AZ900 Certification Flashcards
1
Q
Name the 6 main Azure compute services described in the Azure fundamentals course and very briefly what they are.
A
Azure Virtual Machines: software emulations of physical computers.
Azure App Service: a PaaS for quickly building, deploying and scaling enterprise-grade web, mobile and API apps.
Azure Container Instances: A compute resource for deploying and managing containers.
Azure Kubernetes Service: Orchestration service for containers in Azure
Azure Functions: Service for running event triggered code which can be completed quickly.
Azure Virtual Desktop: A desktop and application virtualization service.
2
Q
What are virtual machine scale sets?
A
An Azure compute resource used to deploy and manage a set of identical VM’s.
3
Q
Give 4 examples of when to use VM’s from the Azure Fundamentals learning path
A
During testing and development
When running applications in the cloud
When extending your datacenter to the cloud
During disaster recovery
4
Q
How can you scale VM’s in Azure? Name 2 ways and when to use which.
A
Virtual machine scale sets: Let’s you create and manage a group of identical, load-balanced VM’s
Azure Batch: Enables large-scale high performance computing (HPC) batch jobs with the ability to scale to many VM’s.
5
Q
When you run a batch job in Azure Batch which 6 tasks does Batch perform?
A
Starts a pool of compute VM's for you Installs applications and staging data Runs jobs with as many tasks as you have Identifies failures Requeues work Scales down the pool as the work completes
6
Q
What are the 4 most common app service styles which can be hosted in Azure and what are they?
A
Web app: A computer program that utilizes web browsers and web technology to perform tasks over the internet.
API app: platform for creating hosting and using API’s for cloud and on-premise (separates business logic and UI).
WebJobs: Background processes for a WebApp in Azure - such as resizing an image when uploaded to blob storage.
Mobile apps: Unlike a web app which runs in the the browser, mobile apps are native apps which are installed on a mobile device.
7
Q
What is a container?
A
Containers are virtualizations environment - virtual machines virtualize hardware, containers virtualize the operating system (OS). Containers bundle an app and all its dependencies.
8
Q
What is Kubernetes?
A
Kubernetes is an orchestration service for containers with distributed architectures and large volumes of containers.
9
Q
What is serverless computing? Also name 3 benefits of serverless computing
A
Serverless computing is the abstraction of servers, infrastructure, and operating systems.
- Abstraction of servers: Serverless computing abstracts the servers you run on so you never explicitly need to reserve server instances and developers can focus on coding instead of infrastructure.
- Event-driven scale: Serveless computing is excellent for workloads that respond to incoming events which can be triggered by timers, HTTP requests, Queues and more.
- Micro-billing: You only pay for the time your code is running, letting costs scale with demand.
10
Q
What are the 2 implementations of serveless computing in Azure called?
A
Azure Functions
Azure Logic Apps
11
Q
What is the difference between a stateless and a stateful process?
A
Stateless processes have no knowledge or reference to past transactions. They are isolated and have no context. Stateful processes are performed with the context of previous transactions. If a stateful interaction is interrupted you can pick up where you left off - if a stateless interaction is interrupted you have to start over.
12
Q
Name three reasons that make cloud computing cheaper than on prem?
A
1) Lower your operating costs.
2) Run your infrastructure more efficiently.
3) Scale as your business needs change.
13
Q
Name 6 compute resources in Azure
A
1) VM
2) VM scale sets
3) Kubernetes
4) Service fabric
5) Azure batch
6) Container instances
14
Q
Name 9 Azure networking services
A
1) Virtual network
2) Load balancer
3) Azure application gateway
4) Azure VPN gateway
5) Azure DNS
6) Azure DDoS protection
7) Azure ExpressRoute
8) Azure Firewall
9) Azure Virtual WAN
15
Q
Name the 4 Azure storage services
A
1) Blob starage
2) File storage
3) Queue storage
4) Table storage
16
Q
Name 6 Azure Database services
A
Azure Cosmos DB
- Globally distributed database that supports NoSQL options.
Azure SQL Database
- Fully managed relational database with auto-scale, integral intelligence, and robust security.
Azure Database for MySQL
- Fully managed and scalable MySQL relational database with high availability and security.
Azure Database for PostgreSQL
- Fully managed and scalable PostgreSQL relational database with high availability and security.
SQL Server on Azure Virtual Machines
- Service that hosts enterprise SQL Server apps in the cloud.
Azure Synapse Analytics
- Fully managed data warehouse with integral security at every level of scale at no extra cost.
17
Q
Name 4 Azure services for building web applications
A
Azure App Service
- Quickly create powerful cloud web-based apps.
Azure Notification Hubs
- Send push notifications to any platform from any back end.
Azure API Management
- Publish APIs to developers, partners, and employees securely and at scale.
Azure Cognitive Search
- Deploy this fully managed search as a service.
18
Q
Name the 3 Azure IoT services
A
IoT Central
- Fully managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage IoT assets at scale.
Azure IoT Hub
- Messaging hub that provides secure communications between and monitoring of millions of IoT devices.
Azure Sphere
19
Q
Name the 3 Azure big data services
A
Azure Synapse Analytics
- Run analytics at a massive scale by using a cloud-based enterprise data warehouse that takes advantage of massively parallel processing to run complex queries quickly across petabytes of data.
Azure HDInsight
- Process massive amounts of data with managed clusters of Hadoop clusters in the cloud.
Azure Databricks
- Integrate this collaborative Apache Spark-based analytics service with other big data services in Azure.
20
Q
Name the two types of AI services in Azure
A
Azure Machine Learning
Azure Cognitive services
21
Q
Name the two Devops services in Azure
A
Azure DevOps
- Use development collaboration tools such as high-performance pipelines, free private Git repositories, configurable Kanban boards, and extensive automated and cloud-based load testing. Formerly known as Visual Studio Team Services.
Azure DevTest Labs
- Quickly create on-demand Windows and Linux environments to test or demo applications directly from deployment pipelines.
22
Q
Name and explain the 3 different cloud models
A
Public cloud
- Services are offered over the public internet and available to anyone who wants to purchase them. Cloud resources, such as servers and storage, are owned and operated by a third-party cloud service provider, and delivered over the internet.
Private cloud
- A private cloud consists of computing resources used exclusively by users from one business or organization. A private cloud can be physically located at your organization’s on-site (on-premises) datacenter, or it can be hosted by a third-party service provider.
Hybrid cloud
- A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them.
23
Q
Name some of the pros/cons of the different cloud models (private, public, hybrid)
A
Public cloud
No capital expenditures to scale up.
Applications can be quickly provisioned and deprovisioned.
