Azure Cloud Flashcards
What is Azure?
Azure is Microsoft’s cloud computing platform - a service that provides computing resources (like servers, storage, databases, networking, and software) over the internet.
What is the cloud?
A pool of remotely provided computing resources, such as: servers, storage, software.
These resources are hosted and MANAGED/maintained/secured by CLOUD PROVIDERS such as Azure (MS), AWS (Amazon), Google Cloud.
What is a public cloud?
A public cloud is a type of cloud computing where services are delivered over the internet and shared across multiple organizations.
True or False: A private cloud is dedicated to a single organization.
True
Fill in the blank: A __________ cloud is designed for use by a specific community with shared concerns, such as security requirements or compliance considerations.
Community cloud
Which type of cloud combines elements of both public and private clouds?
Hybrid cloud
A key advantage of a _______ cloud is its flexibility, allowing organizations to scale resources and manage workloads between public and private environments.
Hybrid Cloud.
What cloud type involves you, the company providing all the infrastructure, data etc in house?
Private Cloud - involves you setting up your own data center essentially, and self hosting a cloud environment.
Benefits include:
Legacy Support
Better control over everything
Adhering to specific compliance rules and regs that cloud provider hosting doesn’t meet
Better security
What is Capital Expenditure (CapEx)?
CapEx = Money spent on buying or upgrading physical assets (e.g., equipment, servers) for long-term use. Generally associated with Private Cloud setups.
It’s recorded as an asset and depreciated over time.
What is Operational Expenditure (OpEx) in Azure?
Ongoing costs for using cloud services (e.g., pay-as-you-go (public cloud consumption) for processing, storage, networking). Unlike CapEx, OpEx offers flexibility in scaling costs.
OpEx = PUBLIC CLOUD, like Azure, Pay as you go for what you use.
Do cloud providers, like Azure, increase or decrease Operational Expenditure for companies?
Cloud providers increase Operational Expenditure for companies (running costs over time, pay as you go for services).
Do cloud providers, like Azure, increase or decrease Capital Expenditure (CapEX) for companies?
Cloud providers reduce CapEx (upfront lump sum costs for buying physical assets and upgrades, like servers) for companies as the cloud provider (CP) provides the Infrastructure.
What is the Consumption-Based Model for cloud services?
Paying for what you use, pay as you go = Consumption-Based Model. Typically per minute or per GB or per execution.
What is serverless architecture?
Serverless architecture = the cloud provider manages infrastructure, pay as you go pricing model.
What’s the fixed price model for cloud services?
Fixed price model = where you buy a set amount of resources/unites at a flat rate and you pay that regardless of whether or not you use that many.
This can be good as it ensures a predictable cost for your cloud spending.
What are the main benefits of serverless architecture?
No server management
Automatic scaling
Pay-as-you-go pricing
Reduced operational overhead
What does “stateless” mean in serverless architecture?
Stateless = each time your code runs, it starts fresh without remembering anything from previous runs. Any data that needs to be kept must be stored separately (e.g., in a database).
What does it mean to say servers in a serverless architecture are ephemeral?
Ephemeral servers are TEMPORARY, short lived, created when needed and shut down after the task is completed.
Ephemeral servers don’t persist or store data, single serving.
What is a workflow?
A workflow is when an action is triggered based on an event. E.g. auto generate a reply when an email (event) is received.
Are Azure Logic App connectors like APIs?
Yes! Logic App connectors are pre-built APIs that handle authentication and data exchange, allowing Logic Apps to connect with other services like Office 365, Salesforce, and SQL Server without the need to do any custom coding.
What is Azure Event Grid?
Azure Event Grid - pushes events/occurrences to a preconfigured destination service/function.
A fully managed event routing service that listens for events and notifies the right service to take action.
Upon a certain event occurring a notification/alert is sent to a specific (routed) Azure service/function.
📌 Example: A file is uploaded → Event Grid triggers an Azure Function to process it.
What is Azure Functions?
Azure function = a serverless service that executes small pieces of code in response to events.
📌 Example: A new file is uploaded → Azure Function resizes the image automatically.
How is availability typically expressed in relation to the cloud? E.g. if someone says 5 nines of availability what do they mean?
Availability of cloud services/infrastructure/resources/apps is usually denoted as 9’s e.g. 5 nines of availability = 99.999% availability.
