Cloud Concepts Flashcards
Define cloud computing
the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal compute.
What is an “on-prem” resource? Provide an example vs a cloud resource.
A resource on the business’s premises. For example a local server racked and in use on the business site as opposed to an Azure virtual machine located in a Microsoft DC available to you through Azure portal over the internet.
What is an availability zone?
A site consisting of multiple data center footprints, CO1, CO2, CO3, CO4 etc.
What is vertical scaling?
Adding more virtual resources to a single virtual machine. i.e. CPUs, RAM.
What is horizontal scaling?
Adding more virtual servers to a group to add overall capacity.
What is an Azure VM Scale Set?
A configuration that automatically increases or decreases the number of virtual machines in response to demand or a defined schedule.
What is a region?
a grouping of multiple data centers / availability zones
What is an Azure geography?
a discreet market of two or more regions that preserve data residency and compliance boundaries.
Are all Azure cloud services available in every region?
No
What is Azure Migrate?
Perform assessment and migration of VMware MVs, Hyper-V VMs, cloud VMs, and physical servers, as well as databases, data, virtual desktop infrastructure, and web applications, to Azure.
What is a Service Map?
Maps communicate between application components on Windows or Linux. Helps you identify dependencies when scoping what to migrate.
What is Azure TCO Calculator?
Estimates your monthly running costs in Azure versus on-premises.
What is Azure Database Migration Service?
Uses the Data Migration Assistant and the Azure portal to migrate database workloads to Azure.
What is the Data Migration Tool?
Migrates existing databases to Azure Cosmos DB
What is Azure Cost Management?
Helps you monitor, control, and optimize ongoing Azure costs.
What is the Azure Advisor?
Helps you optimize your Azure resources for high availability, performance, and cost.
What is the Azure Monitor?
Enables you to monitor your entire estate’s performance. Includes application-health monitoring via enhanced telemetry, and setting up notifications.
What is Azure Sentinel?
Provides intelligent security analytics for your applications.
Define Azure DNS
Provides ultra-fast DNS responses and ultra-high domain availability
Define Azure Virtual Network (vNET)
A logical isolated section of the Azure network for customers to launch Azure resources within.
Define Azure Load Balancer
OSI Level 4 (Transport) load balancer
Define Azure Application Gateway
OSI Level 7 (HTTP) load balancer, can apply a Web Application Firewall
Define Network Security Groups
A virtual firewall at the subnet level
Define Azure Front Door
Scalable and secure entry point for fast delivery of your global applications
Define Azure Express Route
A connection between your on-prem to Azure cloud from 50 Mbps to 10 Gbps
[T/F] Azure CLI can be installed on Windows, Mac, and Linux?
True
Does Azure provide SLAs on Services in the Free or Shared tiers?
No
List the four Azure support plans
Basic, Developer, Standard, and Professional Direct
List the four Azure subscription types
Free, Pay as you Go, Enterprise Agreement, Student
What is an Azure Region Pair?
A relationship between 2 Azure regions in a shared geography for DR
Does an Availability zone protect against data center level failures or outages?
Yes
Can a resource be a part of more than one resource group?
No. A resource can only be a member of one resource group.
Can a resource group belong to more than one subscription?
No. A resource group can only be tied or belong to a single Azure subscription.
What is Azure Container Instance (ACI)?
Runs Docker containers on-demand in a managed, serverless Azure environment. A solution for any scenario that can operate in isolated containers, without orchestration.
Can VMs in different VNETs communicate by default?
No they cannot.
Describe an Azure VPN Gateway
A virtual network gateway that sends encrypted traffic between an Azure VNET and an on-prem location over the Internet.
What is VNET Peering?
Enables seamless connection of two or more Virtual Networks in Azure.
What is ExpressRoute?
A connection that extends your on-prem networks into Azure over a private connection with the help of a connectivity provider (ISP)
Does traffic on an ExpressRoute traverse the internet?
No.
What is Azure Blob storage?
Storage optimized for storing massive amounts of unstructured data. (not a database) i.e. image or video data, or for log files.
What is Azure File Storage?
Fully managed files shares in Azure accessible via SMB or NFS
What is Azure Disk Storage?
Azure managed disks are block-level storage volumes that are managed by Azure and used with Azure VMs.
What are Storage Tiers?
Azure storage hot, cool, and archive access tiers to store blob object data in a cost-effective manner.
What is Table Storage?
A service that stores structured NoSQL data in Azure, including a schema-less key/attribute store. A table of data that does not require the relational nature of a SQL database using keys.
What is Queue Storage?
A service for storing large numbers of messages, accessible from anywhere via authenticated HTTP or HTTPS calls.
Describe CosmosDB
A fully managed NoSQL database for modern app development.
Describe MS SQL
A fully managed PaaS database engine that handles most management functions such as upgrading, patching, backups, and monitoring.
Describe PostgreSQL
A relational database service in the Microsoft cloud based on the PostgreSQL Community Edition. PaaS
Describe MySQL
A PaaS relational database service in the Microsoft cloud, based on the MySQL Community Edition.
Describe SQL Managed Instance
Cloud database service that combines the broadest SQL Server database engine compatibility with all the benefits of PaaS.
Describe IoT Hub
A central message hub for bi-directional communication between your IoT app and the devices it manages.
Describe IoT Central
An IoT application platform that simplifies the creation of IoT solutions. It is a fully managed SaaS solution.
Describe Azure Sphere
A secure, high-level application platform with built-in communication and security features for internet connected devices. Created by Microsoft to run on an Azure Sphere-certified chip and to connect to the Azure Sphere Security Service.
List the four Azure Services most closely related to Data Warehouse:
Data Lake, Synapse Analytics, HDInsight, and Databricks.
Describe Data Lake
A technology that enables big data analytics and artificial intelligence. Provides cloud storage that is less expensive than relational databases cloud storage. Stores data from business systems and data warehouses, as well as device and sensor data. A place to store, organize, and analyze large volumes of structured and unstructured data of diverse data from diverse soruces.
Describe Synapse Analytics
An integrated analytics service that accelerates time to insight across data warehouses and big data systems.
Describe HDInsight
A cloud distribution of Hadoop components that makes it easy, fast, and cost-effective to process massive amounts of data. Supports popular open-source frameworks.
Describe Databricks
A data analytics platform optimized for the Microsoft Azure cloud services platform. Offers two environments for developing data intensive applications: Azure Databricks SQL Analytics, and Azure Databricks Workspace.
Describe Azure Machine Learning
A cloud-based environment you can use to train, deploy, automate, manage, and track ML models.
Describe Cognitive Services
Cloud-based services with REST APIs and client library SDKs available to help you build cognitive intelligence into you applications. It provides cognitive understanding categorized into five main pillars: vision, speech, language, decision, and search.
Describe Azure Bot Service
A managed bot development service that helps you easily connects to your users via popular channels. Provides an integrated environment that is purpose-built for bot development.
What 3 services are associated in Azure to Serverless?
Logic App, Functions, and Event Grid.
Describe Logic App
A cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows. You can choose from a gallery or hundreds of pre-built connectors for MSFT and 3rd party services.
Describe Functions
An event drive, compute on demand experience that extends the existing Azure application platform with capabilities to implement code triggered events occurring in Azure as well as on-premises systems.
Describe Event Grid
Enables you to easily manage events across many different Azure services and applications. Once a subscription is created, Event Grid will push events to the configured destination.
Describe Azure DevOps
A single platform for implementing DevOps, deploying code using the CI/CD framework, facilitating Agile software development.
Describe GitHub
GitHub is a web-based Git repository hosting service for source code management (SCM) and distributed revision control.
Describe GitHub Actions
Helps you automate software development workflows from within GitHub. You can build, test, package, release, or deploy any project on GitHub with a workflow.
Describe Azure DevTest Labs
Provides a self-service sandbox environment to quickly create Dev/Test environments while minimizing waste and controlling costs.
What is Azure Cloud Shell?
Web based access to Azure CLI for managing Azure resources. CLI for Bash or Powershell located in browser through the portal.
Describe Azure PowerShell
A set of cmdlets for managing Azure resources directly from PowerShell command line on local machine. Windows, Mac, Linux.
Describe the Azure Mobile App
App for iOS and Android that enables managing, tracking health and status, and troubleshooting your Azure resources.
Describe Azure CLI
The Azure command line interface is a set of commands used to create and manage Azure resources. Uses Bash, and is available on Windows, macOS, Linux, Docker, and Azure Cloud Shell.
Describe Azure Advisor
Scans your Azure configuration and recommends changes to optimize deployments increase security, and save you money.
Describe ARM Templates
A JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project.
Describe Azure Monitor
A service that collects monitoring telemetry from a variety of on-prem and Azure sources. Management tools, like Azure Security Center, push log data to Azure monitor. Azure Monitor aggregates and stores this telemetry in an Azure Log Analytics instance.
Describe Azure Service Health
Notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime.
Describe Azure Security Center
A unified infrastructure security management system that strengthens the security posture of your data centers (cloud and on-prem). Provides security guidance and info around your adherence to compliance related policies enabled.
Does Azure Defender provide Just In Time (JIT) VM Access?
Yes. For the paid version, not on the free version.
Describe Key Vault
A cloud service for securely storing and accessing secrets. Such as; API keys, passwords, certificates, or cryptographic keys.
Describe Azure Sentinel
A cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. It has built in AI.
Describe Dedicated Hosts
A service that provides dedicated physical servers able to host one or more virtual machines in one Azure subscription.
Define “Defense in-depth”
A layered approach that does not rely on one method to completely protect your environment.
Describe a Network Security Group
Contains security rules that allow or deny inbound network traffic to, or outbound network traffic from , several types of Azure resources. Each rule can contain source and destination, port and protocol. Can be applied to a subnet or NIC.
Describe Azure Firewall
A managed, cloud-based network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
Describe Azure DDoS
Standard tier provides enhanced DDoS mitigation features to defend against DDoS attacks. Basic version included with all subscriptions, Standard version includes logging and alerts, with the mitigation features.
Describe Conditional Access
Used by Azure AD to bring signals together, to make decisions, and enforce organizational policies.
Describe RBAC
Azure RBAC helps you manage who has access to Azure resources, what they can do with those resources, and which resources/areas they have access to. It’s built on Azure resource managed that provides fine-grained access management of Azure resources.
Define Resource Locks
Prevent other users in your organization from accidently deleting or modifying critical resources. Locks override any permissions a user may have.
Define Azure Policy
The definition of the conditions which you want to control/govern. Used to enforce standards.
Define Azure Initiative
A collection of Azure policy definitions that are grouped together towards a specific goal.
Define Blueprint
A container for composing sets of standards, patterns, and requirements for implementation of Azure cloud services, security, and design.
Describe Tags as used in Azure
A name and a value pair used to logically organize Azure resources, resource groups, and subscriptions into a logical taxonomy. Used to apply business policy or tracking cost for billing.
Can you enforce tagging rules with Azure policies?
Yes.
What is the Trust Center?
Where you can learn about the four foundational principals of trust: security, privacy, compliance, and transparency.
What are the three main Azure Sovereign Regions?
Government, China, and Germany
What is an Azure Sovereign Region?
Special regions that you might need for compliance or regulatory reasons.
What are Cost Impacts in Azure?
Type of services/resources, services, locations, ingress and egress traffic.
What are reserved instances?
Reserve virtual machines in advance and save up to 72% compared to PAYG pricing with 1-yr or 3-yr commitment.
What is reserved Capacity?
Achieve significant savings on Azure SQL Database, Azure Cosmos DB, and Azure Synapse Analytics and Azure Cache for Redis.
What is Hybrid Use Benefit?
Discount for running VMs by utilizing or effectively converting your on-prem software assurance enabled windows licenses on their new cloud equivalent.
What is spot pricing?
Access unused Azure compute capacity at deep discounts - up to 90% compared to PAYG prices. Azure VMs only.
Describe Azure Cost Management
A suite of tools provided by Microsoft that help you analyze, manage, and optimize the costs of your workloads.
Who has access to Private Preview?
Only companies or users invited, and for evaluation only.
Who has access to Public Preview?
Open to the public but preview limitations still apply
What is General Availability?
Regularly available services.
