Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Asy Azure > Fundamentals Module 2 > Flashcards

Fundamentals Module 2 Flashcards

1
Q

Core architectural component groups

A
  1. physical infrastructure
  2. management infrastructure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Datacenter

A

facilities with resources arranged in racks, with dedicated power, cooling, and networking infrastructure.

NB: individual datacenters aren’t directly accessible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Regions

A
  1. a geographical area on the planet that contains at least one, but potentially multiple data centers that are nearby and networked together with a low-latency network.
  2. minimum of three separate availability zones are present in all availability zone-enabled regions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Availability Zones

A
  1. physically separate data centres within an Azure region
  2. each availability zone is made up of one or more data centres equipped with independent power, cooling, and networking
  3. connected through high-speed, private fiber-optic networks.

NB not all Azure Regions currently support availability zones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Azure services that support availability zones fall into three categories:

A
  1. Zonal services: You pin the resource to a specific zone (for example, VMs, managed disks, IP addresses).
  2. Zone-redundant services: The platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).
  3. Non-regional services: Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Region pairs

A
  1. Most Azure regions are paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away
  2. if a region in a pair was affected by a natural disaster, services would automatically fail over to the other region in its region pair.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Advantages of regional pairs

A

1.Pair of regions are a) directly connected b) far enough apart to be isolated from regional disasters => provide reliable services and data redundancy.

  1. If an extensive Azure outage occurs, one region out of every pair is prioritized to make sure at least one is restored as quickly as possible for applications hosted in that region pair.
  2. Planned Azure updates are rolled out to paired regions one region at a time => minimize downtime and risk of application outage.
  3. Data continues to reside within the same geography as its pair (except for Brazil South) for tax- and law-enforcement jurisdiction purposes.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Sovereign Regions

A

instances of Azure that are isolated from the main instance of Azure.

May need to use a sovereign region for compliance or legal purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Azure resource

A

basic building block of Azure, anything you create, provision, deploy

Examples: Virtual Machines (VMs), virtual networks, databases, cognitive services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Resource groups

A
  1. groupings of resources
  2. every resource needs to be placed into a resource group
  3. a resource group can contain many resources, a single resource can only be in one resource group at a time
  4. resource groups can’t be nested
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Azure subscriptions

A
  1. subscriptions are a unit of management, billing, and scale
  2. a subscription provides authenticated and authorized access to Azure products and services
  3. It allows to provision resources
  4. An Azure subscription links to an Azure account, which is an identity in Azure Active Directory (Azure AD) or in a directory that Azure AD trusts
  5. In a multi-subscription account, you can use the subscriptions to configure different billing models and apply different access-management policies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Types of subscription boundaries

A
  1. Billing boundary
  2. Access control boundary
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Billing boundary

A
  1. how an Azure account is billed for using Azure
  2. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Access control boundary

A
  1. Azure applies access-management policies at the subscription level
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Subscriptions use cases

A

create additional subscriptions to separate:

  1. Environments (dev / test) resource AC is at the subscription level
  2. Organizational structures (IT, marketing)
  3. Billing: osts are first aggregated at the subscription level, you might want to create subscriptions to manage and track costs based on your needs. i.e. one subscription for your production workloads and another subscription for your development and testing workloads
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Azure management groups

A
  1. organize subscriptions into containers called management groups and apply governance conditions to the management groups
  2. management groups can be nested.
  3. A management group tree can support up to six levels of depth. This limit doesn’t include the root level or the subscription level.
  4. Each management group and subscription can support only one parent.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Hierarchy

A
  1. resource
  2. resource group
  3. subscription (highest level to lock)
  4. management group
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Virtual machine scale sets

A
  1. let you create and manage a group of identical, load-balanced VMs
  2. allow you to centrally manage, configure, and update a large number of VMs in minutes
  3. the number of VM instances can automatically increase or decrease in response to demand, or you can set it to scale based on a defined schedule
  4. Virtual machine scale sets also automatically deploy a load balancer to make sure that your resources are being used efficiently
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Virtual machine availability sets

