Azure Fundamentals COPY

Question 1

Cloud Definition & 4 Basic Services

Answer 1

Delivery of computing services (server, storage, networking, software, analytics) over the internet.

1. Compute power: Linux servers or web applications.
2. Storage: files and databases.
3. Networking: secure connections between cloud providers.
4. Analytics: visualizing telemetry (network device) and performance data.

Question 2

Common Computing Services (3)

(Compute Power in Azure Training)

Answer 2

Virtual Machine: emulation of a computer, running on a server in one or more datacenters.

Containers: consistent, isolated environment for applications. Similar to VM’s but do not require a guest operating system. Applications and their dependencies are packaged and then a standard runtime environment is used to execute the app.

Serverless Computing: run application code without creating/configuring application or maintaining a server. Application is broken into separate functions that run when triggered by some action, ideal for automated task. Only pay for processing time.

Question 3

Key Cloud Concepts (12)

Think about them in 4 buckets:
Resource Allocation
Risk Mitigation
Expanded Services
Cost & Productivity

Answer 3

Resource Allocation

1. Scalability
2. Elasticity
3. Agility

Risk Mitigation

4. Security
5. Fault Tolerance
6. Disaster Recovery

Expanded Services

7. High Availability
8. Global Reach
9. Customer Latency

Cost & Productivity

10. Predictive Cost
11. Technical Skill Requirements
12. Increased Productivity

Question 4

Key Cloud Concepts: Resource Allocation Definitions (3)

Answer 4

Scalability: increase/decrease resources for a given workload (independent service or collection of code to execute)

a. Scaling out: add additional resources to service a
workload.

b. Scaling up: add additional capabilities to manage
increase in demand to existing resources.

Elasticity: automatically/dynamically (distinction from scalability) increase/decrease resource

Agility: allocate/deallocate resources quickly, on-demand via self-service.

Question 5

Key Cloud Concepts: Risk Mitigation Definitions (3)

Answer 5

Security: broad set of policies, technologies, controls, and expert technology skills that can provide better security than most organizations can otherwise achieve.

Fault Tolerance: ability to remain active and running in the event of a component/service no longer functioning, redundancy.

Disaster Recovery: ability to recover from an event that has taken down a cloud service.

Question 6

Key Cloud Concepts: Expanded Services Definitions (3)

Answer 6

High availability: keep services up and running for long periods of time, little downtime.

Global Reach: services presence in various regions across the globe.

Customer Latency: deploy resources in datacenters around the globe helps mitigate slowness with particular services.

Question 7

Key Cloud Concepts: Cost & Productivity Definitions (3)

Answer 7

Predictive Cost Considerations: users ability to predict the costs they will incur for a particular cloud service.

Technical Skill Requirements & Considerations: less technical resources than having IT teams build and maintain a physical infrastructure for handling workloads.

Increased Productivity: reduced the amount of time consuming IT task such as hardware setup and software patching.

Question 8

CapEx v. OpEx (Benefits of Cloud Services)

Answer 8

Physical infrastructure cost allows for upfront planning however demand can be hard to predict. Cloud services provides pay-per-use models meaning you are only billed for the services that are used. Expenses are harder to predict, but they are only incurred on an as needed basis (consumption based model).

Question 9

Cloud Deployment Models (3)

(Advantages & Disadvantages)

Answer 9

Public: resources owned by cloud provider, no local hardware. Less overhead cost & maintenance, consumption based model, but specific security requirements and maintenance of legacy applications may not be feasible.

Private: resources owned by user, allowing completed control of hardware and software for compliance and business needs, but more overhead & maintenance and less agile (demand uncertainty).

Hybrid: combination of both, the most flexible, but management and administration can be more difficult.

Question 10

3 Types of “As A Service” Cloud Options

Answer 10

Infrastructure as a Service (IaaS): most user management, OS, data and applications.

Platform as a Services (PaaS): cloud provider manages the OS and user is responsible for applications and data.

Software as a Services (SaaS): cloud provider manages everything and the end user just uses the software.

(reference image in notes for visual example)

Question 11

Azure Geographic Components (3)

Answer 11

Regions: data-centers are organized by regions, geographic area containing multiple data-centers networked together.

