Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

My Az-900 > Concepts > Flashcards

Concepts Flashcards

1
Q

Virtual Machine Scale Sets

A

Azure Virtual Machine Scale Sets let you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide the following key benefits:

  • Easy to create and manage multiple VMs
  • Provides high availability and application resiliency by distributing VMs across availability zones or fault domains
  • Allows your application to automatically scale as resource demand changes
  • Works at large-scale
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Availability Zones

A

Availability Zones are separated groups of datacenters within a region. Availability zones are close enough to have low-latency connections to other availability zones. They’re connected by a high-performance network with a round-trip latency of less than 2ms. However, availability zones are far enough apart to reduce the likelihood that more than one will be affected by local outages or weather. Availability zones have independent power, cooling, and networking infrastructure. They’re designed so that if one zone experiences an outage, then regional services, capacity, and high availability are supported by the remaining zones. They help your data stay synchronized and accessible when things go wrong.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Azure Application Gateway

A

Azure Application Gateway is a web traffic (OSI layer 7) load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.

Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example URI path or host headers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Azure load balancer

A

Azure Load Balancer operates at layer 4 of the Open Systems Interconnection (OSI) model. It’s the single point of contact for clients. Load balancer distributes inbound flows that arrive at the load balancer’s front end to backend pool instances. These flows are according to configured load-balancing rules and health probes. The backend pool instances can be Azure Virtual Machines or instances in a Virtual Machine Scale Set.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Azure Monitor Logs

A

Collects and organizes log and performance data from monitored resources. You can analyze Logs data by using a sophisticated query language Kusto Query Language (KQL) that’s capable of quickly analyzing millions of records

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Azure Monitor Metrics

A

Azure Monitor Metrics is a feature of Azure Monitor that collects numeric data from monitored resources into a time-series database. Metrics are numerical values that are collected at regular intervals and describe some aspect of a system at a particular time.

Note:
Azure Monitor Metrics is one half of the data platform that supports Azure Monitor. The other half is Azure Monitor Logs, which collects and organizes log and performance data. You can analyze that data by using a rich query language.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Azure Sentinel

A

Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise—fast. Microsoft Sentinel aggregates data from all sources, including users, applications, servers, and devices running on premises or in any cloud, letting you reason over millions of records in a few seconds. It includes built-in connectors for easy onboarding of popular security solutions. Collect data from any source with support for open standard formats like CEF and Syslog.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Microsoft Defender for Cloud

A

Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) that is made up of security measures and practices that are designed to protect cloud-based applications from various cyber threats and vulnerabilities. Defender for Cloud combines the capabilities of:

  • A development security operations (DevSecOps) solution that unifies security management at the code level across multicloud and multiple-pipeline environments
  • A cloud security posture management (CSPM) solution that surfaces actions that you can take to prevent breaches
  • A cloud workload protection platform (CWPP) with specific protections for servers, containers, storage, databases, and other workloads
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Azure Data Explorer

A

Azure Data Explorer is a fast, fully managed data analytics service for real-time and time-series analysis on large volumes of data streams from business activities, human operations, applications, websites, Internet of Things (IoT) devices, and other sources.

Ask questions and iteratively explore data on the fly to improve services and products, enhance customer experiences, monitor devices, and boost operations.

Quickly identify patterns, anomalies, and trends in your data. Explore new questions and get answers in minutes. Run as many queries as you need, thanks to the optimized cost structure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Azure Log Analytics

A

Used to edit and run log queries against data in the Azure Monitor Logs store.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Availability Sets

A

Availability sets are logical groupings of VMs that reduce the chance of correlated failures bringing down related VMs at the same time. Availability sets place VMs in different fault domains for better reliability, especially beneficial if a region doesn’t support availability zones. When using availability sets, create two or more VMs within an availability set. Using two or more VMs in an availability set helps highly available applications and meets the 99.95% Azure SLA. There’s no extra cost for using availability sets, you only pay for each VM instance you create.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Azure status

A

Global view of the health of all Azure services across all Azure regions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Service health

A

Personalized view of the health of the Azure services and regions you’re using.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Resource health

A

provides information about the health of your individual cloud resources such as a specific virtual machine instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Azure managed disks

A

Azure managed disks are block-level storage volumes that are managed by Azure and used with Azure Virtual Machines. Managed disks are like a physical disk in an on-premises server but, virtualized. With managed disks, all you have to do is specify the disk size, the disk type, and provision the disk. Once you provision the disk, Azure handles the rest.

