Describe Azure Architecture and Services

Question 1

Describe Azure regions, regional pairs, and sovereign regions

Answer 1

Region: A region is a geographical area on the planet that contains at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network.

Regional pair: Pair of Azure Regions within the same geograpical area (ie US, Europe Asia) atleast 300 miles away. In the event of a region wide outage, a failover will occur to the secondary region.

Sovereign Region: instances of Azure that are isolated from the main instance of Azure. You may need to use a sovereign region for compliance or legal purposes.

Question 2

Describe availability zones

Answer 2

Consists of physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking. If one zone goes down, the other continues working. Availability zones are connected through high-speed, private fiber-optic networks.

Question 3

Describe Azure datacenters

Answer 3

Facilities with resources arranged in racks, with dedicated power, cooling, and networking infrastructure.

Question 4

Describe Azure resources

Answer 4

Resources Include (VSVASF):
Virtual Machines
Storage Accounts
Virtual Networks
App Services
SQL Databases
Functions

Question 5

Describe Resource Groups

Answer 5

A container to manage and aggregate resources in a single unit.

Resources can only exist in one resource group
Resources can exist in different regions.
Resources can be moved to different resource groups
Applications can utilize multiple resource groups

Question 6

Describe subscriptions

Answer 6

Provides authenticated and authorized access to Azure accounts.

Question 7

Describe management groups

Answer 7

Management groups can include multiple subscriptions. Subscriptions inherit conditions applied to the management groups.

Ie: three different subscriptions: dev, test, and production. These can be placed in the the management group level to apply the same policies to all subscriptions. Note that each account can have multiple management groups

Question 8

Describe the hierarchy of resource groups, subscriptions, resources, and management groups

Answer 8

Management groups contain subscriptions
Subscriptions contain resource groups
Resource groups contain resources

Question 9

What are the five different Azure compute services?

Answer 9

VACAA
Virtual machines
App Services
Container instances
Azure Kubernetes Services
Azure Virtual Desktop

Question 10

Describe VM options- Azure Virtual Machines

Answer 10

Software emulations of physical computers. An IaaS offering. Includes: virtual processor, memory, storage, networking.

Question 11

Describe resources required for virtual machines

Answer 11

Virtual machines required processing power, memory, and storage.

Question 12

Describe the Web Apps feature of Azure App Service

Answer 12

Web Apps-App Service includes full support for hosting web apps by using ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python. You can choose either Windows or Linux as the host operating system.

Question 13

Describe Azure virtual subnets

Answer 13

A subnet is a range of IP addresses in the virtual network. You can divide a virtual network into multiple subnets for organization and security

Question 14

Define public and private endpoints

Answer 14

Public endpoints have a public IP address and can be accessed from anywhere in the world.

Private endpoints exist within a virtual network and have a private IP address from within the address space of that virtual network.

Question 15

Compare Azure storage services

Answer 15

CDA

Container services (blob, PaaS) - Unstructured data: photos, audio files, pdfs, etc. Used for hosting images for public website

Disk storage: IaaS. Fast and easy to use. Only tied to one virtual machine

Azure Files: Similar to file share in on premises environment. Allows sharing of files over a network. Only those who have access to encryption key can access. SMB protocol will only be associated with Azure Files

Question 16

Describe storage tiers

Answer 16

HCA

Hot - For storing data that is accessed frequently (most expensive)
Cool - For storing data that is used infrequently and accessed and stored for at least 30 days
Archive - optimized for data that is rarely accessed and is stored for at least 180 days (least expensive)

Question 17

Describe storage redundancy options

Answer 17

LRS - locally redundant storage - single datacenter in primary region
ZRS - zone redundant storage - Three availability zones in primary region
GRS - geo redundant storage - single datacenter in primary and secondary region
GZRS - geo redundant storage - three availability zones in primary region and single data center in secondary region

Question 18

What are the storage account types?

Answer 18

SPPP

Standard general-purpose v2
Premium block blobs3
Premium file shares3
Premium page blobs

Question 19

Identify options for moving files: AzCopy

Answer 19

Command line utility. Can copy blobs or files from your storage account. One direction synchonization.

Question 20

Describe migration options, including Azure Migrate and Azure Data Box

Answer 20

Azure Migrate: A single portal to start, run, and track your migration to Azure.

Azure Data Box: A physical data storage box. Allows to send data into azure in a fast, safe, reliable way. Can import/export data into azure. Order through azure portal.

Question 21

Describe directory services in Azure: Azure Active Directory (Azure AD)

Answer 21

Cloud-based identity and mobile device management that provides user account and authentication services for resources such as Microsoft 365, the Azure portal, or SaaS applications.

Question 22

Describe authentication methods in Azure, including single sign-on (SSO), multifactor
authentication, and passwordless

Answer 22

SSO: Authentication method. Enables users to securely authenticate multiple applications/websites. Uses user name/pass. Allows admins to use single set of credentials

Multifactor authentication: Requres two or more elements for full authentication: Something you know (ie a password) something you possesses ( ie a cell phone or device) or something you are (ie facial recognition, like Windows Hello),

Passwordless: You can also allow your employee’s phone to become a passwordless authentication method. You may already be using the Authenticator app as a convenient multi-factor authentication option in addition to a password. You can also use the Authenticator App as a passwordless option.

