Azure Fundamentals Training Day Flashcards
Regions
Made up of one or more datacenters in close proximity for hosting Azure services
Agility
Deploying and configuring cloud-based resources quickly as business requirements change
Availability Zones
Physically separate datacenters within the same region
Provide protection against downtime due to datacenter failure
Each datacenter is equipped with independent power, cooling, and networking
Connected through private fiber-optic networks
Region Pairs
Allow the replication of Azure resources across geographies to help ensure that a secondary region is available in case of any disaster at the primary region
Azure Sovereign Regions
Separate instance of Azure, physically isolated from non-US government deployments
Accessible only to screened, authorized personnel
Meets the security and compliance needs of US federal agencies, state and local government
Azure China
All data stays within China to ensure compliance
Physically separated instance of Azure cloud services
___ can only be associated with a single subscription
Resources
Resource Group
Logical container used to combine and organize Azure resources
Resources can only exist in one resource group
Resources can exist in different regions
Resources can be moved to different resource groups
Applications can utilize multiple resource groups
What is an Azure Storage account named storage001 an example of?
A resource
Azure Subscription
Provides you with authenticated and authorized access to Azure accounts
Billing Boundary
Generate separate billing reports and invoices for each subscription
Access Control Boundary
Manage and control access to the resources that users can provision with specific subscriptions
Management Groups
Used to manage multiple Azure subscriptions at scale, including their access, policies, and compliance
VM Scale Sets
Provide a load-balanced opportunity to automatically scale resources; scale out when resource needs increase, scale in when needs are lower
VM Availability Sets
Groups VMs into three domains so that if power or network fails in one domain, VMs are still available from another domain
Azure Container Instances
Allows you to deploy containers in Azure without having to provision or manage any underlying infrastructure
Azure Container Apps
Fully managed serverless container service for building and deploying modern apps at scale
Azure Kubernetes Service
An orchestration service for containers with distributed architectures and large volumes of containers
Azure Functions
PaaS offering that supports serverless compute operations. Event-based code runs when called without requiring server infrastructure during inactive periods
Azure App Services
Fully managed platform to build, deploy, and scale web apps and APIs quickly.
Works with .NET, .NET Core, Node.js, Java, Python, or php
Azure Virtual Network (VNet)
Enables Azure resources to communicate with each other, the internet, and on-premises networks
Can be used for public or private access, virtual subnets, or network peering to connect private networks
ExpressRoute
Extends on-prem networks into Azure over a private connection that is facilitated by a connectivity provider
Azure DNS
Host and manage DNS domains or DNS zones through Azure
Storage Accounts
Must have a globally unique name
Provides over-the-internet access worldwide
Determine storage and redundancy options
LRS
Locally redundant storage
Single datacenter in primary region
11 nines durability
ZRS
Zone redundant storage
Three availability zones in the primary region
12 nines durability
GRS
Geo redundant storage
Single datacenter in the primary and secondary region
16 nines durability
GZRS
Geo zone redundant storage
Three availability zones in the primary region and a single datacenter in the secondary region
16 nines durability
Azure Blob
Optimized for storing massive amounts of unstructured data, such as text or binary data
Azure Disk
Provides disks for VMs, applications, and other services to access and use
Azure Queue
Message storage service that provides storage and retrieval for large amounts of messages, each up to 64KB
Commonly used to create a backlog of work to be accessed asynchronously
Azure Files
Sets up a highly available network file share that can be accessed using the SMB protocol
Azure Tables
Provides a key/attribute option for structured non-relational data storage with a schema-less design
Azure storage tier optimized for frequently accessed data
Hot
Azure storage tier optimized for storing data accessed infrequently and stored for at least 30 days
Cool
Azure storage tier optimized for storing data accessed infrequently and stored for at least 90 days
Cold
Azure storage tier optimized for storing data accessed rarely and stored for at least 180 days with flexible latency requirements
Archive
Early removal of data from access tiers with storage requirements will result in ____
Fees
Azure Migrate
Unified migration platform with a range of integrated and standalone tools. Performs assessment and migration of on prem datacenters to Azure
Azure Data Box
Store up to 80 TB of data to move disaster recovery backups to Azure.
Protects data in a rugged case during transit.
Migrate data out of Azure for Compliance or regulatory needs
Migrate data to Azure from remote locations with limited or no connectivity
AzCopy
Command line utility
Copy blobs or files to or from your storage account
One-direction synchronization
Azure Storage Explorer
GUI compatible with Windows, MacOS, and Linux. Uses AzCopy to handle file operations
Azure File Sync
Synchronizes Azure and on-prem Windows File Server in a bi-directional manner.
Cloud tiering keeps frequently accessed files local, while freeing up space
Rapid reprovisioning of failed local server (install and resync)
Microsoft Entra ID
Azure’s cloud-based identity and access management service. Handles:
Authentication
SSO
Application management
Business to Business
Device management
Microsoft Entra Domain Services
Cloud based domain services without managing domain controllers
Run legacy applications (that can’t use modern auth standards) in the cloud
Automatically sync from Microsoft Entra ID
Microsoft Entra External ID B2B
A method to securely grant access to your resources with external partners, vendors, suppliers, or other collaborators.
