Describe Azure Architecture and Services

Question 1

Fault tolerance is also known as what?

Answer 1

High Availability

Question 2

When can an organization decommission its private cloud infrastructure hosted in its data center?

Answer 2

When all of their servers are in the public cloud.

Question 3

Company has set up a VPN device on their on-prem that will be used for Sit-to-Site connection from an on-prem location to Azure. What would represent the on-prem VPN device in Azure?

Answer 3

Local Network Gateway

Question 4

Company has a set of IT engineers responsible for implementing and managing the resources in their Azure account. The IT engineers have a set of CLI installed on-prem workstations that have Ubuntu, macOS and Windows 10 machines. What tools can be used on those machines?

Answer 4

Azure CLI, Azure Powershell, and Azure Portal

Question 5

You found that GRS automatically replicates data from your primary region to a secondary region (also known as Region Pair). So, as part of your business continuity and disaster recovery strategy, your company decided to choose GRS replication for your AZ storage account. So, can we choose the secondary region in the Region Pair where we want to replicate our data?

Answer 5

NO - it is not possible to create your own regional pairings. Every Azure Region is paired with another AZ Region for cross-region replication based on proximity. Every Region Pair is at least 300 miles of separation. GRS replication automatically picks secondary region based on this.

Question 6

Azure App Service/Web Apps

Answer 6

Fully managed PaaS service for hosting web apps and performs infrastructure maintenance

Sometimes slow b/c certain code is not written in a performant way.

Enables you to build and host web apps, mobile back ends, and RESTful APIs in the programming language of your choice without managing infrastructure.

Question 7

Minimum number of Azure regions needed to comply w 99.99 percent SLA?

Answer 7

2

Question 8

Minimum number of Availability zones needed to comply w 99.99 percent SLA?

Answer 8

2

Question 9

Azure Service Health

Answer 9

Get info about AZ service issues and planned maintenance.

Question 10

Pricing Calculator

Answer 10

Compare and Predict the costs of AZ services.

Question 11

Service Trust Portal

Answer 11

Get info about international standards, compliance documents, and audit results that AZ provides for itself.

Question 12

TCO Calculator

Answer 12

Compare & Predict the savings after comparing a cloud-hosted solution with an on-prem solution.

Question 13

Microsoft Defender for Cloud

Answer 13

Cloud Security Posture Mgmt (CSPM) and Cloud Workload Protection Platform (CWPP) which tracks security vulnerabilities for on-prem, multi-cloud and hybrid environments

Detects and resolves threats to resources and services not only on VMs but also SQL, storage accts, and other services etc

Question 14

AZ Advisor

Answer 14

AZ service provides recommendations to implement or maintain well-architected framework principles (cost-effectiveness, performance, reliability)

Question 15

AZ Policy

Answer 15

Service that helps to Deny the creation of any other resource which is not defined in the list of allowed resources

Question 16

AZ Blueprint

Answer 16

Helps to create a Package that consists of a set of resource groups, policies, role assignments, and ARM template deployments to help w environment setup.

Question 17

Company wants to deploy small pieces of code onto AZ. They want to cut the costs for hosting the code. What should they consider for hosting the code?

Answer 17

Azure Functions - You can use AZ functions to save costs if you want to run small pieces of code.

Question 18

Azure Functions

Answer 18

Cloud service available on-demand that provides all the continually updated infrastructure and resources needed to run your applications; you focus the code that matters most to you, in the most productive language for you, and Functions handles the rest; provides Serverless computing in AZ; used to save costs if you want to run small pieces of code.

Question 19

Azure Basic Support plan does not include…

Answer 19

Access to support engineers; no 24/7 access to tech support by email or phone.

This is only available for Developer (during business hours by email only), Standard and Professional Direct plans.

Question 20

Management Groups

Answer 20

Ability to manage user access to resources across multiple subscriptions.

Question 21

Azure Arc

Answer 21

Simplifies governance and mgmt by delivering a consistent multi-cloud and on-prem mgmt platform.

Question 22

Azure Cloud Shell

Answer 22

An interactive shell environment that you can use through your browser; lets you use either bash or PowerShell to work w AZ services.

Question 23

Azure Container Instances

Answer 23

Solution for any scenario that can operate in isolated containers, without orchestration; run event-driven apps, quickly deploy from your container development pipelines, and run data processing and build jobs.