Up-time, however, is a measure of amount of time a system is running, it may be running but NOT available to clients.
Which term encapsulates “automatic growth and contraction in response to app demand” better? Scalability or Elasticity?
Elasticity = automatic growth and contraction in response to app demand. Elasticity also refers to the provisioning and de-provisioning of instances/e.g. servers to meet demand.
What does “agility” refer to in reference to the cloud?
Agility = the ease and speed of allocating/deallocating resources.
Cloud predictability?
Predictability = the service, performance and associated costs are known in advance.
What type of templates does Azure provide to ensure deployed resources adhere to compliance, regulations and corporate standards?
Deployment templates = ensure deployed cloud resources adhere to companies rules and regs/meet compliance standards.
What are management groups in Azure?
Management groups are used to organize and manage multiple Azure subscriptions/service subscriptions. They allow you to apply policies, security controls, and simplify management of multiple subscriptions at once. Each directory (folder) has a single top level management group called the “Root”.
Why would you use multiple subscriptions (logical containers for Azure resource provisioning)?
Multiple subscriptions allow you to use multiple payment methods and currencies to spread cost across different regions in your global company etc. Or when subscription limits are reached.
They also allow you to segregate resources between departments/regions e.g. accounting get a subscription with more math/finance based services whereas marketing get more storage for big media file uploads.
What is the top level in the Azure hierarchy?
Management Groups - Used to organize and manage multiple subscriptions. With the peak management group being called the Root.
What are subscriptions in Azure?
Subscriptions are containers for resources where you pay for usage/e.g. in different currencies or payment plans/per department. They are grouped into management groups.
What are resource groups in Azure?
Resource Groups are logical groupings/pools of related resources (like VMs, storage, etc.) within a subscription.
What are resources in Azure?
Resources are the actual services you use in Azure, such as virtual machines, databases, or storage servers.
What are Availability Zones in Azure?
Availability Zones are physically separated data centers within an Azure region, designed to protect applications and data from data center failures by ensuring high availability and fault tolerance. They are fully independent as in have their own power, network, cooling, etc.
What are Azure compute types?
Compute types are ways to run your code in the cloud. E.g. VMs, containers, serverless (Azure functions).
What are Virtual Machine Scale Sets (VMSS) in Azure?
Virtual Machine Scale Sets (VMSS) let you manage a group of identical VMs that can automatically scale in number based on demand.
What is the main benefit of using VM scale sets?
They automatically adjust the number of VMs to handle workload changes, saving time and effort.
What are Virtual Machine Availability Sets?
They group VMs so that they run on separate physical hardware, reducing downtime during failures or maintenance. They also stagger VM updates across them to improve availability and resilience.
What is a container orchestrator (Kubernetes) in simple terms?
A container orchestrator is like a conductor leading an orchestra.
Containers = Musicians playing different instruments (apps).
Orchestrator = The conductor ensuring everyone plays in sync and scales up when needed.
Load balancing = Making sure no musician plays too loudly or softly.
Scaling = Adding more musicians if the audience grows.
Why use Azure Kubernetes Service AKS?
Automates container management (running and automatic scaling of containerised applications).
Handles health monitoring, scaling, updates, maintenance.
Analogy:
AKS is like a traffic control system for self-driving cars (containers). It directs them to the right lanes (servers), manages congestion (by scaling), and ensures smooth traffic flow (load balancing).
What is a REST API?
REST API = deliveryman that facilitates communication between a client and a server over HTTP.
- Client sends a request (like ordering food).
- REST API (waiter) delivers the request to the Server.
- Server processes the request and returns a response (like preparing food).
- REST API brings the response back to the Client.
RESTful API is an API (Application Programming Interface) that follows the REST principles. So, a RESTful API simply means the API is designed using REST architecture.
What is Azure App Service?
Azure App Service is a fully managed platform for building, deploying, and scaling web apps, APIs, and mobile backends. It’s designed to make it easy to develop and host web applications without managing the underlying infrastructure.
What is Azure Virtual Network (VNET)?
Azure Virtual Network (VNet) is a private, isolated logical network, where you can securely connect your resources like virtual machines (VMs), databases, and applications. It’s like creating your own private data center in Azure.
What is a Virtual Subnet?
