AZ-900 (Azure Fundamentals) Flashcards
Availability set
The spreading of VM’s across multiple servers and racks in the same datacenter
Availability zone
Each availability zone is (group of) datacenter that is fully separate from other availability zones, complete with dedicated power, cooling, and data connections. If one zone is compromised, then replicated apps and data are instantly available in another zone.
Region pair
Region pairs are datacenter regions that are intimately connected, and at least 300 miles apart. They are connected through a dedicated low latency connection.
Geography
Geographic regions, such as: Europe, America, Asia, Middle East, etc
Account
A connected identity, such as a natural person
Subscription
A logical container used to provision cloud resources. Each subscription will result in a single invoice per month.
Azure AD
Your Azure login identity that is provisioned under a specific tenant. It’s the cloud/azure evolution of Active Directory, which is a B2B identity management service.
Azure Support plan
An additional program that can be requested / used by clients to support them in their onboarding. Contains of access to a develop (for 8 hours, in SLA and per mail), standard support (24/7 mail and phone, SLA within 1 hour), direct access to professionals (training, onboarding, seminars, etc) and Premier access (azure event management and TAM)
Scale sets
Are sets of VM’s that can be managed and configured as a single unit. For example, a single web-app might require a multiple VM’s. You can create a single scale set (and all it’s required VM’s) to extend application capacity. Works with load balancer and application gateway
Compute options
- Serverless computing
- Logic apps
- Functions
- Azure app service
- Container
Serverless computing
Computing without infrastructure management and that is easily scalable, so that you only have to focus on application development.
Logic app
A serverless compute model that is based on a graphical interface (WYIWYG editor) which can be used to visually build logic apps
Functions
A serverless compute model, similar to logic apps, that is based on scripting. Only upload the actual logic script, no need to manage scalability or infrastructure
App service
Service that hosts webapps, APIs and webjobs. More than a single script, but still no need to manage entire infrastructure
Container
Lightweight OS virtualization. Where a VM virtualizes hardware, a container virtualizes the OS. Allows you to divide combined solutions into smaller microservices. E.g. front-end is in one container, back-end and database are in another. If one virtualized OS (container) crashes, it doesn’t affect other containers.
Storage options
- SQL DB
- Cosmos DB
- Blobstorage
- AzureFiles
- Azure Queue
- Disk Storage;
- Hot, Cool, Arch(ive)
SQL DB
Storage of structured data
Cosmos DB
Database that is global automatically, and works schemaless. Can be accessed in multiple DB formats. Structured data
BlobStorage
Storage for Blobs (Binary Large Objects), a form of unstructured data
Datalake storage
Hierarchical data that is ready to be analyzed (structured, semi-structured and unstructured data)
Azure Files
Fully managed files shares that are available in Server Message Block (SMB) or Network File System (NFS) format, accessible to Windows, Linux and macOS
Azure Queue
Service for storing a large number of system messages, accessible via REST API
Disk Storage
Block storage to be used by virtual machines, comes in formats such as: HDD, SSD< Premium SSD and Ultra Disk Storage.
Hot storage
Online tier designed for data that is accessed/modified daily. High storage cost, low access cost
Cool storage
Online tier designed for data that is accessed/modified monthly. Medium storage cost, medium access cost
Arch(ive)
Offline tier designed for data that is not accessed/modified in intervals shorter than 180 days. Low storage cost, High access cost
Network options
- Virtual network
- VPN Gateway
- Network Security group
- High availability
- Reliency
- Load balancer
- Application gateway
- Content Distribution Network (CDN)
- Traffic Manager
Virtual Network
A virtual network in which azure resources can securely communicate with each other
Multi-tier Web
- Web tier
- Business tier
- Data tier
Web tier
Web tier: The top layer including the user interface. This layer parses user interactions and passes the actions to next layer for processing.
Business tier
Business tier: Processes the user interactions and makes logical decisions about the next steps. This layer connects the web tier and the data tier.
Data tier
Data tier: Stores the application data. Either a database, object storage, or file storage is typically used.
VPN Gateway
Works on the webtier in Azure, and on data tier and service tier on prem. Allows for the creation of connections between cloud and on-prem
Network Security Group
Group of resources for which certain traffic rules apply. Similar to a firewall. For example, the allowance of UDP connections on port 1337
High Availability
Means that service will be operating for a long time without interruption
Reliency
The staying operational during abnormal conditions. E.g. perseverance through traffic spikes, power fluctuations, weather events, maintenance
Load Balancer
Distributes traffic evenly among webservers. Increases availability and resilience
Azure load balancer
Load balancer service from Azure. Operates at level four (TCP/UDP) of the OSI-schema.
