 26

Q

Access control boundary

Answer

A

Azure applies access-management policies at the subscription level. Allowing you to manage and control access to the resources that users provision with specific subscriptions.

Question 27

Q

Environments

Answer

A

create subscriptions to set up separate environments for development and testing, security, or to isolate data for compliance reasons. Resource access control occurs at the subscription level.

Question 28

Q

Organizational structures

Answer

A

You can create subscriptions to reflect different organizational structures. EX: you could limit one team to lower-cost resources, while allowing the IT department a full range. This design allows you to manage and control access to the resources that users provision within each subscription.

Question 29

Q

Billing

Answer

A

You can create additional subscriptions for billing purposes. Because costs are first aggregated at the subscription level, you might want to create subscriptions to manage and track costs based on your needs. You might want to create one subscription for your production workloads and another subscription for your development and testing workloads.

Question 30

Q

Azure management groups

Answer

A

manage access, policies, and compliance across multiple subscriptions. Offer a higher level of scope above individual subscriptions.

Question 31

Q

VMs (IaaS offering)

Answer

A

provide an abstraction layer of CPU, memory and storage.

Question 32

Q

Containers

Answer

A

virtualize the OS. Can quickly restart if there’s a crash or hardware interruption. Azure supports Docker.

Question 33

Q

Azure Functions (PaaS offering) a serverless solution

Answer

A

that allows you to write less code in the cloud w/o the need to manage the underlying servers, infrastructure or OSs.

Question 34

Q

Azure Virtual machine Scale Sets (VMSS) (IaaS offering):

Answer

A

create and manage a group of identical and load-balanced virtual machines.

Question 35

Q

Availability Sets (VM AS)

Answer

A

Ensure that VMs stagger updates and have varied power and network connectivity, preventing you from losing all your VMs with a single network or power failure.

Question 36

Q

Update domain

Answer

A

groups VMs that can be rebooted at the same time. Apply updates while knowing that only 1 update domain grouping will be offline at a time. All of the machines in one update domain will be updated. An update group going through the update process is given a 30-minute time to recover before maintenance on the next update domain starts.

Question 37

Q

Fault domain

Answer

A

groups your VMs by common power source and network switch. By default, an availability set will split your VMs across up to 3 fault domains. Helps protect against a physical power or networking failure by having VMs in different fault domains (thus being connected to different power and networking resources).

Question 38

Q

Azure Virtual Desktop (AVD)

Answer

A

a desktop virtualization and application virtualization service that runs on the cloud and enables users to use a cloud-hosted version of Windows (Windows 10 and 11 desktop versions) from anywhere in the world.

Question 39

Q

Containers

Answer

A

provide a virtualization environment where you can run multiple instances of applications on a single physical or virtual host.

Question 40

Q

Azure Container Instances (ACI) (PaaS offering)

Answer

A

Runs a container or pod of containers in Azure w/o having to manage any VMs.

Question 41

Q

Azure Container App (PaaS offering)

Answer

A

like container instances that can load balance and scale.

Question 42

Q

Azure Kubernetes Service (AKS) (PaaS offering)

Answer

A

Easy to deploy, manage, and scale containerized applications. Uses the open source Kubernetes (KB) software.

Question 43

Q

Azure App Service (PaaS offering):

Answer

A

build and host web apps, background jobs, mobile back-ends and RESTful APIs in the programming language of your choice w/o managing infrastructure.

Question 44

Q

Web Apps

Answer

A

hosting web apps by using ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python. You can choose either Windows or Linux as the host OS.

Question 45

Q

API Apps:

Answer

A

you can build REST-based web APIs by using your choice of language and framework. You get full Swagger support and the ability to package and publish your API in Azure Marketplace. The produced apps can be consumed from any HTTP- or HTTPS-based client.

Question 46

Q

WebJobs

Answer

A

run a program (.exe, Java, PHP, Python, or Node.js) or script (.cmd, .bat, PowerShell, or Bash) in the same context as a web app, API app, or mobile app. They can be scheduled or run by a trigger. WebJobs are often used to run background tasks as part of your application logic.

Question 47

Q

Mobile Apps:

Answer

A

build a backend for iOS and Android apps. With just a few actions in the Azure portal, you can:
= Store mobile app data in a cloud-based SQL database.
- Authenticate customers against common social providers, such as MSA, Google, Twitter, and Facebook.
- Send push notifications.
- Execute custom back-end logic in C# or Node.js.

