Exam Review Flashcards

Question

Region Pair

Answer 1

Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources (such as virtual machine storage) across a geography that helps reduce the likelihood of interruptions due to events such as natural disasters, civil unrest, power outages, or physical network outages affecting both regions at once.

Answer 2

Resource groups are a fundamental element of the Azure platform. A resource group is a logical container for resources deployed on Azure.

Answer 3

Azure Resource Manager is the interface for managing and organizing cloud resources. Think of Resource Manager as a way to deploy cloud resources.

Answer 4

Virtual Machines - Windows or Linux virtual machines (VMs) hosted in Azure Virtual Machine Scale Sets - Scaling for Windows or Linux VMs hosted in Azure App Service - PaaS offerings to build, deploy, and scale enterprise-grade web, mobile, and API apps. Azure Functions - An event-driven, serverless compute service Azure Container Instances (ACI) - Azure Container Instances (ACI) offers the fastest and simplest way to run a container in Azure. You don't have to manage any virtual machines or configure any additional services. It is a PaaS offering that allows you to upload your containers and execute them directly with automatic elastic scale. Azure Kubernetes (AKS) - The task of automating, managing, and interacting with a large number of containers is known as orchestration. Azure Kubernetes Service (AKS) is a complete orchestration service for containers with distributed architectures with multiple containers.

Answer 5

Virtual Network - Connects VMs to incoming Virtual Private Network (VPN) connections Load Balancer - Balances inbound and outbound connections to applications or service endpoints VPN Gateway Accesses Azure Virtual Networks through high-performance VPN gateways Application Gateway - Optimizes app server farm delivery while increasing application security Content Delivery Network - Delivers high-bandwidth content to customers globally

Answer 6

Blob Storage - Storage service for very large objects, such as video files or bitmaps Disk Storage - Provides disks for virtual machines, applications, and other services. File Storage - Azure Files offers fully-managed file shares in the cloud. Archive Storage - Storage facility for data that is rarely accessed.

Answer 7

CosmosDB Globally distributed database that supports NoSQL options Azure SQL Database - Fully managed relational database with auto-scale, integral intelligence, and robust security Azure Database Migration Service - Migrates your databases to the cloud with no application code changes Azure SQL Data Warehouse - Fully managed data warehouse with integral security at every level of scale at no extra cost

Answer 8

The Marketplace allows customers to find, try, purchase, and provision applications and services from hundreds of leading service providers, all certified to run on Azure. Azure Marketplace is a service on Azure that helps connect end users with Microsoft partners, independent software vendors (ISVs), and start-ups that are offering their solutions and services, which are optimized to run on Azure.

Answer 9

IoT Hub - Messaging hub that provides secure communications and monitoring between millions of IoT devices IoT Central - Fully-managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage your IoT assets at scale IoT Edge - Push your data analysis onto your IoT devices instead of in the cloud allowing them to react more quickly to state changes.

Answer 10

SQL Data Warehouse - Run analytics at a massive scale using a cloud-based Enterprise Data Warehouse (EDW) that leverages massive parallel processing (MPP) to run complex queries quickly across petabytes of data HDInsight - Process massive amounts of data with managed clusters of Hadoop clusters in the cloud Data Lake Analytics - On-demand ("pay as you go") scalable analytics service that allows you to write queries to transform your data and extract valuable insights.

Answer 11

Azure Machine Learning Service - Cloud-based environment you can use to develop, train, test, deploy, manage, and track machine learning models. It can auto-generate a model and auto-tune it for you. It will let you start training on your local machine, and then scale out to the cloud Azure Machine Learning Studio - Collaborative, drag-and-drop visual workspace where you can build, test, and deploy machine learning solutions using pre-built machine learning algorithms and data-handling modules

Answer 12

Azure Functions - An event-driven, serverless compute service Logic Apps - Help you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Event Grid - Allows you to easily build applications with event-based architectures. It's a fully-managed, intelligent event routing service that uses a publish-subscribe model for uniform event consumption.

Answer 13

Azure CLI is a cross-platform command-line program that connects to Azure and executes administrative commands on Azure resources. Cross-platform means that it can be run on Windows, Linux, or macOS.

Answer 14

Azure PowerShell is a module that you add to Windows PowerShell or PowerShell Core that enables you to connect to your Azure subscription and manage resources.

Answer 15

The Azure portal is a website that you can access with a web browser, by going to the URL https://portal.azure.com. From here, you can interact manually with all the Azure services. The portal is a web-based administration site that lets you interact with all of your subscriptions and resources you have created.

Answer 16

Azure Advisor is a free service built into Azure that provides recommendations on high availability, security, performance, and cost. Advisor analyzes your deployed services and looks for ways to improve your environment across those four areas.

