AZ-900 Exam Prep Flashcards

1
Q

AZ-900 Exam Overview

(3 sections & contents)

A
  • Concepts (25-30%)
    • define
    • benefits
    • service types
  • Architecture & Services (35-40%)
    • components
    • compute
    • networking
    • storage
    • identity, access, security
  • Management & Governance (30-35%)
    • cost mgmt.
    • gov & compliance tools
    • deployment
    • monitoring tools
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

— Cloud Concepts Dividers —

A

— Cloud Concepts —

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Benefits of Cloud

(6)

A
  1. High Availability: services running for long periods of time
  2. Scalability: add or remove resources
  3. Elasticity: automatic scability
  4. Agilty: fast delivery of resources
  5. Geo-Distribution: deploy globally, best perf within region
  6. Disaster Recovery: speed of resoration during failure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Charcteristics of Cloud Resources

(DSSMA) (5)

A
  1. Durable: high availability & redundancy
  2. Secure: auto encryption & role-based access controls
  3. Scalable: unlimited storage
  4. Managed: handles maintenance & critical problem for the user
  5. Accessible: anywhere with HTTP/HTTPS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

3 Types of Cloud Models & Benefits

A

Public: owned by service/hosting provider, subscription to user, accessable with internet

  • no capex, agile, consumption based model

Private: single compnay is user and provider, no public access

  • capex, complete control

Hybrid: public + private

  • most flexible model
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

3 Types of Cloud Service Models

(the aaS services)

A

IaaS: hosting company manages the infastructure (hardware, servers, virtual machines, networks, security, firewalls), client everything else

PaaS: hosting company provides the infastructure as well as the development tools, database managment, os, and everything else except the application

SaaS: everything including the applications are hosted and managed by the provider, patches and updates are also managed by the provider (Office 365 is a good example)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Region Definition

A

Multiple datacenters in close proximity geographically with low latency between them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Region Pairs

(def & 3 advantages)

A

region pairing within the same geography: replication of resources and fault tolerance redundancy

  • outage backup
  • minimizing downtime during updates
  • same geography (tax & regulatory concerns)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Geographies

(2 part definition)

A
  • discrete marketplace with 2+ regions
  • data residency & compliance boundaries
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Availability Zones

A

physically seperate data centers within a region, designed for hardware fault tolerance

(independant power, cooling, networking)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Availability Sets

(def & 2 components)

A
  • available in case of hardware failure
  • components:
    1. update domin: maintainence, updates
    2. fault domain: physical separation of hardware within datacenter
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Organizing Structure of Resources in Azure

(4 hierarchical levels)

A
  • managment groups: manage IAM across multi subscriptions
  • subscriptions: groups user accounts, aligns to resource groups
  • resource groups: container to hold resources
  • resources: instances of services (VMs, Storage, SQL DBs)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Resource Manager

(does 4 things)

A
  • manages the resource group
  • deploy applications
  • organize resources
  • controls access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Resource Group

(def & 3 rules)

A
  • container to manage the reasources needed for an application to run
  • rules:
    1. resource can only be aligned to one group
    2. can be moved across different regions
    3. application can have more than one resource group
  • example resources:
    • metering & billing
    • policies
    • monitoring & alerts
    • quotas
    • access control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

— Core Azure Services —

A

— Core Azure Services —

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Data Residency Definition

A

also called data localization

data that has to reside within the borders of the country

it cannot be replicated in a foreign jurisdication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Dedicated Host

A

physical server that is specific to your organization

customer does not share physical hardware with another organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Networking Services in Azure

(5)

A
  • virtual network: IaaS; connect/comms between resources
    • VMs, web apps, databases, etc. connection
  • vpn gateway: encrypted connection between networks; PaaS
    • prem to cloud connection; ExpressRoute
    • point-to-site: device connection to virtual networks
    • network to netowrk connection
  • load balancer: auto scale VMs
  • app gateway: manage app web traffic
  • content delivery network: deliver web content to users
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

VNet Peering & Virtual Networks

A
  • restricted to within a single region
  • connect VMs across regions with VNet Peering
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

ExpressRoute Connections

A

creates private connections between Azure datacenter and on prem networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Storage Services

(3)

A
  1. Blob: holds any type of data
  2. Disk: disks for vms, apps, etc.; think SSD or HDD in the cloud
  3. File: think desktop file storage in cloud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Database & Analytics Services

(3 & 4)

A

Database

  1. Cosmos DB: scale throughput storage; NoSQL/schemaless data
  2. SQL Database: relational SQL Server in the cloud
  3. Data Lake/Blob: migrations between multiple databases

Analytics

  1. Synapase: enterprise data warehousing
  2. HDInsight: cloud distro of Hadoop componenets
  3. Databricks: spark commerical build
  4. Data Lake Analytics: per query analytics against data lake
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

ARM Template

A

templates and starting points for building out any of the various resources in Azure

24
Q

Azure Locks

(2)

A
  1. read-only: no modification
  2. delete: cannot delete or move
25
Q

Azure Autopilot

what is it?

how does it differ from traditional deployment?

A
  • autopilot is the modern deployment of operating systems
  1. traditional:
    1. deploys windows images
    2. either pre-installed OS or not
    3. no previous windows 10 install needed
    4. uses on-prem infastructure
  2. modern: autopilot
    1. does not deply windows 10 images
    2. can only be installed with windows 10 & later OS
    3. requires previous windows 10 installed
    4. uses cloud infastructure
26
Q

Most Prominent Compute Services

(4)

when to use?

A
  1. Virtual Machines: physical computers in the cloud; IaaS - virtualize the hardware
  2. Containers: includes kubernetes; app enviro without compute; virtualize the os
  3. App Services: build, deploy, scale apps; PaaS
  4. Functions (Severless Computing): event driven backend services

— when to use

  1. virtual machines
    1. testing and development
    2. run apps in the cloud
    3. extending datacenter to the cloud
    4. during diaster recovery
  2. host apps
  3. run multiple instances of an app and OS on a single machine
  4. event driven
27
Q

VM Scale Sets & Azure Batch

A

Scale Sets

  • create and manage groups of identical, load-balanced VMs

Azure Batch

  • large-scale parallel, high performance computing (HPC)
28
Q

Key Features of Azure Virtual Desktop

(3)

A
  1. simplified mgmt: tools to automate deploy, updates, & diaster recovery
  2. performance mgmt: load balancer, host pools (collections of VMs with same config assigned to multiple users)
  3. multi-session windows 10 deploy: multi concurrent users on a single VM
29
Q

— Core Solutions & Management Tools Divider —

A
30
Q

IoT Solutions

(3)

when to use each service?

A
  1. IoT Central: SaaS; reporting & mgmt dashboard
  2. IoT Hub: central message hub for IoT devices
  3. IoT Sphere: micro-controller unit (mcu)/processing, linux OS, sphere security services (AS3).

— when to use each

  1. central when reporting & mgmt, update settings or software remotely is needed - when you purchase central you get hub
  2. hub when devices need to communicate with each other
  3. sphere when security is a major issue, remote software updates where hacks could occur
31
Q

AI Solutions

(5)

A
  • machine learning service: cloud-based environment to develop, deploy, train, test, andg manage models
  • machine learning studio: gui version of ml services; low-code environment
  • event grid: publish & mange models for events (ex. database is updated with new data so you would then run a model from that)
  • cognitive services: models for images, video, audio
  • bot services: virtual agents that communicate with humans
32
Q

Difference between Functions & Logic Apps

A

both are used to create event driven serverless computing instances, but logic apps are GUI based

— when to use

  1. logic apps: orchestration, quicker than functions
  2. functions: custom algorithmns, existing automated task
33
Q

DevOps Solutions

(3)

decision criteria (5 questions)

A
  • DevOps Services: development collaboration tools and cloud-based load testing
  • DevTest Labs: quickly create environments for dev & test apps
  • GitHub: github extension in Azure

– decision criteria for choosing

  1. automate test lab creation: DevTest
  2. open-source software: GitHub
  3. premission granularity: DevOps
  4. sophisticated pm tools: DevOps
  5. tight integration with 3rd party tools: GitHub or DevOps
34
Q

Mgmt Tools

(5)

decision criteria?

(4)

A
  1. azure portal: gui website to azure
  2. powershell: MS command line scripting language
  3. command line interface (CLI): linux, bash, powershell, etc.
  4. mobile app: alerts, run CLI/powershell cmds, monitor health
  5. arm templates: templates to build out resources

— decision criteria —

  1. one-off mgmt, admin, reporting: CLI, powershell, Portal
  2. repeatedly set up reasources: ARM
  3. Windows or Linux background
    1. windows: powershell
    2. linux: CLI
  4. away from computer: mobile app
35
Q

DevOps Services

(detailed list)

(5)

A
  1. repos: centralized source-code repository
  2. boards: kaban boards, reporting, tracking
  3. pipelines: CI/CD pipeline automation tool
  4. artifacts: host artifacts
  5. test plans: automated test for CI/CD pipeline
36
Q

Security Monitoring Services

(3)

A
  1. advisor: recommendations for reliability, security, and performance, cost, operational excellence
  2. monitor: collecting & analyzing logging data, alerts, usage metrics
  3. service health: service issues (ex. outages), planned maintenance, health advsories (avoid service interuption). root cause analysis
37
Q

– Network Security Divider –

A

– Network Security Divider –

38
Q

Solutions provided by SecurityCenter

(def & 4)

A

– protect against security threats

  1. just-in-time vm access
    1. control for network ports
    2. blocks traffic to specific ports by default
  2. adaptive applications controls
    1. control which applications run on which vms
    2. ml: exception rules/alerts about unauthorized access
  3. adaptive hardening networks
    1. monitor internet traffic patterns of vms
  4. file integrity monitoring
    1. monitor changes to important files
39
Q

Azure Sentinel

def & 3 benefits

A

– detect & respond to security threats

– security information and event mgmt (SIEM) system

  1. collect data at scale
  2. built in analytics to detect threats
  3. rapid incident response
40
Q

Key-Vault

(4 things you store)

A

– store secrets in a centralized location

  1. passwords, tokens, certificates
  2. encryption keys
  3. SSL/TLS certificate mgmt
  4. secrets backed by hardware security modules (HSMs)
41
Q

Security Layers

(7)

A
  1. physical: building & hardware
  2. identity & access: access given to only those who need it
  3. perimeter: DDoS & firewalls (network based attacks)
  4. network: limiting network connectivity/communication
  5. compute: malware, endpoint protection
  6. aplication:vulnerabilites in app code
  7. data: in almost all cases attackers are after data of somekind
42
Q

Elements of Security Posture

(3)

A
  1. confidentiality: principle of least previlege (explicit access)
  2. integrity: unauthorized changes to information
  3. availability: accessed only by authorized users
43
Q

Firewall

A

monitors and restricts inbound and outbound network traffic

44
Q

DDoS Attacks

&

Azure Service Tiers

A

distributed denial of service attacks - overwhelm a exhaust applications resources, unresponsive to legitimate users

  1. basic: automatically enabled
  2. standard: specific to your network resources
45
Q

Attacks DDoS Protection Helps Against

(3)

A
  1. volumetric: flooding a network layer
  2. protocol: eatup processing capacity with malicious request
  3. application layer attacks (web): target web apps to disrupt transmission of data between hosts
46
Q

Network Security Groups

A

internal firewall, that allows you to set up security rules to filter traffic between azure resources

47
Q

— Identity, Governance, Privacy, & Compliance Divider —

A

— Identity, Governance, Privacy, & Compliance Divider —

48
Q

Authentication v. Authorization

A

authentication: establishing identity, verifying credentials

authorization: what level of access should be granted

49
Q

Azure Active Directory

(def. & 4 services)

A

identity and access management services

  1. authentication
  2. single sign-on
  3. application mgmt: user access to correct apps
  4. device mgmt: registration of devices
50
Q

conditional access

A

allow or deny access to resuources based on who the user is, where they are accessing from, and the device they are using to request access

51
Q

resource locks

A
  • protection from accidental modifications or deletions
  • 2 types
    • CanNotDelete
    • ReadOnly
52
Q

resource tags

(what they do?, where are they managed?)

A
  • organize resources
  • provide metadata about the resource
  • manage using azure policy
53
Q

azure policy & policy initiatives

A
  • creates rules to enforce resource configurations to stay in compliance
  • group policies with policy initiatives
54
Q

azure blueprints

A
  • orchestrates the deployment a various resource templates
    • role assignments
    • policy assignments
    • resource manager templates
    • resource groups
55
Q

cloud adoption framework

def. & stages (5)

A
  • tools, documentation, best practices
  • stages
    1. define strategy
    2. create a plan
    3. ready the organization
    4. adopt the cloud
    5. govern & manage your environment
56
Q

subscription governance strategy

(3 components)

A
  1. billing
  2. access controls
  3. subscription limits