Azure Virtual Machines Flashcards

1
Q

When would I use a Standard SSD?

A

Moderate performance, suitable for workloads with lower IOPS and throughput

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When would I use a Premium SSD v2?

A

Higher performance with IOPS and throughput configurable based on VM size

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What IOPS has a Premium SSD v2?

A

IOPS are defined using disk size, IOPS up to 80K

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What IOPS has a Standard SSD?

A

IOPS are defined using disk size, IOPS up to 6K

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

I have a single Premium SSD v2 and wnat to increase its IOPS; how can iu do this?

A

Increase the disk size and the IOPS increase.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What latency has Premium SSD v2?

A

Low latency for consistent performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What latency has Standard SSD?

A

Moderate latency; may not meet high-performance needs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In azure, when you set the disk encryption to Volume Type all, what are you doing?

A

(This is older thinking, today Azure has hardware based encryption using Server-Side Encryption (SSE) for Managed Disks)
When you set the disk encryption to VolumeType: All in Azure, you are configuring BitLocker to encrypt both the operating system and data volumes of a virtual machine (VM).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Server-Side Encryption (SSE) for Managed Disks?

A

Managed Disks in Azure have server-side encryption (SSE) with 256-bit AES encryption, enabled by default. SSE encrypts data at rest automatically without requiring any additional setup, and this includes OS disks, data disks, and temporary disks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Is Azure have server-side encryption (SSE) hardware offloaded?

A

Yes, Azure offers server-side encryption (SSE) with hardware offloading through its Encryption at Host feature.
This feature ensures that data is encrypted at rest using hardware-based encryption mechanisms, providing end-to-end encryption for your virtual machine (VM) data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are Azure Confidential Computing?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In Azure, can you enable disk encryption for all virtual machines?

A

Yes,

In Azure, you can enable disk encryption for your virtual machines (VMs) using Azure Disk Encryption (ADE). ADE utilizes BitLocker for Windows VMs and DM-Crypt for Linux VMs to provide full disk encryption for both operating system and data disks. This feature integrates with Azure Key Vault, allowing you to manage and control the encryption keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

For Azure VM Scale Set, how many days of history does n predictive auto-scaling require?

A

Seven historical days are required, but the most accurate is fifteen days.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

For Azure Virtual Disks, is the encryption using bitlocker?

A

No, Azure Managed Disks are encrypted at rest by default using server-side encryption (SSE) with platform-managed keys, employing 256-bit AES encryption. Azure Storage handles this encryption and does not utilize BitLocker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

For Azure Managed Virtual Disks, can you use customer-managed keys?

A

Yes, you can use customer-managed keys (CMK) to encrypt Azure Managed Disks. This approach provides greater control over encryption keys, allowing you to meet specific compliance and security requirements. Azure integrates with Azure Key Vault, enabling you to manage your own keys for server-side encryption of managed disks.

To implement customer-managed keys for Azure Managed Disks, follow these steps:

Set Up an Azure Key Vault: Create a Key Vault to store your encryption keys. Ensure that soft delete and purge protection are enabled to prevent accidental key deletion.

Create or Import a Key: Within the Key Vault, generate a new RSA key or import an existing one. Supported key sizes are 2048-bit, 3072-bit, and 4096-bit.

Create a Disk Encryption Set: This resource links your managed disks to the Key Vault. When creating the Disk Encryption Set, specify the Key Vault and key you intend to use.

Assign Permissions: Grant the Disk Encryption Set’s managed identity the necessary permissions (wrapKey, unwrapKey, get) to access the key in your Key Vault.

Encrypt Disks: Associate your managed disks with the Disk Encryption Set to enable encryption using your customer-managed key.

Please note the following considerations:
Regional and Subscription Alignment: The Disk Encryption Set, Key Vault, virtual machines, disks, and snapshots must reside in the same Azure region and subscription.

Key Vault Requirements: The Key Vault must have soft delete and purge protection enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

For Azure Managed Virtual Disks, what encryption is used for encryption of the disk?

A

Azure Managed Disks are encrypted using 256-bit Advanced Encryption Standard (AES) encryption, which is FIPS 140-2 compliant. This encryption is applied transparently to data at rest, ensuring that your data is securely protected without impacting performance.

By default, Azure employs server-side encryption with platform-managed keys for all managed disks. For enhanced control over encryption keys, you have the option to use customer-managed keys stored in Azure Key Vault. This approach allows you to manage and rotate your encryption keys according to your organization’s security policies.

Additionally, Azure offers Azure Disk Encryption, which utilizes BitLocker for Windows VMs and DM-Crypt for Linux VMs to provide volume-level encryption within the virtual machine. This method integrates with Azure Key Vault for key management and is particularly useful for scenarios requiring end-to-end encryption, including temporary disks and disk caches.

