Describe Core Azure Services Flashcards
What are the 4 levels of organizing structure for resources in Azure?
management groups, subscriptions, resource groups, and resources.
What is the top down hierarchy of organization structure for resources in Azure?
____________ are instances of services that you create, like virtual machines, storage, or SQL databases.
Resources
Resources are combined into ____________, which act as a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.
resource groups
A _____________ groups together user accounts and the resources that have been created by those user accounts. For each, there are limits or quotas on the amount of resources that you can create and use. Organizations can use these to manage costs and the resources that are created by users, teams, or projects.
subscriptions
These groups help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in it automatically inherit the conditions applied.
management group
Resources are created in _____________, which are different geographical locations around the globe that contain Azure datacenters.
regions
A ___________ is a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each to ensure workloads are appropriately balanced.
region
Name 2 benefits of regions
- Provide flexibility and scale to reduce customer latency
- Preserve data residency with a comprehensive compliance offering
True or False: Some services or VM features are only available in certain regions, such as specific VM sizes or storage types.
True
Name the 2 Azure special regions
- US DoD Central, US Gov Virginia, US Gov Iowa and more: These regions are physical and logical network-isolated instances of Azure for U.S. government agencies and partners. These datacenters are operated by screened U.S. personnel and include additional compliance certifications.
- China East, China North, and more: These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft doesn’t directly maintain the datacenters.
______________ are physically separate datacenters within an Azure region. Each is made up of one or more datacenters equipped with independent power, cooling, and networking. Each is set up to be an isolation boundary. If one zone goes down, the other continues working. Each is connected through high-speed, private fiber-optic networks.
Availability zones
True or False: Every region has support for availability zones.
False. For an updated list, see Regions that support availability zones in Azure Regions that support availability zones in Azure
You can use ________ to run mission-critical applications and build high-availability into your application architecture by co-locating your compute, storage, networking, and data resources within a zone and replicating in other zones.
availability zones
______________ are primarily for VMs, managed disks, load balancers, and SQL databases.
Availability zones
Azure services that support availability zones fall into three categories. What are those?
- Zonal services: You pin the resource to a specific zone (for example, VMs, managed disks, IP addresses).
- Zone-redundant services: The platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).
- Non-regional services: Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.
What is the term for this?
- At least 300 miles of separation between region pairs.
- Automatic replication for some services.
- Prioritized recovery in the event of an outage.
- Updates are rolled out sequentially to minimize downtime.
Azure region pairs
These are advantages of ______________:
- If an extensive Azure outage occurs, one region out of every pair is prioritized to make sure at least one is restored as quickly as possible for applications hosted in that region pair.
- Planned Azure updates are rolled out to paired regions one region at a time to minimize downtime and risk of application outage.
- Data continues to reside within the same geography as its pair (except for Brazil South) for tax- and law-enforcement jurisdiction purposes.
region pairs
What is the SLA for a single VM?
99.9%
What is the SLA for a VM replicated across availability zones?
99.99%
__________ is a manageable item that’s available through Azure. Virtual machines (VMs), storage accounts, web apps, databases, and virtual networks are examples.
Resource
_________ is a container that holds related resources for an Azure solution allowing you to manage resources as a common collection. You decide which resources belong to it based on what makes the most sense for your organization.
Resource group
True or false: All resources must be in a resource group, and a resource can only be a member of a single resource group.
True
True or false: Resource groups can be nested.
False
True or False: Before any resource can be provisioned, you need a resource group for it to be placed in.
True
A _________ is a container to manage & aggregate resources in a single unit.
- Resources can exist in only one.
- Resources can exist in different regions.
- Resources can be moved to different ones.
- Applications can utilize multiple ones.
resource group
True or false: If you delete a resource group, all resources contained within it still remain.
False
True or false: Resource groups make it easy to remove a set of resources all at once.
True
____________ are also a scope for applying role-based access control (RBAC) permissions. By applying RBAC permissions to a one, you can ease administration and limit access to allow only what’s needed.
Resource groups
_______________ is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features like access control, locks, and tags to secure and organize your resources after deployment.
Azure Resource Manager
When a user sends a request from any of the Azure tools, APIs, or SDKs, ____________receives the request. It authenticates and authorizes the request. It sends the request to the Azure service, which takes the requested action. Because all requests are handled through the same API, you see consistent results and capabilities in all the different tools.
Resource Manager
The ___________ provides a management layer that enable you to create, update, and delete resources in your Azure subscription.
Azure Resource Manager (ARM)
True or false: All capabilities that are available in the Azure portal are also available through PowerShell, the Azure CLI, REST APIs, and client SDKs.
