Describe Azure architecture and services

Question 1

Describe Azure region

Answer 1

A region is a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and connected with a low-latency network

Question 2

Describe availability zones

Answer 2

Availability zones are made up of at least 3 physically separate data centers within an Azure region. Each data center has its own cooling, power, and networking. They’re connected to each other through high-speed, private fiber-optic networks, if one in the zone goes down the others continue working.

Question 3

Describe Azure data centers

Answer 3

Azure data centers are buildings around the world that contain all the hardware that Azure runs on.

Question 4

Describe Azure resources

Answer 4

Resources are instances of services you create, such as VMs or SQL databases.

Question 5

Describe subscriptions

Answer 5

A subscription bundles together resources and the user account that created them. Each subscription has a limit to the number of resources that can be created and used, which is set by management groups. Subscriptions are used to manage costs and, at a higher level, resources.

Question 6

Describe management groups

Answer 6

Management groups help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.

Question 7

Describe the hierarchy of resource groups, subscriptions, and management groups

Answer 7

Resources, or instances of services, at the lowest level
Resource groups are logical containers for resources
Subscriptions group together resource groups and the user account created them
Management groups are containers for subscriptions

Question 8

Describe the Container Instances compute service

Answer 8

Container Instances abstract away the operating system and infrastructure requirements for a single application and its dependencies. Azure allows you to run a container without having to manage any VMs or additional services

Question 9

Describe Azure Virtual Machines

Answer 9

Virtual Machines are software emulations of physical computers

Question 10

Describe resources required for virtual machines

Answer 10

Managed Disk Drive
Azure Subscription
Azure Resource Group
Virtual Network Interface
Network Security Group
Public IP address

Question 11

Describe the Azure App Service hosting option

Answer 11

App Service allows you to host an application without having to handle the infrastructure or operating system

Question 12

Describe the purpose of Azure Virtual Networks

Answer 12

Azure Virtual Networks enable Azure resources to communicate with each other, users on the Internet, and your on-premises client computers

Question 13

Define public endpoints

Answer 13

Public endpoints have a public IP address and can be accessed from anywhere in the world.

Question 14

Compare Azure storage services

Answer 14

Azure Blobs: A massively scalable object store for text and binary data in block blobs.
Azure Files: Managed file shares you can mount for cloud or on-premises deployments.
Azure Queues: An asynchronous messaging queue for reliable messaging between application components.
Azure Tables: A structured key/attribute NoSQL store with a schemaless design.
Azure Disks: Virtual hard disks for Azure VMs.

Question 15

Describe the Hot Access storage tier

Answer 15

The hot access tier is optimized for storing data that are accessed frequently.

Question 16

Describe the Locally redundant storage (LRS) redundancy option

Answer 16

Your data is has 3 synchronous copies within the same data center

Question 17

Describe the Standard general-purpose storage account type

Answer 17

A standard storage account type for blobs, file shares, queues, and tables. Recommended for most scenarios using Azure Storage.

Question 18

Describe moving files with AzCopy

Answer 18

AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.

Question 19

Describe data migration with Azure Migrate

Answer 19

Azure Migrate provides a way to move your on-premises data center to Azure using services for migration, modernization, and optimization.

Question 20

Describe Azure Active Directory (Azure AD)

Answer 20

Azure Active Directory (Azure AD) is a globally available identity service that enables your users to sign in and access both cloud and on-premises applications.

Question 21

Describe single sign-on (SSO) authentication

Answer 21

Single sign-on (SSO) authentication gives the ability to manage multiple on-premises infrastructure components and systems by using a single identity per user

Question 22

Describe external identities and guest access in Azure

Question 23

Describe Azure AD Conditional Access

Answer 23

Conditional Access is an additional layer of authorization with identity-driven signals as part of their access control decisions. Policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action.

Question 24

Describe Azure role-based access control (RBAC)

Answer 24

Azure role-based access control (Azure RBAC) is an authorization system built on Azure Resource Manager that helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.

Question 25

Describe the concept of Zero Trust

Answer 25

Zero Trust is a security strategy that assumes breach and verifies each request as though it originated from an uncontrolled network. It’s an approach to designing and implementing the following set of security principles:
Verify explicitly
Use least privilege access
Assume breach

Question 26

Describe the purpose of the defense in depth model

Answer 26

Defense-in-depth is a strategy that leverages multiple security measures to protect an organization’s assets, so if one line of defense is compromised, additional layers exist as a backup to ensure that threats are stopped along the way.

Question 27

Describe the purpose of Microsoft Defender for Cloud

Answer 27

Microsoft Defender for Cloud is a security manager that can assess the current level of security in your environment, ensure regulatory standards are enforced and recommend actions to close gaps in security.

Question 28

Describe regional pairs

Answer 28

A region pair is two Azure regions that act as failovers for each other and are within the same region and are at least 300 miles away from each other to reduce the likelihood of interruptions. If one in the pair is affected by an outage of any kind/for any reason, services would automatically failover to the other region in its pair.

