Describe Azure architecture and services

Question 1

After making an Azure account, what do you need in order to start creating Azure resources?

Answer 1

An Azure subscription

Question 2

What command can you enter when in Azure CLI to change to Azure powershell?

Answer 2

pwsh

Question 3

What is a region?

Answer 3

a geographical area on the planet that contains at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network.

Question 4

What type of resource are availability zones primarily for? (4)

Answer 4

1. VMs
2. managed disks
3. load balancers
4. SQL databases

Question 5

What are availability zones?

Answer 5

physically separate datacenters within an Azure region

Question 6

What three categories do resources that support availability zone fall into?

Answer 6

Zonal services: You pin the resource to a specific zone (for example, VMs, managed disks, IP addresses).
Zone-redundant services: The platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).
Non-regional services: Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.

Question 7

What is a region pair?

Answer 7

a pairing with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away to allows= for the replication of resources across a geography that helps reduce the likelihood of interruptions because of events such as natural disasters, civil unrest, power outages, or physical network outages that affect an entire region.

Question 8

What are Sovereign Regions?

Answer 8

Instances of Azure that are isolated from the main instance of Azure (maybe for compliance or legal purposes)

Question 9

What are you required to do when creating a resource?

Answer 9

Assign it to a resource grou

Question 10

Azure subscriptions are…

Answer 10

a unit of management, billing, and scale

Question 11

How many Azure subscriptions can an account have?

Answer 11

Multiple, but it only requires one

Question 12

What are the two types of subscription boundaries?

Answer 12

Billing and access control

Question 13

How does a subscription billing boundary work?

Answer 13

Azure generates separate billing reports and invoices for each subscription so that you can organise and manage costs

Question 14

How does a subscription access control boundary boundary work?

Answer 14

Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organisational structures

Question 15

How are availability zones connected?

Answer 15

through high-speed, private fiber-optic networks

Question 16

What is the minimum number of availability zones present in all availability zone-enabled regions?

Answer 16

Three

Question 17

Do all Azure regions contain availability zones?

Answer 17

No, regions that do not still can contain multiple data centers however they are not connected via their own independent network

Question 18

What do virtual machines provide?

Answer 18

provide infrastructure as a service (IaaS) in the form of a virtualised server

Question 19

What is an image?

Answer 19

a template used to create a VM

Question 20

What is a VM scale set?

Answer 20

a group of identical, load-balanced VMs

Question 21

What does the update domain VM grouping determine?

Answer 21

VMs that can be rebooted at the same time

Question 22

How does fault domain VM grouping work?

Answer 22

it groups your VMs by common power source and network switch

Question 23

In what two ways do availability sets group VMs

Answer 23

update domain and fault domain

Question 24

What type of resources can you pick when creating a VM? (3)

Answer 24

1. Size
2. Storage
3. Networking

Question 25

what command is used in Azure CLI to create a virtual machine?

Answer 25

az vm create

Question 26

What does Azure Virtual Desktop allow?

Answer 26

It enables you to use a cloud-hosted version of Windows from any location

Question 27

How does Azure virtual desktop provide centralised security?

Answer 27

With Microsoft Entra ID

Question 28

What are containers?

Answer 28

A virtualisation environment

Question 29

What is the difference between containerisation and virtualisation?

Question 30

What is a benefit of Azure functions?

Answer 30

enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure

Question 31

When are Azure functions commonly used?

Answer 31

when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less.

Question 32

How are you charged with Azure functions?

Answer 32

Azure only charges you for the CPU time used while your function runs

Question 33

What are the two types of Azure function?

Answer 33

Stateless and stateful (durable functions)

Question 34

How do stateful Azure functions work?

Answer 34

a context is passed through the function to track prior activity

Question 35

What is Azure App Service?

Question 36

What are the types of app service offered by Azure App Service? (4)

Answer 36

1. Web app
2. API apps
3. WebJobs
4. Mobile apps

Question 37

What is the purpose of Azure Virtual Networks?

Answer 37

they enable Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers

Question 38

What is the purpose of Azure VPNs?

Answer 38

to connect two or more trusted private networks to one another over an untrusted network (typically the public internet)

Question 39

A point-to-site private virtual connection provides a connection between what?

Answer 39

a computer outside your organization back into your corporate network

Question 40

A site-to-site private virtual connection provides a connection between what?

Answer 40

your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network

Question 41

A network-to-network private virtual connection provides a connection between what?

Answer 41

two virtual networks

Question 42

What is the Azure VPN gateway?

Answer 42

a type of virtual network gateway which instances are deployed in a dedicated subnet of the virtual network

Question 43

What must you specify when setting up a VPN gateway?

Answer 43

Whether it is policy-based or route-based

Question 44

You should use a route-based VPN when you require which types of connectivity? (4)

Answer 44

1. Connections between virtual networks
2. Point-to-site connections
3. Multisite connections
4. Coexistence with an Azure ExpressRoute gateway

Question 45

What can be done to maximise the resiliency of your VPN gateway?