A
  1. designed to ensure that VMs stagger updates and have varied power and network connectivity, preventing you from losing all your VMs with a single network or power failure.
  2. Availability sets do this by grouping VMs in two ways: update domain and fault domain.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Update domain

A
  1. VMs that can be rebooted at the same time
  2. Update group going through the update process is given a 30-minute time to recover before maintenance on the next update domain starts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Fault domain

A
  1. groups your VMs by common power source and network switch
  2. an availability set will split your VMs across up to three fault domains
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

VM use cases

A
  1. During testing and development
  2. When running applications in the cloud
  3. When extending your datacenter to the cloud
  4. During disaster recovery (while primary datacenter is not available)
  5. Move to the cloud with VMs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

VM Resources

A
  1. Size (purpose, number of processor cores, and amount of RAM)
  2. Storage disks (hard disk drives, solid state drives, etc.)
  3. Networking (virtual network, public IP address, and port configuration)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Azure Virtual Desktop

A
  1. is a desktop and application virtualization service that runs on the cloud. It enables you to use a cloud-hosted version of Windows from any location
  2. With Azure Virtual Desktop, the data and apps are separated from the local hardware.
  3. The actual desktop and apps are running in the cloud, meaning the risk of confidential data being left on a personal device is reduced
  4. user sessions are isolated in both single and multi-session environments.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

VM vs container

A
  1. a single operating system per virtual machine
  2. if you want to run multiple instances of an application on a single host machine, containers are an excellent choice
  3. containers are more agile
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Containers

A
  1. virtualization environment
  2. can run multiple containers on a single physical or virtual host
  3. you don’t manage the operating system for a container
  4. are lightweight and designed to be created, scaled out, and stopped dynamically
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Azure Container Instances

A

PaaS
1. allow you to upload your containers and then the service will run the containers for you

  1. run container without having to manage any virtual machines or adopt any additional services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Azure Container Apps

A

Paas
1. like azure container instance

  1. allow you to get up and running right away, they remove the container management piece
  2. extra benefit: ability to incorporate load balancing and scaling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Azure Kubernetes Service

A

a container orchestration service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Azure Functions

A
  1. an event-driven, serverless compute option that doesn’t require maintaining virtual machines or containers
  2. an event wakes the function, alleviating the need to keep resources provisioned when there are no events
  3. scale automatically based on demand, so they may be a good choice when demand is variable
  4. runs your code when it’s triggered and automatically deallocates resources when the function is finished
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Benefits of Azure functions

A
  1. you’re only concerned about the code running your service and not about the underlying platform or infrastructure
  2. you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Azure hosting options

A
  1. virtual machine (VM)
  2. containers
  3. Azure App Service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Types of app services

A
  1. Web apps
  2. API apps
  3. WebJobs
  4. Mobile apps
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Azure App service

A
  1. enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure
  2. offers automatic scaling and high availability
  3. enables automated deployments
  4. an HTTP-based service for hosting web applications, REST APIs, and mobile back ends
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Azure App Service manages the following infrastructure decisions

A
  1. Deployment and management are integrated into the platform.
  2. Endpoints can be secured.
  3. Sites can be scaled quickly to handle high traffic loads.
  4. The built-in load balancing and traffic manager provide high availability.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

WebJobs

A
  1. use to run a program (.exe, Java, PHP, Python, or Node.js) or script (.cmd, .bat, PowerShell, or Bash) in the same context as a web app, API app, or mobile app.
  2. can be scheduled or run by a trigger.
  3. WebJobs are often used to run background tasks as part of your application logic.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Azure virtual networks capabilities

A
  1. Isolation and segmentation
  2. Internet communications
  3. Communicate between Azure resources
  4. Communicate with on-premises resources
  5. Route network traffic
  6. Filter network traffic
  7. Connect virtual networks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Isolation and segmentation

A

Azure virtual network allows you to create multiple isolated virtual networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Mechanisms to establish on prem connectivity

A
  1. Point-to-site virtual private network connections
  2. Site-to-site virtual private networks
  3. Azure ExpressRoute
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Point-to-site virtual private network

A
  1. a computer outside your organization back into your corporate network
  2. the client computer initiates an encrypted VPN connection to connect to the Azure virtual network.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Site-to-site virtual private networks