Application Gateway
Web traffic load balancer for web applications. Operates at level seven (url-based routing). Allows for secure (HTTPS) transport of data such as images or video.
Content Distribution Network
Network that distributes (caches) content on geographically dispersed and strategic locations around the world
Traffic Manager
Redirects end-users to the closest datacenters, for improved latency (packet travel time)
Network Security Options
- Azure Firewall
- Application Gateway
- Web application firewall
- DDOS Protection
- Azure Express Route
- Azure Information Protection
- Azure Threat Protection
Azure Firewall
Firewall service by Azure that protects your virtual network. Protects for inbound and outbound traffic. Can block on port, ip and protocol level (e.g. 80, 192.168.1.1, RDS/FTP)
Application Gateway
Contains a web application firewall
Web Application Firewall
Centralized servers that filters invalid requests. For example, SQL injection and XSS attacks are filtered before they reach the web application
DDOS Protection
Protection against denial of service attacks. Exists in both Basic and Standard form.
Basic DDOS Protection
Defense against common network-layer attacks through always-on traffic monitoring and real-time mitigation.
Standard DDOS Protection
Includes same as basic, plus: availability guarantee, cost protection (overcosts are compensated), metrics & alerts, mitigation reports, rapid response support
Azure Express Route
Private fiber connection from own premise to MS Cloud
Azure Information Protection
The making confidential of files, e-mails and other data
Azure Threat Protection AKA Defender for Identity
Protection against attacks, malicious insider actions and includes a ATP portal. Works through analyzing logs including tenant’s users behaviour
Security Options
- Defense in Depth
- Encryption
- Encryption at rest
- Encryption in Transit
- Azure Storage Service Encryption
- Azure Disk Encryption
- Transparent Data Encryption
- Key Vault
Defense in Depth
Defend not a single layer, but all layers: Data, Application, Compute (VM access), Networking (deny by default), Perimeter (DDOS), Identity (access), Physical (datacenter building)
Encryption at rest
Encryption of physically stored data
Encryption in transit
Encryption of data moving on the internet
Azure Storage Service Encryption
Encryption of Azure storage service. Is standard in blob storage and queue storage
Azure Disk Encryption
Encryption of the disk for the VM (even when account is breached, data is still encrypted)
Transparent Data Encryption
Opaque encryption voor databases, is default in SQL DB
Key Vault
Vault for Passwords, certificates and API keys
Azure Policy
Allows enforcing rules and standards for resources. E.g. certain tag is required
Initiative
A collection (/group) of policies.
Azure Management Group
Allows creation of hierarchical order of resources and apply policies accordingly
Blueprint
Collection of role assignments, policies, resources and groups. Can be applied to easily roll out an entire environment (for a new web-app for example).
Azure Resource Manager
Management to to create roles for RBAC, to creates policies, etc
Azure Security Center
Management console/center to protect azure and hybrid resources, including compliancy. It gives resources a security score depending on whether certain security aspects are met.
Azure Monitor Metrics
Shows telemetry regarding applications, servers. Also allows for creation of alerts and rule-based auto-scaling
Azure Service Health
Shows Azure service issues, planned maintenance and other health alerts relevant to tenant usage
Trust Center
A center where privacy, compliancy and security policies are displayed (general for all Azure clients)
Service Trust Portal
Portal to review independently available audit reports, which provides details on data protection compliance. E.g. ISO, SOC, NIST, FedRAMP & GDPR.
TCO Calculator
Calculator for total cost of ownership, mainly to differentiate between costs of on-prem and cloud based workloads
Pricing Calculator
Calculator to estimate pricing of individual resources in Azure
Azure reservations
Reserve resources in order to gain discounted prices on certain Azure services
Azure Cost Management + Billing
Service that helps you understand your Azure bill, manage your account (and subscriptions), monitor and control resource and optimize spending. Includes tools to budget, get alerts and enrich data.
SLA Up-Time: 99%, 99.9% (how much downtime)
1.66 hrs/week & 7.2hrs/month
10 mins/week & 43.2 mins/month
Service Level Agreement (SLA)
Formal agreement between a service provider (Azure) and a customer about what level of service is offered. For Azure, this mainly means how much uptime Azure services have
Azure Status
Service that provides a global overview of the health of Azure services and regions. This is a good place to check if you think Azure has an outage
Application SLA
Defines the SLA requirements for a specific application. Generally, this is the application built by the tenant (how critical is your webapp, what should be its uptime?). These requirements can be mapped to Azure SLA
Composite SLA
The combination of multiple SLAs to determine the total SLA. For example, you need a VM (SLA=99.9%) and an application gateway (SLA=99.99%). Composite SLA is calculated as 0.999*0.9999 = 0,9989001 = 99,89001%
