Introduction Flashcards
What ARM stand for?
Azure Resource Manager
What RBAC stand for?
Role-based Access Control
Two deployments models in Azure
- ASM - Azure Service Model (old)
- ARM - Azure Resource Model (new)
Can resources be provisioned on different Azure regions and belong to the same resource group?
YES
Does every resource need to be a part of resource group?
YES
What is Idempotent feature?
Ensures predictability, standarization and consistency in resource deployment by ensuring that every deployment will result in the same state of resources and configuration, no matter the number of times it is executed
What technology is Azure running on?
Azure runs on a customized version of Hyper-V. It’s fairly close to Hyper-V core in construct or theory, but that’s where all the similarities end.
Four ways to interact with Azure
- Azure Portal
- PowerShell
- CLI
- REST API
Feature to ensure that applications are still available even when a data center goes down.
Availability zones.
Feature to provide provide redundancy at a data center level, similar to locally redundant storage
Availability sets
What is Azure fault domain?
A fault domain is a logical group of underlying hardware that share a common power source and network switch, similar to a rack within an on-premises datacenter. As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these fault domains.
What is availability set?
An Availability Set is a logical grouping capability for isolating VM resources from each other when they’re deployed. Azure makes sure that the VMs you place within an Availability Set run across multiple physical servers, compute racks, storage units, and network switches.
What is Azure update domain?
An update domain is a logical group of underlying hardware that can undergo maintenance or be rebooted at the same time. As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these update domains.
What is Azure Availability Zones?
Availability Zones is a high-availability offering that protects your applications and data from datacenter failures. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking
Two Azure features for load balacing?
- Load Balacers (layer 4)
- Application Gateways (layer 7)
What is Cookie-based session affinity?
Feature in Application Gateway feature in which all subsequent requests following the first request should be processed by the same service instance
What is Secure Sockets Layer (SSL) offload?
SSL offload helps in transferring cryptography processing from the web server to the load balancer, thereby providing more resources to web servers serving users.
What is End-to-end SSL?
Application Gateway feature which allows mission-critical secure applications that need complete SSL encryption and decryption even if traffic passes through load balancers.
What is URL-based content routing?
Application gateway traffic redirection based on the URL content of incoming requests.
Packet fields used for load balancing in Azure?
- Originating IP address
- Target IP address
- Originating port number
- Target port number
- Type of the protocol (TCP, HTTP, etc.)
What is Azure Traffic Manager?
Traffic Manager helps us to create highly available solutions that span multiple geographies, regions, and data centers. It uses DNS to redirect requests to an appropriate endpoint .
What is VM scale sets (VMSS)
Azure compute resource that you can use to deploy and manage a set of identical VMs.
What is max number of VM in VMSS (VM Scale Sets)
- 1,000 VMs when using a platform images
- 100 VMs if using a custom image
How Authentication is performed in Azure?
OpenID Connect
How Authorisation is performed in Azure?
OAuth
What Integrity mean?
Integrity ensures that the payload and message exchange between sender and receiver is not tampered with.
What NSG stand for?
Network Security Group
What OMS stand for?
Operations Management Suite
Four services of Azure Storage Account
- blob
- files
- queues
- tables
What is shared access signature (SAS)?
URI that grants restricted access rights to Azure storage services: blob, files, queues, and tables
What TDE stand for?
Transparent Data Encryption - the technology used by SQL Server for encrypting data at rest.
What DDM stand for?
Dynamic Data Masking - masking certain types of data, such as credit cards or user PII data
Is Azure Key Vault per region or globally deployed?
per region
Two important security resources to manage all security aspects of the Azure subscription, resource groups, and resources?
- Azure Monitor
- Azure Security Center
Default maximum number of storage accounts per subscription?
200
Max size of file share
5TB
Two types of disks in Azure
- Managed
- Unmanaged
Linux encryption method in Azure?
DM-Crypt
Within an Azure Resource Manager (ARM) template, what three elements are required in a JSON template?
$schema, contentVersion and resources
Within an Azure Resource Manager (ARM) template, what statement describes the purpose of the $schema element?
The $schema element specifies the location of the JSON schema file.
What is Azure Resource Manager’s (ARM) default template deployment mode?
Incremental mode
In Azure Resource Manager (ARM) templates what advantage do variables provide?
Variables simplify template expressions.
Two types of Queues in Azure
- Azure Storage Queues
- Azure Service Bus Queues
Which Azure-managed storage encryption feature encrypts data within an Azure Storage account, and decrypts it on read without requiring key management or additional configuration steps?
Server-Side Encryption for Data at Rest
Which encryption method applies to Azure blobs only?
Storage Service Encryption
Which blob type is the most suitable for logging scenarios?
Append blob
What is one reason to use a Shared Access Signature instead of an account key?
To provide access to a client that can’t be trusted with the account key
Which blob type is optimized for IaaS virtual machines?
Page blob
Two tiers of application gateway?
- standard
- WAF (web application firewall)
DNS level load balancing
Traffic Manager
Application Level load balancing
Application Gateway
Traffic Manager load balancing modes.
- weighted
- priority
- performance
What is global vnet peering?
Virtual Network Peering for vnets in different regions
How to disable default routing to the public Internet?
User-defined route to override the default
What is PHS?
Password Hash Synchornization - sign in method used as a part of hybrid identity solution
What is PTA?
Pass-Through Authentication - allows users to sign in to both on-prem and cloud-based app with the same password.
What is Federation?
Collection of domains with an established trust, which typically includes authentication and almost always authorisation.
Which Microsoft Azure Site Recovery (ASR) component is responsible for the replication during a failover from Azure?
Master target server
Which feature enable developers with the ability to perform A/B testing on Azure App Service apps, and provides you a separate deployment environment along with the default production environment?
Deployment Slots
Within Azure Batch, what is a batch job?
A collection of tasks
How is a Batch pool created in Azure Batch?
Manually by the user or automatically by the Batch service when the job is specified
What is Azure Logic App?
An offering that provides the developer with visual designer that can be used to model and automate workflows.
Four Components of Azure Storage Account?
- Blob
- Table
- Queue
- File
What is a shared access signature (SAS)
URI that grants restricted access rights to Azure Storage resources
Three authorization techniques in Azure
- Access Keys
- Shared access Signatures
- Azure Active Directory
How many copies are created in case of Locally-redundant storage?
3
Zone-redundant storage protection
Helps to protect against data center level failures
Geo-redundant storage protection
Helps to protect against region failures
Does VM restart cause data on temporary disk loss?
No
Does VM STOP cause data on temporary disk loss?
Yes
Does VM restart cause public IP reallocation?
No
Does VM STOP cause public IP reallocation?
Yes
Which resources can have NSG attached?
- subnet
- NIC
Can VNET peering be enabled across regions?
YES
Can VNET peering be enabled across subscriptions?
YES
What is Azure Resource Manager?
Azure Resource Manager (ARM) is the native platform for infrastructure as code (IaC) in Azure.
Four sections of Azure Resource Manager Template
- Resources
- Variables
- Parameters
- Outputs
Three types of snapshots in Azure
- Application consistent
- File-system consistent
- Crash consistent
Describe application-consistent snapshot
backup service captures the memory content, pending I/O operations
Describe file-system snapshot
backup service takes a snapshot of all the files at the same time
Describe crash-consistent snapshot
this happens if the virtual machine shuts down at the time of the backup process
What’s required to attach additional NIC to an Azure VM
Stop the Azure VM you want to attach an additional NIC
Is VPN gateway highly available?
Yes, Each VPN gateway has two instances, one in active and one in standby.
What is Password Hash Synchornization?
Azure AD Connect synchronizes a hash of a hash, of user’s password from an on-premises AD instance to a cloud-based Azure AD instance
What is Pass-through authentication?
similar to password hash synchronization, but here the users’ passwords is directly validated against the on-premise AD. This allows organizations to enforce their on-premise AD security and password policies
Azure Load Balancer 3 SKUs
- Basic
- Standard
- Gateway
What is Azure Application Gateway?
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. OSI layer 7
Is dedicated subnet required for the application gateway?
YES
What is Azure Front Door?
Azure Front Door is a global, scalable entry-point that uses the Microsoft global edge network to create fast, secure, and widely scalable web applications.
Front Door works at Layer 7 (HTTP/HTTPS layer) using anycast protocol with split TCP and Microsoft’s global network to improve global connectivity.
What is the mandatory subnet name for Azure firewall?
AzureFirewallSubnet
What are Azure Blueprints?
Helps to define a repeatable set of processes that can adhere to an organization’s standards and patterns.