A
  1. link your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network
  2. The connection is encrypted and works over the internet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Azure ExpressRoute

A

a dedicated private connectivity to Azure that doesn’t travel over the internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Network security groups

A
  1. Azure resources that can contain multiple inbound and outbound security rules.
  2. can define these rules to allow or block traffic, based on factors such as source and destination IP address, port, and protocol
  3. ) DOES NOT encrypt traffic.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Network virtual appliances

A

specialized VMs that can be compared to a hardened network appliance. A network virtual appliance carries out a particular network function, such as running a firewall or performing wide area network (WAN) optimization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Virtual network peering

A
  1. allows two virtual networks to connect directly to each other
  2. Network traffic between peered networks is private, and travels on the Microsoft backbone network, never entering the public internet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

virtual private network (VPN)

A
  1. uses an encrypted tunnel within another network
  2. typically deployed to connect two or more trusted private networks to one another over an untrusted network
  3. traffic is encrypted while traveling over the untrusted network

NB
1. only one VPN gateway in each virtual network
2. can use one gateway to connect to multiple locations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Types of VPN

A
  1. policy based
  2. route based

The primary distinction is how they determine which traffic needs encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Policy-based VPN

A

specify statically the IP address of packets that should be encrypted through each tunne

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Route-based gateways

A

IP routing (either static routes or dynamic routing protocols) decides which one of these tunnel interfaces to use when sending each packet

NB more resilient to topology changes such as the creation of new subnets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

How to maximise VPN resiliency

A
  1. Active/standby
  2. Active/active
  3. ExpressRoute failover
  4. Zone-redundant gateways
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Active/standby

A

(default)
1. VPN gateways are deployed as two instances in an active/standby
2. connections restored within a few seconds for planned maintenance and within 90 seconds for unplanned disruptions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Active/active

A

can also deploy VPN gateways in an active/active configuration. In this configuration, you assign a unique public IP address to each instance. You then create separate tunnels from the on-premises device to each IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

ExpressRoute failover

A

configure a VPN gateway as a secure failover path for ExpressRoute connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Zone-redundant gateways

A
  1. Deploying gateways in Azure availability zones physically and logically separates gateways within a region while protecting your on-premises network connectivity to Azure from zone-level failures
  2. These gateways require different gateway stock keeping units (SKUs) and use Standard public IP addresses instead of Basic public IP addresses.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Features and benefits of ExpressRoute
(as the connection service between Azure and on-premises networks.)

A
  1. Connectivity to Microsoft cloud services across all regions in the geopolitical region
  2. Global connectivity to Microsoft services across all regions with the ExpressRoute Global Reach.
  3. Dynamic routing between your network and Microsoft via Border Gateway Protocol (BGP).
  4. Built-in redundancy in every peering location for higher reliability.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

ExpressRoute connectivity models

A
  1. CloudExchange colocation
  2. Point-to-point Ethernet connection
  3. Any-to-any connection
  4. Directly from ExpressRoute sites
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Co-location at a cloud exchange

A
  1. your datacenter, office, or other facility being physically co-located at a cloud exchange, such as an ISP.
  2. can request a virtual cross-connect to the Microsoft cloud.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Any-to-any networks

A

integrate your wide area network (WAN) with Azure by providing connections to your offices and datacenters. Azure integrates with your WAN connection to provide a connection like you would have between your datacenter and any branch offices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Benefits of Azure DNS

A
  1. Reliability and performance
  2. Security
  3. Ease of Use
  4. Customizable virtual networks
  5. Alias records
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Storage account in azure

A
  1. provides a unique namespace for your Azure Storage data that’s accessible from anywhere in the world over HTTP or HTTPS
  2. Data in this account is secure, highly available, durable, and massively scalable
  3. must have a unique-in-Azure account name.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Storage account type

A

Determines the

  1. storage services
  2. redundancy options
62
Q

Storage service types

A
  1. Azure Blobs (includes support for BigData in Data Lake Storage Gen2.)
  2. Azure Files
  3. Azure Queue
  4. Azure Disks
  5. Azure Tables (NoSQL)
63
Q