The available types of disks are ultra disks, premium solid-state drives (SSD), standard SSDs, and standard hard disk drives (HDD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Azure DevTest Labs

A

is a service for easily creating, using, and managing infrastructure-as-a-service (IaaS) virtual machines (VMs) and platform-as-a-service (PaaS) environments in labs. Labs offer preconfigured bases and artifacts for creating VMs, and Azure Resource Manager (ARM) templates for creating environments like Azure Web Apps or SharePoint farms.

Lab owners can create preconfigured VMs that have tools and software lab users need. Lab users can claim preconfigured VMs, or create and configure their own VMs and environments. Lab policies and other methods track and control lab usage and costs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Management of the cloud

A

Management of the cloud speaks to managing your cloud resources. In the cloud, you can:

  • Automatically scale resource deployment based on need.
  • Deploy resources based on a preconfigured template, removing the need for manual configuration.
  • Monitor the health of resources and automatically replace failing resources.
  • Receive automatic alerts based on configured metrics, so you’re aware of performance in real time.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Management in the cloud

A

Management in the cloud speaks to how you’re able to manage your cloud environment and resources. You can manage these:

  • Through a web portal.
  • Using a command line interface.
  • Using APIs.
  • Using PowerShell.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Security principal

A

A security principal is an object that represents a user, group, service principal, or managed identity that is requesting access to Azure resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Reliability

A

Reliability is the ability of a system to recover from failures and continue to function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

High availability

A

it’s important the resources are available when needed. High availability focuses on ensuring maximum availability, regardless of disruptions or events that may occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Network access control

A

Network access control is the act of limiting connectivity to and from specific devices or subnets within a virtual network. The goal of network access control is to limit access to your virtual machines and services to approved users and devices. Access controls are based on decisions to allow or deny connections to and from your virtual machine or service.

Azure supports several types of network access control, such as:

  • Network layer control
  • Route control and forced tunneling
  • Virtual network security appliances
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Blueprints

A

Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:

  • Role Assignments
  • Policy Assignments
  • Azure Resource Manager templates (ARM templates)
  • Resource Groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Compliance Manager

A

Compliance Manager is a cross-Microsoft Cloud services solution designed to help organizations meet complex compliance obligations, including the EU GDPR, ISO 27001, ISO 27018, NIST 800- 53, NIST 800- 171, and HIPAA[2].

It enables your organization to perform on-going risk assessments for what is identified as Microsoft’s responsibilities by evaluating detailed implementation and test details of our internal controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Azure HDInsight

A

Run popular open-source frameworks—including Apache Hadoop, Spark, Hive, Kafka, and more —using Azure HDInsight, a customizable, enterprise-grade service for open-source analytics. Effortlessly process massive amounts of data and get all the benefits of the broad open-source project ecosystem with the global scale of Azure. Easily migrate your big data workloads and processing to the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Network security groups

A

You can use an Azure network security group to filter network traffic between Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Local Network Gateway

A

The local network gateway is a specific object that represents your on-premises location (the site) for routing purposes. You give the site a name by which Azure can refer to it, then specify the IP address of the on-premises VPN device to which you’ll create a connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is elastic computing or cloud elasticity?

A

Elastic computing is the ability to quickly expand or decrease computer processing, memory, and storage resources to meet changing demands without worrying about capacity planning and engineering for peak usage. Typically controlled by system monitoring tools, elastic computing matches the amount of resources allocated to the amount of resources actually needed without disrupting operations. With cloud elasticity, a company avoids paying for unused capacity or idle resources and doesn’t have to worry about investing in the purchase or maintenance of additional resources and equipment.

While security and limited control are concerns to take into account when considering elastic cloud computing, it has many benefits. Elastic computing is more efficient than your typical IT infrastructure, is typically automated so it doesn’t have to rely on human administrators around the clock, and offers continuous availability of services by avoiding unnecessary slowdowns or service interruptions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Site Recovery service

A

Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. Site Recovery replicates workloads running on physical and virtual machines (VMs) from a primary site to a secondary location. When an outage occurs at your primary site, you fail over to a secondary location, and access apps from there. After the primary location is running again, you can fail back to it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is the concept of paired regions?