Organizations pay only for what they use.
Private cloud
Hardware must be purchased for start-up and maintenance.
Organizations have complete control over resources and security.
Organizations are responsible for hardware maintenance and updates.
Hybrid cloud
Provides the most flexibility.
Organizations determine where to run their applications.
Organizations control security, compliance, or legal requirements.
24
Q
Name benefits of cloud computing
A
High availability
Scalability
Agility (Deploy and configure cloud-based resources quickly)
Geo-distribution
Disaster recovery
25
Explain IaaS
This cloud service model is the closest to managing physical servers; a cloud provider will keep the hardware up-to-date, but operating system maintenance and network configuration is up to you as the cloud tenant. For example, Azure virtual machines are fully operational virtual compute devices running in Microsoft datacenters. An advantage of this cloud service model is rapid deployment of new compute devices. Setting up a new virtual machine is considerably faster than procuring, installing, and configuring a physical server.
26
Explain Paas
This cloud service model is a managed hosting environment. The cloud provider manages the virtual machines and networking resources, and the cloud tenant deploys their applications into the managed hosting environment. For example, Azure App Services provides a managed hosting environment where developers can upload their web applications, without having to worry about the physical hardware and software requirements.
27
Explain SaaS
In this cloud service model, the cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage, and applications. The cloud tenant only needs to provide their data to the application managed by the cloud provider. For example, Microsoft Office 365 provides a fully working version of Microsoft Office that runs in the cloud. All you need to do is create your content, and Office 365 takes care of everything else.
28
Relate IaaS, PaaS and SaaS in terms of least user responsibility/management
SaaS>PaaS>IaaS
29
Explain serverless computing
Like PaaS, serverless computing enables developers to build applications faster by eliminating the need for them to manage infrastructure. With serverless applications, the cloud service provider automatically provisions, scales, and manages the infrastructure required to run the code. Serverless architectures are highly scalable and event-driven, only using resources when a specific function or trigger occurs.
30
IoT services
Name the central message hub, that handles bi-directional communication between IoT device and IoT apps
Azure IoT hub
31
IoT services
Name the services that build on the Azure IoT hub, including a dashboard that allows you to connect, monitor, and manage your IoT devices
Azure IoT central
32
IoT services
Name this service: end-to-end, highly secure IoT solution for customers that encompasses everything from the hardware and operating system on the device to the secure method of sending messages from the device to the message hub.
Azure Sphere
33
IoT services
Decision criteria for IoT services and the service choice for each
1) Is it critical to ensure that the device is not compromised?
A: AZURE SPHERE
2) Do I need a dashboard for reporting and management?
A: AZURE IoT CENTRAL
else:
Azure IoT Hub
34
AI SERVICES
Name the service choice if you want to make custom predictions
Azure machine learning
-
Azure Machine Learning is a platform for making predictions. It consists of tools and services that allow you to connect to data to train and test models to find one that will most accurately predict a future result. After you've run experiments to test the model, you can deploy and use it in real time via a web API endpoint.
35
AI SERVICES
Name the service choice that enable applications to see, hear, speak, understand, and even begin to reason.
Azure cognitive services
Azure Cognitive Services provides prebuilt machine learning models that enable applications to see, hear, speak, understand, and even begin to reason. Use Azure Cognitive Services to solve general problems, such as analyzing text for emotional sentiment or analyzing images to recognize objects or faces. You don't need special machine learning or data science knowledge to use these services. Developers access Azure Cognitive Services via APIs and can easily include these features in just a few lines of code.
While Azure Machine Learning requires you to bring your own data and train models over that data, Azure Cognitive Services, for the most part, provides pretrained models so that you can bring in your live data to get predictions on.
36
AI SERVICES
Name the service choice if you want a virtual agent that understand and reply to questions just like a human.
Azure Bot Service
Azure Bot Service and Bot Framework are platforms for creating virtual agents that understand and reply to questions just like a human. Azure Bot Service is a bit different from Azure Machine Learning and Azure Cognitive Services in that it has a specific use case. Namely, it creates a virtual agent that can intelligently communicate with humans. Behind the scenes, the bot you build uses other Azure services, such as Azure Cognitive Services, to understand what their human counterparts are asking for.
Bots can be used to shift simple, repetitive tasks, such as taking a dinner reservation or gathering profile information, on to automated systems that might no longer require direct human intervention. Users converse with a bot by using text, interactive cards, and speech. A bot interaction can be a quick question and answer, or it can be a sophisticated conversation that intelligently provides access to services.
37
AI services
Decision criteria for AI services and the service choice for each
Are you building a virtual agent that interfaces with humans via natural language?
A: AZURE BOT SERVICES
Do you need a service that can understand the content and meaning of images, video, or audio, or that can translate text into a different language?
A: AZURE COGNITIVE SERVICES
Do you need to predict user behavior or provide users with personalized recommendations in your app?
A:COGNITIVE SERVICES
Will your app predict future outcomes based on private historical data?
A: AZURE MACHINE LEARNING
38
SERVERLESS OPTIONS
Decision criteria for serverless computing services and the service choice for each
Do you need to execute custom algorithms or perform specialized data parsing and data lookups?
A: AZURE FUNCTIONS
Do you need to perform an orchestration across well-known APIs?
a: AZURE LOGIC APPS
Do you have existing automated tasks written in an imperative programming language?
A: AZURE FUNCTIONS
Do you prefer a visual (declarative) workflow or writing (imperative) code?
A: AZURE LOGIC APPS/AZURE FUNCTIONS
39
Compare Azure functions and Azure logic apps
With the Azure Functions service, you can host a single method or function by using a popular programming language in the cloud that runs in response to an event. An example of an event might be an HTTP request, a new message on a queue, or a message on a timer.
Because of its atomic nature, Azure Functions can serve many purposes in an application's design. Functions can be written in many common programming languages, such as C#, Python, JavaScript, Typescript, Java, and PowerShell.
Logic Apps is a low-code/no-code development platform hosted as a cloud service. The service helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions, whether in the cloud, on-premises, or both. This solution covers app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) integration.
40
BUILD SOLUTIONS
Azure DevOps, GitHub, Github Actions, Azure DevTest labs
Choice if you need to automate and manage test-lab creation?
A: Azure DevTest Labs
If your aim is to automate the creation and management of a test lab environment, consider choosing Azure DevTest Labs.
Among the three tools and services we've described, it's the only one that offers this functionality.
However, you can automate the provisioning of new labs as part of a toolchain by using Azure Pipelines or GitHub Actions.