Azure storage redundancy

A

Redundancy in the primary region
1. Locally redundant storage
2. Zone-redundant storage

Redundancy in a secondary region
1. Geo-redundant storage
2. Geo-zone-redundant storage
3. Read access to data in the secondary region

64
Q

Azure storage factors that affect the choice of redundancy

A

tradeoffs between lower costs and higher availability

  1. Whether your application requires read access to the replicated data in the secondary region if the primary region becomes unavailable.
  2. How your data is replicated in the primary region.
  3. Whether your data is replicated to a second region that is geographically distant to the primary region, to protect against regional disasters.
65
Q

Locally redundant storage (LRS)

A

NB Data in an Azure Storage account is always replicated three times in the primary region.

  1. replicates your data three times within a single data center in the primary region.
  2. provides at least 11 nines of durability (99.999999999%) of objects over a given year.
  3. the lowest-cost redundancy option and offers the least durability compared to other options.
66
Q

Zone-redundant storage

A
  1. (ZRS) replicates your Azure Storage data synchronously across three Azure availability zones in the primary region
  2. offers durability for Azure Storage data objects of at least 12 nines (99.9999999999%) over a given year
  3. data is still accessible for both read and write operations even if a zone becomes unavailable
67
Q

Azure Storage offers two options for copying your data to a secondary region:

A
  1. geo-redundant storage (GRS) (running LRS in two regions)
  2. geo-zone-redundant storage (GZRS) (running ZRS in the primary region and LRS in the secondary region)
68
Q

Geo-redundant storage

A
  1. copies your data synchronously three times within a single physical location in the primary region using LRS
  2. copies your data asynchronously to a single physical location in the secondary region
69
Q

Geo-zone-redundant storage

A
  1. Data in a GZRS storage account is copied across three Azure availability zones in the primary region (similar to ZRS)
  2. is also replicated to a secondary geographic region, using LRS, for protection from regional disasters.

NB 16 nines (99.99999999999999%) of durability of objects over a given year.

70
Q

Azure data services

A
  1. Azure Blobs
  2. Azure Files
  3. Azure Queues
  4. Azure Disks
  5. Azure Tables
71
Q

Benefits of Azure Storage

A
  1. Durable and highly available
  2. Secure
  3. Scalable
  4. Managed
  5. Accessible
72
Q

Azure blob storage

A
  1. massively scalable object store for text and binary data
  2. includes support for big data analytics through Data Lake Storage Gen2
  3. Objects in blob storage can be accessed from anywhere in the world via HTTP or HTTPS
73
Q

Blob storage is ideal for

A
  1. Serving images or documents directly to a browser
  2. Storing files for distributed access.
  3. Streaming video and audio.
  4. Storing data for backup and restore, disaster recovery, and archiving.
  5. Storing data for analysis by an on-premises or Azure-hosted service.
74
Q

Storage tiers: motivation

A
  1. organize your data based on attributes like frequency of access and planned retention period
  2. Data stored in the cloud can be handled differently based on how it’s generated, processed, and accessed over its lifetime
75
Q

Storage tiers

A
  1. Hot access tier
  2. Cool access tier (stored for at least 30 days)
  3. Cold access tier (stored for at least 90 days)
  4. Archive access tier => rarely accessed and stored for at least 180 days, with flexible latency requirements (for example, long-term backups) => he highest costs to rehydrate and access data
76
Q

Azure Files

A
  1. fully managed file shares in the cloud
  2. are accessible via the industry standard Server Message Block (SMB) or Network File System (NFS) protocols
77
Q

Azure files key benefits

A
  1. Shared access:
  2. Fully managed (hardware and OS)
  3. Scripting and tooling
  4. Resiliency
  5. Familiar programmability
78
Q

Azure Queues

A
  1. a service for storing large numbers of messages
  2. can access the messages from anywhere in the world via authenticated calls using HTTP or HTTPS
  3. Each individual message can be up to 64 KB in size
79
Q

Azure Disks

A

block-level storage volumes managed by Azure for use with Azure VMs

80
Q

Azure Tables

A
  1. stores large amounts of structured data.
  2. ideal for storing structured, non-relational data.
  3. a NoSQL datastore that accepts authenticated calls from inside and outside the Azure cloud
81
Q