A

Each region in the world has at least one other region in which is shares an extremely high speed connection, and where there is coordinated action by Azure not to do anything that will bring them both down at the same time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What data format are ARM templates created in?

A

JSON

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

If you wanted to get an alert every time a new virtual machine is created, where could you create that?

A

Azure Monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is Bicep?

A

Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources.
In a Bicep file, you define the infrastructure you want to deploy to Azure, and then use that file throughout the development lifecycle to repeatedly deploy your infrastructure. Your resources are deployed in a consistent manner.

Bicep provides concise syntax, reliable type safety, and support for code reuse. Bicep offers a first-class authoring experience for your infrastructure-as-code solutions in Azure.

34
Q

recommendation categories for Azure Advisor

A
  • Reliability
  • Security
  • Performance
  • Operational Excellence
  • Cost.
35
Q

You need to migrate data to Azure using the Server Message Block (SMB) Protocol. Which service is best for migrating data?

A

Azure Files offers two industry-standard protocols for mounting Azure file shares: the Server Message Block (SMB) protocol and the Network File System (NFS) protocol.

36
Q

A management group tree can support up to _____ levels of depth.

A

6

37
Q

At which OSI layer does ExpressRoute operate?

A

Layer 3

38
Q

You can assign the Blueprint definition only once to an Azure Subscription. Yes or No?

A

No

39
Q

Which Azure resource is required to use Azure Cloud Shell ?

A

Storage

40
Q

How many maximum Fault domain and Update domain you can choose for an Availability Set ?

A

Fault Domain - 3

Update Doman - 20

41
Q

Tags applied to a resource group are inherited by its resources. Yes or No?

A

No

42
Q

If you assign permissions to a resource group, all the resources inside it inherit these permissions. Yes or No?

A

Yes

43
Q

Azure Cost Management

A

Azure Cost Management is a set of FinOps tools that enable you to analyze, manage, and optimize your costs. The service provides insights and cost management tools to help you monitor, allocate, and optimize your cloud costs.

44
Q

When you create a resource group, you need to provide a location for that resource group. Yes or No?

A

Yes

45
Q

When should you scale out your deployment?

A

Scale Out == Scale Horizontally.
When you need additional Virtual Machines / computers to speed up your application

46
Q

Which service can automatically sign users in when they are on their corporate devices & connected to your corporate network?

A

Single-Sign-On (SSO)

Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. When enabled, users don’t need to type in their passwords to sign in to Azure AD, and usually, even type in their usernames.

47
Q

Which service can help you:
- Assign time-bound access to resources using start and end dates
- Enforce multi-factor authentication to activate any role

A

Microsoft Entra Privileged Identity Management (PIM)

48
Q

What is the maximum number of management groups that can be supported in a single directory?

A

10,000

49
Q

Important facts about management groups:

A
  • 10,000 management groups can be supported in a single directory.
  • A management group tree can support up to six levels of depth. This limit doesn’t include the root level or the subscription level.
  • Each management group and subscription can support only one parent.
50
Q

All resource types support Tags in Azure. Yes or No?

A

No

51
Q

Azure Active Directory can restrict access attempts to only those coming from known devices. Yes or No?

A

Yes

52
Q

Every Azure region is composed of a set of datacenters. Yes or No?

A

Yes.
Each Azure region has a minimum of three availability zones.

53
Q

Azure Security Center

A

Security Center is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises. Security Center can:

  1. Provide security recommendations based on your configurations, resources, and networks.
  2. Monitor security settings across on-premises and cloud workloads, and automatically apply required security to new services as they come online.
  3. Continuously monitor all your services, and perform automatic security assessments to identify potential vulnerabilities before they can be exploited.
  4. Use machine learning to detect and block malware from being installed on your virtual machines and services. You can also define a list of allowed applications to ensure that only the apps you validate are allowed to execute.
  5. Analyze and identify potential inbound attacks, and help to investigate threats and any post-breach activity that might have occurred.
54
Q

Azure network security group

A

You can use Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

For each rule, you can specify source and destination, port, and protocol

55
Q

Azure Advisor has the ability to provide recommendations for Azure ExpressRoute. Yes or No?