41
BUILD SOLUTIONS
Azure DevOps, GitHub, Github Actions, Azure DevTest labs
Choice if you need to build open-source software?
A: GitHub
Although Azure DevOps can publish public code repositories, GitHub has long been the preferred host for open-source software. If you're building open-source software, you would likely choose GitHub if for no other reasons than its visibility and general acceptance by the open-source development community.
42
BUILD SOLUTIONS
Azure DevOps, GitHub, Github Actions, Azure DevTest labs
Choice if you need sophisticated project management and reporting
A: Azure DevOps
Although GitHub has work items, issues, and a Kanban board, project management and reporting is the area where Azure DevOps excels. Azure DevOps is highly customizable, which allows an administrator to add custom fields to capture metadata and other information alongside each work item. By contrast, the GitHub Issues feature uses tags as its primary means of helping a team categorize issues.
43
BUILD SOLUTIONS
Azure DevOps, GitHub, Github Actions, Azure DevTest labs
Choice if you need a high level of permission granularity
A: Azure DevOps
GitHub works on a simple model of read/write permissions to every feature. Meanwhile, Azure DevOps has a much more granular set of permissions that allow organizations to refine who is able to perform most operations across the entire toolset.
44
BUILD SOLUTIONS
Azure DevOps, GitHub, Github Actions, Azure DevTest labs
Choice if you need to integrate w. third party tools
A: GitHub + Azure DevOps
Although we make no specific recommendations about third-party tools, it's important for you to understand your organization's existing investments in tools and services and to evaluate how these dependencies might affect your choice. It's likely that most vendors that create DevOps tools create hooks or APIs that can be used by both Azure Pipelines and GitHub Actions. Even so, it's probably worth the effort to validate that assumption.
45
Name the four developer services in Azure used for collaboration on code development and building and deploying solutions.
Azure DevOps
Azure Devtest Labs
GitHub
GitHub actions
46
Name the management tools in Azure
| Visual tools provide full, visually friendly access to all the functionality of Azure as well as command line tools
Azure Portal
- The user friendly GUI option
Azure mobile app
- Mobile app for Azure resources
Azure PowerShell
- a shell with which developers and DevOps and IT professionals can execute called cmdlets
Azure CLI
- The Azure CLI command-line interface is an executable program with which a developer, DevOps professional, or IT professional can execute commands in Bash.
ARM templates
- The template then orchestrates the creation of those resources in parallel. That is, if you need 50 instances of the same resource, all 50 instances are created at the same time.
47
MANAGING AND CONFIGURING
PORTAL, MOBILE, POWERSHELL, CLI, ARM TEMPLATES
Choice if you need to perform one-off management, administrative, or reporting actions?
PORTAL + POWERSHELL + CLI,
48
MANAGING AND CONFIGURING
PORTAL, MOBILE, POWERSHELL, CLI, ARM TEMPLATES
Choice if you need a way to repeatedly set up one or more resources and ensure that all the dependencies are created in the proper order?
ARM templates
49
MANAGING AND CONFIGURING
PORTAL, MOBILE, POWERSHELL, CLI, ARM TEMPLATES
Choice if you are Windows/Linux based
Windows: PowerShell
Linux: Azure CLI
50
Compare Azure Advisor, Azure Monitor and Azure Service Health
AZURE ADVISOR
- Advisor dashboard displays personalized recommendations for all your subscriptions, and you can use filters to select recommendations for specific subscriptions, resource groups, or services
(reliability, Security, Performance, Cost, operational excellence)
AZURE MONITOR
- Azure Monitor is a platform for collecting, analyzing, visualizing, and potentially taking action based on the metric and logging data from your entire Azure and on-premises environment.
AZURE SERVCE HEALTH
- Azure Service Health provides a personalized view of the health of the Azure services, regions, and resources you rely on
51
MONITORING SERVICES
ADVISOR, MONITOR, SERVICE HEALTH
Choice if you need to analyze how you're using Azure to reduce costs, improve resilience, or harden your security?
Azure Advisor
52
MONITORING SERVICES
ADVISOR, MONITOR, SERVICE HEALTH
Choice if you want to monitor Azure services or your usage of Azure?
Azure monitor
53
MONITORING SERVICES
ADVISOR, MONITOR, SERVICE HEALTH
Choice if you want to measure custom events alongside other usage metrics?
Azure monitor
54
MONITORING SERVICES
ADVISOR, MONITOR, SERVICE HEALTH
Choice if you need to set up alerts for outages or when autoscaling is about to deploy new instances?
Azure monitor
55
MONITORING SERVICES
ADVISOR, MONITOR, SERVICE HEALTH
Choice if you want to monitor Azure services or your usage of Azure?
Azure Service Health to monitor Azure services and Azure Monitor if it's related to your specific services.
56
Describe the difference between authorization and authentication
Authentication is the process of establishing the identity of a person or service that wants to access a resource.
Authentication establishes the user's identity, but authorization is the process of establishing what level of access an authenticated person or service has. It specifies what data they're allowed to access and what they can do with it.
57
Name the Azure authentication and authorazation service, that enables users to sign-in and access applications on your tenant?
Azure Active Directory
58
Name services within Azure AD
Authentication
SSO
Application management
Device management
59
Explain the difference between multifactor authentication and conditional access
Multifactor authentication is a process where a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan (something the user knows, has or are)
Conditional Access is a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from.
60
Name the four management levels in Azure and explain how you can manage access easily between these mangement levels
A management group (a collection of multiple subscriptions).
A single subscription.
A resource group.
A single resource.
Control access via RBAC
61
How can you prevent accidental changes of resources?
Resource lock
62
Name the two levels of locking via resource locks
CanNotDelete means authorized people can still read and modify a resource, but they can't delete the resource without first removing the lock.
ReadOnly means authorized people can read a resource, but they can't delete or change the resource. Applying this lock is like restricting all authorized users to the permissions granted by the Reader role in Azure RBAC.
63
Explain Azure blueprint and how it relates to resource locks
To make the protection process more robust, you can combine resource locks with Azure Blueprints. Azure Blueprints enables you to define the set of standard Azure resources that your organization requires. For example, you can define a blueprint that specifies that a certain resource lock must exist. Azure Blueprints can automatically replace the resource lock if that lock is removed.
64
Descirbe "tags" and how they are beneficial
Tags are used to identify grouped resources. This is helpful in usage tracking and invoicing
65
Explain Azure policy and Azure policy initiatives
Azure Policy enables you to define both individual policies and groups of related policies, known as initiatives. Azure Policy evaluates your resources and highlights resources that aren't compliant with the policies you've created. Azure Policy can also prevent noncompliant resources from being created.
