John Saville - Gemini Pro Flashcards

Question 1

Q

What is the new name for Azure AD?

Question 2

Q

What is the key difference between entra ID and Active Directory Domain Services?

Answer

A

entra ID speaks Cloud while ADDS speaks on-premises protocols

Question 3

Q

What is the standard way to interact with entra ID?

Answer

A

Microsoft Graph

Question 4

Q

What are the two technologies for replicating from Active Directory to entra ID?

Answer

A

entra Connect and entra Connect Cloud Sync

Question 5

Q

Which way does the replication flow?

Answer

A

From Active Directory to entra ID

Question 6

Q

What is the purpose of having a Cloud identity?

Answer

A

To allow applications to trust it for authentication and authorization

Question 7

Q

What is the name of the particular instance of entra ID for an organization?

Question 8

Q

What is the default domain name for a new entra ID tenant?

Answer

A

something.onmicrosoft.com

Question 9

Q

What is the purpose of external users?

Answer

A

To allow interaction with users from other organizations without creating separate accounts

Question 10

Q

What is the difference between a guest and an external user?

Answer

A

Guests are external users by default, but they can be made members of the tenant

Question 11

Q

What are the different ways to provision accounts in entra ID?

Answer

A

Synchronization, manual creation, bulk creation, and provisioning from external systems

Question 12

Q

What are the two types of groups in entra ID?

Answer

A

Security groups and Microsoft 365 groups

Question 13

Q

What is the difference between registering and joining a device in entra ID?

Answer

A

Registering is for personal devices, while joining is for corporate devices

Question 14

Q

What are the different levels of entra ID licenses?

Answer

A

Free, P1, P2, and Governance add-on

Question 15

Q

What is the purpose of conditional access?

Answer

A

To enforce additional security checks based on factors such as device, location, and risk

Question 16

Q

What is the purpose of privileged identity management?

Answer

A

To manage and monitor privileged accounts

Question 17

Q

What is the purpose of self-service password reset?

Answer

A

To allow users to reset their own passwords without contacting the help desk

Question 18

Q

Who should have the global administrator role?

Answer

A

Only a few trusted individuals

Question 19

Q

Is entra ID a hierarchical structure?

Answer

A

No, it is a flat structure

Question 20

Q

What is the difference between the Azure commercial cloud and other clouds?

Answer

A

They have different URLs, tenants, regions, and availability zones

Question 21

Q

What is the purpose of availability zones?

Answer

A

To provide redundancy and resilience within a region

Question 22

Q

How many availability zones are exposed to a subscription?

Question 23

Q

What is the goal of using multiple regions?

Answer

A

To avoid single points of failure and improve disaster recovery

Question 24

Q

What is the purpose of subscription?

Answer

A

To organize and manage resources

Question 25

Q

What is the purpose of management groups?

Answer

A

To organize subscriptions and apply policies, access control, and budgets

Question 26

Q

What are the three core things that management groups can be used for?

Answer

A

Access control, policy, and budgets

Question 27

Q

How are policies and budgets inherited?

Answer

A

They are inherited from parent management groups to child management groups and subscriptions

Question 28

Q

What is the purpose of a management group?

Answer

A

To organize subscriptions and apply policies, access control, and budgets

Question 29

Q

What is the purpose of a subscription?

Answer

A

To organize and manage resources

Question 30

Q

What is the purpose of a resource group?

Answer

A

To group related resources that will be provisioned, run, and decommissioned together

Question 31

Q

What is Azure Hybrid Benefit?

Answer

A

A program that allows customers to use existing Windows Server and SQL Server licenses in the cloud

Question 32

Q

What is Azure Reservation?

Answer

A

A one or three-year commitment to use a specific service in a specific region, which results in a discount

Question 33

Q

What is Azure Savings Plan?

Answer

A

A flexible one or three-year commitment to spend a certain amount on included compute services, which results in a discount

Question 34

Q

How does Azure Savings Plan apply to resources?

Answer

A

It applies the best discount to the resource that is running and then moves on to the next resource

Question 35

Q

Can a resource have both a Savings Plan and a Reserved Instance?

Answer

A

No, it can only have one or the other

Question 36

Q

What is the purpose of cost analysis?

Answer

A

To provide insights into spending and identify areas for optimization

Question 37

Q

What is the purpose of a budget?

