AZ900 Flashcards

1
Q

What is the storage option best for unstructured Data?

A

Blob Storage - Azure Blob Storage is unstructured, object storage solution meaning that there are no restrictions on the kinds of data it can hold. Blobs are highly scalable and apps work with blobs in much the same way as they would work with files on a disk, such as reading and writing data. Blob Storage can manage thousands of simultaneous uploads, massive amounts of video data, constantly growing log files, and can be reached from anywhere with an internet connection.

For more information see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-data-in-azure/3-how-azure-storage-meets-your-business-storage-needs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Azure Cosmos DB?

A

Azure Cosmos DB is a globally distributed noSQL database service. As a noSQL database service, this work well with non-relational or semi-structured data. This is part of the back-end for solutions like Xbox - It supports noSQL API (like MongoDB, Cassandra, Tables, or Gremlins) that lets you build highly responsive and Always On applications to support constantly changing data.

For more info see:
https://docs.microsoft.com/en-us/azure/cosmos-db/introduction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the three types of data types Azure is set-up to store?

A

Structured or relational - Data fits neatly in tables (i.e. is structured) and the rows/columns define relationships between the data (i.e. relational); e.g. sensor or financial data

Semi-structured, NoSQL or non-relational: Data that has a schema for organization like tags or keys, but couldn’t work in a table.

Unstructured Data: Unstructured data is everything else. There’s no restrictions on file type.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-data-in-azure/2-benefits-of-using-azure-to-store-data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What data is best stored in Azure SQL database? and what are the benefits to its use?

A

SQL is a clue; The Azure SQL database is a DaaS (database as a service) that stores relational (or structured) data, using the MS SQL server database engine that can leverage serverless computing for easier scalability.

Benefits:

  • Cloud-native
  • Completely managed by MS
  • Easy data migration

For more info see:
https://azure.microsoft.com/en-us/services/sql-database/#features

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When you need to store “Big data” - what Azure solution comes to mind and why?

A

Azure Data Lake Storage - A storage solution built specifically for big data as it integrates with Data lake analytics, a cloud-native analytic tool that dynamically sources compute ressources and uses languages commonly used in data science (like R, Python) and more uniquely, U-SQL (SQL + C#)

Alternatively, you could use a SQL data Warehouse depending on the structure of your data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the cloud-native file storage solution within Azure?

A

Azure Files - kind of like OneDrive but Azure-centric and can be mapped to a local drive. Used for sharing common file types like .docx or pdfs

For more information see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-data-in-azure/3-how-azure-storage-meets-your-business-storage-needs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

If you were building a globally-distributed messaging platform that required high-availability, what storage solution might you use?

A

Azure Queue - This is a service for storing large numbers of messages that can be accessed from anywhere in the world. This system can dynamically distribute load to connected servers, while offering increase availibility.

For more information see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-data-in-azure/3-how-azure-storage-meets-your-business-storage-needs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the cloud storage solution (commonly associated with VMs) most closely mimics local storage solutions?

A

Azure Disk storage - Similar to a local hard drive, Azure can deploy disk storages in a range of configurations, from managed - unmanaged, and of performance, from Solid-state drives (SSD) - traditional Hard disk drive (HDD).

For more information see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-data-in-azure/3-how-azure-storage-meets-your-business-storage-needs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the three tiers of file accessibility within blob storage?

A

Hot storage tier: optimized for storing data that is accessed frequently.

Cool storage tier: optimized for data that are infrequently accessed and stored for at least 30 days.

Archive storage tier: for data that are rarely accessed and stored for at least 180 days with flexible latency requirements.

For more information see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-data-in-azure/3-how-azure-storage-meets-your-business-storage-needs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Suppose you work at a startup with limited funding. Why might you prefer Azure data storage over an on-premises solution?

A. To ensure you run on a specific brand of hardware, which will let you form a marketing partnership with that hardware vendor.
B. The Azure pay-as-you-go billing model lets you avoid buying expensive hardware.
C. To get exact control over the location of your data store.

A

Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following situations would yield the most benefits from relocating an on-premises data store to Azure?

A. Unpredictable storage demand that increases and decreases multiple times throughout the year.
B. Long-term, steady growth in storage demand.
C. Consistent, unchanging storage demand.

A

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A newly released mobile app using Azure data storage has just been mentioned by a celebrity on social media, seeing a huge spike in user volume. To meet the unexpected new user demand, what feature of pay-as-you-go storage will be most beneficial?

A. The ability to provision and deploy new infrastructure quickly
B. The ability to predict the service costs in advance
C. The ability to meet compliance requirements for data storage

A

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When considering security using Azure products as a SaaS offering, which of the following security concerns are your resposibility? (i.e. not Microsoft’s). Pick as many options below as necessary:

A. Physical security of data centers
B. The data itself
C. Authentication (access management)
D. The Azure platform
E. VMs deployed
F. Endpoints
G. Accounts
H. Applications
A

Correct answer: B, C, F and G

You own (and assume responsibility for) your data, endpoints, accounts and the authentication of access to the platform. These will always be your responsibility. B, C, F and G are correct.

The Azure platform will always be secured by MS; E is not correct

The others depend on your deployment of Azure, if using a hybrid or private model, you may have physical security concerns. If using a IAAS offering, securing applications and VMs may be a split responsibility between you and MS. In this case, A, D and H are not correct.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/2-shared-responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is “Defence in Depth”? If you were to pick a Shrek quote to best describe it, what might that be?

A

“I’m like an onion; I have layers” - Shrek

Defence in Depth is a security design philosophy that employs redundant layers of security where your data is ‘at the centre of the onion’.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/2-shared-responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following things is not a function of Azure Security Center?

A. Provide security recommendations
B. Monitor and identify potential vulnerabilities
C. Give a list of authenticated users
D. Provide just-in-time access control for ports
E. Use machine learning to detect and block malware
F. Define a list of allowed applications

A

Answer = C.
The Azure security center, as part of Azure working within the CIS (Center for Internet Security) framework, it offers all the other functionality listed but doesn’t control user authentication. Note for full functionality, a Standard (as opposed to a Free) account is required.

For more information see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/2a-azure-security-center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What’s the difference between Authorization and Authentication?

A

Authentication is the process of establishing the identity of a person or service looking to access a resource. It involves the act of challenging a party for legitimate credentials, and provides the basis for creating a security principal for identity and access control use. It establishes if they are who they say they are.