Virtual Subnet = subdivision of an Azure Virtual Network/IP range that allows you to segment your network for better organization and security.
-Divides a VNet into smaller, manageable sections.
Assigns private IP addresses to resources like VMs within each subnet.
-Can apply different network security rules to each subnet.
-Isolate resources for security (e.g., separate front-end and back-end services).
Control routing and access to different parts of the network.
What is a Virtual VPN Gateway?
Virtual VPN Gateway = logical gateway that provides secure (encrypted) communication between your on-premises network or other VNets and your Azure Virtual Network over the internet.
Key Features:
Uses VPN tunnels (IPsec/IKE) to encrypt data between Azure and on-premises environments.
Supports site-to-site and point-to-site connections.
Enables hybrid cloud scenarios, allowing seamless integration between on-premises and Azure resources.
Why Use It?
Securely connect on-premises networks to Azure.
Extend your on-premises network into the cloud with encryption.
Provide remote access for individual users (point-to-site VPN).
What is VNet Peering?
VNet Peering - connects two Azure VNets to enable private communication between them.
Private IP communication within Azure’s backbone.
Supports same region (Intra-region) and different region (Global) peering.
Can control access with Network Security Groups (NSGs).
Why Use It?
Share resources across VNets.
Expand network connectivity without VPNs.
What is Azure ExpressRoute?
A private, dedicated connection between your on-premises network and Azure, bypassing the public internet.
Private, secure connection
Low latency and high throughput
Global connectivity to Azure data centers
Why Use It?
For secure, reliable communication and large data transfers.
What is Azure DNS?
Azure DNS is a DNS hosting service that manages and resolves domain names to Azure or external resources.
Manage DNS records (A, CNAME, MX, etc.)
Global availability
Security with DNSSEC
Use Cases:
Manage domain names for Azure resources
Ensure fast, reliable DNS resolution globally.
What is a Service Endpoint in Azure?
A Service Endpoint allows Azure resources (like VM’s, DB’s) in your VNet to privately connect to Azure services (like Storage or SQL) without going over the public internet.
Extends private network access to Azure services over the virtual network without public internet exposure (stays within the Microsoft network).
What is a Private Endpoint in Azure?
A Private Endpoint connects to Azure services using a private IP within your VNet, ensuring private, secure communication.
Uses private IPs for communication
Provides full network isolation from the public internet (hence secured)
Accesses services like Azure SQL and Azure Storage securely over private IPs
What is the security principle of Defence-In-Depth?
Defence-In-Depth states that a layered/multi-layered security approach is best/strongest. Defence in layers like PoE.
What is an Azure Network Security Group (NSG)?
A Network Security Group (NSG) is a group of security rules that control inbound/outbound traffic to/from virtual network interfaces (VNIC), virtual machines (VMs), and subnets in an Azure virtual network (VNet).
Key Features:
Can be applied to individual NICs, subnets, or both.
Default rules allow traffic within the VNet but block external traffic.
Custom rules can be defined for specific security needs based on source/destination ports and protocols
Does the free tier of Azure DDoS provide logging (telemetry) and alerting to the user?
No, only the standard tier and above of Azure DDoS provide enhanced DDoS mitigation features including alerting and telemetry (automated real-time data logging).
What type and amount of data is Azure Blob Storage optimised for?
Azure Blob Storage is a scalable, object storage service for storing MASSIVE amounts of unstructured data (e.g., images, videos, backups). It supports public or private access.
What is File Storage in Azure?
File Storage = fully managed file shares in Azure accessed via SMB or NFS (Linux).
Are Azure Disk Storage volumes block-level or file-level storage?
Azure Disk/Volumes are BLOCK-LEVEL managed storage used by Azure VM’s.
What is Table Storage in Azure?
Table Storage: NoSQL key-value store, scalable, schema-less (data doesn’t need to have related attributes like in an RDMS). Key:Value pairs.
What is Queue Storage in Azure?
Queue Storage: Stores large amounts of messages accessible remotely via HTTPS and enables async processing.
What is Azure Disk Storage?
Disk Storage: Managed VHDs (Virtualised Hard Drives), used by Azure VMs.
What is Blob Storage in Azure most commonly used for?
Blob Storage: Stores unstructured data like images, videos and logs.
Blob Storage - think Media storage.