Answer 45

1. Active/standby configuration
2. Active/active configuration
3. ExpressRoute failover
4. Zone-redundant gateways

Question 46

What is Azure DNS?

Answer 46

a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure

Question 47

What is the benefit of hosting your DNS in Azure?

Answer 47

you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services

Question 48

What is an Azure storage account?

Answer 48

a unique namespace for your Azure Storage data (e.g. blobs, files, queues & tables) that’s accessible from anywhere in the world over HTTP or HTTPS.

Question 49

What does the type of storage account you choose determine?

Answer 49

the storage services and redundancy options

Question 50

What two attributes form the endpoint for an Azure storage account?

Answer 50

the account name and the Azure Storage service endpoint

Question 51

What are the requirements for storage account names? (3)

Answer 51

1. Must be unique
2. Must be between 3 and 24 characters
3. Must contain lowercase letters and numbers only

Question 52

Which considerations will help you determine which redundancy option to use in regard to a storage account? (3)

Answer 52

1. How your data is replicated in the primary region
2. Whether your data is replicated to a second region that is geographically distant to the primary region, to protect against regional disasters
3. Whether your application requires read access to the replicated data in the secondary region if the primary region becomes unavailable

Question 53

What does azure storage account redundancy ensure?

Answer 53

that your storage account meets its availability and durability targets even in the face of failures.

Question 54

What types of redundancy does Azure offer in the primary region? (2)

Answer 54

1. Locally redundant storage
2. Zone-redundant storage

Question 55

What types of redundancy does Azure offer in the secondary region? (2)

Answer 55

1. Geo-redundant storage
2. Geo-zone-redundant storage

Question 56

When is zone-redundant storage recommended?

Answer 56

for restricting replication of data within a country or region to meet data governance requirements

Question 57

What storage services does azure provide? (5)

Answer 57

1. Blobs
2. Files
3. Queues
4. Disks
5. Tables

Question 58

What are some benefits of Azure storage? (5)

Answer 58

1. Durable and highly available
2. Secure
3. Scalable
4. Accessible
5. Managed

Question 59

What is Azure blob storage?

Answer 59

an object storage solution for the cloud.

Question 60

What is blob storage good for? (5)

Answer 60

1. Serving images or documents directly to a browser.
2. Storing files for distributed access.
3. Streaming video and audio.
4. Storing data for backup and restore, disaster recovery, and archiving.
5. Storing data for analysis by an on-premises or Azure-hosted service.

Question 61

How can Azure data storage be accessed? (6)

Answer 61

1. Client libraries in a variety of programming lnaguages
2. Mature REST API
3. Azure PowerShell
4. Azure CLI
5. Azure portal
6. Azure Storage Explorer

Question 62

What are the access tiers for Azure blobs? (4)

Answer 62

1. Hot
2. Cool
3. Cold
4. Archive

Question 63

Which two protocols allow fully managed file shares in Azure?

Answer 63

Server Message Block (SMB) & Network File System (NFS)

Question 64

What is the purpose of Azure queue storage?

Answer 64

storing large numbers of messages

Question 65

How can you access queue messages?

Answer 65

via authenticated calls using HTTP or HTTPS

Question 66

What type of structure does Azure tables provide

Answer 66

NoSQL/semi-structured

Question 67

What is Azure migrate?

Answer 67

a service that helps you migrate from an on-premises environment to the cloud

Question 68

What two migration services does Azure provide?

Answer 68

Azure Migrate & Azure Data box

Question 69

Use case for Azure Data box?

Answer 69

suited to transfer data sizes larger than 40 TBs in scenarios with no to limited network connectivity.

Question 70

What tools do Azure offer for file movement?

Answer 70

1. AzCopy
2. Azure Storage Explorer
3. Azure File Sync

Question 71

What is Microsoft Entra ID?

Answer 71

a directory service that enables you to sign in and access both Microsoft cloud applications and cloud applications that you develop

Question 72

Examples of services that Microsoft Entra ID provides (4)

Answer 72

1. Authentication
2. Single sign-on (SSO)
3. Application management
4. Device management

Question 73

What is Microsoft Entra Connect used for?

Answer 73

connecting Microsoft Entra ID with your on-premises AD

Question 74

What is Microsoft Entra Domain Services?

Answer 74

a service that provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication

Question 75

What authentication methods does Azure support? (4)

Answer 75

1. standard passwords
2. single sign-on
3. multi-factor
4. passwordless

Question 76

Who is Windows Hello for Business useful for?

Answer 76

for information workers that have their own designated Windows PC

Question 77

What is Azure conditional access?

Answer 77

a tool that Microsoft Entra ID uses to allow (or deny) access to resources based on identity signals.

Question 78

What is the zero trust model?

Answer 78

a security model that assumes the worst case scenario and protects resources with that expectation

Question 79

What is Defender for Cloud?

Answer 79

a monitoring tool for security posture management and threat protection