Authorization is the process of establishing what level of access an authenticated person or service has. It specifies what data they’re allowed to access and what they can do with it.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/3-identity-and-access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the advantages of SSO? Within Azure, where is this managed?

A

Single sign-on (SSO) is managed within Azure AD.

Benefits:

  • Reduces load on help desk
  • Simplifies user account management
  • Reduces attack surface
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the three elements used in MFA, that a user may be asked for in addition to credentials?

A

In Multi-factor authentication (MFA) the following may be asked for:

Something you know: like a security question
Something you possess: like an email or app confirmation
Someting you are: Like biometrics

https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/3-identity-and-access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is RBAC and how is that implemented in Azure?

A

Role-based access control is a security control measure where permissions are given on a perscribed hierarchy, like seniority within a corporate environment, or admin/developer/user or Contributor/Read-only. RBAC defines the capabilities, ressource access, and permissions within each group.

For more information see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/3-identity-and-access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Define Identity, Principal, and Service Principle:

A

An identity is something that can be authenticated. Obviously, this includes users with a user name and password, but it can also include applications or other servers, which might authenticate with secret keys or certificates.

A principal is an identity acting with certain roles or claims. Usually, it is not useful to consider identity and principal separately, but think of using ‘sudo’ on a Bash prompt in Linux or on Windows using “run as Administrator.” In both those cases, you are still logged in as the same identity as before, but you’ve changed the role under which you are executing. Groups are often also considered principals because they can have rights assigned.

A service principal is an identity that is used by a service or application. And like other identities, it can be assigned roles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the primary difference between symmetric and asymmetric encryption? Which does TLS use?

A

Both cases involve securing transfered data and include a set of keys that can either encrypt or decrypt the data. In Symmetric, both keys can encrypt and decrypt the data transfered. In asymmetric, each key can encrypt the data, but can only decrypt data that the other encrypted–This is the encryption used in Transport Layer Security.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/4-encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What encryption service are employed for each of the following Azure products?

  • Azure Files
  • Azure Data Warehouse
  • VM VHDs
  • Blob Storage
  • SQL Databases
  • encryption keys
A

Azure Files, Blob storage (and Azure Queue) = Azure storage service encryption when stored and decrypted when accessed

VM Data = Azure Disk Encryption uses BitLocker (PC) and dm-crypt (Linux) to secure virtual hard drives

Data Warehouse and SQL database = Transparent Data Encryption (TDE) is used for relational databases

Encryption keys = Azure Key vault

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/4-encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following are stored within the Azure Key Vault? Select all that apply:

A. API keys
B. Certificates (including SSL/TLS)
C. HSM-backed secrets
D. identity tokens
E. Passwords
F. Encryption keys
G. All of the above
A

G. All of the above

Note. SSL/TLS = Secure Sockets Layer/ Transport Layer Security, HRM = hardware security modules

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/4-encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are the benefits of Azure Key Vault?

A
  • Secrets are centralized in a secure location
  • Improved monitoring
  • Integrates easily with Azure AD
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What does DDoS stand for? and how is this threat mitigated in Azure?

A

DDoS = Distributed Denial of Service is an attempt to overwhelm a system by flooding it with requests.

The cloud employs Azure DDoS protection. Though the description is hand-wavy, it seems like DDoS protection uses the elasticity of the cloud to absorb the attack until it can be isolated, then it blocks it, so that the application never fails. This has two service tiers: Basic and Standard (which has added functionality to stop volumetric, protocol, and ressource layer DDoS attacks)

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/5-network-security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of these security options makes up the bulk of “perimeter security” for Azure? Identify it and describe it.

A. Azure DDoS Protection
B. Network Security Groups
C. Azure Firewall
D. Azure security Center
E. Azure application gateway
A

Best Answer: C - Azure Firewall

Generally, a firewall is a service that assesses permission based on IP address of a request using rules created by the user. Azure Firewall is a managed, cloud-based, network security service that provides inbound protection for non-HTTP/S protocols. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

Possible answer: E - Azure Application Gateway

This is a load balancer that includes a Web Application Firewall (WAF) that provides protection from common, known vulnerabilities in websites. It is designed to protect HTTP traffic.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/5-network-security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of these security options (typically used with subnets) makes up the bulk of “internal security” for Azure ? Identify it and describe it.

A. Azure DDoS Protection
B. Network Security Groups
C. Azure Firewall
D. Azure security Center
E. Azure application gateway
A

Best Answer: B - Network Security Groups (NSG)

If the firewall is the exterior wall of a castle, NSG are like guards posted outside the stable and pantry; They monitor traffic within the network. NSG-controlled rules include allowable communication types, public access to ressources or network interfaces or subnets.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/5-network-security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Describe the process of applying Azure Information Protection (AIP)

A
  • Admin configures rules that detect sensitive information
  • When working with sensitive information that triggers rules, users recieve prompts to apply classification tags to the file
  • If tagged, access to file can be restricted and monitored (depending on rules)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is Azure ATP?

A

Azure Advanced Threat Protection (Azure ATP) is a cloud-based security solution that identifies, and investigates advanced threats, compromised identities, and malicious insider actions. It monitors the system by installing sensors on the domain portals and reports are viewable within the Azure ATP portal. It can be added on to an E5 license.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/7-advanced-threat-protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Cloud security is a shared responsibility between you and your cloud provider. Which category of cloud services requires the greatest security effort on your part?

A. Infrastructure as a service (IaaS)
B. Platform as a service (PaaS)
C. Software as a service (SaaS)

A

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of these options helps you most easily disable an account when an employee leaves your company?

A. Enforce multi-factor authentication (MFA)
B. Monitor sign-on attempts
C. Use single sign-on (SSO)

A

Answer: C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of these approaches is the strongest way to protect sensitive customer data?

A. Encrypt data as it sits in your database
B. Encrypt data as it travels over the network
C. Encrypt data both as it sits in your database and as it travels over the network

A

Answer: C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

There has been an attack on your public-facing website, and the application’s resources have been overwhelmed and exhausted, and are now unavailable to users. What service should you use to prevent this type of attack?

A. DDoS protection
B. Azure Firewall
C. Network Security Group
D. Application Gateway

A

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

You want to store certificates in Azure to centrally manage them for your services. Which Azure service should you use?

A. AIP
B. Azure AD
C. Azure Key Vault
D. Azure ATP

A

Answer: C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is the difference between RBAC and Azure Policy?