Region pairs: 300 mile (preference) separation between data-centers, built for disaster recovery and minimizing downtime.

Geographies: discrete market containing two or more regions to maintain data residency, compliance needs, and fault tolerance to withstand complete region failure.

Question 12

Availability Options (4)

Answer 12

Single VM w/ Premium Storage: migrate existing virtual machines to the cloud with “lift & shift” no-code migration. 99.9% availability.

Availability Sets: ensure your application remains online if a high-impact maintenance event is required, or if a hardware failure occurs. 99.95% availability.

Availability Zones: creating duplicate hardware environments, physically separated locations. Ensure your services and data are redundant to provide additional fault tolerance. 99.99% availability.

Region Paris: multi-region disaster recovery, region pairs protect at 99.99% availability and provide data residency boundaries.

Question 13

What are Update Domains & Fault Domains

Answer 13

Both are part of availability sets.

Update Domain: logical sections of the datacenter utilized to ensure datacenter is available during platform updates and patches.

Fault Domain: physical separation of your workload across different hardware in the datacenter, utilized to ensure availability if hardware becomes unavailable.

Question 14

What are Resource Groups and Resource Managers

Answer 14

Resource Group: a container that allows you to aggregate and manage all the resources required for your application in a single manageable unit instead of components.

Resource Manager: a management layer in which resource groups and all the resources within it are created, configured, managed, and deleted. Allows for deployment automation and configuration.

Question 15

3 Virtual Machine Options/Services

(when are they utilized?)

Answer 15

VM Scale Sets: deploy and manage a set of identical VMs, for auto-scalling, targeting big compute, big data, and containerized workloads. Used in IaaS, when total control over the OS is needed.

App Services: quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform. Used in PaaS offerings.

Functions: ideal when you’re concerned only about the code running your service and not the underlying platform or infrastructure. They’re commonly used when you need to perform work in response to an event (often via a REST request), timer, message from another Azure service, or work can be completed quickly (1s or less).

Question 16

Orchestration Definition

Answer 16

Application used for automating, managing, and interacting with a large number of containers. “Kubernetes”

Question 17

Microservice Architecture

Answer 17

Webserivce broken down into a small web-defined scope and loosely coupled from any other web service. Ex. website container for front-end, one for back-end, one for storage.

Question 18

Common Networking Services (5)

Answer 18

Azure Virtual Network: allows resources to securely communicate with each other, the internet, and on-prem networks. Scoped within a region, however, virtual network peering allows for connection across regions.

Load Balancer: efficiently distributing incoming network traffic across a group of backend servers. Provides scale for your applications and creates high availability. Low latency and high throughput, TCP and UDP protocols.

VPN Gateway: virtual network gateway to send encrypted traffic between Azure networks and on-prem locations.

Application Gateway: web traffic load balancer to manager traffic to your web applications. Protects apps with firewalls, redirection, and session affinity.

Content Delivery Network: distributed network of servers to efficiently deliver web content to users that minimizes latency. Cache content in local regions to provide better performance.

Question 19

3 types of data categories

Answer 19

Structured: adheres to a schema, stored in database with rows and columns, relational data referenced through PK FK relationships.

Semi-Structured: not stored in relational format, contains tags making the hierarchy and organization apparent, stored in NoSQL environments. (Books, Blogs, HTML)

Unstructured: no design structure, any kind of data. (PDF, JPG, JSON, video content)

Question 20

Storage Options (5)

Answer 20

Disk: similar storage to on-prem, storage and accessed virtual hard disk. Scenarios: lift and shift (move from on IT environment to another) applications that read and write data to persistent disks.

Containers (Blobs): blob storage optimized for massive amounts of unstructured data.

Files: file shares accessed through Server Message Block (SMB) protocol, multiple VM files share accessed globally.

Queues: store and retrieve messages or list of messages to be processed asynchronously.

Tables: ideal for storing structured, non-relational data.

Question 21

Common PaaS Database Services (3)

Answer 21

Cosmos DB: scale across geographic regions, supports schema-less data, and allows Always On applications to support constantly changing data. Built for highly responsive applications that update user generated data frequently.