Question 23

Describe external identities and guest access in Azure

Answer 23

External B2B (business to business): Identity and access management for partners, vendors, suppliers, and other collaborators.

External B2C (Business to customer): Identity and access management for your customer-facing apps

Question 24

Describe Azure AD Conditional Access

Answer 24

Used to bring signals together to make decisions and enforce organizational policies. Signals can include:

The user and user location
Device being used
Any Real Time Risks
The application being used.

If- then statement. Example: If Denis is in Asia, then require multifactor authentication.

Question 25

Describe Azure role-based access control (RBAC)

Answer 25

Segregate duties within the team and grant only the amount of access to users that they need to perform their jobs.

Question 26

Describe the concept of Zero Trust

Answer 26

Zero trust: A security model where you assume the worst and assume that a bad actor has access to all assets within a network, and protect all assets.

Question 27

Describe the purpose of the defense in depth model

Answer 27

A layered approach to security. Each layer has a level of protection, from the physical security (outermost layer), to the data (center)

Question 28

Describe the purpose of Microsoft Defender for Cloud

Answer 28

Provides threat protection for both Azure and on-premises datacenters. Provides security recomendations Detect and block malware Analyze and identify potential attacks Just-in-time access control for ports.

Question 29

Describe subscription billing boundaries

Answer 29

Generate separate billing reports and invoices for each subscription.

Question 30

Describe subscription access control boundaries

Answer 30

Manage and control access to the resources that users can use with specific subscriptions.

Question 31

Describe VM options- Azure Virtual Machine Scale Sets

Answer 31

Load balanced. Can scale out when resource needs increase and scale in when resource needs are lower.

Question 32

Describe VM options - availability sets

Answer 32

A logical group of VMs to provide redundancy and availability. Only charged for VMs that are deployed. Availability sets contain Fault domains and updated domains which reside in the same datacenter..

Question 33

Describe VM options - Azure Virtual Desktop

Question 34

Describe Availability Set Update Domains

Answer 34

Group of VMs. Two VMs in an update domain cannot be updated at the same time.

Question 35

Describe availability set fault domains

Answer 35

a group of VMs that share a power source and network switch. Can configure up to 3 fault domains at once. Like a server in a data center.

Question 36

Describe Azure Virtual Desktop

Answer 36

Azure Virtual Desktop is a cloud-hosted version of Windows that can be accessed from any location. Azure Virtual Desktop works across devices and operating systems, and works with apps that you can use to access remote desktops or most modern browsers.

Question 37

Describe Azure containers

Answer 37

Light weight virtualized environment that does not require OS management, and can respond to changes on demand

Question 38

Describe Azure Container Instances

Answer 38

PaaS offering that runs a container in Azure without the need to manage a virtual machine or additional services.

Question 39

Describe Azure Kubernetes Service

Answer 39

Orchestration service for containers with distributed architectures and large volumes of containers

Question 40

Describe Azure App Services

Answer 40

A PaaS offering. Fully managed platform to build, deploy, and scale web apps and APIs quickly. Works with .NET, .NET Core, Node.js, Java, Python or php

Question 41

Describe virtual network peering

Answer 41

You can link virtual networks together by using virtual network peering. Peering allows two virtual networks to connect directly to each other.

Question 42

Describe the supported storage services for the account type: Standard general-purpose v2

Answer 42

Blob Storage (including Data Lake Storage1), Queue Storage, Table Storage, and Azure Files

Question 43

Describe the supported storage services for the account type: Premium block blobs3

Answer 43

Blob Storage (including Data Lake Storage1)

Question 44

Describe the supported storage services for the account type: Premium file shares3

Answer 44

Azure Files

Question 45

Describe the supported storage services for the account type: Premium page blobs3

Answer 45

Page blobs only

Question 46

Identify options for moving files: Azure Storage Explorer

Answer 46

Graphical User Interface (like Windows File Explorer) Compatible with Windows, Mac, and Linux Uses AzCopy to handle file operations

Question 47

Identify options for moving files: Azure File Sync

Answer 47

Works with on premises files to keep files in sync with azure cloud in a bi directional manner Keeps frequently accessed files local, while freeing up space

Question 48

Describe directory services in Azure: Azure Active Directory Domain Services (Azure AD DS)

Answer 48

Provides features: Domain join, Group policy, LDAP, Kerberos / NTLM authentication.

Question 49

True or False: Resources can only exist in one resource group

Answer 49

True

Question 50

True or False: Resources cannot exist in different regions

Answer 50

False. Resources can exist in different regions.

Question 51

True or False: Resources can be moved to different resource groups

Answer 51

True

Question 52

True or False: Applications cannot utilize multiple resource groups

Answer 52

False. Applications can utilize multiple resource groups