Exam Learnings

Question 1

What does an Azure Management Group do?

Answer 1

Allows your to apply policies with flexible hierarchies to multiple subscriptions
DOES NOT: Manage RBAC - it is for managing subscriptions above the normal subscription level.

Question 2

Which cloud attribute is defined by knowing your application will perform as expected regardless of customer demand?

Answer 2

Predictability
Knowing your application will perform at a consistent level regardless of the load. This is achieved through a combination of autoscaling, high availability, and load balancing. It also describes transparency in cost.
NOT: Having to do with resource failures

Question 3

What are the capabilities of Azure Arc?

Answer 3

Enable running serverless (ex. Azure Functions) in a containerized form on on-premises servers.
Protect Amazon E2C instances with Microsoft Defender
Apply RBAC to non-Azure servers
CANNOT: Privately connect on-premises networks to Azure managed services

Question 4

What is Azure data box?

Answer 4

Used for transferring a lot of data into or out of Azure Storage with limited network bandwidth
Too much data over the internet
You get a physical box and ship it to Azure
Encrypted and Rugged
Used for bulk data migration, security. Disaster recovery

Question 5

What is Azure Migrate?

Answer 5

Moving non-Azure resources into Azure
Can be servers, apps, databases
One of its features is the ability to discover dependencies of resources being migrated to Azure.

Question 6

What is AzCopy?

Answer 6

Command-line Utility
Transfer blob and Azure files
Useful for scripting data transfer - not continuous transfer

Question 7

What is Storage Explorer?

Answer 7

GUI method - downloaded application for Blob
Can more ALL storage account formats

Question 8

What is Azure File Sync?

Answer 8

Specifically with Azure files
Will automatically sync with on-prem file servers
Use to backup local file server
Helps with transition to files being only on Azure

Question 9

How do you ensure a server is separately physically from your other servers?

Answer 9

Have it in a separate region with a separate Vnet.

Question 10

Which Azure tool allows you to view which user turned off a specific virtual machine during the last 14 days?

Answer 10

Azure Activity Log - it is a logging service that provides insight into subscription-level events that have occurred in Azure. This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events. Events such as starting and stopping of virtual machines can be found here.

Question 11

What is the preferred method to run Azure serverless services, like Logic Apps, on your on-premises servers?

Answer 11

Enable Azure Arc on your on-premises servers.
Azure Arc enables Azure serverless services (like Logic Apps) to run on non-Azure servers as a containerized workload.

Question 12

What would you recommend to easily manage multiple subscriptions from a single source?

Answer 12

Management groups
Management groups are an Azure resource management scope that sit above individual subscriptions. They are in fact a grouping, or collection of multiple subscriptions. Permissions, policies, and compliance settings applied to a management group are automatically inherited by all subscriptions inside of that group.
NOT: Use resource groups to manage multiple subscriptions
Resource groups are a management container inside of subscriptions, where groups of different Azure services are deployed. For this scenario, we want to use management groups, which are a higher-level, logical grouping of subscriptions.

Question 13

What Cloud service model is Azure Function Apps?

Answer 13

Severless

Question 14

How can you combine Azure subscriptions?

Answer 14

You cannot in the Azure Portal
You must contact Microsoft Azure Support

Question 15

Name 2 command-line tools that can be used to interact with Azure resources using the Azure CLI.

Answer 15

Bash
Powershell

Question 16

What is the concept in which you layer multiple stages of security such as physical security, network security, etc., to create a robust defense against cybersecurity threats?

Answer 16

Defense in Depth - Defense in depth is the concept in which by layering different security measures, protection against security threats is greatly increased.

Question 17

Does vertical scaling require downtime or can it be done automatically?

Answer 17

Requires downtime

Question 18

What 2 components are required for Azure Monitor alerts?

Answer 18

Action Group - After an alert is triggered via an alert rule, the action group designates who is informed of the triggered alert.
Alert Rule - The alert rule provides the conditions that must be met before triggering an alert.

Question 19

What is Azure Logic Apps?

Answer 19

Azure Logic Apps provides no-code solutions for connecting and automating workflows between different services and applications.

Question 20

What operating systems work on CLI and Powershell?

Answer 20

Windows
MacOS
Linux

Question 21

What is Azure File Sync?

Answer 21

Azure File Sync automatically synchronizes on-premises file servers with Azure Files.

Question 22

What is Application Insights?

Answer 22

Provides insights such as customer behavior, performance bottlenecks, and errors to web applications as well as website performance monitoring.

Question 23

What is Manageability for the Cloud?

Answer 23

Manageability has two aspects: 1. How you create and manage resources, which includes autoscaling, template-based deployments, and monitoring/alerts. 2. How you interact with your cloud environments, including via a web portal, command line, and programmatic APIs.

Question 24

What solution exists to migrate the functionality of your existing on-premises file server to Azure using a Server Message Block (SMB) shares for file storage and management?

Answer 24

Azure Files uses SMB shares within a storage account to act as a cloud-based network file server.

Question 25

What is a self managed Active Directory?

Answer 25

You are in charge of configuring and maintaining a Windows server acting as a domain controller. Self-managed AD n an Azure VM can use an existing domain namespace.