Question 29

Describe sovereign regions

Answer 29

Sovereign regions are regions dedicated to specific sovereign entities and are isolated from the rest of Azure

Question 30

Describe resource groups

Answer 30

Resource groups are logical containers for resources, in which they are deployed and managed.

Question 31

Describe Azure Virtual Machine Scales sets

Answer 31

Azure Virtual Machine Scale sets let you create and manage groups of identical load-balancing virtual machines which automatically scale up or down based on demands

Question 32

Describe availability sets

Answer 32

Availability sets are logical groupings of virtual machines that allow Azure to understand how your application is built to provide redundancy and availability

Question 33

Describe Azure Virtual Desktop

Answer 33

Azure Virtual Desktop is a desktop and application virtualization service that enables users to use a cloud-hosted version of Windows from any location

Question 34

Describe the Azure Containers hosting option

Answer 34

Containers allow you to run virtualized environments that can be created, scaled out, and stopped dynamically; allowing for faster changes on demand compared to virtual machines

Question 35

Describe the Virtual Machine hosting option

Answer 35

Virtual Machines would allow you to have total control over the operating system, run custom software, and use custom hosting configurations

Question 36

Describe the Azure Virtual Machine compute service

Answer 36

Virtual Machines abstract away the hardware needed to run an operating system, virtualizing a customizable server

Question 37

Describe the Azure Functions compute service

Answer 37

Azure Functions is a service that uses serverless computing, or the abstraction of servers, infrastructure, and operating systems

Question 38

Describe the purpose of Azure virtual subnets

Answer 38

Azure virtual subnets are partitions within a virtual network’s address space. Routing between subnets is based on default or custom traffic routes.

Question 39

Describe the purpose of peering

Answer 39

Peering enables you to connect two or more virtual networks together via Microsoft’s private network

Question 40

Describe the purpose of Azure DNS

Answer 40

Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure.

Question 41

Describe the purpose of Azure VPN Gateway

Answer 41

Azure VPN Gateway uses an encrypted tunnel to connect two private endpoints within a dedicated subnet over an untrusted network (typically the public internet) to prevent eavesdropping or other attacks.

Question 42

Describe the purpose of Azure ExpressRoute

Answer 42

Azure ExpressRoute lets you connect two endpoints over a private connection with the help of a connectivity provider.

Question 43

Define private endpoints

Answer 43

Private endpoints exist within a virtual network and have a private IP address from within the virtual network’s address space.

Question 44

Describe the Cool Access storage tier

Answer 44

Cool access tier is for data that’s infrequently accessed and stored for at least 30 days.

Question 45

Describe the Archive Access storage tier

Answer 45

The archive access tier is for data that are rarely accessed and stored for at least 180 days.

Question 46

Describe the Zone-redundant storage (ZRS) redundancy option

Answer 46

Your data is replicated in 3 availability zones within the same region

Question 47

Describe the Geographically-redundant storage (GRS) redundancy option

Answer 47

Same as LRS, plus 3 asynchronous copies in a second data center at least 300 hundreds of miles away

Question 48

Describe the Geographically-zone-redundant storage (GZRS) redundancy option

Answer 48

Same as ZRS, plus a second set of 3 availability zones to a second region hundreds of miles away

Question 49

Describe the Premium block blob storage type

Answer 49

A premium storage account type for block blobs and append blobs. Recommended for scenarios with high transaction rates, that use smaller objects, or require consistently low storage latency.

Question 50

Describe the Premium file shares storage type

Answer 50

A premium storage account type for file shares only. Recommended for enterprise or high-performance scale applications.

Question 51

Describe the Premium page blobs storage type

Answer 51

A premium storage account type for page blobs only.

Question 52

Describe moving files with Azure Storage Explorer

Answer 52

Azure Storage Explorer is a standalone file explorer application that makes it easy to work with Azure Storage data on Windows, macOS, and Linux.

Question 53

Describe moving files with Azure File Sync

Answer 53

Azure File Sync enables centralizing your organization’s file shares in Azure Files, and has the ability to transform Windows Server into a quick cache of your Azure file share.

Question 54

Describe data migration with Azure Data Box

Answer 54

The Microsoft Azure Data Box cloud solution lets you send up to 80 terabytes of data into and out of Azure in a quick, inexpensive, and reliable way using a proprietary Data Box storage device that’s transported to your data center through a regional carrier.

Question 55

Describe Azure Active Directory Domain Services (Azure AD DS)

Answer 55

Azure Active Directory Domain Services (Azure AD DS) lets users sign in to services and applications connected to the managed domain using their existing Azure AD credentials.

Question 56

Describe multi-factor authentication

Answer 56

Multi-factor authentication adds additional security to just a password, such as responding to a push notification, entering a code from a software or hardware token, or responding to an text message or phone call.

Question 57

Describe passwordless authentication

Answer 57

Passwordless authentication replaces a password with something you have (a Windows device, phone, or security key), plus something you are (biometrics) or something you know (a PIN).