AZ-900 Exam Prep

Question 1

AZ-900 Exam Overview

(3 sections & contents)

Answer 1

• Concepts (25-30%)
  
  • define
  • benefits
  • service types
• Architecture & Services (35-40%)
  
  • components
  • compute
  • networking
  • storage
  • identity, access, security
• Management & Governance (30-35%)
  
  • cost mgmt.
  • gov & compliance tools
  • deployment
  • monitoring tools

Question 2

— Cloud Concepts Dividers —

Answer 2

— Cloud Concepts —

Question 3

Benefits of Cloud

(6)

Answer 3

1. High Availability: services running for long periods of time
2. Scalability: add or remove resources
3. Elasticity: automatic scability
4. Agilty: fast delivery of resources
5. Geo-Distribution: deploy globally, best perf within region
6. Disaster Recovery: speed of resoration during failure

Question 4

Charcteristics of Cloud Resources

(DSSMA) (5)

Answer 4

1. Durable: high availability & redundancy
2. Secure: auto encryption & role-based access controls
3. Scalable: unlimited storage
4. Managed: handles maintenance & critical problem for the user
5. Accessible: anywhere with HTTP/HTTPS

Question 5

3 Types of Cloud Models & Benefits

Answer 5

Public: owned by service/hosting provider, subscription to user, accessable with internet

• no capex, agile, consumption based model

Private: single compnay is user and provider, no public access

• capex, complete control

Hybrid: public + private

• most flexible model

Question 6

3 Types of Cloud Service Models

(the aaS services)

Answer 6

IaaS: hosting company manages the infastructure (hardware, servers, virtual machines, networks, security, firewalls), client everything else

PaaS: hosting company provides the infastructure as well as the development tools, database managment, os, and everything else except the application

SaaS: everything including the applications are hosted and managed by the provider, patches and updates are also managed by the provider (Office 365 is a good example)

Question 7

Region Definition

Answer 7

Multiple datacenters in close proximity geographically with low latency between them

Question 8

Region Pairs

(def & 3 advantages)

Answer 8

region pairing within the same geography: replication of resources and fault tolerance redundancy

• outage backup
• minimizing downtime during updates
• same geography (tax & regulatory concerns)

Question 9

Geographies

(2 part definition)

Answer 9

• discrete marketplace with 2+ regions
• data residency & compliance boundaries

Question 10

Availability Zones

Answer 10

physically seperate data centers within a region, designed for hardware fault tolerance

(independant power, cooling, networking)

Question 11

Availability Sets

(def & 2 components)

Answer 11

• available in case of hardware failure
• components:
  
  1. update domin: maintainence, updates
  2. fault domain: physical separation of hardware within datacenter

Question 12

Organizing Structure of Resources in Azure

(4 hierarchical levels)

Answer 12

• managment groups: manage IAM across multi subscriptions
• subscriptions: groups user accounts, aligns to resource groups
• resource groups: container to hold resources
• resources: instances of services (VMs, Storage, SQL DBs)

Question 13

Resource Manager

(does 4 things)

Answer 13

• manages the resource group
• deploy applications
• organize resources
• controls access

Question 14

Resource Group

(def & 3 rules)

Answer 14

• container to manage the reasources needed for an application to run
• rules:
  
  1. resource can only be aligned to one group
  2. can be moved across different regions
  3. application can have more than one resource group
• example resources:
  
  • metering & billing
  • policies
  • monitoring & alerts
  • quotas
  • access control

Question 15

— Core Azure Services —

Answer 15

— Core Azure Services —

Question 16

Data Residency Definition

Answer 16

also called data localization

data that has to reside within the borders of the country

it cannot be replicated in a foreign jurisdication

Question 17

Dedicated Host

Answer 17

physical server that is specific to your organization

customer does not share physical hardware with another organization

Question 18

Networking Services in Azure

(5)

Answer 18

• virtual network: IaaS; connect/comms between resources
  
  • VMs, web apps, databases, etc. connection
• vpn gateway: encrypted connection between networks; PaaS
  
  • prem to cloud connection; ExpressRoute
  • point-to-site: device connection to virtual networks
  • network to netowrk connection
• load balancer: auto scale VMs
• app gateway: manage app web traffic
• content delivery network: deliver web content to users

Question 19

VNet Peering & Virtual Networks

Answer 19

• restricted to within a single region
• connect VMs across regions with VNet Peering

Question 20

ExpressRoute Connections

Answer 20

creates private connections between Azure datacenter and on prem networks

Question 21

Storage Services

(3)