An Azure Policy initiative is a way of grouping related policies together. The initiative definition contains all of the policy definitions to help track your compliance state for a larger goal.
66
How can you define a repeatable set of governance tools and standard Azure resources that your organization requires? Incl. Role assignments, Policy assignments, Azure Resource Manager templates, Resource groups
Azure blueprints
67
What is MS cloud adoption Framework
The Cloud Adoption Framework for Azure provides you with proven guidance to help with your cloud adoption journey. The Cloud Adoption Framework helps you create and implement the business and technology strategies needed to succeed in the cloud.
68
Name the five steps in the cloud adoption framework
```
Define your strategy.
Make a plan.
Ready your organization.
Adopt the cloud.
Govern and manage your cloud environments.
```
69
Name the seven key networking capabilities provided by Azure virtual networks (VNets)
Isolation and segmentation, Internet communications, communication between Azure resources, communication with on-premises resources, route network traffic, filter network traffic, connect virtual networks.
70
Name 3 mechanisms for achieving connectivity between your local and cloud environments
Point-to-site virtual private networks, site-to-site virtual private networks, Azure ExpressRoute
71
What is a VPN and what is the difference between a site-to-site vpn and a point-to-site vpn?
A VPN is a virtual private network. VPNs extend a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The traffic is usually encrypted. For point-to-site virtual networks in Azure the client computer initiates an encrypted VPN connection to connect that computer to the Azure virtual network. For site-to-site VPNs in Azure an on-premise VPN gateway or device is linked to the Azure VPN gateway in a virtual network such that Azure devices appear as being on the local network. The connection between the gateways is encrypted.
72
What can you do in a route table?
Define rules about how traffic should be directed. Custom route tables allow you to control how packets are routed between subnets.
73
What is a BGP?
A BGP is a Border Gateway Protocol. A Border Gateway Protocol works with Azure VPN gateways, Azure Route Servers or ExpressRoute to propagate on-premise BGP routes to Azure virtual networks.
74
What are network security groups used for?
A network security group (NSG) is an Azure resource that can contain multiple inbound and outbound security rules. The rules can allow or block traffic based on factors such as source and destination IP, port and protocol.
75
What is Peering?
Peering is a way of linking Azure VNets thereby enabling resources in each virtual network to communicate with each other.
76
Can VNets be peered across separate regions?
Yes, VNets can be peered across separate regions allowing a global interconnected network through Azure.
77
When creating a new virtual network in Azure, the network name must be unique in your ___________
Subscription.
| It does not need to be globally unique.
78
Which compliance catagories does Azure offer?
Global
US goverment
Industry
Regional
79
What is an address space and what format is it defined in and within what should it be unique?
An address space is a range of valid ip-adresses within a network. The defined in the Classless Interdomain Routing (CIDR) format. It must be unique within your subscription and any other networks that you connect to.
80
What is the difference between
MS privacy statement
Online service terms
Data protection addendum
1) The Microsoft Privacy Statement explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes.
2) The Online Services Terms (OST) is a legal agreement between Microsoft and the customer. The OST details the obligations by both parties with respect to the processing and security of customer data and personal data.
3) The Data Protection Addendum (DPA) further defines the data processing and security terms for online services
81
Where can you find In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products?
MS trust center
82
What is Azure Government
Azure Government is a separate instance of the Microsoft Azure service. It addresses the security and compliance needs of US federal agencies, state and local governments, and their solution providers. Azure Government offers physical isolation from non-US government deployments and provides screened US personnel.
83
What is Azure China 21Vianet?
Azure China 21Vianet is operated by 21Vianet. It's a physically separated instance of cloud services located in China.
84
What is a subnet and what does the routing between them depend on?
Within a virtual networks address range you can create one or more subnets that partition the virtual networks address space. Routing between the subnets depend on the default traffic routes, and any defined custom routes.
85
What is a service endpoint
A service endpoint allows virtual network resources to use private IP addresses to connect to an Azure service's public endpoint, extending the identity of the virtual network to the target resource. The traffic then flows to the service resource over the Azure backbone network instead of over the internet.
86
What is Azure ExpressRoute used for?
Azure ExpressRoute is used for environments where you need very high bandwidth and security. It provides a dedicated private connectivity to Azure that does not travel over the internet.
87
What is a Virtual Network NAT gateway?
A virtual network NAT is a fully managed and highly resilient Network Adress Translation (NAT) service. It simplifies outbound internet connectivity for virtual networks. When configured on a subnet all outbound connectivity uses the NAT's static public IP addresses (as opposed to the individual VMs or other compute resources IP which in turn can remain private)
88
What does it mean for something to be fully managed?
The provider (Azure) manages the service, so that the user (us) does not have to worry about the technical details.
89
What is BastionHost?
A bastion host is a special purpose computer on a network specifically designed to withstand attacks. The Azure BastionHost service provides a secure and seamless RDP(remote desktop protocol)/SSH(secure shell) connection to virtual machines in the Azure Portal over SSL (secure socket layer - a standard for keeping an internet connection secure and safeguarding sensitive data being sent between 2 systems preventing interception from criminals).
90
What is a DDoS attack and how can you protect against it in Azure VNets?
A DDoS attack is a distributed denial-of-service attack, in which an attacker attempts to disrupt the normal traffic of the targeted server, service or network by overwhelming it or the surrounding infrastructure with a flood of internet traffic. You can choose DDoS Protection Standard when creating Azure VNets to protect against DDoS attacks.
91
What are route tables and how are they created?
A route table defines how traffic is routed between subnets, VNets and on-premise networks. Azure automatically creates a route table for each subnet within an Azure VNet and adds the system default routes to the table. You can add custom route tables to modify how the traffic is routed.
92
What is subnet delegation?
Subnet delegation is the act of designating a subnet to be used by a dedicated service.
93
What is a DNS server?
The Domain Name System (DNS) is the phonebook of the internet. It couples a domain name which is easy to remember - such as google.com to the correct IP address for the site. DNS servers are machines dedicated to answering DNS queries.
94
What is a server and a client?
A server is a device or program dedicated to providing services to other programs referred to as clients.
95
Azure VPN Gateway instances are deployed in a dedicated subnet of a virtual network and enable the following connectivity:
On-premise datacenters can be connected to virtual networks through a ________ connection.
Individual devices can be connected to a virtual network through a _________ connection.
Virtual networks can be connected to other virtual networks through a ___________ connection.
site-to-site, point-to-site, network-to-network.
