Azure Achitecture and Services 2.2

Question 1

Azure VMs

Answer 1

Server virtualization (compute)
on-demand without need for hardware purchase

Question 2

Virtual machine
scale sets

Answer 2

Allow you to create and manage a group of
identical, load-balanced VMs.
The number of VM instances can automatically
increase or decrease in response to demand or
based on a schedule.
Focus = scale (scalability, capacity)

Question 3

Virtual machine
availability sets

Answer 3

Help build a more resilient, highly available
environment by staggering VM updates and
ensuring varied power and network connectivity.
Focus = resiliency (availability)

Question 4

Virtual machine
availability sets

Answer 4

They do this through two mechanisms:
FAULT DOMAINS and UPDATE DOMAINS.

Question 5

Update Domains

Answer 5

Allows you to apply updates while knowing
that only one update domain grouping will
be offline at a time.

Question 6

Fault Domains

Answer 6

Groups your VMs by common power source
and network switch.
By default, an availability set will split your VMs
across up to three fault domains.

Question 7

Azure Virtual Desktop

Answer 7

A desktop and app virtualization
service that runs in Microsoft Azure.
Enable IT Pros and MSPs to create Windows
10 & 11 virtual desktops in Azure.

Question 8

Azure Container Instance (ACI)

Answer 8

Runs Docker containers on-demand in a
managed, serverless Azure environment.
A solution for any scenario that can operate
in isolated containers, without orchestration.

Question 9

Azure Kubernetes Services (AKS)

Answer 9

A hosted Kubernetes service, where
Azure handles critical tasks like health
monitoring and maintenance for you.
You pay only for the agent nodes within
your clusters, not for the masters (free tier).
For a financially backed SLA, you pay a few
cents per hour for cluster management.

Question 10

VM Resource Requirements

Answer 10

Virtual Disk
Virtual Network (VNET)
Network Interface (Virtual NIC)
Network Security Group
Public IP Address

Question 11

App Service

Answer 11

An HTTP-based service for hosting
web applications, REST APIs, and mobile back ends.

Question 12

App Service Types

Answer 12

Web apps
API apps
Web jobs
Mobile apps

Question 13

App Service Web apps

Answer 13

Using ASP.NET, ASP.NET
Core, Java, Ruby, Node.js,
PHP, or Python.
Run on Windows or Linux as
host OS

Question 14

App Service API apps

Answer 14

Build REST-based web APIs
by using your choice of
language and framework.
Full Swagger support and
publish to Azure Marketplace.

Question 15

App Service Web jobs

Answer 15

Run a program (.exe, Java, PHP,
Python, or Node.js) or script
(.cmd, .bat, PowerShell, or Bash)
in the same context as a web
app, API app, or mobile app.
Can be scheduled or run by a
trigger.
Often used to run background
tasks as part of your application
logic.

Question 16

App Service Mobile apps

Answer 16

Used to quickly build a back end
for iOS and Android apps.
Enables auth with social identity
providers, send push notifications,
and execute backend logic.

Question 17

Virtual Network VNET

Answer 17

A logical representation of your network in Azure.
A VNET contains one or more SUBNETS.
VNETs provide logical isolation in
Azure dedicated to your subscription.

Question 18

Virtual Network VNET benefits

Answer 18

Create a dedicated private cloud-only network.
Securely extend your data center (Site-to-Site VPN).
Enable hybrid cloud scenarios.

Question 19

Virtual Network VNET Rule

Answer 19

VMs in different VNETS cannot communicate by default

Question 20

Virtual Subnet

Answer 20

Segment address space of VNET to create sub-networks.
Allows Azure resource deployment into a specific subnet.
Can affect outbound access and routing traffic between resources.

Question 21

Virtual Subnet Rule

Answer 21

VMs in different subnets within a VNET can communicate by default!

Question 22

VPN Gateway

Answer 22

Core component of “hybrid cloud”
A virtual network gateway that sends encrypted traffic between an Azure VNET and
an on-premises location over the Internet.

Question 23

VPN Rule

Answer 23

site-to-site VPN traffic traverses the Internet

Question 24

VNET Peering

Answer 24

Enables seamless connection of two or more Virtual Networks in Azure.
The two networks function as one in terms of connectivity.

Question 25

ExpressRoute

Answer 25

Extends your on-premises networks into
Azure over a private connection with
the help of a connectivity provider

Question 26

ExpressRoute Rule

Answer 26

traffic does NOT traverse the Internet

Question 27

Azure DNS

Answer 27

a hosting service for DNS domains that
provides name resolution by using
Microsoft Azure infrastructure.
Can provide internal and external DNS.

Question 28

Service Endpoint

Answer 28

Provides a way to lock down access to all instances of a PaaS
service to a VNET.
Accessible from public Internet

Question 29

Private Endpoint

Answer 29

Grants access to a specific instance (resource) of a PaaS service in your VNET
on a private IP address.
Enables access from on premises without public endpoint

Question 30

Defense in-Depth

Answer 30

A layered (defense in depth) approach that does not rely on one method to completely protect your environment.

Question 31

Network Security Group

Answer 31

Contains security rules that allow or deny
inbound network traffic to, or outbound network
traffic from, several types of Azure resources.
For each rule, you can specify source and
destination port and protocol.
Can be applied to a subnet or network adapter.

Question 32

Azure Firewall

Answer 32

A managed, cloud-based network security
service that protects your Azure Virtual Network resources.
It’s a fully stateful firewall as a service with
built-in high availability and unrestricted
cloud scalability.

Question 33

Azure DDoS

Answer 33

Standard tier provides enhanced DDoS mitigation
features to defend against DDoS attacks.
Also includes logging, alerting, and telemetry not
included in the free Basic tier present by default.