Question 24

Azure Virtual Machine

Answer 24

IaaS; Traditional option of hosting a website on AZ but needs more time to correctly set up for performance, scalability, durability, and security and also needs to take appropriate care of maintenance activities (upgrades, patches etc)

Question 25

Azure Service Fabric

Answer 25

Distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices and containers; also address significant challenges in developing and managing cloud native apps.

Question 26

VM Scale Sets

Answer 26

Provide a solution to create and manage a group of identical, load balanced VMs.

Question 27

Azure Virtual Network

Answer 27

Provide an isolated environment for hosting of VMs.

Question 28

Azure Data Lake Analytics

Answer 28

Provide a cloud service that helps transform data and provide valuable insights on the data itself.

Question 29

Company has VM created in their subscription with an app installed on the VM. You need to ensure traffic can flow into the VM on port 8080. What must be modified to make this work?

Answer 29

Network Security Group (NSG) - must be modified to add an inbound security rule.

Question 30

Company has created v network and also launched a set of VMs on the network. They want to change the way the traffic is routed in the v network. What can be used to fulfill this requirement?

Answer 30

User Defined Routes

Question 31

Azure Web Apps

Answer 31

PaaS solution for web applications

Question 32

Azure Marketplace

Answer 32

Easily Search for custom solutions in AZ Marketplace and easily deploy these solutions in AZ

Question 33

Azure SQL Database

Answer 33

PaaS

Used if company for example wants to host a set of relational tables w zero administration of underlying infrastructure and low latency access to data

Microsoft handles all patching and updating of the SQL and OS code

Question 34

Azure Cosmos DB

Answer 34

Fully managed NoSQL and relational database for modern app development.

Offers single-digit millisecond response times, automatic and instant scalability, along with guarantee speed at any scale. Business continuity is assured with SLA-backed availability and enterprise-grade security.

Also has a table API to work with Table-like data

Question 35

Company planning on creating several policies in the Az policy service. These policies are all meant to achieve a particular goal. What can be used to organize these policies into one group?

Answer 35

Initiative Definition - you can club the policy definitions into one Initiative Definition

Singular overarching goal

Question 36

Company wants to have a data store in place that can be used to store video files. These video files will be uploaded by users. What would you use for this purpose?

Answer 36

Storage Account - You can use Blob service in AZ storage accounts to store video files

Question 37

You want to create a VM in AZ. You need to allocate 300GB storage for the VM. What disk option would you use for this purpose?

Answer 37

New data disk - these disks have a max capacity of around 32tb

Incorrect:
OS disk - every VM has at least 1 attached OS disk w pre-installed OS selected upon creation of VM; max capacity 2048gb

Temp disk - not a managed disk; provides short term storage intended to only store page or swap file data

Local disk

Question 38

Azure VPN Gateway

Answer 38

This service is used to help connect an on-prem data center to an Az Virtual Network; used to send encrypted traffic b/w AZ virtual network and on prem location over public internet or b/w Az virtual networks over MS network

Question 39

Company has just set up an AZ subscription and an AZ tenant. What can the company use to create an AZ support request?

Answer 39

Azure Portal - accessed in portal via “Help + support”—–>”New support request”

Question 40

Company is planning to set up AZ subscription and AZ tenant using AD. Would the company need to implement domain controllers on AZ virtual machines to use the AD service?

Answer 40

No - AD is a completely managed service so you dont need to provision any infrastructure to implement AD

Question 41

You are setting up an Azure Free Account. After 30 days, would certain AZ products still be free to use?

Answer 41

Yes - Free account gives access to all AZ services for first 30 days with free credit of $200, after which user would have access only to a subset of AZ services for free

Question 42

Which protocol enables dynamic routing b/w on-prem network and services running in the Microsoft cloud?

Answer 42

BGP - Border Gateway Protocol enables dynamic routing b/w on-prem network and MS cloud; ExpressRoute uses BGP

Question 43

Company wants to reduce the costs for resources hosted in Azure. They decide to remove the public IP addresses. Would this fulfill the requirement?

Answer 43

Yes - this can reduce the cost since there is a price for Public IP addressing as given in the MS documentation.