Azure Migrate provides:

A
  1. Unified migration platform: A single portal to start, run, and track your migration to Azure.
  2. Range of tools
  3. Assessment and migration
82
Q

Azure Migrate: Integrated tools

A
  1. Azure Migrate: Discovery and assessment. (on-premises servers running on VMware, Hyper-V)
  2. Azure Migrate: Server Migration. (VMware VMs, Hyper-V VMs, physical servers, other virtualized servers)
  3. Data Migration Assistant. (assess SQL Servers)
  4. Azure Database Migration Service: Migrate on-premises databases to Azure VMs running SQL Server, Azure SQL Database, or SQL Managed Instances.
  5. Web app migration assistant
  6. Azure Data Box
83
Q

Azure Data Box

A
  1. a physical migration service that helps transfer large amounts of data in a quick, inexpensive, and reliable way
  2. maximum usable storage capacity of 80 terabytes
  3. If you’re transferring data into Azure, the data is automatically uploaded once Microsoft receives the Data Box back
84
Q

Azure data box use case

A

ideally suited to transfer data sizes larger than 40 TBs in scenarios with no to limited network connectivity

  1. Onetime migration
  2. Moving a media library from offline tapes into Azure
  3. Migrating your VM farm, SQL server, and applications to Azure
  4. Moving historical data to Azure
  5. Initial bulk transfer
    6, Periodic uploads
    ……………………>
  6. Disaster recovery
  7. Security requirements
85
Q

Azure Migrate

A

helps to migrate from an on-premises environment to the cloud. It provides

  1. Unified migration platform
  2. Range of tools (also integrated with independent software vendors)
  3. Assessment and migration
86
Q

Azure Migrate: Integrated tools

A
  1. Azure Migrate: Discovery and assessment
  2. Azure Migrate: Server Migration
  3. Data Migration Assistant. (SQL)
  4. Azure Database Migration Service. (SQL)
  5. Web app migration assistant (.NET and PHP)
  6. Azure Data Box.
87
Q

Azure data box

A
  1. physical migration service that helps transfer large amounts of data in a quick, inexpensive, and reliable way (80 terabytes)
  2. entire process is tracked end-to-end by the Data Box service in the Azure portal.
88
Q

Data box use cases

A

transfer data sizes larger than 40 TBs in scenarios with no to limited network connectivity

Export
1. Disaster recovery
2. Security requirements
3. Migrate back to on-premises or to another cloud service provider

89
Q

Azure file movement options (some)

A
  1. AzCopy
  2. Azure Storage Explorer
  3. Azure File Sync
90
Q

AzCopy

A
  1. CLI utility that you can use to copy blobs or files to or from your storage account
  2. can be configured to work with other cloud providers
  3. Synchronizing blobs or files with AzCopy is one-direction synchronization
91
Q

Azure Storage Explorer

A
  1. a standalone app that provides a graphical interface to manage files and blobs in your Azure Storage Account.
  2. uses AzCopy on the backend to perform all of the file and blob management tasks.
  3. can upload to Azure, download from Azure, or move between storage accounts.
92
Q

Azure File Sync

A
  1. a tool that lets you centralize your file shares in Azure Files and keep the flexibility, performance, and compatibility of a Windows file server.
  2. bi-directionally synced with your files in Azure.

With file Synch you can:
1. Have as many caches as you need across the world.
2. Configure cloud tiering so the most frequently accessed files are replicated locally, while infrequently accessed files are kept in the cloud until requested.