A

Both create restrictions but role based access control (RBAC) and Azure Policy control user actions at two different times: Azure policy enforces rules when deploying or updating ressources like VMs, whereas RBAC controls actions when using those resources.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-governance/2-azure-policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What is the process for creating policies using Azure Policy? How do JSON and Powershell fit in to this process?

A
  1. Create a policy definition (such as storage limit, approved deployment locations, or ressource type) using Azure Portal or by editing the policy definition (a JSON file) directly
  2. Apply the policy (could be done using PowerShell) and determine policy scope (such as to a subscription or ressource group)
  3. Identify non-conformities in the Azure Portal. Take actions as necessary.
  4. Retire a policy as needed (again potentially using PowerShell)

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-governance/2-azure-policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

True or False: Within Azure parlance, initiatives have less impact on ressource deployment than policies?

A

FALSE, Initiatives (typically) contain many policies, which in turn govern ressource deployment, therefore, initiatives have a GREATER impact on ressource deployment than policies

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-governance/3-initiatives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

If you have many different types of subscriptions within your institution, what organization tool might you employ to create a hierachy of control?

A

Azure management groups. These can be used to break up subscription management over regions, geographies or to restrict functionality to particular business units within an organization

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-governance/4-management-groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What is the function of both Ressource manager templates and Azure Blueprints? What is the primary difference between these?

A

Both a ressource manager template and an Azure blureprint can contain ressource groups, policies, and role assignments (everything you need for consistent deployment across an organization that upholds best-practices) but an Azure Blueprint is cloud native and can be linked to specific DevOps builds. Blueprints are objects that are stored in Cosmos DB and can be deployed globally.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-governance/5-azure-blueprints

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is the Microsoft Trust Center?

A

Trust Center is a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services. You can use it to answer your security concerns when using Microsoft Products.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-governance/6-azure-compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is the Service Trust Portal?

A

The Service Trust Portal (STP) is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services. It is designed to help users comply with ISO, SOC, NIST, FedRAMP and GDPR framework.

Importantly it hosts the Compliance Manager service.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-governance/6-azure-compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is the Compliance Manager?

A

The Compliance Manager is a workflow-based risk assessment dashboard within the Service Trust Portal that enables you to track, assign, and verify your organization’s regulatory compliance activities related to Microsoft professional services and Microsoft cloud services.

It also has compilation of information from 3rd party auditors as it complies with specific standards such as ISO 27001, ISO 27018, HIPAA, GDPR and NIST

This is hosted by the Service Trust Portal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What do the abbreviations GDPR, ISO/IEC, HIPAA and NIST stand for?

A

General Data Protection Regulation - implemented in the EU regarding how personal data must be handled. It was passed in 2016 and enforceable in 2018.

Internation Standards Organization/ International elecetrotechnical commission - (typically in regards to ISO/IEC 27001, a 2013 information security standard that necessitates on-going systematic management of vulnerabilities/control processes/risk management; It requires 3rd-party auditing to achieve)

Health insurance portability and accountability act - A 1996 (American) federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The Canadian equivalent is the Personal Information Protection and Electronic Documents Act (PIPEDA).

National Institute of Standards and Technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What’s the difference between Azure Monitor and Azure Health Service? How might you use these in tandem to troubleshoot?

A

Both can be used to monitor the health/up-time of the Cloud but Azure Monitor looks after what you’ve built in the Cloud vs Azure Health Service monitors the Cloud itself.

So if your app is down, you’d likely check health service first to check if Azure was down, and then if not, then you’d check Azure Monitor to see if the problem was on your end.

For more info see: https://azure.microsoft.com/en-us/blog/what-s-the-difference-between-azure-monitor-and-azure-service-health/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

True or false: You can download published audit reports and other compliance-related information related to Microsoft’s cloud service from the Service Trust Portal

A

Answer: True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which Azure service allows you to configure fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs?

A. Locks
B. Policy
C. Initiatives
D. Role-based Access Control

A

Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which Azure service allows you to create, assign, and, manage policies to enforce different rules and effects over your resources and stay compliant with your corporate standards and service-level agreements (SLAs)?

A. Azure Policy
B. Azure Blueprints
C. Azure Security Center
D. Role-based Access Control

A

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Which of the following services provides up-to-date status information about the health of Azure services?

A. Compliance Manager
B. Azure Monitor
C. Service Trust Portal
D. Azure Service Health

A

Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Where can you obtain details about the personal data Microsoft processes, how Microsoft processes it, and for what purposes?

A. Microsoft Privacy Statement
B. Compliance Manager
C. Azure Service Health
D. Trust Center

A

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Which of the following is false regarding Azure ressource groups?

A. Ressource groups should be organized logically, containing products with similar lifecycles, billing, usage restraints or regions/geographies.
B. Deployed ressources can be spread across ressource groups
C. Ressource groups can leverage RBAC to avoid non-compliant deployment
D. Azure Portal or PowerShell can be used to create ressource groups

A

B - All resources must be in a resource group and a resource can only be in a single resource group. Many resources can be moved between resource groups with some services having specific limitations or requirements to move. Resource groups can’t be nested.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/control-and-organize-with-azure-resource-manager/2-principles-of-resource-groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

If you were tasked with tracking spending for your company’s Azure usage but the entire company’s use was in a single ressource group (oh no!), what feature could you use to better classify and track spending within a ressource group?

A

Ressource group Tags. Individual ressources within a single ressource group (or perhaps similar ressources spread out over multiple RGs) can be tagged, and billing can be assessed using these. You could use this to determine any number of things, like how much each team is spending, or how much storage is costing you. This enables advanced reporting regardless of how you set up your ressource groups.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/control-and-organize-with-azure-resource-manager/3-use-tagging-to-organize-resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

How could you ensure that proper tagging is happening within your organization regardless of who deploys the ressource?

A

Create a policy definition in which deployment is blocked unless certain tagging requirements is completed.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/control-and-organize-with-azure-resource-manager/4-use-policies-to-enforce-standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What are the two types of ressource locks?

A

Delete and Read-only.

Delete doesn’t restrict any action except deleting the ressource.

Read-only blocks all modification of a ressource, (and MS notes it can have some unintended functionality restrictions like listing keys).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

True or False: Tags can be applied to any type of resource on Azure

A

Answer: False (but they can be applied to a lot!)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

True or False: Tags applied at a resource group level are propagated to resources within the resource group.

