John Saville - Claude Flashcards
(104 cards)
1
Q
What is Azure AD and what protocols does it support?
A
Azure AD (now called Azure Entra ID) is Microsoft’s cloud-based identity provider that supports protocols like OAuth 2.0 OpenID Connect SAML and WS-Fed for authentication and authorization over the internet.
2
Q
How does Azure Entra ID interact with on-premises Active Directory?
A
Azure Entra ID interacts with on-premises Active Directory through Azure Entra Connect sync or Azure Entra Connect Cloud sync where user accounts are replicated from Active Directory to Azure Entra ID.
3
Q
What is the purpose of having a tenant in Azure Entra ID?
A
A tenant in Azure Entra ID is an organization’s instance that contains its users groups devices applications and conditional access policies. Applications and services trust this tenant for authentication and authorization.
4
Q
Can Azure Entra ID tenants have external users or guests?
A
Yes Azure Entra ID tenants can have external users or guests from other organizations identity providers (like Google or Facebook) or Microsoft accounts allowing them to collaborate without creating separate accounts.
5
Q
Where does an Azure Entra ID tenant reside?
A
An Azure Entra ID tenant is a global instance and does not reside within an Azure subscription. It is a separate entity that Azure subscriptions can trust for authentication and authorization.
6
Q
Can you customize the branding and user experience in an Azure Entra ID tenant?
A
Yes you can customize the branding and user experience in an Azure Entra ID tenant by configuring company branding settings background images and login messages.
7
Q
How do external users or guests appear in an Azure Entra ID tenant?
A
External users or guests appear as stub objects that refer to their primary identity in another tenant Microsoft account Google Facebook or other identity provider.
8
Q
What are the different ways to provision user accounts in Azure Entra ID?
A
User accounts can be provisioned through synchronization from Active Directory manual creation bulk creation via CSV upload provisioning from an HR system or API and scripting.
9
Q
Why are groups recommended for managing user access and permissions?
A
Groups are recommended for managing user access and permissions because it’s easier to assign roles permissions and licenses to groups rather than individual users simplifying administration and avoiding orphaned permissions when users leave.
10
Q
What are the two types of groups in Azure Entra ID and their purposes?
A
The two types of groups are security groups (for assigning roles and permissions) and Microsoft 365 groups (for collaboration tools like SharePoint and calendars).
11
Q
What is the difference between registering and joining a device in Azure Entra ID?
A
Registering a device makes it a known entity for management but is suitable for personal devices while joining a device allows more control and direct authentication using Azure Entra ID accounts suitable for corporate-owned devices.
12
Q
What are the different Azure Entra ID license levels and their key features?
A
The Azure Entra ID license levels are Free (basic features) P1 (adds conditional access self-service password reset HR-driven provisioning) and P2 (adds privileged identity management identity protection and access reviews). There is also a Governance add-on.
13
Q
What are administrative units in Azure Entra ID and how do they work?
A
Administrative units allow grouping users groups and devices and assigning roles that only apply to objects within that unit enabling granular access control delegation.
14
Q
When adding a group to an administrative unit do the users in that group automatically inherit the unit’s permissions?
A
No users in a group added to an administrative unit do not automatically inherit the unit’s permissions. The users must be explicitly added to the administrative unit as well if they need to be managed.
15
Q
What are the different Azure clouds or environments and how do they relate to Azure Entra ID tenants?
A
The different Azure clouds or environments include Commercial US Government China and others. Each cloud has its own separate instance of Azure Entra ID and tenants cannot span across different clouds.
16
Q
What are regions in Azure and how do availability zones fit into regions?
A
Regions are geographical locations where Azure resources can be deployed. Within a region there are typically three availability zones which are separate physical datacenter locations for redundancy and high availability.
17
Q
How are Azure regions paired and why is this important?
A
Azure regions are paired within the same geopolitical boundary for Azure’s safe deployment practices. Changes are rolled out to one region in a pair first then the other to avoid simultaneous failures.
18
Q
What are Azure subscriptions management groups and how are they organized?
A
Subscriptions are containers for deploying Azure resources. Management groups provide a hierarchy above subscriptions for organizing resources assigning roles and policies and tracking budgets across multiple subscriptions.
19
Q
How can you get started with Azure if you’re an individual or don’t have an existing enterprise subscription?
A
You can sign up for a free trial account or use the free services offered in Azure.
20
Q
What is the cost analysis and management feature in Azure used for?
A
It allows you to view your current and forecasted costs analyze costs by resource or service set budgets and get cost optimization recommendations.