93
Q

Azure Active Directory (Azure AD)

A
  1. a directory service that enables you to sign in and access both Microsoft cloud applications and cloud applications that you develop
  2. For on-premises environments, Active Directory running on Windows Server provides an identity and access management service that’s managed by your organization
  3. When you secure identities on-premises with Active Directory, Microsoft doesn’t monitor sign-in attempts. When you connect Active Directory with Azure AD, Microsoft can help protect you by detecting suspicious sign-in attempts at no extra cost
94
Q

Azure AD is for:

A
  1. IT administrators
  2. App developers
  3. Users
  4. Online service subscribers (already use Azure AD to authenticate into their account.)
95
Q

Azure AD Connect

A
  1. can connect Active Directory with Azure AD, enabling a consistent identity experience between cloud and on-premises
  2. synchronizes changes between both identity systems, so you can use features like SSO, multifactor authentication, and self-service password reset under both systems.
96
Q

Azure Active Directory Domain Services

A
  1. a service that provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication
  2. lets you run legacy applications in the cloud that can’t use modern authentication methods, or where you don’t want directory lookups to always go back to an on-premises AD DS environment.
  3. A managed domain is configured to perform a one-way synchronization from Azure AD to Azure AD DS.
97
Q

Azure authentication methods

A
  1. standard passwords
  2. single sign-on (SSO)
  3. multifactor authentication (MFA)
  4. passwordless
98
Q

Single sign-on (SSO)

A
  1. enables a user to sign in one time and use that credential to access multiple resources and applications from different providers
  2. the different applications and providers must trust the initial authenticator
99
Q

Multifactor authentication

A
  1. the process of prompting a user for an extra form (or factor) of identification during the sign-in process
  2. increases identity security by limiting the impact of credential exposure
100
Q

Passwordless authentication

A
  1. the password is removed and replaced with something you have, plus something you are, or something you know
  2. needs to be set up on a device before it can work
101
Q

Azure passwordless authentication options

A
  1. Windows Hello for Business
  2. Microsoft Authenticator app
  3. FIDO2 security keys
102
Q

Windows Hello for Business

A
  1. ideal for information workers that have their own designated Windows PC
  2. The biometric and PIN credentials are directly tied to the user’s PC
  3. (PKI) integration and built-in support for single sign-on (SSO), Windows Hello for Business provides a convenient method for seamlessly accessing corporate resources on-premises and in the cloud.
103
Q

Microsoft Authenticator App

A
  1. employee’s phone to become a passwordless authentication method
  2. Users can sign-in to any platform or browser by getting a notification to their phone, matching a number displayed on the screen to the one on their phone, and then using their biometric (touch or face) or PIN to confirm
104
Q

FIDO2 security keys

A
  1. security keys are an unphishable standards-based passwordless authentication method that can come in any form factor.
  2. Fast Identity Online (FIDO) is an open standard for passwordless authentication.
  3. select a FIDO2 security key at the sign-in interface as their main means of authentication. These FIDO2 security keys are typically USB devices, but could also use Bluetooth or NFC. With a hardware device that handles the authentication, the security of an account is increased as there’s no password that could be exposed or guessed.
105
Q

external identity

A
  1. a person, device, service, etc. that is outside your organization
  2. The external user’s identity provider manages their identity, and you manage access to your apps with Azure AD or Azure AD B2C
106
Q

Capabilities that make up External Identities:

A
  1. Business to business (B2B) collaboration
  2. B2B direct connect
  3. Azure AD business to customer (B2C)
107
Q

Business to business (B2B) collaboration

A

Collaborate with external users by letting them use their preferred identity to sign-in to your Microsoft applications or other enterprise applications (SaaS apps, custom-developed apps, etc.).

Typically guest users

108
Q

B2B direct connect

A
  1. Establish a mutual, two-way trust with another Azure AD organization for seamless collaboration.
  2. B2B direct connect users aren’t represented in your directory, but they’re visible from within the Teams shared channel and can be monitored in Teams admin center reports.
109
Q

Azure AD business to customer (B2C)

A

Publish modern SaaS apps or custom-developed apps (excluding Microsoft apps) to consumers and customers, while using Azure AD B2C for identity and access management.

110
Q

Azure conditional access

A

a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals.