Name the 4 storage tiers in Azure.
Hot
Cool
Cold
Archive access
Why are there different storage tiers in Azure?
For cost vs performance efficiency. Some companies need to be constantly accessing their stored data rapidly whereas some don’t need to access it much or quickly so can save money with a lower cost tier (still obviously like microseconds).
What is Hot Storage in Azure?
Hot Storage is optimized for storing data that is accessed frequently. It’s best for active data such as applications, websites, or real-time processing. It offers lower latency but at a higher cost.
What is Cool/Cold Storage in Azure?
Cool (Cold) Storage is designed for infrequently accessed data that is stored for at least 30 days. It’s ideal for backup, disaster recovery, and long-term storage. It’s cheaper than hot storage but has higher access costs.
What is Archive Storage in Azure?
Archive Storage is OFFLINE storage that is optimized for data that is rarely accessed and stored for long periods. It’s suited for archival data, compliance storage, or long-term backup. It’s the lowest-cost option but has the highest retrieval latency.
Which of the storage types in Azure is the only one that is OFFLINE and therefore has the most expensive access/retrieval cost but the lowest cost to store data in?
Archive Storage is OFFLINE storage that is optimized for data that is rarely accessed and stored for long periods. It’s suited for archival data, compliance storage, or long-term backup. It’s the lowest-cost option but has the highest retrieval latency.
What is Locally Redundant Storage (LRS) in Azure?
LRS replicates 3 times data within a single data center. It ensures data availability even if a hardware failure occurs within the same region, but it’s limited to one region and has the lowest cost of redundancy options.
What is Geo-Redundant Storage (GRS) in Azure?
GRS replicates data across two regions (primary and secondary). Data is first written to the primary region via LRS (3 copies), then asynchronously copied to a secondary region via LRS (another 3 copies) for disaster recovery purposes, providing higher resilience should one of either data center fail the data is not lost.
What is Zone-Redundant Storage (ZRS) in Azure?
ZRS replicates data across multiple availability zones within a single region. It provides high availability by ensuring data is stored in different zones, offering better protection from zone-level failures. However if the entire single region is destroyed by a war/natural disaster then all data is lost.
What is Geo-Zone-Redundant Storage (GZRS) in Azure?
GZRS combines the benefits of both Geo-Redundant Storage (GRS) and Zone-Redundant Storage (ZRS). It replicates data across multiple availability zones within a primary region and asynchronously copies it to a secondary region for disaster recovery. This provides best of both zone-level and region-level redundancy for higher availability and resiliency. It is also therefore the most expensive.
What is AzCopy?
AzCopy is a command-line tool used to transfer data to and from Azure Blob Storage efficiently.
What is Azure Storage Explorer?
Azure Storage Explorer is a GUI tool/standalone App for managing Azure Storage accounts, including Blob, File, Queue, and Table storage. It also supports cross account file management.
Which is a more user friendly Azure file moving method, AzCopy or Azure Storage Explorer?
Azure Storage Explorer - more user-friendly (GUI/App), cross-platform, supports multiple storage types, and allows data management without the Azure portal.
What is Azure File Sync?
Azure File Sync is a service that syncs on-premises Windows Server file shares with Azure Files, enabling cloud backup and multi-site access.
What is Azure Migrate?
Azure Migrate is a tool that helps assess, plan, and migrate/move on-premises servers, databases, and apps to Azure.
What is Azure Data Box?
Azure Data Box is a physical device used to transfer large amounts of data (terabytes) to and from Azure when network uploads are slow or impractical.
Azure Data Box is the heavy lifting removals van men when moving big stuff to and from the cloud.
What are the two Azure data migration/moving to cloud options?
Azure File Sync - syncs on-premises Windows Server file-shares continuously with Azure cloud.
Azure Data Box - physical proprietary storage device that allows quick transfers of large data files (40tb+ generally) to and from the cloud with limited network connectivity.
What is Authentication (AuthN)?
AutheNtication verifies a user’s identity before granting access, proving you are who you say you are.
What is Authorization (AuthZ)?
AuthoriZation determines what a user can access after authentication. Having required access permissions to access a resource.
What is Entra ID?
Entra ID (formerly Azure Active Directory) is a cloud-based identity and access management service that helps secure and manage user identities, providing single sign-on and multi-factor authentication.
Entra ID stores user accounts/usernames/passwords/permissions in the cloud.
Entra ID uses software based (app) OAuth (TOTP) tokens as a form of Authentication. (MFA).
What is OAuth?
OAuth (Open Authorization) is an open standard that defines how TOTP (Time-based One-Time Passwords) are generated.
What is TOTP?
TOTP (Time-based One-Time Password) is a type of two-factor authentication (2FA) that generates a temporary code, valid for a short time, to enhance security during login.
Is Microsoft Authenticator a TOTP app?
Yes, Microsoft Authenticator is both a TOTP (Time-based One-Time Password) app and an OAuth token generator. It provides time-based codes for 2FA and also generates OAuth tokens for secure sign-ins and app authorizations.
OAuth (Open Authorization) is a protocol that allows third-party applications to access a user’s resources (like data or services) without exposing their credentials. It uses tokens for secure, delegated access.
What is the FIDO2 login/authentication method in simple terms?
FIDO2 is a way to log in securely using something physical, like a fingerprint or a security key, or USB, instead of a password. It works by using a public/private key pair. The public key is stored on the server, and the private key stays on the user’s device to securely authenticate without sharing passwords.
What is Windows Hello for Business?
Windows Hello for Business is a secure authentication method that replaces passwords with Entra ID (AD login), key-based, certificate based or PINs for accessing devices and corporate resources. Or can use FIDOv2.
What are the pros of Windows Hello for Business over traditional password-based authentication?
Windows Hello for Business is more secure (using biometrics or PINs), faster (no need to remember or enter passwords), and less vulnerable to phishing or brute-force attacks compared to traditional passwords.
What is B2B collaboration in Azure?
B2B (Business-to-Business) collaboration in Azure allows external organizations to securely access your company’s resources using their own identities. This is managed through Azure AD, enabling users from partner organizations to sign in and collaborate without needing separate accounts.
What is B2B Direct Connect in Azure?
Business 2 Business Direct Connect - shared trusted access to Azure AD (Entra ID) between multiple companies.
Allows organizations to establish a two-way trust relationship between their Azure AD domain and a partner’s Azure AD domain. This allows users from the trusted external business to access your companies’ resources, and vice versa, without creating separate accounts. It’s like sharing trusted access between the two organizations, enabling seamless login/SSO to both Entra ID’s.
What is Azure B2C?
Azure B2C (Business-to-Consumer) is a cloud identity service that enables businesses to provide secure access to their applications for customers/consumers using their existing social or local accounts (like Google, Facebook, or a custom account).
What is a multi-tenant organization in Entra ID (Azure AD)?
A multi-tenant organization in Entra ID refers to a setup where multiple independent organizations or “tenants” can coexist within a single instance of Entra ID (Azure AD). Each tenant has its own separate identity and directory, but they can collaborate or share resources securely, often used in scenarios like B2B collaboration or service providers hosting multiple customers.
What is Conditional Access in Azure AD/Entra ID?
Conditional Access in Azure AD/Entra ID is a security feature that allows administrators to set rules and policies for user access to applications and resources based on specific conditions, such as location, device health, user risk level, or authentication method. It helps enforce security requirements like multi-factor authentication (MFA) or blocking access from insecure locations.
What is RBAC?
Azure RBAC (Role-Based Access Control) is a system that allows administrators to assign permissions to users, groups, and applications based on roles, enabling fine-grained/granular access control to Azure resources.
What are the three Zero Trust principles?
The three core principles of Zero Trust are:
1. Verify Explicitly: Always authenticate and authorize based on all available data points, such as user identity, device health, and location (called “signals” in Azure).
- Use Least-Privilege Access: Limit user access to only the resources they absolutely need.
- Assume Breach: Operate under the assumption that the network is always at risk, and segment the network and access to limit the damage a breach would/could cause.
What is Microsoft Defender for Cloud?
Microsoft Defender for Cloud is a security tool that provides threat protection, vulnerability management, and compliance monitoring for cloud and hybrid environments, helping secure workloads across Azure, AWS, and GCP (Google Cloud Platform).
Strengthens an IT environment of a company (both in cloud and on premises). Aka strengthens a company’s IT security posture.
What are Azure Reserved Instances?