For scenarios requiring encryption of temporary disks and disk caches, Azure provides the “encryption at host” feature. This option ensures that all data stored on the VM host is encrypted at rest and flows encrypted to the Storage service, offering end-to-end encryption for your VM data.

In summary, Azure Managed Disks are encrypted using robust 256-bit AES encryption by default, with options available for customer-managed keys and additional encryption features to meet various security and compliance requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the FIPS level of Azure Managed Virtual encryption?

A

FIPS 140-2 compliant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What type of encryption is Azure Managed Virtual disk using?

A

Server side transparent encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In Azure Managed Disk do you pay for used capacity or provisioned capacity?

A

You pay for provisioned capacity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How many IOPS has the managed disk types in Azure?

A

Ultra Disk (400,000 IOPS)
Premium disk v2 (80,000 IOPS)
Premium disk (20,000 IOPS)
Standard SSD (6,000 IOPS)
Standard HDD (2,000 IOPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Can you use Azure Managed Disk Ultra disk as the operating system disk?

A

No

22
Q

Can you use Azure Managed Disk Premium Disk v2 as the operating system disk?

A

No

23
Q

Can you use Azure Managed Disk Premium Disk as the operating system disk?

A

Yes

24
Q

Can you use Azure Managed Disk Standard as the operating system disk?

A

Yes

25
Q

What Azure Managed Disk type do i use for sub ms latency and extreme IOPS?

A

Ultra disk

26
Q

What Azure Managed Disk type do i use for sub ms latency and high IOPS?

A

Premium Disk (v2)

27
Q

What Azure Managed Disk would i use for long term storage?

A

Standard HDD

28
Q

What Azure Managed Disk would i use for entry level storage?

A

Standard disk

29
Q

Do Azure Managed Disk Premium have burst capabilities?

A

Yes

30
Q

Do Azure Managed Disk Standard have burst capabilities?

A

No

31
Q

For Azure Managed Disk how are backups taken?

A

They are incremental snapshots and are stored with the first full snapshot on SSD and further incremental snapshots been incremental, they are stored in what is refer to as Azure Backup Vault, but are infect not copied to azure storage account storage but live local and are what are referred to as operational backups.

32
Q

For Ultra Azure Managed Disk how can we get more IOPS?

A

Increasing the capacity, capacity and IOPS are linked.

33
Q

I want to be able to select a different performance for my disk, what pricing tier supports the ability to select managed disk performance separate form the storage size?

A

To select a performance level for your Azure managed disk independently of its storage size, you should use Premium SSD v2 or Ultra Disks. These disk types allow you to configure performance parameters such as IOPS (Input/Output Operations Per Second) and throughput separately from the disk’s capacity.

Premium SSD v2:
Performance Configuration: You can provision the exact IOPS and throughput needed without increasing the disk size.
Use Cases: Ideal for performance-sensitive workloads requiring consistent low latency and high throughput, such as databases and transaction-intensive applications.
Pricing: Charges are based on the provisioned capacity, IOPS, and throughput. For detailed pricing, refer to Azure’s Managed Disks Pricing.

Ultra Disks:
Performance Configuration: Offers the highest performance with the ability to adjust IOPS and throughput independently of disk size.
Use Cases: Suited for data-intensive workloads like SAP HANA and top-tier databases.
Pricing: Billing is based on provisioned capacity, IOPS, and throughput. More information is available on Azure’s Managed Disks Pricing.

34
Q

When using Azure Managed Disk on the standard pricing tier, am I guaranteed the performance?

A

When using Azure Managed Disks on the Standard pricing tiers—Standard SSD and Standard HDD—performance is not guaranteed. These tiers are designed for cost-effective storage and are suitable for workloads with lower performance requirements.

Standard SSD:
Performance Characteristics: Offers consistent performance for general-purpose workloads.
Use Cases: Ideal for web servers, lightly used enterprise applications, and dev/test environments.
Performance Guarantees: Does not provide guaranteed performance levels.

Standard HDD:
Performance Characteristics: Provides the lowest cost per GB among managed disk options, suitable for infrequent access workloads.
Use Cases: Best for backup, non-critical, and infrequently accessed data.
Performance Guarantees: Does not offer guaranteed performance levels.
For workloads that require consistent and predictable performance, consider using Premium SSD or Ultra Disks. These tiers are designed for high-performance needs and offer guaranteed performance metrics. For detailed information on Azure managed disk types and their performance characteristics, refer to Microsoft’s documentation:

35
Q

When using Azure Managed Disk on the premium pricing tier, am I guaranteed the performance?