A

Answer: False - this doesn’t make sense when considering the variability of ressource group organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Which of the following approaches might be a good usage of tags?

A. Using tags to associate a cost center with resources for internal chargeback
B. Using tags in conjunction with Azure Automation to schedule maintenance windows
C. Using tags to store environment and department association
D. All of the above are good ways to use tags

A

Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Which of the following approaches would be the most efficient way to ensure a naming convention was followed across your subscription?

A. Send out an email with the details of your naming conventions and hope it is followed
B. Create a policy with your naming requirements and assign it to the scope of your subscription
C. Give all other users except for yourself read-only access to the subscription. Have all requests to create resources sent to you so you can review the names being assigned to resources, and then create them.

A

Answer: B.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which of the following items would be good use of a resource lock?

A. An ExpressRoute circuit with connectivity back to your on-premises network
B. A non-production virtual machine used to test occasional application builds
C. A storage account used to temporarily store images processed in a development environment

A

Answer: A.

59
Q

If you were to deallocate a VM (as compared to deleting a VM), which of the following costs would still be billable? (note: I/O means input/output)

Compute Hours
IP Address Hours
Data Transfer In
Data Transfer Out
Standard Managed Disk
Standard Managed Disk Operations
Standard I/O-Disk
Standard I/O-Block Blob Read
Standard I/O-Block Blob Write
Standard I/O-Block Blob Delete
A

Deallocating a VM is equivalent to turning off your PC, so it wouldn’t occur any usage charges:

Compute Hours, IP Address Hours, Data Transfer In, Data Transfer Out, Standard I/O-Disk, Standard IO-Block Blob Read, Standard IO-Block Blob Write, Standard IO-Block Blob Delete)

but would still be paying for storage costs: Standard Managed Disk, Standard Managed Disk Operations

For more info see:
https://docs.microsoft.com/en-us/learn/modules/predict-costs-and-optimize-spending/1a-purchasing-products

60
Q

What’s the difference between a region, a geography and a zone? (Note this “zone” is not in reference to an availability zone)

A

A geography is a discreet market defined by geopolitical boundaries, typically containing two or more regions.

Regions, aka Latency Boundaries, contain the data canters and are generally hundreds of miles apart. (Round trip latency between regions is <2ms)

A Zone is a geographical grouping of Azure Regions for billing purposes. The following zones exist: Zone 1 - North America, Europe; Zone 2 - Asia; Zone 3 - South America

61
Q

What are the three primary factors that affect pricing?

A

Ressource type, Service and Location

62
Q

Imagine that you’ve been asked to build a system on Azure, and you’ve been asked for an estimate of what it might cost to run over the next 12 months. What Azure tool might you use to do this?

A

The Azure pricing calculator. It’s a free web-based tool that allows you to input Azure services and modify properties and options of the services. It outputs the costs per service and total cost for the full estimate.

Note that the use of this tool requires general system architecture, availability required, security requirements and usage/storage estimations.

For more info see: https://docs.microsoft.com/en-us/learn/modules/predict-costs-and-optimize-spending/2-estimate-costs-with-the-azure-pricing-calculator

63
Q

Describe what each of the tabs within Azure pricing calculator do:

  • Products
  • Example Scenarios
  • Saved Estimates
A

Products - This tab is where you’ll do most of your activity. This tab has all the Azure services listed and is where you’ll add or remove services to put together your estimate.

Example Scenarios - This tab is kind of like a quick-start; it has several examples of infrastructure involved in common cloud-based solutions to which you can add all the components to quickly estimate cost.

Saved Estimates. This tab has all of your previously saved estimates based on previous architectures you’ve made

For more info see: https://docs.microsoft.com/en-us/learn/modules/predict-costs-and-optimize-spending/2-estimate-costs-with-the-azure-pricing-calculator

64
Q

True or false: Within Azure price calculator, you can share your estimate through an Excel spreadsheet or through a URL.

A

Answer: True

65
Q

While you might use the Azure tool, Azure Price Calculator for estimation, you’d use ____________ for monitoring cost once set-up.

A

Azure Cost Management

(Azure Cost Management is another free, built-in Azure tool that can be used to gain greater insights into where your cloud money is going. You can see historical breakdowns of what services you are spending your money on and how it is tracking against budgets that you have set. You can set budgets, schedule reports, and analyze your cost areas.)

For more info see: https://docs.microsoft.com/en-us/learn/modules/predict-costs-and-optimize-spending/3-predict-and-optimize-with-cost-management-and-advisor

66
Q

Describe Azure advisor. Include the three main cost optimizations that it can recommend.

A

Azure Advisor is a free service built into Azure that provides recommendations on high availability, security, performance, operational excellence, and cost. Advisor analyzes your deployed services and looks for ways to improve your environment across each of these areas.

In terms of cost estimation, it can:

  • Right-size or shutdown underutilized virtual machines.
  • Buy reserved instances to save money over pay-as-you-go.
  • Reduce costs by eliminating unprovisioned Azure ExpressRoute circuits.

For more info see: https://docs.microsoft.com/en-us/learn/modules/predict-costs-and-optimize-spending/3-predict-and-optimize-with-cost-management-and-advisor

67
Q

You’ve been tasked to develop a business case for moving your company’s physical infrastructure to a cloud-based infrastructure in Azure. How might you do that?

A

Use the 3-step process in the Azure TCO (Total Cost Ownership) calculator!

  1. Define your current (on-premise) workload including Servers, Databases, Storage, and Networking
  2. Run an initial estimate using the calculator and adjust parameters to best fit your needs.
  3. Generate reports
68
Q

What usage characteristics might indicate that you should use a reserved VM instance? Why is it an attractive option? What service is likely to suggest this?

A

If you have predictable, and consistent VM usage you likely could benefit from a reserved VM instance. For instance you have consistent usage Mon-Fri, 9-5 with only small after-hours usage, you may be able to reserve VMs for 9-5 (at a cost saving of up to 80%), and then implement pay-as-you-go for after hours. This is a common cost-optimization suggestion by Azure Advisor once it learns your usage trends.

69
Q

True or false: If you already have Windows Server licenses, you have to pay for them again on Azure.

A

False - Many customers have invested in Windows Server licenses and would like to repurpose this investment on Azure. The Azure Hybrid Benefit gives customers the right to use these licenses for virtual machines on Azure.