External Identities B2C
Allows customers/consumers of your app to sign up and sign in to utilize it
Automatically reacts to DoS and password spraying activities
Conditional Access
Used to bring signals together, to make decisions, and enforce organizational policies. Based on:
User or Group Membership
IP Location
Device
Application
Risk Detection
Azure RBAC
Role Based Access Control - applied to a scope (resource or set of resources the access applies to)
Enforces principle of least privilege by granting permissions that are appropriate for user’s role, nothing more
How many pre-built RBAC roles are available in Azure?
70
Owner Role
Grants full access to manage all resources, including the ability to assign roles in Azure RBAC
Contributor Role
Grants full access to manage all resources, but does not allow role assignment in RBAC
Reader Role
View all resources, but does not allow you to make any changes
RBAC Administrator
Manage user access to Azure resources
Assign roles in RBAC
Assign themselves or others the Owner role
Can’t manage access using other ways, such as Azure Policy
User Access Administrator
Manage user access to Azure resources
Microsoft Defender for Cloud
Monitoring service that provides threat protection across both Azure and on-prem datacenters
Provides security recommendations
Detect and block malware
Analyze and identify potential attacks
Just-in-time access control for ports
Azure Security Benchmark
Defender for Cloud feature that compares your environment to security best practices and makes recommendations to enhance security
Based on widely accepted compliance frameworks
Factors Affecting Cost
Resource-Specific Costs
Consumption - pay-as-you-go
Maintenance- monitoring Azure footprint and mitigating costs that aren’t necessary
Geography- different costs per region
Network Traffic- outbound data or data between Azure resources is impacted by billing zones
Subscription
Azure Marketplace
Allows customers to find, try, purchase, and provision applications and services from hundreds of leading service providers.
Pricing Calculator
Tool that helps you estimate the cost of Azure products with configuration options like region, tier, etc
TCO Calculator
Total Cost of Ownership
Allows prospective Azure customers to calculate cost of migration to Azure
Azure Cost Management
Allows you to create and manage cost and usage budgets by monitoring resource demand trends, consumption rates, and cost patterns
Also allows you to use historical data to generate reports and forecast future usage and expenditures
Tags
Provides metadata for your Azure resources. Offers custom grouping of resources based on tags
Logically organizes resources into a taxonomy
Consists of a name-value pair (example- owner: joe)
Microsoft Purview
Family of data governance, risk, and compliance solutions that helps you get a single, unified view into your data
Automated data discovery
Sensitive data classification
End-to-end data lineage
Azure Policy
Azure service that enables you to create, assign, and manage policies that control our audit resources. These policies enforce different rules across all resource configurations so they stay compliant with corporate standards.
Resource Locks
Protect your Azure resources from accidental deletion or modification
Manage locks at subscription, resource group, or individual resource levels within Azure Portal
Service Trust Portal
Publicly accessible website where Microsoft publishes audit reports- “built on a foundation of trust, security, and compliance”
Azure Portal
GUI for interacting with Azure
Azure Cloud Shell
Web based shell for interaction with Azure resources
Azure PowerShell
Uses commandlets to perform administrative tasks on Azure resources
CLI
Command Line Interface; similar capabilities as PowerShell for performing administrative tasks on Azure resources, however uses Bash
Azure Resource Manager (ARM)
The deployment and management service for Azure that enables you to create, update, and delete resources in your Azure subscription
ARM Templates
JSON files that define an application’s infrastructure requirements for a repeatable deployment that is done in a consistent manner.
A validation step ensures that all resources can be created in the proper order based on dependencies, in parallel, and without being altered
Bicep
Language/syntax for ARM template creation
Azure Arc
Multi-cloud and on-prem management platform
Lets you manage Windows and Linux physical servers and VMs hosted outside of Azure, on your corporate network, or other cloud provider
Azure Advisor
Analyzes account usage and makes recommendations based on its set and configured rules
Recommendations can help improve reliability, security, and performance, achieve operational excellence, and reduce costs
Azure Service Health
Provides details of planned maintenance and service outages, including official incident reports called root cause analysis which can be shared with stakeholders
You need to allow resources on two different Azure virtual networks to communicate with each other. What should you configure?
Peering
Service Endpoints
Used to expose Azure services to a virtual network, providing communication between the two
NSGs
Network Security Groups
Allow you to configure inbound and outbound rules for virtual networks and virtual machines
Which two services can you use to establish network connectivity between an on-prem network and Azure resources?
Azure VPN Gateway
ExpressRoute
Application Insights
Feature of Azure Monitor that allows you to monitor running applications, automatically detect performance anomalies, and use built-in analytics tools to see what users do on an app
Azure Monitor
Platform for collecting, analyzing, visualizing, and alerting based on metrics. Can log data from an entire Azure and on-prem environment.