A

Yes, when you use Azure Managed Disks on the Premium SSD tier, Azure guarantees the performance levels specified for each disk size. For example, a P50 disk provides 7,500 IOPS and 250 MB/sec throughput. These performance metrics are provisioned and maintained by Azure to ensure consistent performance for your workloads.
MICROSOFT LEARN

It’s important to note that while the disk itself offers guaranteed performance, the virtual machine (VM) to which the disk is attached also has its own performance limits. Each VM size has specific IOPS and throughput caps. For instance, a Standard GS5 VM has a maximum IOPS limit of 80,000. Therefore, to fully utilize the disk’s performance capabilities, ensure that your VM’s performance limits align with or exceed those of the attached disk.
MICROSOFT LEARN

By appropriately matching your VM size with your Premium SSD Managed Disk, you can achieve the guaranteed performance levels necessary for your applications.

36
Q

When using Azure Managed Disk on the ultra pricing tier, am I guaranteed the performance?

A

Yes, when using Azure Managed Disks on the Ultra Disk tier, you are guaranteed the provisioned performance levels. Ultra Disks are designed to deliver consistent performance with low sub-millisecond latency, ensuring that the provisioned IOPS (Input/Output Operations Per Second) and throughput are met 99.99% of the time.

This high level of performance consistency makes Ultra Disks suitable for data-intensive workloads such as SAP HANA, top-tier databases, and transaction-heavy applications. Additionally, Ultra Disks offer the flexibility to dynamically adjust performance parameters (IOPS and throughput) without the need to restart your virtual machines, allowing you to scale performance in line with your workload demands

37
Q

What is Azure Managed Disk on-demand bursting?

A

zure Managed Disk on-demand bursting is a feature that allows Premium SSD managed disks larger than 512 GiB to temporarily exceed their provisioned performance limits, providing higher IOPS (Input/Output Operations Per Second) and throughput when needed. This capability is particularly useful for handling unexpected spikes in workload demand without permanently allocating higher performance levels.

Key aspects of on-demand bursting:

Eligibility: Available for Premium SSD managed disks larger than 512 GiB. Disks of 512 GiB or smaller utilize credit-based bursting instead.

Performance Increase: Enables disks to burst up to 30,000 IOPS and 1,000 MB/s throughput, depending on the disk size and region.

Cost Implications: Involves an hourly burst enablement fee and additional charges for transactions exceeding the provisioned performance targets.

Activation: Must be explicitly enabled by the user and can only be activated when the disk is detached from a VM or when the VM is stopped.

38
Q

If i want to have the ability to prevision different storage, throughput and iops, what disk type do i need in Azure Managed Disks?

A

Ultra disk

39
Q

Do you have bursting on ultra disk?

A

No

40
Q

What is the default storage redundancy for Azure Managed Disk?

A

LRS

41
Q

If i want a shared Azure Managed Disk, is this possible?

A

Yes for premium and ultra

42
Q

Can I have ZRS for Azure Managed Disk??

A

Yes for SSD Standard and Premium

43
Q

Can you increase a managed disk larger?

A

Yes

44
Q

Can you decrease a managed disk larger?

A

No

45
Q

When i am selecting a azure virtual disk, do i have to be concerned about the VM capabilities?

A

Yes, you need to match the VM IOPS/Throughput have to be matched to the Azure Virtual Disk IOPS/Throughput.

46
Q

For Azure Managed Disks with bursting, what is the default length of time i can burst?

A

30min.

47
Q

How do Managed Disks bursting work?

A

When your disk IOPS/Throughput is above the disk allowed for its pricing tier, burst credits come out of the bucket, below the pricing tier credit go into the bucket up to the max of 30 min.

48
Q

What is the % availability for an azure managed disk?

A

99.999% availability

49
Q

Where is the data stored for an Azure managed disk?

A

It depends:

LRS for Premium SSD (v2), Standard SSD, Standard HDD, Ultra
ZRS for Premium SSD , Standard SSD

50
Q

Azure managed disk can you select a Zone for LRS?

A

Yes, LRS means you can select a Zone where you storage for your disk resides.

51
Q

Is Azure managed disk encrypted by default?

A

Yes, you can use customer of azure managed keys.

52
Q

You need to ensure your virtual machine boot and data volumes are encrypted. Your virtual machine is already deployed using an Azure Marketplace Windows OS image and managed disks. Which 2 of the following tasks should you complete to enable the required encryption?

(Choose 2)

Configure Secure Transfer Required

Create an Azure Key Vault

Migrate to Unmanaged Disks

Configure Azure Disk Encryption

Configure Azure Storage Service Encryption

A

Create an Azure Key Vault
Azure Key Vault is required to store the encryption keys used by Azure Disk Encryption for encrypting boot and data volumes.

Configure Azure Disk Encryption
Azure Disk Encryption is the mechanism used to encrypt virtual machine disks (boot and data volumes) for both Linux and Windows VMs.