True
True or false: Functionality initially released through APIs will be immediately available in the portal.
False. Functionality initially released through APIs will be represented in the portal within 180 days of initial release.
These are all benefits of using _____________:
- Manage your infrastructure through declarative templates rather than scripts. A Resource Manager template is a JSON file that defines what you want to deploy to Azure.
- Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.
- Redeploy your solution throughout the development life cycle and have confidence your resources are deployed in a consistent state.
- Define the dependencies between resources so they’re deployed in the correct order.
- Apply access control to all services because RBAC is natively integrated into the management platform.
- Apply tags to resources to logically organize all the resources in your subscription.
- Clarify your organization’s billing by viewing costs for a group of resources that share the same tag.
Azure Resource Manager
Using Azure requires an Azure ____________. It provides you with authenticated and authorized access to Azure products and services. It also allows you to provision resources.
subscription
An Azure __________ is a logical unit of Azure services that links to an Azure account, which is an identity in Azure Active Directory (Azure AD) or in a directory that Azure AD trusts.
subscription
True or false: An account can have one subscription or multiple subscriptions that have different billing models and to which you apply different access-management policies.
True
________ can be used to define boundaries around Azure products, services, and resources.
Azure subscriptions
What are the 2 types of subscription boundaries?
- Billing boundary: This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.
- Access control boundary: Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.
This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.
Billing boundary
What type of subscription boundary is this? Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.
Access control boundary
When managing your resources, you can choose to create ____________ to set up separate environments for development and testing, security, or to isolate data for compliance reasons. This design is particularly useful because resource access control occurs at this level.
subscriptions
You can create ____________ to reflect different organizational structures. For example, you could limit a team to lower-cost resources, while allowing the IT department a full range. This design allows you to manage and control access to the resources that users provision within each.
subscriptions
You might want to also create ___________ for billing purposes. Because costs are first aggregated at this level, you might want to create these to manage and track costs based on your needs. For instance, you might want to create one for your production workloads and another for your development and testing workloads.
subscriptions
True or false. Subscriptions are not bound to some hard limitations.
False. Subscription limits: Subscriptions are bound to some hard limitations. For example, the maximum number of Azure ExpressRoute circuits per subscription is 10. Those limits should be considered as you create subscriptions on your account. If there’s a need to go over those limits in particular scenarios, you might need additional subscriptions.
_____________ provide a level of scope above subscriptions. You organize subscriptions into containers and apply your governance conditions to the these.
Azure management groups. If your organization has many subscriptions, you might need a way to efficiently manage access, policies, and compliance for those subscriptions.
True or false: All subscriptions within a management group automatically inherit the conditions applied to the management group.
True
True or false: All subscriptions within a single management group must do not need to trust the same Azure AD tenant.
False
What would you use if you wanted to provide user access to multiple subscriptions through one role-based access control (RBAC) assignment?
A resource management groups is to provide user access to multiple subscriptions. By moving multiple subscriptions under that management group, you can create one role-based access control (RBAC) assignment on the management group, which will inherit that access to all the subscriptions. One assignment on the management group can enable users to have access to everything they need instead of scripting RBAC over different subscriptions.
What would you use when you want to create a hierarchy that applies a policy. For example, you could limit VM locations to the US West Region in a group called Production. This policy will inherit onto all the Enterprise Agreement subscriptions that are descendants and will apply to all VMs under those subscriptions. This security policy can’t be altered, which allows for improved governance.
Resource management group: You can create a hierarchy that applies a policy. For example, you could limit VM locations to the US West Region in a group called Production. This policy will inherit onto all the Enterprise Agreement subscriptions that are descendants of that management group and will apply to all VMs under those subscriptions. This security policy can’t be altered by the resource or subscription owner, which allows for improved governance.
What would you use to build a flexible structure of management groups and subscriptions to organize your resources into a hierarchy for unified policy and access management?
Resource management groups
True or false: No more than 1,000 management groups can be supported in a single directory.
False. 10,000 management groups can be supported in a single directory.
True or false: A management group tree can support up to six levels of depth. This limit doesn’t include the root level or the subscription level.
True
True or false: Each management group and subscription can relate to multiple parents.
False. Each management group and subscription can support only one parent.
True or false: Each management group can have many children.
True
True or false: All subscriptions and management groups are distributed across multiple hierarchies in each directory.
False: All subscriptions and management groups are within a single hierarchy in each directory.
Which of the following can be used to manage governance across multiple Azure subscriptions?
- Azure initiatives
- Management groups
- Resource groups
Management groups
Management groups facilitate the hierarchical ordering of Azure resources into collections, at a level of scope above subscriptions. Distinct governance conditions can be applied to each management group, along with Azure Policy and Azure role-based access controls, to manage Azure subscriptions effectively. The resources and subscriptions assigned to a management group automatically inherit the conditions applied to the management group.
Which of the following is a logical unit of Azure services that links to an Azure account?
- Azure subscription
- Management group
- Resource group
- Public cloud
Azure subscription
An Azure subscription is a logical unit of Azure services that links to an Azure account. An Azure subscription is an object that represents a container that you can put resources in. Subscriptions are tied to tenants, so one tenant can have many subscriptions, but not vice versa.
Which of the following features does not apply to resource groups?
- Resources can be in only one resource group.
- Role-based access control can be applied to the resource group.
- Resource groups can be nested.
Resource groups can be nested.
Resource groups cannot be nested.
Which of the following statements is a valid statement about an Azure subscription?
- Using Azure doesn’t require a subscription.
- An Azure subscription is a logical unit of Azure services.
An Azure subscription is a logical unit of Azure services.
A subscription is a set of Azure services bundled together for tracking and billing purposes. Resource access control occurs at the subscription level. Organizations use Azure subscriptions to manage and govern their Azure resources.
______________ is an on-demand computing service for running cloud-based applications. It provides computing resources such as disks, processors, memory, networking, and operating systems.
Azure compute
_______ are software emulations of physical computers. They include a virtual processor, memory, storage, and networking resources. These can host an operating system, and you can install and run software just like a physical computer.
Virtual machines
True or false: When you need total control over an operating system and environment, VMs are an ideal choice. Just like a physical computer, you can customize all the software running on the VM. This ability is helpful when you’re running custom software or custom hosting configurations.
True
_____________ are an Azure compute resource that you can use to deploy and manage a set of identical VMs. With all VMs configured the same, these are designed to support true autoscale. No pre-provisioning of VMs is required. For this reason, it’s easier to build large-scale services targeting big compute, big data, and containerized workloads. As demand goes up, more VM instances can be added. As demand goes down, VM instances can be removed. The process can be manual, automated, or a combination of both.
___________ are lightweight, virtualized application environments. They’re designed to be quickly created, scaled out, and stopped dynamically.
Containers
_______ and _______ are Azure compute resources that you can use to deploy and manage containers.
True or false: You can run only a single instance of a containerized application on a single host machine.
False: You can run multiple instances of a containerized application on a single host machine.
With _________, you can quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform. You can meet rigorous performance, scalability, security, and compliance requirements while using a fully managed platform to perform infrastructure maintenance.
True or false: App Service is a software as a service (SaaS) offering.
False. App Service is a platform as a service (PaaS) offering.
___________ are ideal when you’re concerned only about the code running your service and not the underlying platform or infrastructure. They’re commonly used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less.
Identify 4 use cases for the use of VMs.
when to use VMs
- During testing and development. VMs provide a quick and easy way to create different OS and application configurations. Test and development personnel can then easily delete the VMs when they no longer need them.
- When running applications in the cloud. The ability to run certain applications in the public cloud as opposed to creating a traditional infrastructure to run them can provide substantial economic benefits. For example, an application might need to handle fluctuations in demand. Shutting down VMs when you don’t need them or quickly starting them up to meet a sudden increase in demand means you pay only for the resources you use.
- When extending your datacenter to the cloud. An organization can extend the capabilities of its own on-premises network by creating a virtual network in Azure and adding VMs to that virtual network. Applications like SharePoint can then run on an Azure VM instead of running locally. This arrangement makes it easier or less expensive to deploy than in an on-premises environment.
- During disaster recovery. As with running certain types of applications in the cloud and extending an on-premises network to the cloud, you can get significant cost savings by using an IaaS-based approach to disaster recovery. If a primary datacenter fails, you can create VMs running on Azure to run your critical applications and then shut them down when the primary datacenter becomes operational again.
What would be the best time to use a VM?
VMs are also an excellent choice when you move from a physical server to the cloud (also known as lift and shift). You can create an image of the physical server and host it within a VM with little or no changes. Just like a physical on-premises server, you must maintain the VM. You update the installed OS and the software it runs.
Imagine you’re running a website that enables scientists to upload astronomy images that need to be processed. What would you run to support duplicating, to configure an additional service, and to route requests between multiple instances of the website.
Virtual machine scale sets could do that work for you. Virtual machine scale sets let you create and manage a group of identical, load-balanced VMs.
Scale sets allow you to centrally manage, configure, and update a large number of VMs in minutes to provide highly available applications. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. With virtual machine scale sets, you can build large-scale services for areas such as compute, big data, and container workloads.