Answer 21

1. Blob: holds any type of data
2. Disk: disks for vms, apps, etc.; think SSD or HDD in the cloud
3. File: think desktop file storage in cloud

Question 22

Database & Analytics Services

(3 & 4)

Answer 22

Database

1. Cosmos DB: scale throughput storage; NoSQL/schemaless data
2. SQL Database: relational SQL Server in the cloud
3. Data Lake/Blob: migrations between multiple databases

Analytics

1. Synapase: enterprise data warehousing
2. HDInsight: cloud distro of Hadoop componenets
3. Databricks: spark commerical build
4. Data Lake Analytics: per query analytics against data lake

Question 23

ARM Template

Answer 23

templates and starting points for building out any of the various resources in Azure

Question 24

Azure Locks

(2)

Answer 24

1. read-only: no modification
2. delete: cannot delete or move

Question 25

Azure Autopilot

what is it?

how does it differ from traditional deployment?

Answer 25

• autopilot is the modern deployment of operating systems

1. traditional:
   
   1. deploys windows images
   2. either pre-installed OS or not
   3. no previous windows 10 install needed
   4. uses on-prem infastructure
2. modern: autopilot
   
   1. does not deply windows 10 images
   2. can only be installed with windows 10 & later OS
   3. requires previous windows 10 installed
   4. uses cloud infastructure

Question 26

Most Prominent Compute Services

(4)

when to use?

Answer 26

1. Virtual Machines: physical computers in the cloud; IaaS - virtualize the hardware
2. Containers: includes kubernetes; app enviro without compute; virtualize the os
3. App Services: build, deploy, scale apps; PaaS
4. Functions (Severless Computing): event driven backend services

— when to use

1. virtual machines
   
   1. testing and development
   2. run apps in the cloud
   3. extending datacenter to the cloud
   4. during diaster recovery
2. host apps
3. run multiple instances of an app and OS on a single machine
4. event driven

Question 27

VM Scale Sets & Azure Batch

Answer 27

Scale Sets

• create and manage groups of identical, load-balanced VMs

Azure Batch

• large-scale parallel, high performance computing (HPC)

Question 28

Key Features of Azure Virtual Desktop

(3)

Answer 28

1. simplified mgmt: tools to automate deploy, updates, & diaster recovery
2. performance mgmt: load balancer, host pools (collections of VMs with same config assigned to multiple users)
3. multi-session windows 10 deploy: multi concurrent users on a single VM

Question 29

— Core Solutions & Management Tools Divider —

Question 30

IoT Solutions

(3)

when to use each service?

Answer 30

1. IoT Central: SaaS; reporting & mgmt dashboard
2. IoT Hub: central message hub for IoT devices
3. IoT Sphere: ​micro-controller unit (mcu)/processing, linux OS, sphere security services (AS3).

— when to use each

1. central when reporting & mgmt, update settings or software remotely is needed - when you purchase central you get hub
2. hub when devices need to communicate with each other
3. sphere when security is a major issue, remote software updates where hacks could occur

Question 31

AI Solutions

(5)

Answer 31

• machine learning service: cloud-based environment to develop, deploy, train, test, andg manage models
• machine learning studio: gui version of ml services; low-code environment
• event grid: publish & mange models for events (ex. database is updated with new data so you would then run a model from that)
• cognitive services: models for images, video, audio
• bot services: virtual agents that communicate with humans

Question 32

Difference between Functions & Logic Apps

Answer 32

both are used to create event driven serverless computing instances, but logic apps are GUI based

— when to use

1. logic apps: orchestration, quicker than functions
2. functions: custom algorithmns, existing automated task

Question 33

DevOps Solutions

(3)

decision criteria (5 questions)

Answer 33

• DevOps Services: development collaboration tools and cloud-based load testing
• DevTest Labs: quickly create environments for dev & test apps
• GitHub: github extension in Azure

– decision criteria for choosing

1. automate test lab creation: DevTest
2. open-source software: GitHub
3. premission granularity: DevOps
4. sophisticated pm tools: DevOps
5. tight integration with 3rd party tools: GitHub or DevOps

Question 34

Mgmt Tools

(5)

decision criteria?

(4)

Answer 34

1. azure portal: gui website to azure
2. powershell: MS command line scripting language
3. command line interface (CLI): linux, bash, powershell, etc.
4. mobile app: alerts, run CLI/powershell cmds, monitor health
5. arm templates: templates to build out resources

— decision criteria —

1. one-off mgmt, admin, reporting: CLI, powershell, Portal
2. repeatedly set up reasources: ARM
3. Windows or Linux background
   
   1. windows: powershell
   2. linux: CLI
4. away from computer: mobile app

Question 35

DevOps Services

(detailed list)

(5)

Answer 35

1. repos: centralized source-code repository
2. boards: kaban boards, reporting, tracking
3. pipelines: CI/CD pipeline automation tool
4. artifacts: host artifacts
5. test plans: automated test for CI/CD pipeline

Question 36

Security Monitoring Services

(3)

Answer 36

1. advisor: recommendations for reliability, security, and performance, cost, operational excellence
2. monitor: collecting & analyzing logging data, alerts, usage metrics
3. service health: service issues (ex. outages), planned maintenance, health advsories (avoid service interuption). root cause analysis

Question 37

– Network Security Divider –

Answer 37

– Network Security Divider –

Question 38

Solutions provided by SecurityCenter

(def & 4)

Answer 38

– protect against security threats

1. just-in-time vm access
   
   1. ​control for network ports
   2. blocks traffic to specific ports by default
2. adaptive applications controls
   
   1. ​control which applications run on which vms
   2. ml: exception rules/alerts about unauthorized access
3. adaptive hardening networks
   
   1. ​monitor internet traffic patterns of vms
4. file integrity monitoring
   
   1. monitor changes to important files

Question 39

Azure Sentinel

def & 3 benefits

Answer 39

– detect & respond to security threats

– security information and event mgmt (SIEM) system

1. collect data at scale
2. built in analytics to detect threats
3. rapid incident response

Question 40

Key-Vault

(4 things you store)

Answer 40

– store secrets in a centralized location

1. passwords, tokens, certificates
2. encryption keys
3. SSL/TLS certificate mgmt
4. secrets backed by hardware security modules (HSMs)

Question 41

Security Layers

(7)

Answer 41

1. physical: building & hardware
2. identity & access: access given to only those who need it
3. perimeter: DDoS & firewalls (network based attacks)
4. network: limiting network connectivity/communication
5. compute: malware, endpoint protection
6. aplication:vulnerabilites in app code
7. data: in almost all cases attackers are after data of somekind

Question 42

Elements of Security Posture

(3)

Answer 42

1. confidentiality: principle of least previlege (explicit access)
2. integrity: unauthorized changes to information
3. availability: accessed only by authorized users

Question 43

Firewall

Answer 43

monitors and restricts inbound and outbound network traffic

Question 44

DDoS Attacks

&

Azure Service Tiers

Answer 44

distributed denial of service attacks - overwhelm a exhaust applications resources, unresponsive to legitimate users

1. basic: automatically enabled
2. standard: specific to your network resources

Question 45

Attacks DDoS Protection Helps Against

(3)

Answer 45

1. volumetric: flooding a network layer
2. protocol: eatup processing capacity with malicious request
3. application layer attacks (web): target web apps to disrupt transmission of data between hosts

Question 46

Network Security Groups

Answer 46

internal firewall, that allows you to set up security rules to filter traffic between azure resources

Question 47

— Identity, Governance, Privacy, & Compliance Divider —

Answer 47

— Identity, Governance, Privacy, & Compliance Divider —

Question 48

Authentication v. Authorization

Answer 48

authentication: establishing identity, verifying credentials

authorization: what level of access should be granted

Question 49

Azure Active Directory

(def. & 4 services)

Answer 49

identity and access management services

1. authentication
2. single sign-on
3. application mgmt: user access to correct apps
4. device mgmt: registration of devices

Question 50

conditional access

Answer 50

allow or deny access to resuources based on who the user is, where they are accessing from, and the device they are using to request access

Question 51

resource locks

Answer 51

• protection from accidental modifications or deletions
• 2 types
  
  • CanNotDelete
  • ReadOnly

Question 52

resource tags

(what they do?, where are they managed?)

Answer 52

• organize resources
• provide metadata about the resource
• manage using azure policy

Question 53

azure policy & policy initiatives

Answer 53

• creates rules to enforce resource configurations to stay in compliance
• group policies with policy initiatives

Question 54

azure blueprints

Answer 54

• orchestrates the deployment a various resource templates
  
  • role assignments
  • policy assignments
  • resource manager templates
  • resource groups

Question 55

cloud adoption framework

def. & stages (5)

Answer 55

• tools, documentation, best practices
• stages
  
  1. define strategy
  2. create a plan
  3. ready the organization
  4. adopt the cloud
  5. govern & manage your environment

Question 56

subscription governance strategy

(3 components)

Answer 56

1. billing
2. access controls
3. subscription limits