Question 48

Q

Azure DNS:

Answer

A

a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services.

Question 49

Q

Azure Public DNS

Answer

A

is a hosting service for DNS domains. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

Question 50

Q

Azure Private DNS

Answer

A

is a DNS service for your virtual networks. Manages and resolves domain names in the virtual network without the need to configure a custom DNS solution.

Question 51

Q

Azure DNS Private Resolver

Answer

A

enables you to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM based DNS servers.

Question 52

Q

Point-to-site virtual private network (P2S VPN)

Answer

A

connections are from a computer outside your organization back into your corporate network. In this case, the client computer initiates an encrypted VPN connection to connect to the Azure virtual network. Useful for telecommuters who want to connect to Azure VNets from a remote location, frome home or a conference.

Question 53

Q

Site-to-site virtual private networks (S2S VPN)

Answer

A

link your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network. The devices in Azure can appear as being on the local network. The connection is encrypted and works over the internet.

Question 54

Q

Azure ExpressRoute:

Answer

A

a dedicated private connectivity to Azure that doesn’t travel over the internet. Useful for environments where you need greater bandwidth and even higher levels of security.

Question 55

Q

Border Gateway Protocol (BGP)

Answer

A

works with Azure VPN gateways, Azure Route Server, or Azure ExpressRoute to propagate on-premises BGP routes to Azure virtual networks.

Question 56

Q

Route tables

Answer

A

define rules about how traffic should be directed. Create custom route tables that control how packets are routed between subnets.

Question 57

Q

Azure virtual subnets

Answer

A

subnets are the small networks used to divide the Virtual network into multiple small networks (sub networks) for the organization. It is a range of IP addresses in the VNet. Each network Interface Card (NIC) in a virtual machine is connected to a 1 subnet in 1 VNet. After this, we can deploy our resources into a specific subnet in the virtual network.

Question 58

Q

Virtual Network Peering (VNet Peering)

Answer

A

we can connect 2 VNets within Azure through a private network, we can connect over the private IP address space. Allowing you to have seamless connectivity between 2 or more VNets in Azure. No Need for a public IP address in VNet Peering.

Question 59

Q

Regional VNet peering:

Answer

A

connects VNets within the same Azure region.

Question 60

Q

CloudExchange colocation

Answer

A

your datacenter, office, or other facility being physically co-located at a cloud exchange, such as an ISP.

Question 61

Q

Global VNet peering:

Answer

A

connects VNets across Azure regions.

Question 62

Q

Point-to-point Ethernet connection

Answer

A

using a P2P connection to connect your facility to the Microsoft cloud.

Question 63

Q

Any-to-any connection

Answer

A

you can integrate your wide area network (WAN) with Azure by providing connections to your offices and datacenters.

Question 64

Q

Azure load balancer

Answer

A

even traffic distribution for non-HTTP (non-web) traffic.

Answer 63

A

can provide outbound connections for virtual machines (VMs) inside your virtual network. Translating their private IP addresses to public IP addresses. Used to load balance internet traffic to your VMs.

Answer 64

A

is used where private IPs are needed at the frontend only. Used to load balance traffic inside a virtual network

Answer 65

A

even traffic distribution for HTTP (web) traffic.

Answer 66

A

global content caching & distribution to offload web applications & reduce latency.

Answer 67

A

send encrypted traffic between an Azure virtual network and an on-premises location over the public internet.

Answer 68

A

specify statically the IP address of packets that should be encrypted through each tunnel. Evaluates every data packet against those sets of IP addresses to choose the tunnel where that packet is going to be sent through.

Answer 69

A

IPSec tunnels are modeled as a network interface or virtual tunnel interface. IP routing (either static routes or dynamic routing protocols) decides which one of these tunnel interfaces to use when sending each packet. Route-based VPNs are the preferred connection method for on-premises devices. They’re more resilient to topology changes such as the creation of new subnets.

Answer 70

A

A site-to-site VPN connection between an Azure virtual network and your local network.

Answer 71

A

a public IP address and can be accessed from anywhere in the world. You can access the managed instance from multi-tenant Azure services like Power BI, Azure App Service, or on-premises network. No need for VPN.

Answer 72

A

a network interface that uses a private IP address from your VNet. This network interface connects you privately and securely to the service provided by Azure Private Link. By enabling a private endpoint, you are bringing the service into your virtual network.