SQL Database: relational database as a service (DaaS), SQL Server for the cloud.

Database Migration: migration from external servers to Azure platforms.

Question 22

2 Common IoT Solutions

Answer 22

IoT Central: IoT SaaS solution to connect, monitor, and manage IoT assets.

IoT Hub: central management hub for bi-directional communication between the IoT app, the devices it manages, and the cloud. Supported messaging patterns: device-to-cloud telemetry, file upload, request-replay methods. Device health monitoring for device creation, failure, and connections.

Question 23

3 Common Big Data & Analytics Solutions

Answer 23

Synapse Analytics: formerly SQL data warehouse, enterprise data warehousing and analytics.

HDInsights: allows users to run popular opensource frameworks and create clusters. Ex. Spark, Hadoop, Kafka, Hbase, Storm. Also supports ETL, data warehousing, machine learning, and IoT.

Data Lake Analytics: on-demand analytics job service without configuring and tuning hardware.

Question 24

AI Solutions (Cognitive & ML)

Answer 24

Cognitive Services: collection of domain-specific pre-trained AI models customized to user data. Vision, Speech, Language, Knowledge, Search.

ML Service: develop, train, test, deploy, manage, track ML models. Supports open source tech and automating model generation and tuning.

Question 25

3 Common Serverless Computing Solutions

(1 appears in computing services in Azure training for some reason)

Answer 25

Functions: ideal when you’re concerned only about the code running your service and not the underlying platform or infrastructure. They’re commonly used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, work completed quickly (1s or less).

Logic Apps: automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Simplifies building scalable solutions for integration.

Event Grid: build apps with event based architecture using a publish-subscribe model for uniform event consumption.

Question 26

DevOps Solutions (2) & Defintion

Answer 26

Combining people, processes, and technology, to automate software delivery. Build and release pipelines to provide continuous integration, delivery, and deployment.

DevOps Services: development collaboration tools, pipelines, Git repos, Kanban boards, automated and cloud-based load testing. Formerly Visual Studio Team Services (VSTS).

Lab Services: create environments (Windows/Linux OS) to test applications using multiple test agents. Formerly DevOps Test.

Question 27

8 Features of App Services

(Think about it terms of ease/flexibility of development & the management of software development)

Answer 27

• Multiple Languages and Frameworks
• DevOps Optimization
• Global Scale & High Availability
• Connections to SaaS Platforms and On-Prem Data
• Security & Compliance
• Application Templates (WordPress, Joomla, Drupal)
• API & Mobile Features
• Serverless Code

Question 28

6 Azure Management Tools

(handles services, accounts, operating systems, & web services)

Answer 28

Azure Portal: public website used to monitor all available Azure services and details about your Azure environment. It includes, links to help manage (tutorials) those services, wizards, and tooltips.

Azure PowerShell: windows shell for the cloud.

Azure Command Line Interface (CLI): cross-platform command line program to execute administrative task at the command line.

Azure Cloud Shell: browser-based scripting environment with flexibility to choose your shell environment. (Bash for Linux, Powershell for Windows)

Azure Mobile App: access and manage Azure accounts and resources from iOS or Andriod phone or tablet.

Azure REST API: Representational State Transfer (REST) APIs are service endpoints that support sets of HTTP operations (methods), which provide create, retrieve, update, or delete access to the service’s resources.

Question 29

3 Principles of Security Posture

Answer 29

1. Confidentiality: restrict access only to individuals explicitly granted access.
2. Integrity: prevention of unauthorized changes to information at rest or in transit. (one-way hashing algorithm)
3. Availability: ensure services are available to authorized users.

Question 30

Security Layers (7)

Answer 30

Physical security: protecting computing hardware in the datacenter.

Identity & Access: access to infrastructure and change controls.

Perimeter: prevent denial of service for end users (distributed denial-of-service (DDoS) protection).

Networking: limits communication between resources through segmentation and access controls.

Compute: secures access to virtual machines (malware, unpatched system).

Application: applications are secure and free of vulnerabilities.

Data: in almost all cases, attackers are after data.