Question 44

Company wants to reduce the costs for resources hosted in Azure. They decide to remove the network interfaces from AD. Would this fulfill requirement?

Answer 44

No - there is no price for network interfaces so this would not help reduce cost.

Question 45

Company has just set up an AZ subscription and an Az tenant. They want to start deploying resources on the Az platform. They want to use an Az service that could create and update the resources as a group, rather than handling them individually, within the az subscription. Which service could be used for this requirement?

Answer 45

Azure Resource Manager

Question 46

Would you be charged for the computing cost of v machine in stopped state?

Answer 46

No - when the machine is in the stopped deallocated state the compute costs are no longer charged to the customer.

Question 47

Would you be charged for the underlying disks attached to the v machine in stopped state?

Answer 47

Yes - you are always charged for the OS disk attached to the v machine.

Question 48

Would you be charged for the private IP address assigned to the v machine in stopped state?

Answer 48

No - you are only charged for the Static Public IP addresses and not for the private IP addresses.

Question 49

How would you ensure that the v machine admin team is restricted to the usage of the available regions for the deployment of new resources?

Answer 49

Azure Policies

RBAC incorrect b/c that is used to give authorization to use Az resources

Question 50

How would you ensure that the v machine admin team can only deploy v machines and their dependent resources?

Answer 50

Azure Role-Based Access Control (RBAC)

Azure Policies incorrect since this is used to govern the resources in Az

Question 51

Company just started using Az. They have set up resources as part of their subscription. They want to get the current costs being incurred. They decide to use Az Cost Mgmt to get this info. Would this fulfill requirement?

Answer 51

Yes - this would give a cost breakdown for resources being used in Az.

Question 52

What are advantages of using hybrid cloud model?

Answer 52

1. Maintain Control
2. More Flexibility

Question 53

Company has Az v private connection b/w on-prem network and Az v network. Would they need to pay additional costs to transfer several gb of data FROM on-prem network TO Az?

Answer 53

No - data transfers TO Az data center are free

Question 54

Company has Az v private connection b/w on-prem network and Az v network. Company expects around 10gb worth of data transfer per month FROM Az TO on-prem network. Would they incur additional costs for this data transfer?

Answer 54

Yes - costs are incurred from Az to on-prem

Question 55

Company wants to use Az service that can be used to xfer offline data in a quick, inexpensive, and reliable way.

Answer 55

Azure Data Box - physical migration service that helps xfer offline data in a quick, inexpensive and reliable way.

Question 56

Identify the right service category for both advantages/features:
- increases stability, reliability, and supportability
- reduces cap ex and optimizes costs

Answer 56

IaaS

Question 57

Company wants to make use of the Az Service Health. Using this service, could the admin create a rule that sends alerts when an Az service fails?

Answer 57

Yes - in service health one can go to the ‘health alerts’ section and create a service health alert.

Question 58

Provide the ability to route traffic to backend v machines based on the the attributes of an HTTP request.

Answer 58

Az Application Gateway - web traffic load balancer that enables you to manage traffic to your web apps

Question 59

Provide a service that could help store objects that could be accessed from anywhere around the world via HTTP.

Answer 59

Azure Storage Accounts

Question 60

Company wants to implement Az AD Identity Protection w following requirements:
- prompt users if credentials are compromised
- identify suspicious login attempts
Which 2 policies implement the above requirements?

Answer 60

User risk policy
Sign in risk policy

Question 61

Company wants to move all employees to AD. What is the initial domain where the tenant is created?

Answer 61

onmicrosoft.com

Question 62

Company needs a new security model to effectively adapt to the complexity of the modern environment; Embraces the mobile workforce and protects people, devices, applications and data wherever they are. Would defense in depth model fulfill this requirement?

Answer 62

No - defense in depth uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data.

Correct solution is “Zero Trust security model”

Question 63

Company is planning to use Az Cosmos DB service. Would company need to manage indexes on the Cosmos DB server?

Answer 63

No - it’s fully managed; No schema or index management needed

Question 64

Company has deployed 6 v machines to Az. The v machines would be hosting a web app. Users would be using the web app from the internet. Would the use of an Az load balancer help to increase the availability of the web app?

Answer 64

Yes, you can achieve higher availability for your apps by adding a load balancer to the architecture.