deck 1

Question 1

Pay-As-You-Go - don’t want to forget about resources and it to keep billing you

Answer 1

In Cost Management and Billing create a budget and expiration

Question 2

What happens when reach budget

Answer 2

Doesn’t stop resource, instead can add an action e.g. send email

Question 3

virtual machine

Answer 3

windows or linux
use RDP or SSH to remotely control
Looks like a real server but isn't
Can be placed on a virtual network, arranged in availability sets, placed behind load balancers
Install whatever software
Server can be created in a few mins

Question 4

VM Abstractions

Answer 4

Azure Batch
Virtual Machine Scale Sets
Azure Kubernetes Service
Service Fabric

Question 5

App services (web app) PAAS

Answer 5

Windows/Linux OS (but don’t control OS)
Fully managed servers - can’t remote control
.NET, .NET Core, Java, Ruby, Node.js, PHP and Python
Benefits in scaling, CI, deployment slots, integrates with VS

Question 6

Azure Storage

Answer 6

Create storage accounts up to 5PB each: blob, queues, tables, files
Various level of replication included from local (11 9s durability) -> global (16 9s durability)
Storage tiers - hot, cool , archive
Keeps 3 copies of files
Managed (for VMs) or unmanaged

Question 7

Networking

Answer 7

Connectivity
Security
Delivery
Monitoring

Question 8

Connectivity

Answer 8

VNet - database entry
Virtual WAN - allows offices to connect to each other with Azure as middleman
ExpressRoute - allows Azure to office to connect - fast + encrypted (can use traditional VPN instead, runs over internet)
VPN Gateway
Azure DNS - having public/private domain names managed by Azure
Peering - connecting multiple VNets together so can have services in one region.
Bastion - Allows remote desktop into server without running rdp port or rdp software

Question 9

Security

Answer 9

Network Security Groups (NSG) - access control list
Azure Private Link - take what used to be public and turns them into private endpoints
DDoS protection - free level and can pay for more with SLAs
Azure Firewall
Web App firewall (WAF) - built into app gateway product. recognises top 10/20 attacks
VN endpoints

Question 10

Delivery

Answer 10

CDN -
Azure Front door - global load balancer
Traffic Manager
Application Gateway - app level (level 7) load balancer
Load balancer - network level (level 4) load balancer

Question 11

Monitoring

Answer 11

Network watcher
ExpressRoute Monitor
Azure Monitor
VNet Terminal Access Point (TAP)

Question 12

List create delete Azure CLI

Answer 12

az vm list
az keyvault create
az network vnet delete (vnet is a sub component of network)
az network vnet subnet list

Question 13

Powershell list create delete

Answer 13

Get-AzVM
New-AzKeyVault
Remove-AzVirtualNetwork
Get-AzVirtualNetworkSubnetConfig

Question 14

Powershell 7

Answer 14

Available for Windows, OSX and linux

Question 15

Bash CLI

Answer 15

For linux systems

Question 16

Azure CLI

Answer 16

for Windows, OSX and Linux

Question 17

Azure Cloud Shell

Answer 17

In browser - CLI commands work too

Question 18

Install-Module -Name Az -AllowClobber -Force

Answer 18

• AllowClobber allows overwriting existing files.

- Force (force to allow have 2 versions)

Question 19

AAD

Answer 19

Free - 500,000 users/groups, SSO, no company branding or self-service password reset, SLA, dynamic groups, group naming policies, conditional access,
Premium P1 - no AI risky account detection, risk based conditional access policies, identity governance e.g. PIM, access reviews, entitlement management
Premium P2
https://docs.microsoft.com/en-gb/azure/active-directory/authentication/concept-mfa-licensing#available-versions-of-azure-ad-multi-factor-authentication

Question 20

Account/User

Answer 20

Person or program with username, password MFA OR for app/managed identity - represents a program or service
Basis for authentication

Question 21

Tenant

Answer 21

Organisaton represented by public domain name i.e. example.com (unique for you)
Will be assigned a domain if not specified
A dedicated instance of AAD
Azure account always part of at least one tenant
Not every tenant needs to have subscription/can have more than one
More than one account can be owner

Question 22

Subscription

Answer 22

Agreement with microsoft to use azure services + how paying.

Gets billed to payment method of subscription - free PAYG, enterprise agreements

Question 23

Azure AD Join. Cloud first/cloud-only AD

Answer 23

Can use Azure AD to sign in on windows 10 devices
When you don’t have an on-prem AD or for remote branch of office with limited onprem infrastructure +not worth installing a local AD or maybe you don’t want to pollute on prem AD with temp employees

Question 24

Administrative Units

Answer 24

Taking a large organisation + dividing them into manageable segments e.g. canadian group + can specify which users can be admins.
Need premium license to add people to them.

Question 25

Custom domain

Answer 25

Need to add a txt record to your custom domain registrar