A

Yes

56
Q

A Resource group can contain resources that belong to different subscriptions. Yes or No?

A

Yes

57
Q

In the case of Resource groups, the most restrictive lock in the inheritance takes precedence. Yes or No?

A

Yes

58
Q

Where can you obtain up-to-date details about the personal data Microsoft processes, how it processes it and for what purposes?

A

Microsoft Privacy Statement

59
Q

Azure Load Balancers are IaaS or PaaS?

A

IaaS

60
Q

Azure Network Watcher

A

Azure Network Watcher provides a suite of tools to monitor, diagnose, view metrics, and enable or disable logs for Azure IaaS (Infrastructure-as-a-Service) resources. Network Watcher enables you to monitor and repair the network health of IaaS products like virtual machines (VMs), virtual networks (VNets), application gateways, load balancers, etc. Network Watcher isn’t designed or intended for PaaS monitoring or Web analytics.

Network Watcher consists of three major sets of tools and capabilities:

  • Monitoring
  • Network diagnostic tools
  • Traffic
61
Q

Azure Traffic Manager

A

Azure Traffic Manager is a global DNS load balancer that can be used to distribute incoming traffic across multiple Azure regions. It is not designed for diagnosing network connectivity issues

62
Q

In order to move a VM from one region to another, one must be prepared for a brief downtime. Yes or No?

A

Yes

63
Q

Site-to-Site (IPsec) VPN connection

A

Site-to-Site (IPsec) VPN connection type is used to connect two or more virtual networks that are in different regions, data centers, or even different cloud providers. It allows you to connect an on-premises network or a branch office network to an Azure virtual network, or to connect two Azure virtual networks that are in different regions. Site-to-Site VPN connections use a VPN gateway to provide a secure connection over the Internet. IPsec is the protocol used to secure the VPN connection.

64
Q

Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:

A
  • Role Assignments
  • Policy Assignments
  • Azure Resource Manager templates (ARM templates)
  • Resource Groups
65
Q

How does Azure Blueprints help in monitoring deployments?

A

By preserving the relationship between blueprint definition and blueprint assignment

66
Q

Which of the following Azure resource types does NOT support tagging?

  • Virtual Machines
  • Azure App Service
  • Azure Cosmos DB
  • Azure Container Registry
A

Azure Container Registry

67
Q

What is the maximum number of virtual network rules and IP network rules allowed per storage account in Azure?

A

200

68
Q

What is the maximum allowed number of tags per Azure resource?

A

50

69
Q

What is Azure Logic Apps?

A

Azure Logic Apps is a cloud platform where you can create and run automated workflows with little to no code. By using the visual designer and selecting from prebuilt operations, you can quickly build a workflow that integrates and manages your apps, data, services, and systems.

70
Q

The ability to provision and deprovision cloud resources quickly, with minimal management effort, is known as…

A

Scalability

71
Q

When you cancel an Azure subscription, a Resource Lock can block the subscription cancellation. Yes or No?

A

No

72
Q

Each virtual network can have only one VPN gateway. Yes or No?

A

Yes

73
Q

What is the maximum number of cloud-only user accounts that can be created in Azure AD?

A

1,000,000

74
Q

Which protocol is used for federated authentication in Azure AD?

A

SAML

75
Q

Your company has decided to migrate its on-premises virtual machines to Azure. Which Azure Virtual Machines feature allows you to migrate virtual machines without downtime?

A

Azure Site Recovery

76
Q

All resources in a VNet can communicate outbound to the internet, by default. Yes or No?

A

Yes

77
Q

Availability zones are implemented in all Azure regions. Yes or No?

A

No

78
Q

Unlike RBAC, Azure Policy is a default-allow-and-explicit-deny system. Yes or No?

A

Yes

79
Q

Azure Synapse Analytics is an analytics service that brings together data integration, enterprise data warehousing and big data analytics. Yes or No?

A

Yes

80
Q

Upon creating a new Virtual Machine in Azure, will you be billed separately for its local disk storage. Yes or No?

A

No

81
Q

Azure Data Box can be used to transfer data from Azure to on-premises data centers or other cloud providers. Yes or No?

A

Yes

My Az-900 (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions