Microsoft Azure Fundamentals Flashcards
It is the delivery of compute services over the internet to provide faster innovation, flexible resources, and economies of scale.
You typically pay only for services you use.
Cloud Computing
Cost
Improved Speed
Scalability
Increased Productivity
Better Performance
Reliability
Improved Security
Benefits of Cloud Computing
A cloud computing service that offers compute, storage, and networking resources on demand. Service provider manages the infrastructure.
- Lift and shift scenario
- Storage and Backup
- Web Apps
- High-performance Computing
Infrastructure-As-A-Service
A complete development and deployment environment in the cloud.
Includes servers, storage, networking, middleware, development tools, BI services, database management systems.
Supports the complete web application lifecycle
You manage the applications and services and the service provider manages everything else
- Development Framework
Platform-As-A-Service
Provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider
Infrastructure, middleware, app software, and app data are located in the service provider’s data center
Service provider manages underlying hardware and software
Refers to cloud-based applications that users connect to and use over the internet.
Software-As-A-Service
Cloud deployment model where services are offered over the public internet and available to anyone who wants to purchase them
Public Cloud
Cloud deployment model used only by users from one business or organization.
Can be physically located in on-site datacenter, or can be hosted by a third-party service provider.
Private Cloud
Cloud deployment model that combines a public cloud and a private cloud by allowing data and applications to be shared between them
Hybrid Cloud
- No upfront costs
- No need to purchase or manage infrastructure
- Pay for additional resources only when needed
- Stop paying for unneeded resources
Benefits of a consumption based model
Users pay only for the resources that they use
Consumption based model
A continuous user experience with virtually no downtime
High Availability
- Can scale vertically (increase compute capacity by adding RAM or CPUs)
- Can scale horizontally (increase compute capacity by adding instances of resources, such as adding VMs to the configuration)
Scalability
Cloud-based apps can take advantage of autoscaling, where resources are always available when needed
Elasticity
Deploy and configure cloud-based resources quickly as app requirements change
Agility
Deploy apps and data to regional datacenters around the globe to ensure that your customers always have the best performance in their region
Geo-distribution
Cloud-based backup services, data replication options, and geo-distribution allow you to deploy apps while ensuring that data is safe in the event of disaster
Disaster Recovery
What features are deployed in each Azure region and are deployed within latency-defined parameters?
Datacenters
What protect resources against rack failures within a datacenter?
Availability Sets
What do you call physically separate locations within each Azure region that are tolerant to local datacenter failures?
Availability Zones
True or False. An Azure resource group is a container that holds related resources for an Azure solution, and typically includes resources that you want to manage as a group.
True
True or False. Azure is made up of datacenters located around the globe.
True
An on-demand computing service for running cloud-based applications.
Popular services:
Azure Virtual Machines
Azure Container Instances
Azure App Service
Azure Functions
Azure Compute
Container offering great for scenarios that can operate in isolated containers
Azure Container Instances
Container offering that is great for full container orchestration
Azure Kubernetes Service
Azure service that allows your Azure resources like VMs, web apps and database to communicate with users on the internet and with on-prem clients computers
Azure Virtual Networks
Required when creating a VNET. Must be specified using public and private addresses.
Address Space
Enables you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network’s address space to each subnet.
Subnets
True or False. VNet is scoped to a single region/location; however, multiple virtual networks from different regions can be connected together using Virtual Network Peering.
True
True or False. VNet is scoped to a subscription. You can implement multiple virtual networks within each Azure subscription and Azure region.
True
Allows virtual networks connection within the same Azure region
Virtual network peering
Allows virtual network connection across Azure regions
Global virtual network peering
True or False. Traffic between peered virtual networks is private
True
True or False. No public internet, gateways, or encryption is required in peered virtual networks.
True
Allows you to connect on-prem datacenters to vNets through a site-to-site connection, to connect individual devices to vNets through a point-to-site connection, and to connect vNets to other virtual networks through a network-to-network connection
VPN Gateway
A VPN gateway type that support IKEv1 and use static routing
Policy-based VPN
A VPN gateway type that support IKEv2 and use dynamic routing
Route-based VPN
It extends on-prem networks into the Microsoft cloud over a private connection and establish connections to Microsoft cloud services.
Azure ExpressRoute
True or False. Azure ExpressRoute don’t go over the public Internet.