Answer 73

A

storing data that is accessed frequently. Highest storage cost, lowest access cost. Ex: Images for your website.

Answer 74

A

data that is infrequently accessed and stored for at least 30 days. Lowest storage cost, higher access cost. Ex: customer invoices

Answer 75

A

data that is rarely accessed and stored for at least 180 days with flexible latency requirements. Lowest storage cost, highest access cost. Highest data retrieval & rehydration costs. Ex: long term backups.

Answer 76

A

An online tier optimized for storing data that is rarely accessed or modified, but still requires fast retrieval. Data in the cold tier should be stored for a minimum of 90 days. The cold tier has lower storage costs and higher access costs compared to the cool tier.

Answer 77

A

copies your data synchronously 3 times within a single physical location in the primary region. (99.999999999%) (11 nines) durability. Cheapest option. Not recommended for apps requiring high availability or durability.

Answer 78

A

Copies data synchronously across 3 AZs in a primary region. (99.9999999999%) (12 nines) durability. For applications requiring high availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region.

Answer 79

A

copies your data synchronously 3 times within a single physical location in the primary region using LRS. Then copies your data asynchronously to a single physical location in the secondary region. Within the secondary region, your data is copied synchronously 3 times using LRS. (99.999999999%) (16 nines) of durability. GRS replicates data by storing 3 copies in each of 2 regions.

Answer 80

A

copies your data synchronously across 3 Azure AZ in the primary region using ZRS. Then copies your data asynchronously to a single physical location in the secondary region. Within the secondary region, your data is copied synchronously 3 times using LRS.(99.999999999%) (16 nines) of durability.(for a total of 6 copies of your data)

Answer 81

A

Copies data synchronously in primary region. Copies data synchronously to another region. (99.999999999%) (16 9’s) of durability.

Answer 82

A

Copies data synchronously across 3 AZs in a physical region. Copies data synchronously to another region. (99.999999999%) (16 9’s) of durability.

Answer 83

A

guarantee the data is going to be there

Answer 84

A

all the data might not be there

Answer 85

A

provides a unique namespace for your Azure Storage data that’s accessible from anywhere in the world over HTTP or HTTPS. Data in this account is secure, highly available, durable, and massively scalable

Answer 86

A

command line utility, use to copy blobs or files to or from your storage account. Upload files, download files, copy files between storage accounts, & synchronize files. Can upload VHD files to Azure storage accounts.

Answer 87

A

a graphical interface with Azure storage data on Windows, macOS, and Linux. You can create Blob containers, upload files, create snapshots of disks, or move between storage accounts.

Answer 88

A

maintains a bidirectional synchronization of files between your on-premises and cloud Windows servers. Automatically keeps files between an on-premises Windows server and an Azure cloud environment updated.

Answer 89

A

helps you migrate from an on-premises environment to the cloud.

Answer 90

A

moves large amounts of offline data to Azure.

Answer 91

A

restoring operations after a disaster.

Answer 92

A

can authorize and authenticate to multiple sources. To your on-premises AD, web application, allow users to login with their eg. FB or Google, Office 365 or Azure.

Answer 93

A

verify identity to access applications and resources

Answer 94

A

provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication.

Answer 95

A

enables a user to sign in one time and use that credential to access multiple resources and applications from different providers

Answer 96

A

prompting a user for an extra form (or factor) of identification during the sign-in process

Answer 97

A

the password is removed and replaced with something you have, something you are, or something you know.

Answer 98

A

allows users and organizations to leverage the standard to sign-in to their resources w/o a username or password by using an external security key or a platform key built into a device.
- USB devices, Bluetooth or NFC

Answer 99

A

Collaborate with external users by letting them use their preferred identity to sign-in to your Microsoft applications or other enterprise applications (SaaS apps, custom-developed apps, etc.). B2B collaboration users are represented in your directory, typically as guest users.

Answer 100

A

Establish a mutual, two-way trust with another Microsoft Entra organization for seamless collaboration. Supports Teams shared channels, enabling external users to access your resources from within their home instances of Teams. B2B direct connect users aren’t represented in your directory, but they’re visible from within the Teams shared channel and can be monitored in Teams admin center reports.

Answer 101

A

Publish modern SaaS apps or custom-developed apps (excluding Microsoft apps) to consumers and customers, while using Azure AD B2C for identity and access management.Supports Entra & social identities.

