Azure core architectural components

Question 1

What are the four levels of the organizing structure for resources in Azure?

Answer 1

Management groups > Subscriptions > Resource groups > Resources

Question 2

What are Resources?

Answer 2

Resources are instances of services that you create, like virtual machines, storage, or SQL databases

Question 3

What are Resource groups?

Answer 3

Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed

Question 4

What is a Subscription?

Answer 4

A subscription groups together user accounts and the resources that have been created by those user accounts. For each subscription, there are limits or quotas on the amount of resources that you can create and use. Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects

Question 5

What are Management groups?

Answer 5

These groups help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group

Question 6

Are all services and VM features available in all regions?

Answer 6

No

Question 7

Do you always have to select a particular region?

Answer 7

No, some Azure services (such as Azure Active Directory, Azure Traffic Manager, and Azure DNS) do not require you to select a particular region

Question 8

For what kind of reasons could you choose to build in a specialized region?

Answer 8

For compliance or legal purposes

Question 9

How to set up your own redundancy?

Answer 9

Create duplicate hardware environments

Question 10

What is an isolation boundary?

Answer 10

The way availability zones are built. If one goes down, the other continues working.

Question 11

What are availability zones primarily for?

Answer 11

VMs, managed disks, load balancers, and SQL databases

Question 12

In which three categories do Azure services that support availability zones fall?

Answer 12

Zonal services, Zone-redundant services, and Non-regional services

Question 13

What are zonal services?

Answer 13

When resources are pined to a specific zone (for example, VMs, managed disks, IP addresses)

Question 14

What are Zone-redundant services?

Answer 14

When the platform automatically replicates across zones (for example, zone-redundant storage, SQL Database)

Question 15

What are non-regional services?

Answer 15

Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.

Question 16

What does the hierarchy of azure geographies look like?

Answer 16

geography > Region Pair > Azure Region > Availability Zone > Datacenters (one or more)

Question 17

At what minimum distance are region pairs situated?

Answer 17

300 miles

Question 18

What is data redundancy?

Answer 18

When the same piece of data exists in multiple places

Question 19

What are the advantages of region pairs?

Answer 19

If an extensive Azure outage occurs, one region out of every pair is prioritized to make sure at least one is restored as quickly as possible for applications hosted in that region pair.

Planned Azure updates are rolled out to paired regions one region at a time to minimize downtime and risk of application outage.

Data continues to reside within the same geography as its pair (except for Brazil South) for tax- and law-enforcement jurisdiction purposes.

Question 20

What is a resource?

Answer 20

A manageable item that’s available through Azure. Virtual machines (VMs), storage accounts, web apps, databases, and virtual networks are examples of resources

Question 21

What is a resource group?

Answer 21

A container that holds related resources for an Azure solution. The resource group includes resources that you want to manage as a group. You decide which resources belong in a resource group based on what makes the most sense for your organization

All resources must be in a resource group, and a resource can only be a member of a single resource group. Many resources can be moved between resource groups with some services having specific limitations or requirements to move. Resource groups can’t be nested. Before any resource can be provisioned, you need a resource group for it to be placed in.

Question 22

What is RBAC?

Answer 22

Role-based access control. By applying RBAC permissions to a resource group, you can ease administration and limit access to allow only what’s needed.

Question 23

What is Azure Resource Manager?

Answer 23

Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features like access control, locks, and tags to secure and organize your resources after deployment.

When a user sends a request from any of the Azure tools, APIs, or SDKs, Resource Manager receives the request. It authenticates and authorizes the request. Resource Manager sends the request to the Azure service, which takes the requested action. Because all requests are handled through the same API, you see consistent results and capabilities in all the different tools.

Question 24

What is Azure Resource Manager?

Answer 24

Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features like access control, locks, and tags to secure and organize your resources after deployment.

When a user sends a request from any of the Azure tools, APIs, or SDKs, Resource Manager receives the request. It authenticates and authorizes the request. Resource Manager sends the request to the Azure service, which takes the requested action. Because all requests are handled through the same API, you see consistent results and capabilities in all the different tools.

Question 25

What are the benefits of Resource Manager?

Answer 25

Manage your infrastructure through declarative templates rather than scripts. A Resource Manager template is a JSON file that defines what you want to deploy to Azure.

Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.

Redeploy your solution throughout the development life cycle and have confidence your resources are deployed in a consistent state.

Define the dependencies between resources so they’re deployed in the correct order.

Apply access control to all services because RBAC is natively integrated into the management platform.

Apply tags to resources to logically organize all the resources in your subscription.

Clarify your organization’s billing by viewing costs for a group of resources that share the same tag.

Question 26

Where are Azure accounts stored?

Answer 26

Either Azure Active Directory or a directory that Azure AD trusts

Question 27

Do all subscriptions on an account have the same billing models and the same access-management policies?

Answer 27

No

Question 28

What are two types of subscription boundaries you can use in Azure subscriptions?

Answer 28

Billing boundary and Access control boundary

Question 29

What is a billing boundary?

Answer 29

A subscription type which determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs

Question 30

What is an Access control boundary?

Answer 30

Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.

Question 31

For which separation purposes could you create additional subscriptions?

Answer 31

Environments (development and testing, security, or to isolate data for compliance reasons), Organizational structures, and Billing or because of Subscription Limits

Question 32

What is the maximum number of Azure ExpressRoute circuits per subscription?

Answer 32

10

Question 33

What can you organize in management groups if there are many?

Answer 33

Subscriptions

Question 34

What should you do if you want to assign a user access to multiple subscriptions?

Answer 34

Create a management group. By moving multiple subscriptions under that management group, you can create one role-based access control (RBAC) assignment on the management group, which will inherit that access to all the subscriptions.

Question 35

What are 5 important facts about management groups?

Answer 35

10,000 management groups can be supported in a single directory.

A management group tree can support up to six levels of depth. This limit doesn’t include the root level or the subscription level.

Each management group and subscription can support only one parent.

Each management group can have many children.

All subscriptions and management groups are within a single hierarchy in each directory.