Answer 17

Azure Firewall is a managed, cloud-based, network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall provides inbound protection for non-HTTP/S protocols. Examples of non-HTTP/S protocols include: Remote Desktop Protocol (RDP), Secure Shell (SSH), and File Transfer Protocol (FTP). It also.provides outbound, network-level protection for all ports and protocols, and application-level protection for outbound HTTP/S.

Answer 18

DDoS Protection leverages the scale and elasticity of Microsoft’s global network to bring DDoS mitigation capacity to every Azure region. The Azure DDoS Protection service protects your Azure applications by scrubbing traffic at the Azure network edge before it can impact your service's availability. Within a few minutes of attack detection, you are notified using Azure Monitor metrics.

Answer 19

NSGs operate at layers 3 & 4, and provide a list of allowed and denied communication to and from network interfaces and subnets. NSGs are fully customizable, and give you the ability to fully lock down network communication to and from your virtual machines. By using NSGs, you can isolate applications between environments, tiers, and services.

Answer 20

Authentication is the process of establishing the identity of a person or service looking to access a resource. It involves the act of challenging a party for legitimate credentials, and provides the basis for creating a security principal for identity and access control use. It establishes if they are who they say they are.

Answer 21

Authorization is the process of establishing what level of access an authenticated person or service has. It specifies what data they're allowed to access and what they can do with it.

Answer 22

Azure AD is a cloud-based identity service. It has built in support for synchronizing with your existing on-premises Active Directory or can be used stand-alone. This means that all your applications, whether on-premises, in the cloud (including Office 365), or even mobile can share the same credentials. Administrators and developers can control access to internal and external data and applications using centralized rules and policies configured in Azure AD. • Authentication • Single Sign-On (SSO) • Application Management • Business to Business (B2B) Identity Services Device Management

Answer 23

Multi-factor authentication (MFA) provides additional security for your identities by requiring two or more elements for full authentication. These elements fall into three categories: • Something you know (e.g. password) • Something you possess (e.g. mobile app) Something you are (e.g. fingerprint or face scan)

Answer 24

Security Center is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises. Available in two tiers, Free (limited to assessments and recommendations only); Standard (full suite of security-related services including continious monitoring, threat detection and just-in-time access control)

Answer 25

* Incident Response (Detect, Assess, Diagnose) | * Implement Recommendations

Answer 26

Azure Key Vault is a secret store: a centralized cloud service for storing application secrets. Key Vault helps you control your applications' secrets by keeping them in a single central location and providing secure access, permissions control, and access logging.

Answer 27

A cloud-based solution that helps organizations classify and optionally protect documents and emails by applying labels. Analyse data flows, detect risky behaviour, track access to documents, prevent data leakage or misuse of confidential information.

Answer 28

A cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure ATP is capable of detecting known malicious attacks and techniques, security issues, and risks against your network.

Answer 29

Azure Policy is a service you can use to create, assign, and manage policies. These policies apply and enforce rules that your resources need to follow. These policies can enforce these rules when resources are created, and can be evaluated against existing resources to give visibility into compliance.

Answer 30

Initiatives work alongside policies in Azure Policy. An initiative definition is a set or group of policy definitions to help track your compliance state for a larger goal.

Answer 31

RBAC provides fine-grained access management for Azure resources, enabling you to grant users the specific rights they need to perform their jobs. RBAC is considered a core service and is included with all subscription levels at no cost.

Answer 32

Resource locks are a setting that can be applied to any resource to block modification or deletion. Resource locks can set to either Delete or Read-only. Delete will allow all operations against the resource but block the ability to delete it. Read-only will only allow read activities to be performed against it, blocking any modification or deletion of the resource. Resource locks can be applied to subscriptions, resource groups, and to individual resources, and are inherited when applied at higher levels.

Answer 33

Azure Monitor maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.

Answer 34

Azure Service Health is a suite of experiences that provide personalized guidance and support when issues with Azure services affect you. It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved. Azure Service Health can also help you prepare for planned maintenance and changes that could affect the availability of your resources.

Answer 35

As of May 25, 2018, a European privacy law — GDPR — is in effect. GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.

Answer 36

Azure Blueprints enable cloud architects to define a repeatable set of Azure resources that implement and adhere to an organization's standards, patterns, and requirements. Azure Blueprint enables development teams to rapidly build and deploy new environments with the knowledge that they're building within organizational compliance with a set of built-in components that speed up development and delivery. Azure Blueprint is a declarative way to orchestrate the deployment of various resource templates and other artifacts, such as: • Role assignments • Policy assignments • Azure Resource Manager templates • Resource groups

Answer 37

Microsoft is the first cloud provider to have adopted the ISO/IEC 27018 code of practice, covering the processing of personal information by cloud service providers. ISO is an organization that defines international standard across all industries.