21
Q
What are Azure budgets and how do they work?
A
Azure budgets allow you to set a cost threshold and configure alerts when spending reaches a certain percentage of that budget based on actual or forecasted costs. This helps track and control spending.
22
Q
What are resource groups in Azure and how should they be used?
A
Resource groups are containers for deploying related Azure resources together. Resources in the same group should share a lifecycle and are suitable for common access control policies and cost tracking.
23
Q
What is the Azure Hybrid Benefit and how does it help reduce costs?
A
The Azure Hybrid Benefit allows you to use existing on-premises Windows Server and SQL Server licenses in Azure removing the license cost from your Azure bill.
24
Q
What are Azure reservations and savings plans and how do they differ?
A
Azure reservations provide discounted rates for specific resources in specific regions with a 1-3 year commitment. Azure savings plans offer a general hourly commit for included compute services with flexible discounts.
25
What are Azure tags and how can they be used?
Azure tags are key-value pairs that can be applied to resources resource groups or subscriptions to categorize and filter resources track ownership apply policies or use for billing purposes.
26
Do Azure tags inherit from parent scopes like subscriptions or resource groups?
No tags do not inherit from parent scopes by default. They must be explicitly applied at each level (subscription resource group or resource).
27
How can you enforce tag inheritance policies in Azure?
You can use Azure Policy to create a policy that forces resources to inherit tags from their parent resource group or subscription.
28
What is Azure Policy and how does it work?
Azure Policy allows you to define and enforce rules (policies) for your Azure resources to ensure compliance with standards security requirements or other criteria. Policies have defined conditions and effects (like deny audit deploy etc.).
29
What is an Azure Policy initiative and how does it differ from a single policy?
An Azure Policy initiative is a group or set of related policies. It allows you to assign and manage multiple policies as a single unit simplifying compliance tracking for complex requirements.
30
How can you view and manage role-based access control (RBAC) in Azure?
You can view and manage RBAC assignments through the Access Control (IAM) pane for a resource resource group or subscription. This lets you see assigned roles and permissions and add custom roles following least privilege principles.
31
How can you create a custom Azure role with specific permissions?
You can create a custom role by cloning an existing role then adding or removing specific permissions (actions) from different resource providers. This allows you to define a least-privilege role with only the necessary permissions.
32
What is the difference between Azure roles and Azure Active Directory (Azure AD) roles?
Azure roles control access to Azure resources and subscriptions while Azure AD roles control access to tenant-level resources and configurations within the Azure AD service.
33
What types of resource locks can you apply in Azure and what do they affect?
You can apply two types of resource locks: CanNotDelete (prevents deletion but allows modifications) and ReadOnly (prevents all modifications). These locks only affect the Azure control plane operations not data plane operations within resources like databases or storage.
34
How are virtual networks defined and scoped in Azure?
A virtual network (VNet) is defined by one or more IPv4 address spaces (optionally IPv6) and it exists within the scope of a single Azure subscription and region. It cannot span multiple subscriptions or regions.
35
How are subnets sized and IP addresses allocated within Azure virtual networks?
Within a VNet you define one or more subnets that are subsets of the VNet address space. Each subnet loses 5 IP addresses for Azure's use (network broadcast gateway DNS). Resources deployed to a subnet are allocated a dynamic private IP from the remaining subnet range by Azure's DHCP service.
36
What is the purpose of assigning a public IP address to an Azure resource?
Assigning a public IP address to an Azure resource allows it to be accessed from the public internet. Without a public IP the resource is only accessible over its private IP from within the VNet or connected networks.
37
How can you enable communication between resources in different Azure virtual networks?
You can peer virtual networks within the same region or across regions. Peering allows resources to communicate using private IP addresses. You can enable the "Use Remote Gateway" setting to allow spokes to use the hub VNet's gateway connectivity (VPN ExpressRoute).
38
What is the purpose of Azure Virtual Network Manager?
Azure Virtual Network Manager allows you to centrally define and manage connectivity between virtual networks. You can create network groups (static or dynamic) and define hub-and-spoke or mesh topologies for connectivity between the groups. It also provides security admin rules to allow/deny traffic before NSG rules.
39
What are Network Security Groups (NSGs) in Azure?
NSGs are sets of inbound and outbound security rules that can be applied to subnets or individual network interfaces. Rules specify priorities source/destination IP ranges or service tags ports and allow/deny actions.
40
What are service tags in Azure Network Security Groups?
Service tags represent groups of IP address prefixes for specific Azure services which can be used in NSG rules instead of specifying explicit IP ranges. This allows rules to dynamically cover Azure service IP ranges as they change.
41
What are application security groups in Azure?
Application security groups are tags that can be applied to network interfaces. These groups can then be used in NSG rules to allow or deny traffic from/to the tagged resources instead of specifying explicit IP addresses.
42
What are the default inbound and outbound rules in Azure Network Security Groups?
By default inbound rules deny all inbound traffic except for traffic within the same VNet and certain Azure Load Balancer probes. Outbound rules allow all outbound traffic to the internet and within the VNet by default.
43
What are service tags in Azure Network Security Groups?
Service tags represent groups of IP address prefixes for specific Azure services which can be used in NSG rules instead of specifying explicit IP ranges. This allows rules to dynamically cover Azure service IP ranges as they change.
44
What are application security groups in Azure?
Application security groups are tags that can be applied to network interfaces. These groups can then be used in NSG rules to allow or deny traffic from/to the tagged resources instead of specifying explicit IP addresses.
45
How can you view the effective routes for a network interface in Azure?
You can see the effective routes for a network interface by going to the virtual machine details then under "Networking" there is a section called "Effective routes" which shows all the routes affecting that network interface.
46
What is Azure Firewall and what are its features?
Azure Firewall is a managed network virtual appliance that provides network and application-level filtering. It can define inbound/outbound rules perform SNAT DNAT application-level filtering URL filtering TLS inspection (premium SKU) and is a fully managed IPS/IDS (premium SKU).
47
What is the purpose of Azure DNS and how does it work?
Azure DNS provides DNS domain hosting services for public and private DNS zones. Public zones can host public DNS records and use alias records to prevent dangling DNS issues. Private DNS zones allow automatic DNS record registration for Azure resources in associated VNets and enable DNS resolution between services.
48
How do Azure resources resolve DNS names?
Azure resources resolve DNS names by querying the IP address 168.63.129.16 which is Azure's DNS service. This IP is only accessible to resources within a VNet. For on-premises resources Azure Private DNS Resolver can be used to resolve records in private DNS zones.
49
What is the Azure Private DNS Resolver and its capabilities?
The Azure Private DNS Resolver is a service that allows resources outside a VNet to resolve records in Azure Private DNS zones. It can also forward queries for custom DNS servers enabling hybrid DNS resolution scenarios.
50
What are the two types of VPN gateways in Azure and what are their differences?
There are two types of VPN gateways: policy-based (static routing not recommended) and route-based (dynamic routing recommended). Route-based supports multiple tunnels point-to-site VPN and is more flexible.
51
How does an Azure Site-to-Site VPN work?
In a Site-to-Site VPN a VPN gateway is created in Azure and a VPN server on-premises establishes an encrypted connection over the internet to connect the on-premises network's IP space to the Azure virtual network's IP space.
52
What is ExpressRoute and how does it work?
ExpressRoute provides private connectivity between an on-premises network and Azure by connecting the customer's network to the Microsoft global network at a colocation facility (meet-me location). This allows private IP space communication without going over the internet.
53
What is ExpressRoute Global Reach and how is it different from private peering?
Private peering connects an on-premises IP space to an Azure virtual network. Global Reach enables connectivity between different on-premises networks connected via different ExpressRoute circuits using the Microsoft backbone.
54
What is Microsoft Peering in ExpressRoute?
Microsoft Peering allows private connectivity from the on-premises network to specific Azure PaaS services (e.g. Storage SQL) without going through a virtual network by advertising routes via the ExpressRoute BGP connection.
55
What is Azure Virtual WAN and what are its SKUs?
Azure Virtual WAN is a managed service that provides site-to-site VPN ExpressRoute connectivity and hub-and-spoke networking. The Basic SKU provides site-to-site VPN while the Standard SKU adds ExpressRoute transit routing and other advanced features.
56
What are User-Defined Routes in Azure and how are they used?
User-Defined Routes allow overriding the default routing behavior in an Azure virtual network by specifying that for a certain IP address space traffic should be routed to a specific next-hop such as a virtual appliance like an Azure Firewall.
57
What are service endpoints in Azure and how do they work?
Service endpoints allow resources in a specific subnet to communicate with an Azure service over its public endpoint by whitelisting the subnet for that service. It provides more direct connectivity and allows controlling access at the subnet level.
58
What are private endpoints in Azure and how do they differ from service endpoints?