96
Name 3 key features of policy-based VPN gateways in Azure
Support for IKEv1 only (internet key exchange version 1. It requires symmetric authentication and is vulnerable to certain attacks. )
Use of static routing - combinations of address prefixes from both networks control how traffic is encrypted and decrypted the the VPN. Source and destination of the tunneled networks are declared in the policy and don't need to be declared in the routing tables.
Policy-based VPNs must be used in specific scenarios that require them, such as compatibility with legacy on-premise VPN devices.
97
When should you use a route based VPN?
Use a route-based VPN gateway if you need any of the following types of connectivity:
Connections between virtual networks
Point-to-site connections
Multisite connections
Coexistence with an Azure ExpressRoute gateway
98
What are 3 key features of route-based VPN gateways in Azure?
```
Supports IKEv2 (internet key exchange version 2)
Uses any-to-any (wildcard) traffic selectors
Can use dynamic routing protocols - data packets are encryoted based on network routing tables that are created dynamically using routing protocols such as Border Gateway Protocol (BGP).
```
99
What is a SKU?
A SKU is a stock-keeping unit - a number assigned to a product to identify it, such as a bar code.
100
Which 6 resources do you need before you can deploy an operational VPN gateway in Azure?
A virtual network, GatewaySubnet, public IP address, local network gateway, virtual network gateway, connection.
101
When deploying a VPN gateway what do you need to consider when deploying the virtual network in Azure that you are connecting to from your existing on-premise network?
The address space for the virtual network can not overlap with the on-premise network that you're connecting to and only one VPN gateway can be deployed within a virtual network. The address space of the virtual network must be large enough for the additional subnet you'll need for the VPN gateway.
102
What on-premise resources are required to connect your datacenter to a VPN gateway?
A VPN device that supports policy-based or route-based VPN gateways
A public-facing (internet routable) IPv4 address
102
What on-premise resources are required to connect your datacenter to a VPN gateway?
A VPN device that supports policy-based or route-based VPN gateways
A public-facing (internet routable) IPv4 address
103
What are 4 ways to ensure a fault-tolerant VPN configuration in Azure
By default, VPN gateways are deployed as two instances in an active/standby configuration. When planned maintenance or unplanned disruption affects the active instance the standby instance automatically assumes responsibility.
VPN gateways can also be deployed in an active/active configuration where each instance has a unique IP address and separate tunnels can be created from the on-premise device to each IP address. You can extend the high availability by deploying an additional VPN on-premise.
VPNs can be configured as a secure failover path for ExpressRoute connections if the physical ifrastructure of the ExpressRoute is compromised.
In regions that support availability zones VPN gateways and ExpressRoute gateways can be deployed in a zone redundant configuration.
104
What are Azure availablity zones?
Physically separate location that are tolerant to local failures
105
What is a redundant system?
A redundant system consists of at least two systems that are interconnected and designed for the same purpose. If one system fails, the other can take over. Redundancy in cloud architecture ensures that any individual failure has a fallback within the architecture.
106
What are layers 2 and 3 in the OSI (Open System Interconnection) model
2: Data link layer: provides node-to-node communication between 2 nodes on the same network
3: Network layer: provides addressing and routing between nodes on a multi-node network
107
Which layer of connectivity does Azure ExpressRoute provide?
Layer 3 connectivity between on-premises network and Azure through connectivity partners.
108
ExpressRoute provides addrees-level connectivity between your on-premises network and the microsoft cloud through connectivity partners. These connections can be through a ___________ or _________ network. They can also be a virtual cross-connections through an exchange.
point-to-point or any-to-any
109
ExpressRoute supports four models that you can use to connect your on-premise network to the microsoft cloud. What are they?
Cloud exchange co-location, poit-to-point ethernet connection any-to-any (IPVPN) connection, directly from ExpressRoute sites.
110
If you have an ExpressRoute connection to Azure, which of the following are sent over the internet:Your data, DNS queries, certificate revocation list checking, Azure Content Delivery Network requests?
DNS queries, certificate revocation list checking, Azure Content Delivery Network requests.
111
What is FTP used for?
File transfer protocol (FTP) is used to communicate and transfer files from one host to another.
112
Is the communication through an ExpressRoute encrypted and private?
ExpressRoute does provide private connectivity, but it isn't encrypted.
113
What is the difference between HTTP and HTTPS?
HTTP (hyper text transfer protocol) is a protocol for communication between client computers and web servers. It is done by sending HTTP requests and receiving HTTP responses. HTTPS(ecure) used an encryption protocol to encryt communications. The encryption protocol is called TLS (transport layer security)formerly known as SSL (Secure Sockets Layer).
114
What is persistent storage?
Persistent storage is any data storage device that retains data after power to the device is shut of . Hard Disks are persistent storage units while RAM and cache systems are typically non-persistent (volatile) storage devices.
115
Which types of disk storage can you chose between in Azure?
solid-state drives (SSDs) and traditional spinning hard disk drives (HDDs).
116
What 6 use cases is blob storage ideal for?
Serving images or documents to a browser
Storing files for distributed access
Streaming video and audio
Storing data for backup and restore, disaster recovery, and archiving
Storing data for analysis by an Azure-hosted service
Storing up to 8 TB of data for VMs.
117
How are blobs in a blob storage organized?
In containers.
118
In which situations should you use Azure file shares?
When migrating on-premise file shares to the cloud.
Storing configuration files on a file share and access them from multiple VMs
Writing data such as diagnostic logs, metrics and crash dumps to a file share for later processing or analysis
119
What can you use to allow access to a private asset such as a file in an Azure file share for a specific amount of time?
Shared Access Signature (SAS) token.
120
What are the 3 access tiers in Azure Storage and when should you use each one?
Hot access tier: Optimized for storing data that is accessed frequently (for example, images for your website).
Cool access tier: Optimized for data that is infrequently accessed and stored for at least 30 days (for example, invoices for your customers).
Archive access tier: Appropriate for data that is rarely accessed and stored for at least 180 days, with flexible latency requirements (for example, long-term backups).
121
Name 5 database services offered in Azure?
Cosmos DB, SQL Database, SQL Managed Instance, Database for MySql, Database for PostgreSQL
122
What is the difference between Azure SQL Database, Azure SQL Managed Instance and Azure Database for MySQL?
Azure SQL Database and Azure SQL Managed Instance share a common code base with the latest stable version of SQL Server. Most of the standard SQL language, query processing, and database management features are identical. Azure SQL Database does not support native virtual network integration which the managed instance does and the managed instance has nearly full compatibility with SQL Server on-premise and is generally better for migrations. Azure Database for MySQL is separate from the others in that it is powered by the MySQL community edition. SQL is a query language whereas MySQL is a relational database that uses SQL to query a database.
123
What is Cosmos DB?
A globally distributed multi-model database service
124
What is a multimodel database?
A database management system designed to support multiple data models (such as document, graph, relational, and key-value models) against a single integrated backend.
125
What is a distributed database (DDB)?
A distributed system is a group of interconnected components that appear as a single system. A distributed database is a database which is physically distributed across sites allowing applications to operate on a copy of the data that's close to its users for fast response times.
126
What is a schemaless database?
A schemaless database in which there is no predefined schema for how data is stored.
127
At the lowest level Azure Cosmos DB stores data in atmo-record-sequence (ARS) format. The data is then abstracted and projected as an API, which you specify when creating your database. What can you chose between (name 5 Apis)?
SQL, MongoDB, Cassandra, Tables, Gremlin
128
What is Azure Database for PostgreSQL?
A relational database in the cloud based on the community version of the open-source PostgreSQL database engine.
129
What is Hyperscale (Citus)?
The Hyperscale (Citus) option horizontally scales queries across multiple machines by using sharding. Its query engine parallelizes incoming SQL queries across these servers for faster responses on large datasets. It serves applications that require greater scale and performance, generally workloads that are approaching, or already exceed, 100 GB of data.
130
What are the 4 services for analytics and big data in Azure?
Azure Data Lake Analytics
Azure Databricks
Azure HDInsight
Azure Synapse Analytics
131
What is the difference between HDInsight and Azure Databricks?
Azure HDInsight is a cloud distribution of the Hadoop components. It makes it easy fast and cost-effective to process massive amounts of data. Azure Databricks is a premium offering optimized for easy setup, collaboration on shared projects in an interactive workspace, and autoscaling.
132
What is the difference between HDInsight and Azure Synapse Analytics
HDInsight is an analytics service that requires many configurations and is suitable for heavy computations where you have very detailed needs and the learning curve is very steep. HDInsight is always on, whereas Azure Synapse Analytics is consumption-based and brings together enterprise data warehousing and big data analytics.
133
Which service is an on-demand analytics job service that helps you to write queries to transform your data and extract valuable insights?
Azure Data Lake Analytics is an on-demand analytics job service to simplify big data analytics. You can focus on writing, running, and managing jobs rather than on operating distributed infrastructure. Instead of deploying, configuring, and tuning hardware, you write queries to transform your data and extract valuable insights.
134
If your developers use the LAMP stack which database is ideal for migration?
MySQL is part of the LAMP (Linux, Apache, MySQL, PHP) stack and therefore Azure Database for MySQL would be the logical choice.
135
What is Azure Security Center
A monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises
136
What is a security posture?
The term security posture refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats.
137
What can Azure Security Center do? - name 7 things
1) Monitor security settings across on-premises and cloud workloads.
2) Automatically apply required security settings to new resources as they come online.
3) Provide security recommendations that are based on your current configurations, resources, and networks.
4) Continuously monitor your resources and perform automatic security assessments to identify potential vulnerabilities before those vulnerabilities can be exploited.
5) Use machine learning to detect and block malware from being installed on your virtual machines (VMs) and other resources. You can also use adaptive application controls to define rules that list allowed applications to ensure that only applications you allow can run.
6) Detect and analyze potential inbound attacks and investigate threats and any post-breach activity that might have occurred.
7) Provide just-in-time access control for network ports. Doing so reduces your attack surface by ensuring that the network only allows traffic that you require at the time that you need it to.
138
What is secure score?
Secure score is a measurement of an organization's security posture.
Secure score is based on security controls, or groups of related security recommendations. Your score is based on the percentage of security controls that you satisfy. The more security controls you satisfy, the higher the score you receive. Your score improves when you remediate all of the recommendations for a single resource within a control.
139
Name three ways secure score can help you.
Report on the current state of your organization's security posture.
Improve your security posture by providing discoverability, visibility, guidance, and control.
Compare with benchmarks and establish key performance indicators (KPIs).
140
What is Just-in-time VM access?
Just-in-time access to VMs blocks traffic by default to specific network ports of VMs, but allows traffic for a specified time when an admin requests and approves it.
140
What is Just-in-time VM access?
Just-in-time access to VMs blocks traffic by default to specific network ports of VMs, but allows traffic for a specified time when an admin requests and approves it.
141
What is adaptive network hardening?
Adaptive network hardening: Security Center can monitor the internet traffic patterns of the VMs, and compare those patterns with the company's current network security group (NSG) settings. From there, Security Center can make recommendations about whether the NSGs should be locked down further and provide remediation steps.
142
What is adaptive application control?
A machine learning process in Azure used to provide alerts about unauthorized applications running.
143
What is file integrity monitoring?
Important files in a system can be monitored by configuring file integrity monitoring to detect changes to important files such as registry settings.
144
Which service in Azure can you use to get a centralized view of all security alerts?
Security Center
145
Security management on a large scale can benefit from a dedicated security information and event management (SIEM) system. A SIEM system aggregates security data from many different sources (as long as those sources support an open-standard logging format). It also provides capabilities for threat detection and response.
What is Microsoft's cloud-based SIEM system called which uses intelligent security analytics and threat analysis?
Azure Sentinel
146
What can you use to automate reponses to security threats detected by Azure Sentinel?
Azure Monitor Workbooks
147
How can you setup an automated response to a security alert from Security Center?
You can use workflow automation which uses Azure Logic Apps and Security Center connectors.
148
What can Azure Key Vault do? - Name 4 things
Manage Secrets: You can use Key Vault to securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.
Manage Encryption Keys: You can use Key Vault as a key management solution. Key Vault makes it easier to create and control the encryption keys that are used to encrypt your data.
Manage SSL/TLS certificates: Key Vault enables you to provision, manage, and deploy your public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for both your Azure resources and your internal resources.
Store Secrets backend by hardware security modules: These secrets and keys can be protected either by software or by FIPS 140-2 Level 2 validated HSMs.
149
Name 5 benefits of Azure Key-Vault
Centralized storage: Centralizing the storage for your application secrets enables you to control their distribution, and reduces the chances that secrets are accidentally leaked.
Securely stored secrets and keys: Azure uses industry-standard algorithms, key lengths, and HSMs. Access to Key Vault requires proper authentication and authorization.
Access monitoring and access control: By using Key Vault, you can monitor and control access to your application secrets.
Simplified administration of application secrets: Key Vault makes it easier to enroll and renew certificates from public certificate authorities (CAs). You can also scale up and replicate content within regions and use standard certificate management tools.
Integration with other Azure services You can integrate Key Vault with storage accounts, container registries, event hubs, and many more Azure services. These services can then securely reference the secrets stored in Key Vault.
150
What is Azure Dedicated Host? Name 3 benefits
Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux.
Benefits:
Gives you visibility into, and control over, the server infrastructure that's running your Azure VMs.
Helps address compliance requirements by deploying your workloads on an isolated server.
Lets you choose the number of processors, server capabilities, VM series, and VM sizes within the same host.
151
How can you ensure high availability when using a dedicated host?
For high availability, you can provision multiple hosts in a host group, and deploy your VMs across this group. VMs on dedicated hosts can also take advantage of maintenance control. This feature enables you to control when regular maintenance updates occur, within a 35-day rolling window.
152
How are dedicated hosts priced?
You're charged per dedicated host, independent of how many VMs you deploy to it. The host price is based on the VM family, type (hardware size), and region.
Software licensing, storage, and network usage are billed separately from the host and VMs
153
How may you control having only certain applications run on your VMs?
Create an application control rule in Azure Security Center
154
What is the easiest way for a company to combine security data from all its monitoring tools in a single report that it can take action on?
Collect security data in Azure Sentinel.
154
What is the easiest way for a company to combine security data from all its monitoring tools in a single report that it can take action on?
Collect security data in Azure Sentinel.
155
What is defense in depth?
The objective of defense in depth is to protect information and prevent it from being stolen by those who aren't authorized to access it.
A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data.
155
What is defense in depth?
The objective of defense in depth is to protect information and prevent it from being stolen by those who aren't authorized to access it.
A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data.
156
Give a brief overview of the 7 layers in the defense in depth model
1) The physical security layer is the first line of defense to protect computing hardware in the datacenter.
2) The identity and access layer controls access to infrastructure and change control.
3) The perimeter layer uses distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for users.
4) The network layer limits communication between resources through segmentation and access controls.
5) The compute layer secures access to virtual machines.
6) The application layer helps ensure that applications are secure and free of security vulnerabilities.
7) The data layer controls access to business and customer data that you need to protect.
157
What is the principle of least privilege?
The principle of least privilege means restricting access to information only to individuals explicitly granted access, at only the level that they need to perform their work. This information includes protection of user passwords, email content, and access levels to applications and underlying infrastructure.
158
What are the the three common principles used to define a security posture?
The common principles used to define a security posture are confidentiality, integrity, and availability, known collectively as CIA.
159
What is covered by the integrity principle in a security posture?
The integrity of data must be preserved by preventing unauthorized changes to information:
At rest: when it's stored.
In transit: when it's being transferred from one place to another, including from a local computer to the cloud.
A common approach used in data transmission is for the sender to create a unique fingerprint of the data by using a one-way hashing algorithm. The hash is sent to the receiver along with the data. The receiver recalculates the data's hash and compares it to the original to ensure that the data wasn't lost or modified in transit.
160
What is the availability principle in a security posture?
The availability principle must ensure that services are functioning and can be accessed only by authorized users. Denial-of-service attacks are designed to degrade the availability of a system, affecting its users.
161
What is Azure firewall?
A managed, cloud-based network security service that helps protect resources in your Azure virtual networks. A virtual network is similar to a traditional network that you'd operate in your own datacenter. It's a fundamental building block for your private network that enables virtual machines and other compute resources to securely communicate with each other, the internet, and on-premises networks.
162
Name 5 features of Azure firewall
```
Built-in high availability.
Unrestricted cloud scalability.
Inbound and outbound filtering rules.
Inbound Destination Network Address Translation (DNAT) support.
Azure Monitor logging.
```
163
Name 3 rules you can configure in Azure Firewall
Application rules that define fully qualified domain names (FQDNs) that can be accessed from a subnet.
Network rules that define source address, protocol, destination port, and destination address.
Network Address Translation (NAT) rules that define destination IP addresses and ports to translate inbound requests.
164
What is a web application firewall (WAF)?
Azure Application Gateway provides a firewall that's called the web application firewall (WAF). WAF provides centralized, inbound protection for your web applications against common exploits and vulnerabilities. Azure Front Door and Azure Content Delivery Network also provide WAF services.
165
What are the two tiers of DDoS protection?
Basic and Standard
Basic
The Basic service tier is automatically enabled for free as part of your Azure subscription.
Always-on traffic monitoring and real-time mitigation of common network-level attacks provide the same defenses that Microsoft's online services use. The Basic service tier ensures that Azure infrastructure itself is not affected during a large-scale DDoS attack.
The Azure global network is used to distribute and mitigate attack traffic across Azure regions.
Standard
The Standard service tier provides additional mitigation capabilities that are tuned specifically to Azure Virtual Network resources. DDoS Protection Standard is relatively easy to enable and requires no changes to your applications.
The Standard tier provides always-on traffic monitoring and real-time mitigation of common network-level attacks. It provides the same defenses that Microsoft's online services use.
Protection policies are tuned through dedicated traffic monitoring and machine learning algorithms. Policies are applied to public IP addresses, which are associated with resources deployed in virtual networks such as Azure Load Balancer and Application Gateway.
The Azure global network is used to distribute and mitigate attack traffic across Azure regions.
166
What kind of attacks can the standard service tier of DDoS protection help prevent?
Volumetric attacks
The goal of this attack is to flood the network layer with a substantial amount of seemingly legitimate traffic.
Protocol attacks
These attacks render a target inaccessible by exploiting a weakness in the layer 3 and layer 4 protocol stack.
Resource-layer (application-layer) attacks (only with web application firewall)
These attacks target web application packets to disrupt the transmission of data between hosts. You need a web application firewall (WAF) to protect against L7 attacks. DDoS Protection Standard protects the WAF from volumetric and protocol attacks.
167
What are NSGs?
A network security group enables you to filter network traffic to and from Azure resources within an Azure virtual network. You can think of NSGs like an internal firewall. An NSG can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol.
168
What 7 properties can you define within a single NSG?
Name: A unique name for the NSG.
Priority: A number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers.
Source or Destination: A single IP address or IP address range, service tag, or application security group.
Protocol TCP, UDP, or Any.
Direction: Whether the rule applies to inbound or outbound traffic.
Port Range: A single port or range of ports.
Action: Allow or Deny.
169
What's the TCO Calculator?
The TCO Calculator helps you estimate the cost savings of operating your solution on Azure over time, instead of in your on-premises datacenter.
The term total cost of ownership is commonly used in finance. It can be hard to see all the hidden costs related to operating a technology capability on-premises. Software licenses and hardware are additional costs.
170
What types of Azure subscriptions can you use?