True
Allows you to access Azure PaaS Services and Azure customer-hosted services over a private endpoint in your virtual network
Azure Private Link
A network interface that uses a private IP address from your virtual network that connects you privately and securely to a service that’s powered by Azure Private Link
A Private endpoint
True or False. Traffice between your vNet and the service you are connecting to via a private link travels the Microsoft backbone network.
True
Premium storage account type for page blobs only.
Premium page blobs
Premium storage account type for file shares only. Recommended for enterprise or high-performance scale applications. Supports both Server Message Block (SMB) and NFS file shares.
Premium File Shares
Premium storage account type for block blobs and append blobs. Recommended for scenarios with high transaction rates or that use smaller objects or require consistently low storage latency.
Premium Block Blobs
Standard storage account type for blobs, file shares, queues, and tables. Recommended for most scenarios using Azure Storage.
Standard general-purpose v2
It is optimized for storing massive amounts of unstructured data
Blob storage
True or False. Azure files are fully managed file shares in the cloud.`
True
True or False. Server Message Block (SMB) file shares are accessible from Windows, Linux, macOS.
True
True or False. Network File System (NFS) shares are accessible from Linux / macOS
True
To implement communication between components of a distributed app what does Azure Queue Storage implement?
Cloud-based queues
True or False. Each queue maintains a list of messages that can be added by a sender component and processed by a receiver component
True
A storage service that stores structured NoSQL data in the cloud and provides key/attribute store with a schemaless design
Azure Table storage
The following are examples of use case for what kind of Azure storage:
- Storing TBs of structured data capable of serving web scale applications
- Storing datasets that don’t require complex joins, foreign keys, or stored procedures and can be denormalized for fast access
- Quickly querying data using a clustered index
- Accessing data using the OData protocol and LINQ queries with WCF Data Service .NET Libraries
Azure Table storage
A managed disk that’s attached to a virtual machine to store application data, or other data you need to keep.
Data disk
A managed disk a pre-installed OS, which was selected when the VM was created. This disk contains the boot volume.
OS disk
Is not a managed disk, provides short-term storage for applications and processes, and is intended to only store data such as page or swap files
Temporary disk
Highest-performing storage option for Azure VMs
Ultra Disks
High-performance and low latency disk support for VMs with IO-intensive workloads
Premium SSDs
Designed for IO-intense enterprise workloads that require consistent sub-millisecond disk latencies and high IOPs
Premium SSD v2
Deliver reliable low-cost disk support for VMs running latency-tolerant workloads
Standard HDDs
What redundancy option provides the following:
- Replicates your data three times within a single data center in the selected region.
- Protects your data against server rack and drive failures.
- Provide at least 99.999999999% (11 9’s) of durability over a given year.
Locally-Redundant Storage (LRS)
What redundancy option provides the following:
- Synchronously replicates your Azure managed disk across three Azure availability zones in the region you select.
- Provide at least 99.9999999999% (12 9’s) of durability over a given year.
Zone-Redundant Storage (ZRS)
Copies your data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in the secondary region. Within the secondary region, your data is copied synchronously three times using LRS.
Geo-redundant storage (GRS)
Copies your data synchronously across three Azure availability zones in the primary region using ZRS. It then copies your data asynchronously to a single physical location in the secondary region. Within the secondary region, your data is copied synchronously three times using LRS.
Geo-zone-redundant storage (GZRS)
Command-line utility used to copy blobs or files to or from a storage account
AzCopy
AzCopy supported storage type
Blob Storage and File Storage
AzCopy supported authorization for Blob storage
Azure AD & SAS
AzCopy supported authorization for File storage
SAS only
It helps centralize file shares in Azure Files
Azure File Sync
It helps transform Windows Servers into a quick caches of Azure file shares
Azure File Sync
Some protocols used by Azure File Sync to access data on Windows server
SMB, NFS, FTPS
It allows discovery and assessment of servers including SQL and web apps
Azure Migrate: Discovery and assessment
It is used to migrate VMware VMs, Hyper-V Vms, physical servers, other virtualized servers and public cloud VMs to Azure
Azure Migrate: Server Migration
A stand-alone tool designed to allow you to asses SQL Server databases for migration to Azure SQL Database, Azure SQL Managed Instance, or Azure VMs running SQL Server
Data Migration Assistant
It allows you to migrate on-prem databases to Azure VMs running SQL Server, Azure SQL Database, or SQL Managed Instances
Azure Database Migration Service
It helps in assessing on-prem web apps before migration to Azure
Azure App Service Migration Assistant
It uses secure transfer of data via a physical storage device and migrate large amounts of offline data, up to 80 TB to Azure
Azure Data Box
Microsoft’s managed network security service in Azure that protects Azure Virtual Network resources. A cloud-native and intelligent network firewall security service that provides the best of breed threat protection for your cloud workloads running in Azure. It’s a fully stateful, firewall as a service with built-in high availability and unrestricted cloud scalability. It provides both east-west and north-south traffic inspection.