Private endpoints create a private IP address in a subnet that connects to a specific instance of an Azure service bypassing the public endpoint. This allows complete isolation from the public internet and direct connection from on-premises or other virtual networks.
59
How can you expose your own services in Azure using private endpoints?
You can enable the Private Link Service on a Standard Load Balancer with a private frontend IP. Then you can create private endpoints that connect to this frontend IP enabling secure access to your services from other virtual networks without peering.
60
What is Azure Bastion and what are its different SKUs?
Azure Bastion is a managed jump box service that allows secure remote access to virtual machines without exposing public IP addresses. The Basic SKU allows access to VMs in the same VNet while Standard enables peered VNets cross-platform access and additional features.
61
What are the two main types of load balancing solutions in Azure?
The two main load balancing solutions are Azure Load Balancer (Layer 4 - TCP/UDP) and Azure Application Gateway (Layer 7 - HTTP/HTTPS).
62
What are the components of an Azure Load Balancer?
An Azure Load Balancer has a frontend IP (internal or external) one or more backend pools containing VM IP addresses health probes to monitor backend instances load balancing rules and inbound NAT rules for direct VM access.
63
What are the different SKUs of the Azure Load Balancer and what are their differences?
There are Basic and Standard SKUs. The Basic SKU provides load balancing within a single availability set while the Standard SKU supports multiple availability sets availability zones and cross-region load balancing scenarios.
64
What are the different tuple options for load balancing rules in Azure Load Balancer and what do they determine?
The tuple options are 5-tuple (Source IP Source Port Destination IP Destination Port Protocol) 3-tuple (Source IP Destination IP Protocol) and 2-tuple (Source IP Destination IP). They determine how sticky the client-to-backend mapping should be based on the parameters considered.
65
What are the differences between the Basic and Standard SKUs of Azure Load Balancer?
The Basic SKU supports up to 300 instances in a backend pool has no SLA is being deprecated on September 30 2025 and only supports NIC as backend resources. The Standard SKU supports up to 1000 instances has an SLA supports availability zones and allows both NIC and IP addresses as backend resources.
66
What is a floating IP rule in Azure Load Balancer and how does it work?
A floating IP rule ensures that the frontend IP address of the Load Balancer is used as the source IP when traffic is forwarded to the backend pool instances. This avoids the need for clients to rewrite application data due to network address translation.
67
What is Azure Application Gateway and what features does it provide?
Azure Application Gateway is a Layer 7 load balancing solution optimized for web traffic (HTTP HTTPS WebSocket). It provides features like URL routing SSL/TLS termination Web Application Firewall session affinity and more.
68
What are the deployment options for Azure Application Gateway regarding frontend IP configuration?
As of the time of recording Application Gateway can have a public IP a private IP or both. Previously it was required to have a public IP but now it's optional.
69
How does Azure Traffic Manager work and what routing methods does it support?
Azure Traffic Manager is a global DNS-based traffic routing service. It resolves a name to one of the available endpoints based on routing methods like Performance (closest endpoint) Round Robin Geographic Weighted and more.
70
What is the Cross-Region Load Balancer in Azure and how does it work?
The Cross-Region Load Balancer is a global public IP address that can route traffic to regional Standard Load Balancers across multiple Azure regions. It provides a single endpoint for clients and transparently routes traffic to the appropriate regional backend.
71
What is Azure Front Door and how does it provide global load balancing for Layer 7 traffic?
Azure Front Door is a global Layer 7 load balancing solution for web traffic. It uses a global anycast IP address split TCP and Microsoft's global network to establish client connections at the nearest Point of Presence and then retrieve content from the origin backends which can be across regions.
72
What are the different redundancy options available for Azure Storage accounts?
The redundancy options are: Locally Redundant Storage (LRS - 3 copies in one cluster) Zone Redundant Storage (ZRS - 3 copies across Availability Zones in a region) Geo-Redundant Storage (GRS - 3 copies in the primary region asynchronously replicated to 3 copies in a paired secondary region) and Geo-Zone Redundant Storage (GZRS - 3 copies across Availability Zones in the primary region asynchronously replicated to 3 copies in one cluster in the paired secondary region).
73
What are the different types of data storage services available in an Azure Storage account?
The main data storage services are: Blobs (Block Append and Page) Files (SMB/NFS file shares) Tables (schema-less key-value data) and Queues (message queueing).
74
What is the difference between Standard and Premium storage accounts in Azure?
Standard storage accounts use traditional hard disk drives and offer the general-purpose V2 (GPv2) account type with all storage services. Premium storage accounts use solid-state drives (SSDs) and offer service-specific account types like BlockBlobStorage FileStorage etc. Premium File shares are billed based on provisioned size not data stored.
75
What is Storage Explorer and how can it be used to interact with Azure Storage?
Storage Explorer is a graphical tool that allows you to interact with Azure Storage accounts. You can view and manage Blobs File Shares Queues Tables and perform operations like adding/removing items uploading/downloading data and more.
76
What is the 'read-access geo-redundant' option for Azure Storage accounts?
The 'read-access geo-redundant' option allows you to read data from the geo-replicated copy of your storage account in the secondary paired region in addition to the primary region.
77
What is AzCopy and what is the server-side asynchronous copy feature?
AzCopy is a command-line utility for copying data to/from Azure Storage. The server-side asynchronous copy feature allows you to efficiently copy data between storage accounts without downloading it to your local machine first.
78
What are the different tiers available for Azure Blob Storage and how do they differ in pricing and usage scenarios?
The tiers are: Hot (highest capacity cost lowest transaction cost - for frequent access data) Cool (lower capacity cost higher transaction cost - for infrequent access data) Cold (lowest capacity cost highest transaction cost - for rarely accessed data) and Archive (lowest capacity cost high cost to rehydrate data - for data to be stored for at least 180 days).
79
What are lifecycle management policies for Azure Blob Storage and how can they help optimize costs?
Lifecycle management policies allow you to define rules to automatically transition blobs between the different access tiers (Hot Cool Cold Archive) based on filters like age last access time etc. This helps optimize costs by moving less frequently accessed data to lower-cost tiers.
80
What is object replication in Azure Blob Storage and how is it different from geo-replication?
Object replication allows you to asynchronously copy blobs between storage accounts across containers and even across regions based on rules you define. Unlike geo-replication which only replicates to the paired region object replication gives you more flexibility in where you replicate your data.
81
What is Azure File Sync and how does it work?
Azure File Sync allows you to centralize your file shares in Azure Files while keeping the flexibility to cache the data on-premises for local access. It synchronizes changes from the cloud endpoint to on-premises servers or cloud-based Windows file shares.
82
What is the purpose of having two access keys in an Azure Storage account?
The two access keys allow you to rotate and regenerate one key at a time without disrupting access to the storage account. While one key is in use you can regenerate the other key and then switch to using the new key.
83
What is the preferred way to access Azure Storage data instead of using the storage account access keys?
The preferred way is to use role-based access control (RBAC) for the data plane which allows you to assign granular permissions to identities (users or service principals) through built-in roles like "Blob Data Reader" or "Queue Data Contributor".
84
What are shared access signatures in Azure Storage and when are they useful?
Shared access signatures (SAS) provide granular time-limited access to specific storage resources without exposing the storage account keys. They are useful when you need to grant temporary access to a client or an untrusted application.
85
How does encryption work for Azure managed disks compared to Storage accounts?
For managed disks you first create a disk encryption set in your Azure Key Vault and then associate your managed disks with that encryption set. This allows you to use your own customer-managed keys to encrypt the disks at rest.
86
What are the different types of Azure managed disks and how do they differ in performance characteristics?
The types are: Standard HDD Standard SSD (with burst capabilities) Premium SSD (with configurable performance tiers) Premium SSD v2 (with configurable IOPS and throughput) and Ultra Disk (with highest performance and lowest latency configurable IOPS and throughput).
87
What is the recommended way to provision resources in Azure?
The recommended way to provision resources in Azure is to use declarative methods like ARM JSON templates or Azure Bicep rather than manually creating resources through the portal or CLI. These templates allow you to define the desired state of resources and can be version-controlled and automated through pipelines.
88
What are the different service models in Azure and how do they differ in terms of responsibilities?
The service models are: Infrastructure as a Service (IaaS) like Virtual Machines where you manage the OS data and application
89
Why is it important to choose the right VM size and SKU for your workload?
Choosing the right VM size and SKU is important to ensure that your workload has the appropriate resources (CPU memory storage networking) and performance characteristics. This helps avoid wasted resources or underprovisioning and allows you to scale out by adding or removing VMs based on demand.
90
What are the different dimensions that define a VM size and SKU in Azure?
The dimensions include CPU count/speed memory amount storage performance characteristics (disk type IOPS throughput) networking capabilities and specialized hardware like GPUs. These dimensions combine to define the VM's capabilities and performance characteristics.
91
How can you scale virtual machines in Azure based on workload demand?