Azure Reserved Instances (RIs) are a pricing option that allows you to pre-pay for virtual machines (VMs) or other Azure resources for 1 or 3 years in exchange for significant cost savings (up to 72%) compared to pay-as-you-go pricing.
They are ideal for predictable, long-term workloads and help organizations save money by committing to specific VM sizes and regions in advance.
What is Azure Reserved Capacity?
Azure Reserved Capacity allows you to pre-purchase services such as:
Azure SQL Database, Azure Storage, Azure Synapse Analytics, Azure Databricks, and Cosmos DB
These compute, storage, or database services can be reserved upfront for 1 or 3 years, providing cost savings and guaranteed availability for predictable workloads.
What are the benefits of Azure Hybrid Use Benefit (AHUB)?
Azure Hybrid Use Benefit allows you to use existing on-premises Windows Server and SQL Server licenses in Azure, reducing VM and database costs by up to 85%, making cloud migration more cost-effective.
Apply existing on-site MS licenses to Azure to save cost/cut migration cost to the cloud.
What is the Azure Pricing Calculator?
The Azure Pricing Calculator is an online tool that helps estimate the cost of using Microsoft Azure services. It allows you to:
Select Azure services you plan to use.
Configure service options (e.g., region, instance size, storage type).
Estimate monthly or yearly costs.
Compare pricing for different configurations or services.
What is the Azure TCO Calculator?
The Azure Total Cost of Ownership (TCO) Calculator helps organizations estimate savings costs gained by migrating from on-premises infrastructure to Microsoft Azure. It provides a comparison of on-premises costs vs. the projected cost on Azure based on selected workloads and resources.
What is Azure Cost Management?
Azure Cost Management is a set of tools within Microsoft Azure that helps organizations monitor, allocate, and optimize their cloud spending. It provides insights into how resources are being used and allows businesses to manage their budgets and avoid unexpected costs.
What are Azure Tags?
Azure Tags are key-value pairs assigned to Azure resources and subscriptions for organization, tracking costs (cost management) and automation.
E.g. key:value:
Environment: Production, Development, Testing
Owner: IT Team, Finance Dept
Cost Center: CC1001, CC2002
Project: Migration2025, AI_Research
Compliance: GDPR, ISO27001
What is Microsoft Purview?
Microsoft Purview is a data governance/management service that helps organizations discover, classify, catalog, and manage data across on-premises, cloud, and SaaS platforms. It enables data discovery (via scans), lineage tracking, and security enforcement.
What is Azure Policy?
Azure Policy is a service that helps enforce organizational standards and compliance in Azure by defining and applying rules to resources, ensuring they meet governance requirements.
What is an Azure Initiative?
An Azure Initiative is a collection of Azure Policies grouped together towards a specific company goal/adhere to compliance.
What is an Azure Blueprint?
An Azure Blueprint is a set of predefined, reusable configurations that enable organizations to set up and manage environments consistently. It includes resources, policies, and templates for deploying and enforcing governance at scale.
What is the Azure Portal?
Azure Portal: A web-based GUI for managing Azure resources, allowing users to create, configure, and monitor services like VMs, storage, and networking. Accessible at portal.azure.com.
What is Azure Cloud Shell?
Azure Cloud Shell: A browser-based CLI for managing Azure resources using Bash or PowerShell. It comes with pre-installed tools like Azure CLI and Azure PowerShell. Accessible via the Azure Portal or shell.azure.com.
What is Azure PowerShell? More advanced features (scripting capabalities, deeper Windows integration) than Azure CLI.
Azure PowerShell: A command-line tool that uses cmdlets (lightweight commands) to manage Azure resources via PowerShell scripts. It enables automation, deployment, and administration of Azure services. Can be used within Azure Cloud Shell, locally, or via remote sessions.
What is Azure CLI?
Azure CLI: A command-line interface for managing Azure resources using simple commands in a terminal or script. It is cross-platform and works on Windows, macOS, and Linux. It can be used in Azure Cloud Shell or locally installed.
What is Azure Resource Manager (ARM)?
Azure Resource Manager (ARM): A management layer (set of tools) in Azure that enables you to create, update, and delete Azure resources in a consistent and organized way. ARM provides a unified management interface and works with resource groups, allowing for efficient deployment, security, and monitoring of Azure resources.