Free trial
A free trial subscription provides you with 12 months of popular free services, a credit to explore any Azure service for 30 days, and more than 25 services that are always free. Your Azure services are disabled when the trial ends or when your credit expires for paid products, unless you upgrade to a paid subscription.
Pay-as-you-go
A pay-as-you-go subscription enables you to pay for what you use by attaching a credit or debit card to your account. Organizations can apply for volume discounts and prepaid invoicing.
Member offers
Your existing membership to certain Microsoft products and services might provide you with credits for your Azure account and reduced rates on Azure services. For example, member offers are available to Visual Studio subscribers, Microsoft Partner Network members, Microsoft for Startups members, and Microsoft Imagine members.
171
How can you purchase Azure Services?
There are three main ways to purchase services on Azure. They are:
Through an Enterprise Agreement
Larger customers, known as enterprise customers, can sign an Enterprise Agreement with Microsoft. This agreement commits them to spending a predetermined amount on Azure services over a period of three years. The service fee is typically paid annually. As an Enterprise Agreement customer, you'll receive the best customized pricing based on the kinds and amounts of services you plan on using.
Directly from the web
Here, you purchase Azure services directly from the Azure portal website and pay standard prices. You're billed monthly, as a credit card payment or through an invoice. This purchasing method is known as Web Direct.
Through a Cloud Solution Provider
A Cloud Solution Provider (CSP) is a Microsoft Partner who helps you build solutions on top of Azure. Your CSP bills you for your Azure usage at a price they determine. They also answer your support questions and escalate them to Microsoft, as needed.
172
What factors affect cost in Azure?
```
Resource type
Resource usage
Azure subscription types
Location
Zones for billing of network traffic
```
173
How can you estimate the total cost of a solution in Azure?
The Pricing calculator displays Azure products in categories. You add these categories to your estimate and configure according to your specific requirements. You then receive a consolidated estimated price, with a detailed breakdown of the costs associated with each resource you added to your solution. You can export or share that estimate or save it for later. You can load a saved estimate and modify it to match updated requirements.
You also can access pricing details, product details, and documentation for each product from within the Pricing calculator.
174
What 6 options can you configure in the pricing calculator?
The options that you can configure in the Pricing calculator vary between products, but they can include:
Region
A region is the geographical location in which you can provision a service. Southeast Asia, Central Canada, Western United States, and Northern Europe are a few examples.
Tier
Tiers, such as the Free tier or Basic tier, have different levels of availability or performance and different associated costs.
Billing options
Billing options highlight the different ways you can pay for a service. Options can vary based on your customer type and subscription type and can include options to save costs.
Support options
These options enable you to select additional support pricing options for certain services.
Programs and offers
Your customer or subscription type might enable you to choose from specific licensing programs or other offers.
Azure Dev/Test pricing
This option lists the available prices for development and test workloads. Dev/Test pricing applies when you run resources within an Azure subscription that's based on a Dev/Test offer.
175
Name 5 ways of managing and minimizing costs in Azure?
Choose cost-effective operating systems, Use Azure Hybrid Benefit to repurpose software licenses on Azure, Migrate from IaaS to PaaS services, Delete unused resources, Deallocate virtual machines during off hours, Resize underutilized virtual machines, Apply tags to identify cost owners, Use Azure Cost Management + Billing to control spending, Research available cost-saving offers, Choose low-cost locations and regions, Use Azure Reservations to prepay, Use spending limits to restrict your spending, Use Azure Advisor to monitor your usage, Understand estimated costs before you deploy
176
What is an SLA?
A service-level agreement (SLA) is a formal agreement between a service company and the customer. For Azure, this agreement defines the performance standards that Microsoft commits to for you, the customer.
177
What are the typical 3 sections of an SLA?
Introduction
This section explains what to expect in the SLA, including its scope and how subscription renewals can affect the terms.
General terms
This section contains terms that are used throughout the SLA so that both parties (you and Microsoft) have a consistent vocabulary. For example, this section might define what's meant by downtime, incidents, and error codes.
This section also defines the general terms of the agreement, including how to submit a claim, receive credit for any performance or availability issues, and limitations of the agreement.
SLA details
This section defines the specific guarantees for the service. Performance commitments are commonly measured as a percentage. That percentage typically ranges from 99.9 percent ("three nines") to 99.99 percent ("four nines").
The primary performance commitment typically focuses on uptime, or the percentage of time that a product or service is successfully operational. Some SLAs focus on other factors as well, including latency, or how fast the service must respond to a request.
This section also defines any additional terms that are specific to this service.
178
What are service credits?
A service credit is the percentage of the fees you paid that are credited back to you according to the claim approval process.
An SLA describes how Microsoft responds when an Azure service fails to perform to its specification. For example, you might receive a discount on your Azure bill as compensation when a service fails to perform according to its SLA.
Credits typically increase as uptime decreases
179
What is Azure Status?
Azure status provides a global view of the health of Azure services and regions. If you suspect there's an outage, this is often a good place to start your investigation.
Azure status provides an RSS feed of changes to the health of Azure services that you can subscribe to. You can connect this feed to communication software such as Microsoft Teams or Slack.
From the Azure status page, you can also access Azure Service Health. This provides a personalized view of the health of the Azure services and regions that you're using, directly from the Azure portal.
180
How can you create a service credit from microsoft?
Typically, you need to file a claim with Microsoft to receive a service credit. If you purchase Azure services from a Cloud Solution Provider (CSP) partner, your CSP typically manages the claims process.
Each SLA specifies the timeline by which you must submit your claim and when Microsoft processes your claim. For many services, you must submit your claim by the end of the calendar month following the month in which the incident occurred.
181
What is a usage pattern?
Usage patterns define when and how users access your application.
One question to consider is whether the availability requirement differs between critical and non-critical time periods. For example, a tax-filing application can't fail during a filing deadline.
182
What is a composite SLA?
The process of combining SLAs helps you compute the composite SLA for a set of services. Computing the composite SLA requires that you multiply the SLA of each individual service.
183
How can you increase an SLA?
Choose customization options that fit your required SLA
Build availability requirements into your design
Include redundancy to increase availability
184
What is the service lifecycle?
The service lifecycle defines how every Azure service is released for public use.
Every Azure service starts in the development phase. In this phase, the Azure team collects and defines its requirements, and begins to build the service.
Next, the service is released to the public preview phase. During this phase, the public can access and experiment with it and provide real-world feedback. Your feedback helps Microsoft improve services. More importantly, providing feedback gives you the opportunity to request new or different capabilities so that services better meet your needs.
After a new Azure service has been validated and tested, it's released to all customers as a production-ready service. This is known as general availability (GA).