Azure allows you to scale VMs by adding or removing instances based on demand. Rather than provisioning a single large VM you can deploy multiple smaller VMs and scale out by adding more instances or scale in by removing instances as the workload changes.
92
What is the purpose of Azure Bastion and how does it help secure access to virtual machines?
Azure Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over SSL. It helps reduce the attack surface by eliminating the need for public IP addresses on VMs removing the need for jump boxes and providing just-in-time access through the Azure portal.
93
What is the difference between Availability Sets and Availability Zones in Azure?
Availability Sets provide resiliency by spreading VMs across different fault domains (racks) within a datacenter. Availability Zones offer a higher level of resiliency by physically separating resources across different datacenters with isolated power networking and cooling protecting against datacenter-level failures.
94
What is a Virtual Machine Scale Set in Azure and how does it help with scaling?
A Virtual Machine Scale Set allows you to deploy and manage a group of identical load balanced VMs. It enables automatic scaling by adding or removing VMs from the scale set based on configurable rules tied to performance metrics like CPU utilization. This allows automatic scaling of resources to match workload demand.
95
What are the differences between Uniform and Flexible Virtual Machine Scale Sets?
Uniform scale sets have a single VM template and configuration across all instances. Flexible scale sets allow mixing different VM sizes types (e.g. spot instances) and configurations within the same scale set providing more flexibility in optimizing costs and capabilities.
96
What is the purpose of a Container Registry in Azure?
A Container Registry in Azure is a private secure registry for storing and managing your container images. It allows you to build push and pull container images to be used for deploying containerized applications across Azure services like Azure Kubernetes Service App Service etc.
97
How does a Docker container differ from a Virtual Machine in terms of its architecture and resource utilization?
A Docker container runs at the user mode level sharing the host kernel with other containers while a Virtual Machine runs a complete guest operating system with higher overhead. Containers provide process isolation and share kernel resources resulting in a more lightweight and efficient utilization of resources compared to VMs.
98
What is the purpose of Azure Container Instances (ACI) and how does it differ from Azure Kubernetes Service (AKS)?
Azure Container Instances (ACI) allows you to run individual containers without managing any underlying infrastructure. It's suitable for simple standalone containerized workloads. Azure Kubernetes Service (AKS) provides a full container orchestration layer using Kubernetes enabling management of multi-container applications scalability networking storage and other advanced features.
99
What are the different networking models available in Azure Kubernetes Service (AKS) for pod communication?
The different networking models in AKS include: Kubenet (basic) Azure CNI (pods share IP space with nodes) Azure CNI with Kubernetes Calico (dynamic IP allocation) and Azure CNI overlay (separate pod IP space using overlay networking).
100
What is the purpose of App Service in Azure and how does it differ from container-based services like AKS?
App Service is a fully managed platform for building and hosting web applications and services without managing underlying infrastructure. It provides predefined app hosting plans with autoscaling capabilities. Unlike container services like AKS which require managing containers and orchestration App Service abstracts away those complexities for simpler web app hosting.
101
What are the different components of Azure Monitor and how do they aid in monitoring Azure resources?
Azure Monitor provides monitoring data through: Activity Log (control plane events) Metrics (time-based resource signals) Logs (configured via Diagnostic Settings to send to storage event hubs or Log Analytics) and various agents/extensions for guest-level monitoring. This allows comprehensive monitoring of Azure resources across control plane resource metrics and log data.
102
What are the different types of Log Analytics workspaces available in Azure Monitor and how do they differ in terms of capabilities and pricing?
There are three types of Log Analytics workspaces: Analytics (full KQL capabilities included data ingestion/storage) Basic (subset of KQL pay per query and storage) and Archive (long-term storage up to 12 years requires restore/search jobs to query). Analytics is suitable for full query capabilities Basic is cost-effective for limited use cases and Archive is for long-term data retention.
103
What is the purpose of Network Watcher in Azure and what are some of its key features?
Network Watcher is a network monitoring and troubleshooting tool in Azure. Its key features include: network topology view IP flow verification next hop information VPN diagnostics NSG flow logging packet capture and connection troubleshooting. It helps diagnose and resolve network issues within Azure resources.
104
How can alert processing rules in Azure Monitor help manage and respond to alerts?
Alert processing rules in Azure Monitor allow you to define actions to take or suppression rules when alerts are raised. You can configure action groups (email SMS webhooks functions etc.) to be called when specific alerts occur or suppress alerts based on schedules severity or other criteria. This helps streamline alert response and notification processes.