For more info see: https://docs.microsoft.com/en-us/learn/modules/predict-costs-and-optimize-spending/5-save-on-licensing-costs

70
Q

True or false: Azure has money-saving options for test and development servers.

A

True - The Enterprise Dev/Test and Pay-As-You-Go (PAYG) Dev/Test offers are a benefit you can take advantage of to save costs on your non-production environments. This benefit gives you several discounts, most notably for Windows workloads, eliminating license charges and only billing you at the Linux rate for virtual machines.

For more info see: https://docs.microsoft.com/en-us/learn/modules/predict-costs-and-optimize-spending/5-save-on-licensing-costs

71
Q

Which one of the following systems is used to determine Azure costs for each billing period?

A. The Azure website
B. Number of created virtual machines
C. The Azure pricing calculator
D. Usage meters

A

Answer: D.

72
Q

Which of the following factors affects costs?

A. Global infrastructure
B. Location
C. Availability zone

A

Answer: B.

Note that “billing zone” (or perhaps ambiguously “Zone”) would have been correct, but availability zone is not

73
Q

What are the four (general) services offered by a cloud provider?

A

Compute power
Storage
Networking
Analytics

For more info see: https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/2-what-is-cloud-computing

74
Q

Describe containers, detailing their benefits

A

Containers: These are named because they contain and isolate a specific cargo (in this case, an application + dependencies, i.e. the libraries/components for that app to run) enabling transportation into many environments. You can also bundle applications into a single container to make more robust functionality, or utilize multiple containers within a single VM. Likely you would use a VM to create containers, and use multiple containerized applications to make up a service. Thier benefits include:

  • robust environment-independent functionality
  • Containerization creates inherent fault lines
  • Simplifies development (one team manages a single container)
75
Q

What is the most common (standardized) container model and container orchestrator supported by Azure?

A

Docker = standardized container platform

Kubernetes = Container orchestrator, which allows for automated management

76
Q

Rate the following service from most SaaS-like to Least:
A. VMs
B. Containers
C. Serverless Computing

A

Most SaaS-like

C. Serverless Computing
B. Containers
A. VMs

Least SaaS-like

77
Q

What is the difference between Vertical and Horizontal Scaling?

A

Vertical Scaling: Adding depth/power (CPUs and Memory)
Horizontal scaling: adding more servers

Think tower defense: more towers (horizontal scaling), or better towers (vertical scaling)

For more info see: https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/3-benefits-of-cloud-computing

78
Q

Define the following security acronyms: CJIS, CSA STAR, HITECH, MTCS, SOC (1/2/3)

A

Criminal Justice Information Services - The FBI’s security database, of which Azure conforms with the CJIS security policy

Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.

Health Information Technology for Economic and Clinical Health - Part of Obama’s American Recovery and Reinvestment Act, enforceable in 2009, which expanded and tightened up the 1996 HIPAA act and incentivized healthcare users to adopt EMR

Multi-tier Cloud Security Signapore - The MTCS prepared by the Information Technology Standards Committee (ITSC) of the Infocomm Development Authority of Singapore (IDA), building upon ISO/IEC 27001 (+others). A level 3 MTCS certification (as Azure has) is required for use by the Singapore government.

System and organizational controls 1/2/3 - A report generated by a cybersecurity audit based on a framework developed by the American institute of Certified Public Accountants (AICPA). These audits are designed to assess companies that offer a service to others. SOC1 assesses the design of the cybersecuirty system, whereas SOC2 does that and describes the result of the testing done during the audit (therefore is more rigorous). SOC3 is the publically-available version of a SOC2.

79
Q

Which of these is not a benefit of using the Cloud?

A. Economy of scale in security, cooling, and power costs
B. Data storage redundancy and improved disaster recovery
C. Decreased OpEx spending
D. Increased Corporate agility

A

Answer: C - Cloud billing shifts CapEx spending (i.e. spending on physical infrastructure) to OpEx spending. This has advantages as you don’t need to extrapolate and pre-build infrastructure, monthly billing shortens the sales cycle, and likely will reduce total cost, but does lead to an INCREASE IN OPERATIONAL EXPENDITURE.

80
Q

Define the three cloud deployment models

A

A private deployment is a single tenant approach where the cloud is hosted off private infrastructure. Upkeep and ressources are handled in-house. This can be the most secure. This works best for those where the security of the cloud is a priority, but negates a lot of the benefits of the cloud as upkeep is still done in-house.

A public deployment is multi-tenant approach where a public cloud provider, like Azure, supplies the physical infrastructure that makes up the cloud, which is used to deploy products/websites/etc.

Lastly, there’s many mixed approaches. If you already have your own physical infrastructure, you can use CSPs to supplement computation/data storage when demands exceeds internal capability; This is called cloud bursting and is considered a hybrid method. Hybrid approaches include the intermediate stage where previously privately-hosted services are retrofitted to work in a CSP cloud environment, and then migrated fully as the product is developed.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/4-cloud-deployment-models

81
Q

For each category below, indicate which of three cloud computing types (IaaS, PaaS or SaaS) is the most appropriate:

  1. Most user responsibility
  2. Most CSP-responsibility
  3. Analytics packages are an example
  4. Most abstraction
  5. Office 365 is an example
A
  1. Most user responsibility = IaaS
  2. Most CSP-responsibility = SaaS
  3. Analytics packages are an example = PaaS
  4. Most abstraction = SaaS
  5. Office 365 is an example = SaaS

For more info see:
https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/4-cloud-deployment-models

82
Q

Which term from the list below would be viewed as benefits of using cloud services?

A. Unpredictable costs
B. Elasticity
C. Local reach only

A

Answer: B - Elasticity

83
Q

Suppose you have two types of applications: legacy applications that require specialized mainframe hardware and newer applications that can run on commodity hardware. Which cloud deployment model would be best for you?

A. Public cloud
B. Private cloud
C. Hybrid cloud

A

Answer: C - Hybrid Cloud

84
Q

You’re developing an application and want to focus on building, testing, and deploying. You don’t want to worry about managing the underlying hardware or software. Which cloud service type is best for you?

A. Infrastructure as a Service (IaaS)
B. Platform as a Service (PaaS)
C. Software as a Service (SaaS)

A

Answer: B - PaaS

85
Q

Why might you want to create multiple subscriptions under a single biling acount?