Answer 102

A

collaborate with multiple tenants in a single Entra ID organization via cross-tenant synchronization. Good for conglomerates, mergers, multi-cloud, dev/test/staging tenants.

Answer 103

A

a tool that Microsoft Entra ID uses to allow (or deny) access to resources based on identity signals.

Answer 104

A

help you manage who has access to Azure resources. What they can do with those resources.
Which resources/areas they have access to.

Answer 105

A

you can read, grant, create, update & delete

Answer 106

A

You can read, create, update & delete but YOU CANNOT GRANT

Answer 107

A

Read only

Answer 108

A

You can only grant

Answer 109

A

Always authenticate and authorize based on all available data points.

Answer 110

A

Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection

Answer 111

A

Minimize blast radius and segment access. Verify end-to-end encryption. Use analytics to get visibility, drive threat detection, and improve defenses.

Answer 112

A

first line of defense to protect computing hardware in the datacenter.

Answer 113

A

ensures identities are secure, that access is granted only to what’s needed, and that sign-in events and changes are logged.
Control access to infrastructure and change control.
Use SSO & MFA
Audit events and changes.

Answer 114

A

protects from network-based attacks against your resources. Identifying these attacks, eliminating their impact, and alerting you when they happen are important ways to keep your network secure.

Answer 115

A

limits communication between resources through segmentation and access controls

Answer 116

A

secures access to virtual machines. Implement endpoint protection on devices and keep systems patched and current.

Answer 117

A

ensure that applications are secure and free of security vulnerabilities. Store sensitive application secrets in a secure storage medium. Make security a design requirement for all application development.

Answer 118

A

access to business and customer data that you need to protect.

Answer 119

A

a malicious attempt to disrupt normal traffic by flooding a website with large amounts of fake traffic.

Answer 120

A

monitoring, assessing, and improving the security posture of your Azure resources. It continuously analyzes the security state of your Azure workloads and provides security recommendations based on best practices and industry standards. Monitors your cloud, on-premises, hybrid, and multi-cloud environments.

Answer 121

A

Know your security posture. Identify and track vulnerabilities.

Answer 122

A

Harden resources and services with Azure Security Benchmark.

Answer 123

A

Detect and resolve threats to resources, workloads, and services

Answer 124

A

provides an overview of your organization’s compliance posture against various regulatory standards and frameworks. It gives you insights into how well your organization aligns with regulatory standards and frameworks. It gives you insights into how well your organization aligns with regulatory requirements and helps you assess your overall compliance status.

Answer 125

A

give you an estimated cost for provisioning resources in Azure. Estimate the cost of any provisioned resources, including compute, storage, and associated network costs. You can even account for different storage options like storage type, access tier, and redundancy.

Answer 126

A

compare the costs for running an on-premises infrastructure compared to an Azure Cloud infrastructure. You enter your current infrastructure configuration, including servers, databases, storage, and outbound network traffic.

Answer 127

A

check Azure resource costs, create alerts based on resource spend, and create budgets that can be used to automate management of resources. Helps you monitor, analyze & optimize your Azure spending. It provides cost analysis, budgeting and alerts.

Answer 128

A

are specific to individual resources and must be applied directly to each resource separately. A key and a value pair that you can assign to Azure resources.

Answer 129

A

1) Risk and compliance - for risk, compliance and legal teams.
Protect sensitive data across clouds, apps, and devices.
Identify data risks and manage regulatory compliance requirements.
Get started with regulatory compliance.
Helps manage and monitor your data with Teams, OneDrive, & Exchange
2) Unified data governance - for data consumers, data engineers, data officers.
Identify where sensitive data is stored in your estate.
Create an up-to-date map of your entire data estate that includes data classification and end-to-end lineage.
Create a secure environment for data consumers to find valuable data.
Generate insights about how your data is stored and used.
Manage access to the data in your estate securely and at scale.

Answer 130

A

Data Estate Insights - accesses data estate health.
Data Policy – governs access to data.

Answer 131

A

allows you to enforce and assess compliance with organizational standards and best practices across your Azure environment. It provides a centralized way to define and enforce policies that govern resource configurations and deployments.

Answer 132

A

a group of policy definitions. (group related policies together)

Brainscape's Knowledge GenomeTM

az-900 Flashcards

Brainscape's Knowledge Genome^TM