111
Q

Identity signals examples

A
  1. who the user is
  2. where the user is
  3. what device the user is requesting access from
  4. the application that the user is trying to access.
112
Q

Conditional access use case:

A
  1. Require multifactor authentication (MFA) to access an application depending on the requester’s role, location, or network.
  2. Require access to services only through approved client applications.
  3. Require users to access your application only from managed devices.
  4. Block access from untrusted sources, such as access from unknown or unexpected locations.
113
Q

The principle of least privilege

A

should only grant access up to the level needed to complete a task

114
Q

Azure RBAC

A
  1. managing that level of permissions for an entire team would become tedious.
  2. Azure provides built-in roles that describe common access rules for cloud resources
  3. you can define your own roles
  4. Each role has an associated set of access permissions that relate to that role
  5. Role-based access control is applied to a scope, which is a resource or set of resources that this access applies to.
  6. Azure RBAC doesn’t enforce access permissions at the application or data level.
115
Q

Scopes include:

A
  1. A management group (a collection of multiple subscriptions).
  2. A single subscription.
  3. A resource group.
  4. A single resource.
116
Q

Azure RBAC is hierarchica

A

when you grant access at a parent scope, those permissions are inherited by all child scopes

  1. When you assign the Owner role to a user at the management group scope, that user can manage everything in all subscriptions within the management group.
117
Q

Azure Resource Manager

A

a management service that provides a way to organize and secure your cloud resources.

118
Q

Zero trust model

A

a security model that assumes the worst case scenario and protects resources with that expectation. Zero Trust assumes breach at the outset, and then verifies each request as though it originated from an uncontrolled network.

119
Q

guiding principles of zero trust model

A
  1. Verify explicitly - Always authenticate and authorize based on all available data points.
  2. Use least privilege access - Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.
  3. Assume breach - Minimize blast radius and segment access. Verify end-to-end encryption
120
Q

Defense-in-depth

A
  1. The goal is: protect information and prevent it from being stolen by those who aren’t authorized to access it
  2. uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data and provides alert information that security teams can act upon
121
Q

Layers of the defence in depth model

A
  1. Data
  2. Application
  3. Compute
  4. Network
  5. Perimeter
  6. Identity and access
  7. Physical security
122
Q

Physical security

A

protect computing hardware in the datacenter, access to buildings and controlling access to computing hardware within the datacenter

123
Q

Identity and access

A

ensuring that identities are secure, that access is granted only to what’s needed, and that sign-in events and changes are logged.

124
Q

Perimeter

A

protects from network-based attacks against your resources.

Important to:
1. Use DDoS protection to filter large-scale attacks before they can affect the availability of a system for users.
2. Use perimeter firewalls to identify and alert on malicious attacks against your network.

125
Q

Network

A

the focus is on limiting the network connectivity across all your resources to allow only what’s required.

it’s important to:
1. Limit communication between resources
2. Deny by default.
3. Restrict inbound internet access and limit outbound access where appropriate.
4. Implement secure connectivity to onpremises networks.

126
Q

Compute

A

making sure that your compute resources are secure and that you have the proper controls in place to minimize security issues. (malware, unpacked systems)

important to:
1. Secure access to virtual machines.
2. Implement endpoint protection on devices and keep systems patched and current.

127
Q

Application

A

it’s important to:

  1. Ensure that applications are secure and free of vulnerabilities.
  2. Store sensitive application secrets in a secure storage medium.
  3. Make security a design requirement for all application development.
128
Q

Microsoft Defender for Cloud

A
  1. a monitoring tool for security posture management and threat protection
  2. monitors your cloud, on-premises, hybrid, and multi-cloud environments
  3. provides the tools needed to harden your resources, track your security posture, protect against cyber attacks, and streamline security management
  4. natively integrated to Azure
129
Q

Defender for Cloud helps you detect threats across:

A
  1. Azure PaaS services (including activity detection)
  2. Azure data services: capabilities that help you automatically classify your data in Azure
  3. Networks. helps you limit exposure to brute force attacks. By reducing access to virtual machine ports, using the just-in-time VM access
130
Q

Azure Arc

A

helps to enable Defender for Cloud’s enhanced security features on-prem

131
Q

Defender for Cloud on other cloud

A
  1. Defender for Cloud’s CSPM
  2. Microsoft Defender for Containers
  3. Microsoft Defender for Servers
132
Q

Defender for Cloud fills three vital needs

A
  1. Continuously assess – Know your security posture. Identify and track vulnerabilities.
  2. Secure – Harden resources and services with Azure Security Benchmark.
  3. Defend – Detect and resolve threats to resources, workloads, and services.
133
Q

Azure Security Benchmark

A

Microsoft-authored, Azure-specific, benchmark provides a set of guidelines for security and compliance best practices based on common compliance frameworks.