Answer

A

To set a financial limit and receive alerts when it is reached or exceeded

Question 38

Q

What are tags?

Answer

A

Key-value pairs that can be applied to resources, resource groups, and subscriptions for organization and filtering

Question 39

Q

Do tags get inherited?

Answer

A

No, by default, tags are not inherited from parent to child resources

Question 40

Q

What is the purpose of Azure policy?

Answer

A

To set guard rails and configure requirements for resources

Question 41

Q

What is the difference between a policy and an initiative?

Answer

A

A policy is a specific condition and effect, while an initiative is a set of policies

Question 42

Q

What is the benefit of using initiatives?

Answer

A

Easier assignment and compliance tracking for multiple policies

Question 43

Q

What is the Microsoft Cloud Security Benchmark?

Answer

A

A free set of initiatives for security best practices

Question 44

Q

What is role-based access control (RBAC)?

Answer

A

A mechanism for assigning permissions to users and groups at different scopes (management group, subscription, resource group, resource)

Question 45

Q

What is the principle of least privilege?

Answer

A

Giving users and groups the minimum amount of permissions necessary to perform their tasks

Question 46

Q

What is the difference between owner, contributor, and reader roles?

Answer

A

Owner: Full access, contributor: All access except changing permissions, reader: Read-only access

Question 47

Q

Can you create custom roles?

Answer

A

Yes, you can create custom roles by cloning existing roles and adding or removing permissions

Question 48

Q

What is the difference between control plane and data plane?

Answer

A

Control plane: Managing Azure resources, data plane: Interacting with data (e.g., writing to a database)

Question 49

Q

What is a virtual network (vnet)?

Answer

A

A private network within Azure that provides IP addresses to resources and defines subnets

Question 50

Q

What is the purpose of a subnet?

Answer

A

To divide a vnet into smaller IP address ranges

Question 51

Q

How many IP addresses are lost in each subnet?

Answer

A

Five (network address, broadcast address, gateway, and two for DNS)

Question 52

Q

What is the difference between standard and basic public IPs?

Answer

A

Standard: Static, basic: Dynamic (retiring on 30th September 2025)

Question 53

Q

What is a public IP address?

Answer

A

An IP address that allows resources to communicate with the public internet

Question 54

Q

What is a prefix?

Answer

A

A contiguous block of IP addresses

Question 55

Q

Can you bring your own IP addresses to Azure?

Answer

A

Yes, but it requires a specific process

Question 56

Q

What is a peering?

Answer

A

A connection between two virtual networks that allows resources to communicate using private IP addresses

Question 57

Q

What is the difference between Gateway Transit and Use Remote Gateway?

Answer

A

Gateway Transit: Allows a virtual network to use the Gateway of another virtual network for connectivity, Use Remote Gateway: Allows a virtual network to use the Gateway of another virtual network for egress

Question 58

Q

What is Azure Virtual Network Manager?

Answer

A

A tool for managing virtual networks and configuring connectivity

Question 59

Q

What are Network Groups in Azure Virtual Network Manager?

Answer

A

Groups of virtual networks that can be used to define connectivity configurations

Question 60

Q

What are Security Admin Rules in Azure Virtual Network Manager?

Answer

A

Rules that apply before local virtual network rules and can be used to allow or deny traffic

Question 61

Q

What is a Network Security Group (NSG)?

Answer

A

A set of rules that control network traffic to and from a virtual network

Question 62

Q

What is a Service Tag?

Answer

A

A tag that represents a range of IP addresses for Azure services

Question 63

Q

What is an Application Security Group?

Answer

A

A tag that can be applied to a network interface to control access to resources

Question 64

Q

What is the default rule for inbound traffic in an NSG?