Answer 38

NIST CSF is a voluntary Framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risks. Microsoft cloud services have undergone independent, third-party Federal Risk and Authorization Management Program (FedRAMP) Moderate and High Baseline audits, and are certified according to the FedRAMP standards. Additionally, through a validated assessment performed by the Health Information Trust Alliance (HITRUST), a leading security and privacy standards development and accreditation organization, Office 365 is certified to the objectives specified in the NIST CSF. Used by the United States government.

Answer 39

The Microsoft privacy statement explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes.

Answer 40

Trust Center is a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services. The Trust Center is an important part of the Microsoft Trusted Cloud Initiative, and provides support and resources for the legal and compliance community.

Answer 41

The Service Trust Portal (STP) hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services.

Answer 42

Compliance Manager is a workflow-based risk assessment dashboard within the Trust Portal that enables you to track, assign, and verify your organization's regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure.

Answer 43

Azure Government is a cloud environment specifically built to meet compliance and security requirements for US government. Physically separated instance of Microsoft Azure, specifically for U.S. Government, meets complex compliance standards, designed to exceed U.S. Government requirements.

Answer 44

Azure China is operated by 21Vianet (Azure China 21Vianet) is a physically separated instance of cloud services located in China, independently operated and transacted by Shanghai Blue Cloud Technology Co., Ltd. (“21Vianet”), a wholly owned subsidiary of Beijing 21Vianet Broadband Data Center Co., Ltd. As the first foreign public cloud service provider offered in China in compliance with government regulations, Azure China 21Vianet provides world-class security as discussed on the Trust Center, as required by Chinese regulations for all systems and applications built on its architecture.

Answer 45

An Azure account is tied to a specific identity and holds information like: Name, email, and contact preferences; Billing information such as a credit card. An Azure account is what you use to sign in to the Azure website and administer or deploy services. Every Azure account is associated with one or more subscriptions.

Answer 46

* Subset of Azure services free for 12 months (750 VM hours, 5GB Storage, 250GB SQL DB, etc) * $200 USD free credit (170 euro) to explore any Azure service for 30 days * 25+ services always free

Answer 47

An Azure subscription is a logical container used to provision resources in Microsoft Azure. It holds the details of all your resources like virtual machines, databases, etc.

Answer 48

Azure offers free and paid subscription options to suit different needs and requirements. The most commonly used subscriptions are: • Free: An Azure free subscription includes a $200 credit to spend on any service for the first 30 days, free access to the most popular Azure products for 12 months, and access to more than 25 products that are always free. • Pay-As-You-Go: A Pay-As-You-Go (PAYG) subscription charges you monthly for the services you used in that billing period. This subscription type is appropriate for a wide range of users, from individuals to small businesses, and many large organizations as well. • Enterprise Agreement: An Enterprise Agreement (EA) provides flexibility to buy cloud services and software licenses under one agreement, with discounts for new licenses and Software Assurance. It's targeted at enterprise-scale organizations. • Student: An Azure for Students subscription includes $100 in Azure credits to be used within the first 12 months plus select free services without requiring a credit card at sign-up. You must verify your student status through your organizational email address.

Answer 49

* Free access to billing and subscription support * Azure products and services documentation * Online self-help documentation * Community support forums

Answer 50

* Enterprise: Enterprise customers sign an Enterprise Agreement (EA) with Azure that commits them to spend a negotiated amount on Azure services, which they typically pay annually. Enterprise customers also have access to customized Azure pricing. * Web direct: Direct Web customers pay general public prices for Azure resources, and their monthly billing and payments occur through the Azure website. * Cloud Solution Provider: Cloud Solution Provider (CSP) typically are Microsoft partner companies that a customer hires to build solutions on top of Azure. Payment and billing for Azure usage occur through the customer's CSP.

Answer 51

• Resource Type: Costs are resource-specific, so the usage that a meter tracks and the number of meters associated with a resource depend on the resource type. • Service: Azure usage rates and billing periods can differ between Enterprise, Web Direct, and Cloud Solution Provider (CSP) customers. Some subscription types also include usage allowances, which affect costs. • Location: Azure has datacenters all over the world. Usage costs vary between locations that offer particular Azure products, services, and resources based on popularity, demand, and local infrastructure costs. Zones A Zone is a geographical grouping of Azure Regions for billing purposes. The following zones exist and include the listed countries (regions) listed. • Zone 1 (United States, Europe, Canada, UK, France) • Zone 2 (Asia Pacific, Japan, Australia, India, Korea) • Zone 3 (Brazil) • DE Zone 1 (Germany)

Answer 52

The Azure pricing calculator is a free web-based tool that allows you to input Azure services and modify properties and options of the services. It outputs the costs per service and total cost for the full estimate.