What are Azure Resource Manager (ARM) Templates?
ARM Templates are JSON files that define the infrastructure and configuration of Azure resources. They allow for Infrastructure as Code (IaC), enabling users to deploy and manage resources consistently and repeatably. ARM templates describe the resources, their properties, and dependencies, and can be used to automate resource provisioning, updates, and management.
What does “idempotent” mean in computing?
Idempotent refers to an operation that can be performed multiple times with the same result. Regardless of how many times it’s executed, the outcome remains unchanged after the first operation. This is important in cloud and API operations, ensuring consistency even when repeated.
What is Azure Arc?
Azure Arc lets you manage non-azure servers, Kubernetes, and databases (on-prem, other clouds) using Azure tools like the portal, CLI, and policies.
What is IaC (Infrastructure as Code)?
IaC (Infrastructure as Code) is the practice of managing and provisioning IT infrastructure using code instead of manual setup. It enables automation, consistency, and scalability using tools like ARM Templates, Terraform, and Bicep.
What is Azure Advisor?
Azure Advisor is a free service that provides recommendations to improve security, cost, performance, reliability, and operational excellence in Azure. It analyzes/scans your resources and suggests optimizations.
What is Azure Monitor?
Azure Monitor is a tool that collects, analyzes, and visualizes data from Azure resources, applications, and VMs. It helps with performance monitoring, troubleshooting, and alerting to keep systems running smoothly.
What are Azure Monitor Alerts?
Azure Monitor Alerts notify you when specific conditions are met in your Azure environment, such as performance issues or resource failures. They can be configured to trigger actions like sending emails, running scripts, or creating tickets, helping to proactively manage and resolve issues.
What is Azure Application Insights? (extension of Azure Monitor)
Azure Application Insights = web application monitor, performance, availability, errors, etc. APM - Application Performance Monitor.
What are some common reasons to create a Resource Group in Azure?
Resource Groups are logical groupings of resources (can be any type and from multiple Azure regions).
They are commonly used to group resources that share a lifecycle (run and get deleted together, etc), to define a budget across those resources, because they share specific policy/compliance rule or because they are assigned to a specific RBAC user group.
What does an Azure Container Registry (ACR) contain?
ACR contains container images.
ACR = A fully managed private Docker container registry in Azure used to store and manage container images, enabling easy push and pull for deployment on Azure services like AKS.
What is a container runtime?
A container runtime is software that runs and manages containers on a system. It is responsible for pulling container images, creating containers, and running them on the system. Docker is a container runtime.
What are tags in Azure?
Tags are key:value pairs used to organize and categorize Azure resources for management, cost tracking, and automation. Example: “Environment: Production”. They are NOT inherited. Tags are metadata (data that describes other data).
What is an Azure Blueprint?
An Azure Blueprint is a package of templates, policies, and resource groups that helps deploy and manage resources consistently, with version control for tracking and updates.
What is the purpose of the Cloud Adoption Framework in Azure?
Cloud Adoption Framework: helps organisation migrate to the cloud. It provides guidelines, best practices, and tools to help organizations plan, govern, and securely transition to the cloud.
What is the purpose of a Network Security Group (NSG) in Azure?
An NSG applies security rules to subnets or individual resources, controlling traffic flow and segregating subnets based on allowed or denied inbound/outbound traffic rules.
An NSG controls inbound and outbound traffic to Azure resources by applying rules based on IP addresses, ports, and protocols (TCP/UDP Layer-4), helping segregate and secure network traffic.
What is an Azure Dedicated Host?
Azure Dedicated Host = a physical server dedicated to your workloads, offering isolation, control, and compliance, with no other customers’ VMs running on the same hardware.
What is Azure Firewall?
Azure Firewall is a managed, cloud-based network security service that protects Azure Virtual Networks by filtering inbound and outbound traffic using rules, including application-level filtering, threat intelligence, and deep packet inspection.
What features does Azure Firewall provide?
Azure Firewall offers stateful packet inspection, application and network-level filtering, threat intelligence integration, FQDN filtering, and the ability to enforce custom rules for traffic management.
What’s the difference between Azure Firewall and Network Security Groups (NSGs)?
Azure Firewall offers more advanced features (like application-level filtering and URL filtering), while NSGs are simpler and used for basic traffic filtering.