A

There’s many possible reasons, (many of which can be accomplished with policy/initiative, tags, or via management groups):

  • to create unique environments (e.g. for dev, or to isolate data)
  • To simplify billing (N.B. tags can also be used here)
  • To overcome subscription limits (e.g. limit of 10 express route cuircuits/subscription)

For more info see:
https://docs.microsoft.com/en-us/learn/modules/create-an-azure-account/4-multiple-subscriptions

86
Q

Match the feature to the three support plans available on Microsoft Azure: Developer, Standard and Professional direct.

  1. Proactive technical support
  2. Best for non-critical workloads
  3. Priority tracking of critical cases
  4. Reactive (1-day response) technical support
  5. Reactive (1h response) technical support
  6. Best for business-critical workloads
A
  1. Proactive technical support = Pro Direct
  2. Best for non-critical workloads = Dev
  3. Priority tracking of critical cases = Pro Direct
  4. Reactive (1-day response) technical support = Dev
  5. Reactive (1h response) technical support = Standard and Professional Direct
  6. Best for business-critical workloads = Pro Direct
87
Q

Which of the following statements is true about an Azure subscription?

A. Using Azure does not require a subscription
B. An Azure subscription is a logical unit of Azure services
C. You can’t have more than one subscription

A

Answer: B - An Azure subscription is a logical unit of Azure services

88
Q

Your billing is based on your usage of Azure resources and is invoiced ______________

A. Annually
B. Monthly
C. Daily

A

Answer: B - Monthly

89
Q

When you create an Azure resource like a virtual machine, you select the ______________ it belongs to.

A. Billing account
B. Billing profile
C. Azure subscription

A

Answer: C - Azure Subscription

90
Q

If a user was to use the Azure Portal to deploy a VM, put the following components in order of use going from Azure Portal to a server:

A. Fabric Controller
B. Orchestrator
C. Hypervisor
D. Orchestrator API
E. Network Switch
A

Answer: Portal=> D => B => E => A => C

Azure portal calls the Orchestrator API to the package the user request using the Orchestrator. The orchestrator determines which rack to use, and passes the information through the appropriate network switch, to that rack’s fabric controller. Next the hypervisor provisions the VM on a server and the user has a VM to work with!

For more info see:
https://docs.microsoft.com/en-us/learn/modules/welcome-to-azure/2-what-is-azure

91
Q

Match each individual service with an Azure service family (i.e Compute, Networking, Databases, Internet of Things, Big Data, AI/Cognitive):

  1. Vision
  2. IoT Edge
  3. Azure Batch
  4. Cosmos DB
  5. Azure Load balancer
  6. Azure HDinsight
A
  1. Vision = AI/Cognitive
  2. IoT Edge = Internet of Things
  3. Azure Batch = Compute
  4. Cosmos DB = Databases
  5. Azure Load balancer = Network
  6. Azure HDinsight = Big data

For more info see:
https://docs.microsoft.com/en-us/learn/modules/welcome-to-azure/3-tour-of-azure-services

92
Q

What is Microsoft Azure Marketplace?

A

The Microsoft Azure Marketplace is an online store that hosts applications that are certified and optimized to run in Azure. Many types of applications are available, ranging from AI + Machine Learning to Web applications.

for more info see:
https://docs.microsoft.com/en-us/learn/modules/welcome-to-azure/4-exercise-create-website

93
Q

What is the Azure App Service?

A

What is an App Service?
Azure App Service is an HTTP-based service that enables you to build and host many types of web-based solutions without managing infrastructure. For example, you can host web apps, mobile back ends, and RESTful APIs in several supported programming languages. Applications developed in .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python can run in and scale with ease on both Windows and Linux-based environments.

for more info see:
https://docs.microsoft.com/en-us/learn/modules/welcome-to-azure/4-exercise-create-website

94
Q

What is Azure Cloud Shell?

A

Azure Cloud Shell is a browser-based command-line experience for managing and developing Azure resources. Think of Cloud Shell as an interactive console that you run in the cloud.

For more info see: https://docs.microsoft.com/en-us/learn/modules/welcome-to-azure/6-exercise-cloud-shell

95
Q

Which of the following is an example of an Azure application platform?

A. Azure App Service
B. Azure Load Balancer
C. Azure Table Storage
D. Azure Cache for Redis

A

Answer: A

96
Q

When should you scale out your deployment?

A. When your application or service requires a more powerful CPU or more memory to run faster.
B. When you need additional virtual machines to speed up your application.
C. When you’re using excess capacity that you don’t need.

A

Answer: B

97
Q

What is an availability zone?

A

Availability Zones are physically separate datacenters within an Azure region. Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking. It is set up to be an isolation boundary. If one zone goes down, the other continues working.

98
Q

What infrastructure feature within Azure creates resiliency against large-scale disaster?

A

Region pairs - Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources (such as virtual machine storage) across a geography that helps reduce the likelihood of interruptions due to events such as natural disasters, civil unrest, power outages, or physical network outages affecting both regions at once.

99
Q

CosmosDB has a “five nines” SLA agreement, how much downtime is expected per year (in % or time)?

A

“five nines” = 99.999%
(1-0.99999)365d/y24h/d*60min/d = 5.256 min/y

For more info see:
https://docs.microsoft.com/en-us/learn/modules/explore-azure-infrastructure/6-service-level-agreements

100
Q

What is an SLA?

A

An SLA defines three things for an Azure product or service:

  1. Performance Targets
  2. Uptime and Connectivity Guarantees
  3. Service credits (financial penalties MS will pay if the services fall below uptime guarantees)

For more info see:
https://docs.microsoft.com/en-us/learn/modules/explore-azure-infrastructure/6-service-level-agreements

101
Q

Determine the expected downtime of your product that uses 3 dependent Azure apps/services that each have an 99.9 SLA? (Dependent in this problem meaning that all services must be working for your product to function)

A

Much like calculating the probability of dependent events, calculating uptime using SLAs is mulitplicative.

(0.9990.9990.999)365d/y24h/d = 26.3h/y

For more info see:
https://docs.microsoft.com/en-us/learn/modules/explore-azure-infrastructure/7-composite-sla

102
Q

Deploying an app can be done directly to what level of physical granularity?

A. Region
B. Datacenter
C. Server rack

A

Answer: A - Azure organizes infrastructure around regions, which include multiple datacenters. You can pick the region you want resources deployed into. You can’t select a specific datacenter or location within a datacenter.

103
Q

To use Azure datacenters that are made available with power, cooling, and networking capabilities independent from other datacenters in a region, choose a region that supports _________?