Answer 53

If you are starting to migrate to the cloud, a useful tool you can use to predict your cost savings is the Total Cost of Ownership (TCO) calculator. TCO helps you estimate cost savings realized by mirating to Azure.

Answer 54

* Spending Limits: Spending limit in Azure exists to prevent spending over your credit amount. All new customers who sign up for the trial or offers that includes credits over multiple months have the spending limit turned on by default. The spending limit is $0. It can’t be changed. The spending limit isn’t available for subscription types such as Pay-As-You-Go subscriptions and commitment plans. * Quotas: Microsoft Azure Limits * Tags: You can use tags to group your billing data. For example, if you're running multiple VMs for different organizations, use the tags to group usage by cost center. You can also use tags to categorize costs by runtime environment, such as the billing usage for VMs running in the production environment. When exporting billing data or accessing it through billing APIs, tags are included in that data and can be used to further slice your data from a cost perspective. * Reserved Instances: Reserved instances are purchased in one-year or three-year terms, with payment required for the full term up front. After it's purchased, Microsoft matches up the reservation to running instances and decrements the hours from your reservation. Reservations can be purchased through the Azure portal. And because reserved instances are a compute discount, they are available for both Windows and Linux VMs.

Answer 55

Azure Cost Management is another free, built-in Azure tool that can be used to gain greater insights into where your cloud money is going. You can see historical breakdowns of what services you are spending your money on and how it is tracking against budgets that you have set. You can set budgets, schedule reports, and analyze your cost areas.

Answer 56

``` Developer Scope - Non-Product Tech Support - Business Hours (email) Response Times - Sev C; < 8 bus hours Architecture - General Guidance ``` ``` Standard Scope - Production Tech Support - 24x7 (email & phone) Response Times - Sev A; < 1 hour Architecture - General Guidance ``` Profession Direct Scope - Business Critical Tech Support - 24x7 (email & phone) Response Times - Sev A; < 1 hour Architecture - Based on best practice by ProDirect delivery manager Operations - Onboarding services, service reviews, Azure Advisor consultations Training - Azure Engineering-led web seminars Proactive - ProDirect Delivery Manager Premier Scope - Substantial Dependence Tech Support - 24x7 (email & phone) Response Times - Sev A; < 1 hour Architecture - Customer specific architectural support (e.g. design reviews, perf tuning, config) Operations - Technical account manager-led service reviews and reporting Training - Azure Engineering-led web seminars, on-demand training Proactive - ProDirect Delivery Manager Designated Technical Account Manager Launch Support - Azure Event Management (available for additional fee)

Answer 57

* Azure Knowledge Center * Microsoft Developer Network (MSDN) Forums * Stack Overflow * Server Fault * Azure Feedback Forums * Twitter

Answer 58

Azure Portal > Help + Support > New Support Request

Answer 59

The Azure Knowledge Center is a searchable database that contains answers to common support questions, from a community of Azure experts, developers, customers, and users. You can browse through all responses within the Azure Knowledge Center. Find specific solutions by entering keyword search terms into the text-entry field and further refine your search results by selecting products or tags from the lists provided by two dropdown lists.

Answer 60

Formal documents called Service-Level Agreements (SLAs) capture the specific terms that define the performance standards that apply to Azure. • SLAs describe Microsoft's commitment to providing Azure customers with specific performance standards. • There are SLAs for individual Azure products and services. • SLAs also specify what happens if a service or product fails to perform to a governing SLA's specification. Note: Azure does not provide SLAs for most services under the Free or Shared tiers.

Answer 61

There are three key characteristics of SLAs for Azure products and services: 1. Performance Targets 2. Uptime and Connectivity Guarantees 3. Service credits (percentage of the applicable monthly service fees credited to you if a service fails to meet uptime guarantee)

Answer 62

This means that an Azure feature is available to * specific* Azure customers for evaluation purposes. This is typically by invite only and issued directly by the product team responsible for the feature or service.

Answer 63

This means that an Azure feature is available to * specific* Azure customers for evaluation purposes. This is typically by invite only and issued directly by the product team responsible for the feature or service.

Answer 64

Once a feature has been evaluated and tested successfully, it might be released to customers as part of Azure's default product set. This release is referred to as General Availability (GA).

Answer 65

The Azure portal "What's New" link on the ? help menu provides a list of recent updates you can periodically check to see what's changed in Azure. Alternatively, you can use the Azure Updates page (https://azure.microsoft.com/updates/).

Answer 66

When combining SLAs across different service offerings, the resultant SLA is a called a Composite SLA. The resulting composite SLA can provide higher or lower uptime values, depending on your application architecture. Example: 99.95 x 99.99 = 99.94