Question 26

What is the primary difference between Private and Service endpoints?

Answer 26

Private - Connectivity to non-Azure resources
Private Endpoints allow private access from connected non-Azure locations, therefore allowing full removal of public PaaS access and still allowing on-premises connectivity.
DOES NOT require Azure Arc
Service - Service Endpoints only work with Azure Virtual Networks at a subnet-level scope

Question 27

Review Storage Account options

Answer 27

Premium page blobs support the fastest possible performance for page blob storage types (e.g., IaaS disks)

Question 28

What fault tolerance options are best if you want to ensure your application will remain up and running during a hardware failure or planned OS update?

Answer 28

Availability Set - An Availability set consists of 2 or more virtual machines in the same physical location within an Azure datacenter. This configuration ensures that only a subset of the virtual machines in an availability set will be affected in the event of hardware failure, OS update, or a complete data center outage; whereas, availability zones protect applications from complete Azure datacenter failures, which was not a requirement in this scenario.

Question 29

What is Azure Privileged Identity Management?

Answer 29

A service in Azure Active Directory that allows you to manage, control, and monitor access to important resources in your organization.

Question 30

What is the best storage option for keeping costs low, for general storage types, and an acceptable level of performance?

Answer 30

General-Purpose V2

Question 31

What is the query language used for Log Analytics?

Answer 31

KQL

Question 32

What is the purpose of the Service Trust Portal?

Answer 32

Provides customers with Azure compliance documentation.

Question 33

Azure Express Route?

Answer 33

If you need data on prem and on cloud
Needs to be highly available
Periodically migrated
Not over public internet, over Azure backbone
Higher security and more reliable

Question 34

What is Azure Resource Manager vs. ARM templates?

Answer 34

Azure Resource Manager - manages and controls all interactions with Azure
ARM Template - infrastructure-as-code for automated deployments, which interact with Azure Resource Manager

Question 35

When would you authenticate using Azure AD credentials using single sign on?

Answer 35

When newer authentication for the app is supported (ex. OAuth 2.0)

Question 36

What is a preferred method for inviting external users as a collaborator in the Azure AD environment?

Answer 36

Invite their existing account as an external guest user

Question 37

What is Azure AD Connect?

Answer 37

Just syncs your on prem AD with Azure AD

Question 38

What is AD DS?

Answer 38

Domain controller - a server running Active Directory Domain Services. It processes requests for authentication and validation of users on a network.
You need it for more control over your hierarchy
Azure AD - great for cloud, but limited to just usernames and passwords

Question 39

What two options could you do if you have an app that you need to convert to the cloud, and the authentication method is out-dated? You already have an existing AD DS environment. What option can you not use?

Answer 39

Option 1: Azure AD Connect to sync your on Prem AD with Azure AD
Option 2: Configure an Azure DM as the domain controller and configure the app to authenticate with your VM hosted AD server. You can integrate your new VM with your existing AD Ds.
CANNOT: Use Azure AD DS - this cannot integrate with an existing AD DS

Question 40

How do you invite external guests to Azure?

Answer 40

Create a separate organization for external users - can’t use primary accounts so must juggle two.
Invite guest user to Azure tenant
Invite account types with the help of identity providers (Microsoft, Google, Facebook)
Assign permissions for guest accounts
Assign guest user to a specific applications
Conditional Access Policies - to use MFA

Question 41

What CANT Azure VMS be moved between?

Answer 41

Availability Sets

Question 42

What are the 2 main benefits of Government on Azure Cloud?

Answer 42

Screened personnel
Dedicated regions for data isolation
Dedicated hosts - but not unique to Government for Cloud

Question 43

What is high availability vs. reliability for the cloud?

Answer 43

Reliability is ensuring services and applications are available in the event of a failure, for large scale disasters
High availability is making sure IT disruptions are minimized as much as possible. Carried out by using clusters of identical servers and automatically replacing failed servers.

Question 44

Are you still charged when a Virtual Machine is deleted?

Answer 44

Yes, its managed disk remains in the Azure portal and can be used to create a new virtual machine
Until the disk is removed you’ll incur charges whether it is in use or not.

Question 45

What is Locally Redundant Storage?

Answer 45

Copies your data 3 times within a single zone - least expensive - not recommended for high availability apps (ONE ZONE)
Pro - protects against datacenter failure in the primary zone of the primary region
Drawback - does not protect against regional failure or zone failure

Question 46

What is Zone Redundant Storage?

Answer 46

Copies your data synchronously across 3 Azure availability zones (3 ZONES) in the primary region
Pro - protects against zone failure in the primary region
Drawback - does not protect against region failure

Question 47

What is Geo-Redundant Storage?

Answer 47

3 copies in the primary region in a single zone, and one copy in the second Region pair. (2 Regions, 3 COPIES in the Primary Region, 3 COPIES in SECOND REGION)
6 copies total
Pro - protects again primary region failure
Drawback - no protection for zone failure in the primary region

Question 48

What is Geo-Zone-Redundant Storage?

Answer 48

3 copies in the primary region across 3 zones, and 3 copies in the second Region pair. (2 Regions, 3 COPIES in SECOND REGION)
Pro - protects against primary region failure and primary zone - region failure