Answer

A

Deny all traffic except traffic from the virtual network itself

Answer 62

A

Allow all traffic

Answer 63

A

A set of rules that control network traffic to and from a virtual network

Answer 64

A

A tag that represents a range of IP addresses for Azure services

Answer 65

A

A tag that can be applied to a network interface to control access to resources

Answer 66

A

Basic: Low performance, Standard: Up to 30 Gbps, Premium: Up to 100 Gbps, Additional features such as intrusion detection and URL filtering

Answer 67

A

A public and private DNS service provided by Microsoft

Answer 68

A

Public zones are accessible from the internet, while private zones are only accessible within virtual networks

Answer 69

A

A feature that automatically creates DNS records for resources in a virtual network

Answer 70

A

A service that allows resources outside of a virtual network to resolve records in private DNS zones

Answer 71

A

internal.cloudapp.net

Answer 72

A

Yes, but they must also be able to resolve to the Azure DNS IP address (168.63.129.16)

Answer 73

A

Policy-based (static routing) and Route-based (dynamic routing)

Answer 74

A

Policy-based: One tunnel, restrictive, Legacy only, Route-based: Multiple tunnels, point-to-site VPN

Answer 75

A

A private connectivity service that extends a customer’s network into Microsoft’s backbone

Answer 76

A

A type of connectivity that connects private IP spaces within virtual networks

Answer 77

A

Enables connectivity between different Express Route circuits and locations using the Microsoft backbone

Answer 78

A

A type of connectivity that allows customers to connect to Azure PaaS services over Express Route

Answer 79

A

A managed service that provides connectivity and routing for virtual networks and other Azure resources

Answer 80

A

Basic: Site-to-site VPN only, Standard: Express Route, intra-VNet connectivity, Azure Firewall integration, Network Virtual Appliance deployment

Answer 81

A

Custom routing policies that override default routing tables

Answer 82

A

Enable specific subnets to communicate with Azure PaaS services

Answer 83

A

Create a private connection between a subnet and a service, allowing only resources in the subnet to access the service

Answer 84

A

Creates an IP address in a subnet that connects to a specific instance of a service, providing a secure and direct communication channel

Answer 85

A

A private endpoint provides an IP address in a subnet that can be accessed from outside the subnet, while a service endpoint only allows communication from within the subnet

Answer 86

A

A managed jump box service that allows secure access to virtual machines from the internet

Answer 87

A

Basic: Same VNet only, Developer: Same VNet only, Standard: Peered VNets, RDP to Linux, SSH to Windows, Azure CLI support, Sharable link, Copy/paste disable

Answer 88

A

A Layer 7 load balancer that understands HTTP/S and websockets

Answer 89

A

A Layer 4 load balancer that supports TCP and UDP

Answer 90

A

Basic and Standard

Answer 91

A

Has a front-end IP address and one or more backend pools, uses health probes to check backend pool instances

Answer 92

A

Free: 300 backend instances, no SLA, no outbound rules, Basic IP only, Standard: 1000 backend instances, SLA, outbound rules, Nicknames or IP addresses

Answer 93

A

A Layer 7 load balancer that understands HTTP/S, websockets, and other application-layer protocols

Answer 94

A

URL-based routing and redirection, SSL/TLS termination, session affinity, web application firewall protection

Answer 95

A

A DNS-based global load balancer that distributes traffic based on performance, priority, and other factors

Answer 96

A

A global IP address that points to multiple regional load balancers, providing a single endpoint for clients to access

Answer 97

A

General Purpose V2 offers all types of blobs, queues, tables, and files, while Premium Storage is built on SSD technology and offers block blobs, page blobs, and files with higher performance

Answer 98

A

Premium Files are provisioned based on size, meaning users pay for the size of the share they create rather than the amount of data written to it

Answer 99

A

Blob, file shares, queues, tables

Answer 100

A

A tool for interacting with Azure Storage accounts, including viewing contents, writing items to queues, and adding data to tables

Answer 101

A

Locally redundant storage (LRS): Three copies within the same storage cluster, Zone redundant storage (ZRS): Three copies spread over three availability zones, Geo-redundant storage (GRS): Three copies within a storage cluster and three copies in a paired region, Geo-zone-redundant storage (GZRS): Three copies spread over three availability zones and three copies in a paired region’s storage cluster

Answer 102

A

Hot, Cool, Cold, Archive

Answer 103

A

Hot: Highest capacity cost, lowest transaction cost; Cool: Lowest capacity cost, highest transaction cost; Cold: Low capacity cost, high transaction cost; Archive: Super cheap capacity cost, no interaction (offline)

Answer 104

A

A feature that allows users to create rules for automatically moving data between tiers based on filters such as last access time or creation date

Answer 105

A

A feature that enables users to replicate data from a container in one storage account to a container in another storage account, regardless of region

Answer 106

A

Transaction Optimized: Highest capacity cost, lowest transaction cost; Hot: Low capacity cost, high transaction cost; Cool: Lowest capacity cost, highest transaction cost; Premium: Different type of storage account with higher performance

Answer 107

A

Performance configuration, backup snapshots, soft delete, backup Vault integration, Azure AD integration

Answer 108

A

A service that enables synchronization of on-premises file shares with Azure Files

Answer 109

A

Infinite scale, data resilience, offloading of less-used data to the cloud

Answer 110

A

Using data plane role-based access control (RBAC) or shared access signatures (SAS)

Answer 111

A

Storage account keys are powerful and should be rotated regularly; shared access signatures are more granular and can be used for specific services or resources

Answer 112

A

A feature that enables the use of different encryption keys for different containers or blobs within a storage account

Answer 113

A

Standard HDD, Standard SSD, Premium SSD, Premium SSD V2, Ultra Disk

Answer 114

A

Performance is tied to the size of the disk, with larger disks providing better performance

Answer 115

A

By adjusting the IOPS and throughput settings

Answer 116

A

By creating a disk encryption set that uses a key in Azure Key Vault

Answer 117

A

Using declarative templates such as ARM JSON or Azure Bicep

Answer 118

A

Ensures consistency, reduces errors, and allows for version control

Answer 119

A

IaaS: Vendor manages hypervisor, physical servers, storage, networking; customer manages OS, patching, backup, etc.; PaaS: Vendor manages all of the above except customer application and data

Answer 120

A

Serverless offerings like Azure Functions and Logic Apps

Answer 121

A

CPU, memory, storage, network capabilities, special GPUs (e.g., ratio of CPU cores to memory)

Answer 122

A

To optimize resource utilization and avoid wasting resources

Answer 123

A

Adding or removing VM instances based on changing workload requirements

Answer 124

A

Ephemeral, temporary, premium, standard

Answer 125

A

To add capabilities to a virtual machine, such as running scripts or integrating with Azure services

Answer 126

A

A service that provides secure access to virtual machines through a managed jumpbox environment

Answer 127

A

Fault domains are within a single data center, while availability zones are isolated across multiple data centers

Answer 128

A

A group of virtual machines that can be scaled up or down automatically based on demand

Answer 129

A

Uniform scale sets have a fixed scaling profile, while flexible scale sets allow for more customization and the inclusion of spot instances

Answer 130

A

A repository for container images

Answer 131

A

A virtual machine virtualizes the hardware, while a container virtualizes the operating system

Answer 132

A

To store and manage container images

Answer 133

A

To manage the cluster and schedule containers

Answer 134

A

A container instance

Answer 135

A

A request for storage that can be mapped to a persistent volume

Answer 136

A

To add or remove nodes as needed to meet the demand for pods

Answer 137

A

Azure Container Instances is a managed service for running containers without the need for an orchestrator, while AKS is a managed Kubernetes service

Answer 138

A

To define the resources and configuration for a group of app service instances

Answer 139

A

Standard scaling requires manual configuration of scaling rules, while elastic scaling automatically adjusts the number of instances based on load

Answer 140

A

To record control plane operations at the subscription level

Answer 141

A

Metrics are time-based signals, while logs are structured events

Answer 142

A

To configure the collection and destination of logs

Answer 143

A

Powerful analytics capabilities using KQL

Answer 144

A

To collect and analyze metrics and logs from Azure resources

Answer 145

A

Metrics are time-based signals, while logs are structured events

Answer 146

A

To configure the collection and destination of logs

Answer 147

A

To notify you when certain conditions are met

Answer 148

A

Alert processing rules determine which action groups to call and when to suppress alerts, while action groups define the actions to be taken

Answer 149

A

Common workspaces have full KQL capabilities and included data ingestion and storage costs, while basic workspaces have a subset of KQL capabilities and require payment for data ingestion and storage

Answer 150

A

To troubleshoot network-related issues

Answer 151

A

IP flow verification, next hop determination, VPN troubleshooting, connection troubleshooting, packet capture, and NSG diagnostics

Brainscape's Knowledge GenomeTM

John Saville - Gemini Pro Flashcards

Brainscape's Knowledge Genome^TM