134
Q

Defender for Cloud: Defend

A
  1. Security alerts
  2. Advanced threat protection
135
Q

Defender for Cloud: Security alerts

A
  1. Describe details of the affected resources
  2. Suggest remediation steps
  3. Provide, in some cases, an option to trigger a logic app in response

includes fusion kill-chain analysis, which automatically correlates alerts in your environment based on cyber kill-chain analysis, to help you better understand the full story of an attack campaign, where it started, and what kind of impact it had on your resources.

136
Q

Defender for Cloud: Advanced threat protection

A
  1. provides advanced threat protection features for many of your deployed resources, including virtual machines, SQL databases, containers, web applications, and your network.
  2. Protections include securing the management ports of your VMs with just-in-time access, and adaptive application controls to create allowlists for what apps should and shouldn’t run on your machines.
137
Q

Azure Logic Apps

A

is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions for app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) communication, whether in the cloud, on premises, or both.

138
Q

What is the maximum number of management groups that can be supported in a single directory?

139
Q

Max size of a storage account

140
Q

Factor that impact SLA

A

Negatively
1. Using composite services (As1 * As2)
2. Using free / preview services

Positively
1. Add redundancy LBs: 100 - (Us1 * Us2)
2. Service configuration (availability zones)

141
Q

Types of Locks

A
  1. DELETE (can create + update + read)
  2. READ (Read Only)
142
Q

An Azure subscription can trust multiple Azure Active Directory (Azure AD) tenants

143
Q

Azure Virtual Network service

A
  1. allows you to create and manage private networks in the cloud and connect them to on-premises networks using a VPN gateway
  2. can create subnets, assign IP addresses, and control traffic flow between virtual machines and other resources
144
Q

Azure Traffic Manager

A

a global DNS-based traffic load balancer that can be used to distribute traffic across multiple endpoints

145
Q

Azure HDInsight

A

PaaS

Run popular open-source frameworks—including Apache Hadoop, Spark, Hive, Kafka, and more—using Azure HDInsight, a customizable, enterprise-grade service for open-source analytics. Effortlessly process massive amounts of data and get all the benefits of the broad open-source project ecosystem with the global scale of Azure. Easily migrate your big data workloads and processing to the cloud.

146
Q

Modern Lifecycle Policy for Azure products and services

A

For products governed by the Modern Lifecycle Policy,
Microsoft will provide a minimum of 12 months’ notification prior to ending support
if no successor product or service is offered —excluding free services or preview
releases.

147
Q

Site-to-Site (IPsec) VPN connection

A
  1. connect two or more virtual networks that are in different regions, data centers, or even different cloud providers
  2. It allows you to connect an on-premises network or a branch office network to an Azure virtual network, or to connect two Azure virtual networks that are in different regions.
148
Q

Azure Cognitive Services

A
  1. bring AI within reach of every developer—without requiring machine-learning expertise.
  2. all it takes is an API call to embed the ability to see, hear, speak, search, understand, and accelerate decision-making into your apps.
149
Q

Event Hubs

A

is a fully managed, real-time data ingestion service that’s simple, trusted and scalable. Stream millions of events per second from any source to build dynamic data pipelines and immediately respond to business challenges. Keep processing data during emergencies using the geo-disaster recovery and geo-replication features.
Integrate seamlessly with other Azure services to unlock valuable insights. Allow existing Apache Kafka clients and applications to talk to Event Hubs without any code changes – you get a managed Kafka experience without having to manage your own clusters. Experience real-time data ingestion and microbatching on the same stream

150
Q

What is the maximum allowed number of tags per Azure resource?

151
Q

Important facts about management groups

A
  1. 10,000 management groups can be supported in a single directory.
  2. A management group tree can support up to six levels of depth. (This limit doesn’t include the Root level or the subscription level.)
  3. Each management group and subscription can only support one parent.

Asy Azure (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions