Intro

Question 1

Name all the Cloud Key Concepts

Answer 1

High Availability
Scalability
Elasticity
Agility
Fault Tolerance
Disaster Recovery
Global Reach
Customer Latency Capabilities
Predictive Cost Considerations
Security

Question 2

Capital Expenditure (CapEx)

Answer 2

Spend up front and deduct expense from tax bill. “On Promise”

Question 3

Operational Expenditure (OpEx)

Answer 3

Spend on services or products as needed and deduct expenses from your tax bill. “Pay as you Go”

Question 4

Name the Cloud Types

Answer 4

Public - Owned by provider
Private - Data Centers owned by the organization that uses the resources.
Hybrid - Mix between the two.

Question 5

What Management Responsibilities does the On Premise Model requires you (the customer) to manage?

Answer 5

Applications
Data
Runtime
Middleware
O/S
Virtualization
Servers
Storage
Networking

Question 6

What Management Responsibilities does the IaaS model require you to manage?

Answer 6

Applications
Data
Runtime
Middleware
O/S

Requires you to manage the O/S level.

Question 7

What Management Responsibilities does the PaaS require you to manage?

Answer 7

Applications
Data

Only requires you to maintain the middle-ware level.

Question 8

What Management Responsibilities does the SaaS model require you to manage?

Answer 8

Only requires you to maintain the software level.

Question 9

Tenant

Answer 9

Instance for Azure AD

Question 10

Storage Account

Answer 10

Container for the Storage Object

Question 11

Federated

Answer 11

Virtualization of AD

Question 12

Inbound Security Rules: What happens if an allow rule has a greater priority number (larger number) than a deny security rule?

Answer 12

It will deny if the port is included in the rule group. i.e. If you place allow http below denyallinbound rule, it will be denied.

Question 13

What are the two types of Availability Sets?

Answer 13

Update Domains (UD): Scheduled maintenance, performance or security updates are sequenced through update domains. (minimum 2, maximum 20)
Fault Domains (FD): Provide a physical separation of workloads across different hardware in a data center. (minimum 2,

Question 14

Ripple Update (Instructor Defined)

Answer 14

Microsoft managed update deployment

Question 15

Container (Instructor Defined)

Answer 15

Purpose built OS (through Linux) - Only hosts components needed to perform a specific task.

Question 16

Azure Container Instances

Answer 16

A PaaS offering that allows you to upload your containers, which it will run for you.

Question 17

Azure Kubernetes Services

Answer 17

A container orchestration services for managing large numbers of containers.

Question 18

Azure Cosmos DB

Answer 18

A globally-distributed database service that enables you to elastically and independently scale throughput and storage.

Question 19

Azure SQL Database

Answer 19

A Relational database as a Service (DaaS) based on the latest stable version of the Microsoft SQL Server database engine.

Question 20

Azure Database Migration

Answer 20

A fully-managed service designed to enable seamless migrations from multiple databases sources to azure data platforms with minimal downtime.

Question 21

Azure SQL Managed Instance

Answer 21

Hosts a SQL Instance

Question 22

SQL Database

Answer 22

Database only (Instance is managed by Azure Service)

Question 23

Azure SQL Data Warehouse

Answer 23

A cloud-based Enterprise Data Warehouse that leverages Massively Parallel Processing (mpp) to run complex queries quickly across petabytes of data.

Question 24

Azure HDInsight

Answer 24

Fully-managed, open-source analytics for enterprises. It is a cloud service that makes it easier, faster, and more cost-effective to process massive amounts of data.

Question 25

Azure Data Lake Analytics

Answer 25

An on-demand analytics job service that simplifies big data. Instead of deploying and tuning hardware, you write queries to transform your data and extract valuable insights.

Question 26

Azure Machine Learning Service

Answer 26

Provides a cloud-based environment used to develop, train, test, deploy, manage, and track machine learning models

Question 27

Azure Machine Learning Studio

Answer 27

Collaborative, drag-and -drop visual workspace where you can build, test, and deploy machine learning solutions without needing to write code.

Question 28

Azure Functions

Answer 28

(Serverless) Concerned with the code running your service and not the underlying platform or infrastructure. Creates infrastructure based on an event.

Question 29

Azure Logic Apps

Answer 29

A cloud service that helps you automate and orchestrate tasks, business processes (BPD), and workflows when you need to integrate apps, data systems and services across enterprises or organizations.

Question 30

Azure Event Grid

Answer 30

A fully-Managed, intelligent event routing service that uses a publish-subscribe model for uniform event consumption.

Question 31

Azure Portal

Answer 31

Management Website accessed via a web browser: https://portal.azure.com/

Question 32

Azure PowerShell

Answer 32

Command shell scripting language

Question 33

Azure CloudShell

Answer 33

Shell scripting that supports either PowerShell or Bash through the console. Storage must be mounted initially before use.

Question 34

Azure Command-Line Interface (CLI

Answer 34

Cross-platform, command-line scripting program for Windows, Linux, or MacOS.

Question 35

Azure PowerShell Module

Answer 35

Az (Install-Module Az)

Question 36

PowerShell supports only these O/S

Answer 36

Windows

Linux

Question 37

Azure Firewall

Answer 37

applies inbound and outbound traffic filtering rules.
Built-in HA
Unrestricted Cloud Scalability
Uses Azure Monitor Logging
(FaaS)

Question 38

Azure DDoS Protection

Answer 38

Sanitizes unwanted network traffic, before int impacts service availability
Basic service tier is automatically enabled in Azure
Standard service tier adds mitigation capabilities, turned into protect Azure Virtual Network resources.

Question 39

Network Security Groups (NSGs)

Answer 39

Set inbound and outbound rules to filter by source and destination IP address, port, and protocol.
Add multiple rules, as needed, within subscription limits
Azure applies default, baseline, security rules new to NSGs.
Override default rules with new, higher priority, rules.

Question 40

Application Security Groups

Answer 40

Allows you to reuse your security policy at scale without manual maintenance of explicit IP addresses
Handles the complexity of explicit IP addresses and multiple rule sets, allowing you to focus on your business logic.

Question 41

Security Layers

Answer 41

Physical
Identity & Access
Perimeter
Network
Compute
Application
Data

Question 42

Perimeter layer

Answer 42

Protect your networks’ boundaries with Azure DDoS Protection and Azure Firewall

Question 43

Networking Layer

Answer 43

Only permitted traffic should pass between networked resources with Network Security Group (NSG) inbound and outbound rules.

Question 44

Authentication

Answer 44

Who are you (Instructor Notes)

Question 45

Authorization

Answer 45

Permission (Instructor Notes)

Question 46

Azure AD

Answer 46

Flat File (not an industry standard format).

Question 47

Azure Key Valut

Answer 47

Secrets Management
Key Management
Certificate Management
Storing Secrets backed by hardware security modules (HSMs)

Question 48

Azure Information Protection (AIP)

Answer 48

Classifies and protects documents and emails by applying labels. Labels are applied by:
- Automatically using rules and conditions defined by administrators
- Manually, by users
-

Question 49

Azure Advanced Threat Protection (Azure ATP)

Answer 49

Cloud-based security solution for identifying, detecting, and investigating advanced threats, compromised identities, and malicious insider actions.
Consists of Azure ATP:
Portal:Dedicated portal for monitoring and responding to suspicious activity
Sensors:Installed directly onto your domain controllers.
Cloud Service: runs on Azure Infrastructure

Question 50

Azure Policy

Answer 50

Policy Definitions
Azure pre-defines by default
Evaluates and Identifies Azure resources that do not comply with your policies.
Provides built-in policy and initiative definitions, under categories such as Storage, Networking, Compute, Security enter, and Monitoring.

Question 51

Initiatives

Answer 51

Multiple policies grouped together.

Question 52

Initiative Assignment

Answer 52

Initiative definitions that are assigned to a specific scope. Initiative assignments reduce the need to make an initiative definition for each scope.

Question 53

Role-based access control (RBAC)

Answer 53

Fine-grained access management control over your Azure resources
Available to all Azure subscribers, at no additional cost.

Question 54

Azure Blueprints

Answer 54

Create reusable environment definitions that can recreate your Azure resources and apply your policies instantly.

• Help audit and trace your deployments, and maintain compliance using built-in tools and artifacts.
• Associate blueprints with specific Azure DevOps build artifacts, and release pipelines for rigorous tracking.

Question 55

Subscription Governance

Answer 55

Billing: Reports and charge back can be generated per subscriptions
Access Control: A subscription is a deployment boundary for Azure resources and has the ability to set p role-based access control (RBAC)
Subscription Limits: Subscriptions are also bound to some hard limitations. If there is a need to go over those limits in particular scenarios, then additional subscriptions may be needed. If you hit a hard limit, there is no flexibility.

Question 56

Service Trust Portal

Answer 56

servicetrust.microsoft.com
STP used to access
- audit reports across Microsoft cloud services
- guides to using Microsoft cloud services for regulatory compliance
- publications about trust, and how Microsoft Cloud services protects your data.

Question 57

Two types of subscription boundaries

Answer 57

Billing Boundary - Subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements.
Access Control Boundary - Azure will apply access management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures.

Question 58

Azure Management Groups

Answer 58

Containers for managing access, policies, and compliance across multiple Azure subscriptions

Question 59

Management Groups

Answer 59

Allows you to order your Azure resources hierarchically into collections, which provide a further level of classification beyond subscriptions.

Question 60

Four levels of Organizing structure in Azure (Object Hierarchy)

Answer 60

Management Groups
Subscriptions
Resource Groups
Resources

Question 61

Three primary factors that affect cost

Answer 61

Resource Type
Services
Location

Question 62

Total Cost of Ownership (TOC) calculator

Answer 62

Report that compares the difference of different hosting options (i.e. Cloud v On-Prem)

Question 63

Best Practices for Minimizing Costs

Answer 63

Perform Cost Analyses
Monitor Usage
Use Speed limits
 - 
 -

Question 64

Azure Cost Management

Answer 64

Provides a set of tools for monitoring allocating and optimizing Azure costs, it will provide the following:

• Reporting =
• Data enrichment
• Budgets
• Alerting
• Recommendations

Question 65

Paid Azure support plans

Answer 65

Developer
Standard
Professional Direct
Premier

Question 66

If Microsoft cannot meet your company’s SLAs, what will they do?

Answer 66

Add credits to your account.

Question 67

Preview feature

Answer 67

Trial or improved version realeased to Private or Public
Private - no production support
Public - Production support
Once thuroughly tested, they remove the (private) or (public) tag and make it Generally Available (ga)