A. Geography distribution
B. Service-Level Agreements (SLAs)
C. Availability Zones

A

Answer: C - Availability Zone

104
Q

Application availability refers to what?

A. The service level agreement of the associated resource.
B. Application support for an availability zone.
C. The overall time that a system is functional and working.

A

Answer: C

105
Q

What is the Azure CLI?

A

The Azure Command line interface Azure is a cross-platform (meaning that it can be run on Windows, Linux, or macOS) command-line program that connects to Azure and executes administrative commands on Azure resources.

106
Q

Which of the following statements regarding Azure dashboards are correct?

A. Dashboards can only be editted within the Azure Portal
B. Dashboards are stored as a PowerShell script (.ps1)
C. Dashboards can be restricted using RBAC
D. Creating a copy of a dashboard is called “cloning”

A

Options C and D are true.

Option A is incorrect as dashboards can be editted either using the Azure Portal GUI or programmatically.

Option B is incorrect as they are stored in JavaScript Object Notation (.json)

For more info see:
https://docs.microsoft.com/en-us/learn/modules/tour-azure-portal/6-customize-the-dashboard

107
Q

What does the term General Availability refer to?

A

New features in Azure can be tested as a beta. Once a feature has been evaluated and tested successfully, it might be released to customers as part of Azure’s default product set. The release is referred to as General Availability (GA).

108
Q

What do the terms Private and public preview refer to in Azure?

A

These are both types of feature previews for Azure users:

Private preview means only some customers can beta this feature
Public preview means that all customers can participate in the beta.

109
Q

True or false: Azure advisor suggestions can be exported to a pdf or csv

A

True

110
Q

True or false: Azure Cloud Shell is an interactive, browser-accessible shell for managing Azure resources?

A

True

111
Q

What are the four most-common Azure compute services?

A

Virtual machines, Containers, Azure App service and Serverless computing

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-compute/2-essential-azure-compute-concepts

112
Q

Match the use case to either Virtual machines, Containers, Azure App service and Serverless computing:

A. You want to create a web service to regularly update a containerized app.
B. You want your team of developers to test your app on different OS
C. Your friend asks your advice for calculating molecular field vectors for a simulation which requires a lot of compute power to process.
D. Your developers tell you that only a specific environment allows your app to work.

A

A. Azure App Services
B. Virtual Machines (VM)
C. Serverless computing
D. Containers

113
Q

What are the benefits and drawbacks of VMs?

A

VMs are an ideal choice when you need:

  • Total control over the operating system (OS)
  • The ability to run custom software, or
  • To use custom hosting configurations

You get flexibility without having to buy and maintain the physical hardware that runs the VM. However, you still need to maintain the VM—that is, configure, update, and maintain the software that runs on the VM.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-compute/3-virtual-machines

114
Q

What’s the difference between availability sets and availability zones?

A

Both offer increased resiliency, but on different scales: Availability zones are data centers seperated by an isolation boundary (i.e. power/cooling seperation). An availiability set is a term applied to VMs where redundant data is hosted two VM seperated across update and fault domains; by doing this, any apps using these VMs don’t fail while updating or if a server rack fails.

115
Q

What is Azure Batch?

A

Azure Batch enables large-scale job scheduling and compute management with the ability to scale to tens, hundreds, or thousands of VMs. Some functionality includes starting, installing applications and staging data on mulitple VMs at once, as well as identifies failures, and requeues work.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-compute/3-virtual-machines

116
Q

Would vertical or horizontal scaling necessitate the creation of VM scale sets?

A

Azure Virtual Machine Scale Sets let you create and manage a group of identical, load balanced VMs. This would be appropriate if horizontally scaling (or ‘scaling out’)

117
Q

What does AKS stand for? What type of architecture does it correspond to?

A

Azure Kubernetes Service. Used when you need to create and manage many containers typically associated with a Microservice architecture (where solutions are broken into smaller, independent pieces).

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-compute/4-containers

118
Q

When considering the PaaS Azure App service, what elements are abstracted? And what services are available within the Azure app service?

A

The infrastructure is abstracted, you don’t need to worry about provisioning VMs or OS–only app development. Here are the four major services run through the Azure App service:

Web Apps
API Apps
WebJobs
Mobile Apps

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-compute/5-appservice

119
Q

Which of the following statements regarding Serverless computing in Azure is true?

A. If you’re not comfortable creating scripts, you can use Azure Functions to make event-driven processes for you
B. Serverless computing is truly Pay-as-you-go; meaning if there’s no use it’s free!
C. Servers and OS are abstracted, but updates are still the user’s responsibility
D. The main benefit of Serverless computing is not being tied to a single server
E. Event grid can be used to manage and automate event-reactions (such as those created in Functions and Logic apps)

A

Answer: B and E - Billing is per/event and so it is truly pay-as-you-go. E is essentially the definition of the Azure Event Hub

Here’s why the others are wrong:
A. If you’re not comfortable creating scripts, you can use Azure LOGIC APPS to make event-driven processes for you
C. Servers, OS, AND UPDATES are abstracted
D. The main benefit of Serverless computing is either not having to worry about infrastructure, scalability or simplicity

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-compute/6-serverless-computing

120
Q

Suppose you have an existing application running locally on your own server. You need additional capacity but prefer to move to Azure instead of buying upgraded on-premises hardware. Which compute option would likely give you the quickest route to getting your application running in Azure?

A. Serverless computing
B. Containers
C. Virtual machines

A

Answer: C

121
Q

Imagine that you work on a photo-sharing application that runs on millions of mobile devices. Demand is unpredictable because you see a spike in usage whenever a locally or nationally significant event occurs. Which Azure compute resource is the best match for this workload?

A. Serverless computing
B. Containers
C. Virtual machines

A

Answer: A

122
Q

Containerization is one form of Loosely coupled architecture; Define and describe the benefits of this arcitecture

A

Loosely couple architecture means that a larger service is broken up into individual components. Though these parts are dependent on each other for full functionality of the service and require a common communication protocol, they otherwise have no idea how the others work. Here’s some other benefits:

  • Easier management, updates and development can happen on one part at a time
  • New functionality can be added easily
  • Each part can be scaled independently

For more information see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-networking/2-deploy-to-azure

123
Q

When considering a tiered network architecture, which of the following statements are correct? (Select all that apply)

  • In a closed layer architecture, ressources within a layer can only access the layer down from it
  • This architecture is often used when migrating existing services to the cloud
  • Tiers wil often use overlapping ressources
  • Lower tiers can call higher tiers, but the reverse is not true
  • Network security groups can work between layers so long as they layers are all contained within the same virtual network.
A

Correct answers: A,B and E

Here’s why C and D are wrong:

C. Tiers use independent ressources, e.g. each layer contains a load-balancer and VM within a subnet. This allows for independent scaling of each layer’s ressources.

D. HIGHER tiers can call LOWER tiers, but the revers is not true.

For more info see:
https://docs.microsoft.com/en-us/azure/architecture/guide/architecture-styles/n-tier

124
Q

Create a hierarchy (e.g. continent>country=Canada=US) for the following components of a three-tier network architecture:

Sub-net
Virtual Network
Web Tier
Data Tier
Region
VMs
App Tier
A

Region>Virtual Network>Subnet=Web Tier=App Tier=Data tier>VMs

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-networking/2-deploy-to-azure

125
Q

True or false: VMs within upper tiers of a network still require a public IP address

A

False - Users don’t interact with the application or data tiers, so these VMs each have a private IP address only.

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-networking/2-deploy-to-azure

126
Q

Which of the following is true about virtual networks?

A. You configure virtual networks through software.
B. A virtual network accepts network traffic on all ports. You configure the firewall through virtual machines.
C. Virtual networks are always reachable from the internet.

A

Answer: A

127
Q

If you don’t need a load-balancer in your architecture, what issue will your system suffer from?

A

A load balancer distributes traffic evenly among each system in a pool. You would need a load balancer when you have redundant ressources available for the same task, so if you don’t have/need a load balancer you have likely created an architecture with poor availability and resiliency (i.e. relies heavily on a single ressource).

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-networking/3-scale-load-balancer

128
Q

The Azure application gateway has two main functions–What are they and what combination of services could replace it?

A

The Azure application gateway is essentially a load balancer and WAF that is specialized for HTTP traffic. So you could replace some of its functionality with a firewall and load balanacer, however some unique features would be missed:

  • Cookie affinity (to keep a user session on the same backend server)
  • SSL termination.
  • URL rule-based traffic routing (useful when setting up a content delivery system)
  • Ability to rewrite HTTP headers (to scrub user or server information)

For more info see:
https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-networking/3-scale-load-balancer

129
Q

What could be called the “phonebook of the internet”?

A

A DNS or Domain Name System, is a way to map user-friendly names to their IP addresses.

130
Q

Which is true about Azure Load Balancer?

A. You must use Azure Load Balancer if you want to distribute traffic among your virtual machines running in Azure.
B. Azure Load Balancer works with internet-facing traffic only.
C. Azure Load Balancer distributes traffic among similar systems, making your services more highly available.
D. Azure Load Balancer can reduce network latency

A

Answer: C

131
Q

What is the difference between the Azure Load balancer and the Azure Traffic Manager?

A

They both deal with routing traffic, but do it in different ways and have different benefits. The Azure Load Balancer distributes traffic within the same region to redundant ressources to increase availability and resiliency. Traffic Manager works at the DNS level, and directs traffic to different ressources, for instance a data cache closer to the user’s request location, decreasing latency. Traffic manager can also reroute requests if a ressource fails, which increases resiliency as well.

132
Q

What is network latency?

A. The amount of data that can fit on the connection.
B. The distance data must travel to reach its destination.
C. The time it takes for data to travel over the network.

A

Answer: C

133
Q

How does Azure Traffic Manager reduce latency?

A. It chooses only the fastest networks between endpoints.
B. It chooses the endpoint that’s closest to the user’s DNS server.
C. It caches content, similar to how content delivery networks work.

A

Answer: B

134
Q

What is the difference between high availiability and fault tolerance?

A

High availability can have some possible downtown for a few seconds. For instance, say you have a main and a backup data cache and an earthquake hit. It knocks out the main cache, it may take time to transfer to the other site but only has minor downtime, that’s HA. With fault tolerance, there should be no downtime.

135
Q

________ protect against failures within a data center, whereas _______ protect against failure of entire data centers.

A

Availability sets, availibility zones

136
Q

What should you use when you’re concerned about only the code running your service and not the underlying platform infrastructure?

A

Azure Functions

137
Q

What services does Azure DevOps services include?

A
  • Azure Boards (Kanban-style and Agile project management)
  • Azure Repos (Github repository requistioning)
  • Azure test plans (capture bugs during testing, and cross-platform testing)
  • Azure Pipelines (App-building environment, container management)
  • Azure artifacts (artifact management)

For more info see:
https://azure.microsoft.com/en-us/services/devops/

138
Q

If you were setting up replicate ressources in distinct regions, and wanted to implement identical network security policies, how does Azure let you do this?

A

With Application Security Groups: these enable you to configure network security as a natural extension of an application’s structure, allowing you to group virtual machines and define network security policies based on those groups. You can reuse your security policy at scale without manual maintenance of explicit IP addresses.

For more info see:
https://docs.microsoft.com/en-us/azure/virtual-network/application-security-groups

139
Q

Define Azure AD

A

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in:

  • External resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications.
  • Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization

It can also be used to enable SSO and MFA integration with Azure creation.

For more info see:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis

140
Q

What do the terms MTTR and MTBF mean in reference to SLA?

A
MTTR = Mean time to recovery
MTBF = Mean time between failures
141
Q

Which of the following choices is correct regarding management groups? (Choose the best three)

A. 10,000 management groups can be supported in a single directory
B. Including the root level, a management group tree can support up to six levels of depth
C. Each management group and subscription can only support one parent
D. Management groups and subscriptions can support multiple parent assignments
E. All subscriptions and managements groups are within a single hierarchy in each directory

A

Answer = A, C, E

A. 10,000 management groups can be supported in a single directory
C. Each management group and subscription can only support one parent
E. All subscriptions and managements groups are within a single hierarchy in each directory

B is incorrect as it is six levels excluding the root level.
D is incorrect as it is saying the opposite of C

For more info see:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview

142
Q

Azure managment groups are containers for managing which three specific things?

A. Access
B. Consumption/Spending
C. Policies
D. Compliance
E. Scaling
F. Elasticity
A

Answer: A, C, and D

143
Q

Which is not a valid Azure support option?

A. Developer
B. Basic
C. Pay as you go
D. Standard
E. Professional Direct
F. Premier
A

Answer: Pay as you go