Azure Firewall
Provides enhanced DDoS mitigation features to defend against DDoS attacks. It’s automatically tuned to help protect your specific Azure resources in a virtual network. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes.
Azure DDoS Protection
It filters network traffic between Azure resources in an Azure virtual network. Contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. You can specify source and destination, port, and protocol for each rule.
Azure network security group
Enable you to configure network security as a natural extension of an application’s structure, allowing you to group virtual machines and define network security policies based on those groups. You can reuse your security policy at scale without manual maintenance of explicit IP addresses.
Application security groups
It identifies the entity seeking access to a resource. Challenges for credentials. Basis for creating secure identity & access control principles.
Authentication
It is separate from authentication. Establishes an authenticated entity’s level of access. Which data can be accessed, and what can be done with it.
Authorization
Microsoft’s Azure-based identity and access management service
Azure Active Directory
Provides added security for user authentications by requiring two or more elements for authentication
Multi-Factor Authentication
A thing that can get authenticated.
Identity
An identity created through Azure AD Account or another Microsoft cloud service such as Microsoft 365
Azure AD Account
Includes the tenant’s users, groups, and apps and is used to perform identity and access management functions for tenants resources
Azure AD Directory
Automatically assigned to whomever created the Azure AD tenant.
Azure AD Global Administrator
True or False. An Azure Active Directory domain services managed domain is a standalone domain
True
Azure Active Directory domain services managed domain is not an extension of an on-prem Active Directory domain.
True
Allows uses to change their passwords via a web browser from virtually any device
Self-Service Password Reset (SSPR)
Requires a second form of authentication
Multi-factor authentication
Requires a combination of
- Something the user knows
- Something the user has
- Something the user is
Azure multi-factor authentication
User credentials are provided via methods like biometrics through Windows Hello for Business or through FIDO2 security key
Passwordless Authentication
Allows you to specify conditions under which users can access apps and data. Relies on several signals to determine who can access which apps and data
Conditional Access
Used to dictate what happens when conditions of a Conditional Access policy are met. Used to determine whether access should be granted or not. Used to determine if extra verification should be required.
Access Controls
True or False. Conditional Access is only available in the paid editions of Azure AD.
True
True or False. Conditional Access is only available in the paid editions of Azure AD.
True
Used to control permissions for Azure AD resource management
Azure AD Roles
True or False. Custom roles can be created if you require more flexibility when granting access.
True
Management of access using Roles
Role-Based Access Control
The central feature in Defender for Cloud
Secure Score
True or False. The higher the score the lower the identified risk level.
True
It allows you to continually assess your environment, secure it, and defend against threats.
Defender for Cloud
Collect, analyze, and act upon telemetry from both cloud and on-prem environments
Azure Monitor
Provides personalized guidance and support whenever issues with Azure services affect you
Azure Service Health
- Provide metadata for resources
- Locally organize resources
- Consist of a name-value pairs
- Organize resources for billings
Tags
- Performs evaluations of resources and scans for those that are non-compliant.
- Can automatically remediate non-compliant resources and configurations.
- Uses policies and initiatives
Azure Policy
- Based on allow model
- Provides fine-grained access management for Azure resources
- Allows certain actions at each scope level
Role Based Active Control
- Used to prevent accidental deletion or modification of Azure resources
- Managed from within Azure portal
Resource Locks
- Used to define repeatable sets of Azure resources that implement and adhere to standards, patterns, and requirements
Azure Blueprints
Set of tools that organizations can use to monitor, allocate and optimize Azure costs
Azure Cost Management
This tool can be used by organizations to manage governance across multiple Azure subscriptions
Management Groups
It is used by organizations to define performance targets (uptime) for Azure products and services
Service Level Agreements
A logical collection of Azure services that links to an Azure account
Azure subscription
The support plan that does not offer 24x7 access to Support Engineers by email and phone
Developer
True or False. An organization that pays for resources in advance can take advantage of discounted pricing through Azure Reservation offers
True
This give all Azure customers a chance to test beta and other pre-release features
Public Preview
A product or feature that is released to all Azure customers
General availability
