Microsoft Fundamentals

Question 1

Azure Active Directory

Answer 1

Solution for identiy management, performs user and access control

also powers single sign on

supports authrization through use of RBAC

Question 2

Powershell

Answer 2

A PowerShell script is a file that contains PowerShell cmdlets and code. A PowerShell script needs to be run in PowerShell.

can also be used to manage Linux and MacoS

Azure Powershell is a module that can be installed locally on computer

Coonect _AZAccount

Question 3

Azure Data Lake Analytics

Answer 3

Azure Data Lake Analytics is an on-demand analytics job service that simplifies big data. Instead of deploying, configuring, and tuning hardware, you write queries to transform your data and extract valuable insights. The analytics service can handle jobs of any scale instantly by setting the dial for how much power you need. You only pay for your job when it is running, making it more cost-effective.

Question 4

Tags

Answer 4

tags appied to a resource group are not inherited by its resources

not all azure resources support tags

Question 5

Azure App Service

Answer 5

PaaS: App Service enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability. App Service supports Windows and Linux and enables automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model.

Question 6

Locks

Answer 6

Locks cannot be applied in the context of specific users and roles

Question 7

Cloud shell

Answer 7

allows access to the CLI and Powershell consoles after you log into the Azure Portal

web based

interactive, browser accessbile shell environment.

New_AZVm

when running PowerShell with Cloud Shell Windows functionality is not available.

Question 8

Network Security Group

Answer 8

A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.

Question 9

HDInsight

Answer 9

Azure HDInsight is a cloud distribution of Hadoop components. Azure HDInsight makes it easy, fast, and cost-effective to process massive amounts of data. You can use the most popular open-source frameworks such as Hadoop, Spark, Hive, LLAP, Kafka, Storm, R, and more. With these frameworks, you can enable a broad range of scenarios such as extract, transform, and load (ETL), data warehousing, machine learning, and IoT.

Open source enterprise wide analytics service, used to analyze streaming or historic data, such as ELT batch processing

Question 10

Azure Subscription

Answer 10

An Azure subscription is a container for Azure resources. It is also a boundary for permissions to resources and for billing. You are charged monthly for all resources in a subscription. A single Azure tenant (Azure Active Directory) can contain multiple Azure subscriptions.

Question 11

An initiative definition

Answer 11

collection of policy definitions that are tailored towards achieving a singular overarching goal.

Question 12

Azure Advisor

Answer 12

Azure Advisor does not provide recommendations on how to configure network settings on Azure virtual machines, the statement is false.

advice on availability, security, performance, cost

personal cloud consultant to optimize Azure deployments.

Question 13

PaaS

Answer 13

Scaling is customers’s responsibility in Paas

in severless computing you need to worry about scaling

Question 14

Subscriptions

Answer 14

You can’t merge two subscriptions into a single subscription. However, you can move some Azure resources from one subscription to another or you can also transfer ownership of a subscription and change the billing type for a subscription.

Question 15

Azure Advisor

Answer 15

Azure Advisor displays security recommendations.

Question 16

Microsoft Azure Sentinel

Answer 16

Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR)solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

Question 17

Azure Key Vault

Answer 17

Azure Key Vault is a centralized cloud service for storing your applications’ secrets in a single, central location. It provides secure access to sensitive information by providing access control and logging capabilities

Question 18

A network security group

Answer 18

A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.

Question 19

Zone

Answer 19

Geographic grouping of Azure regions used to determine billing based on data transfers.

Question 20

Microsoft Compliance Manager

Answer 20

Free workflow based risk assessment tool within Service Trust Portal

allows you to detremine wheterh or not your services meet industry standards

Question 21

Azure virtual machines

Answer 21

Azure virtual machines provide hardware virtualization. Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment than the other choices offered.

Question 22

Azure Database for MySQL

Answer 22

Azure Database for MySQL is the logical choice for existing LAMP stack applications.

Question 23

Azure Blob storage

Answer 23

Azure Blob storage is Microsoft’s object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data, such as text or binary data. Azure Blob Storage is unstructured, meaning that there are no restrictions on the kinds of data it can hold. Blobs are stored in containers, which you can use to organize your blobs depending on your business needs.

Question 24

PowerApps

Answer 24

PowerApps lets you quickly build business applications with little or no code. It is not used to create Azure virtual machines.

Question 25

Azure Sentinel i

Answer 25

Azure Sentinel is Microsoft’s cloud-based SIEM (Security Information and event management. powered by Microsoft’s intelligent security analytics and threat analysis.

Question 26

Azure SQL Database

Answer 26

fully managed platform as a service (PaaS) database

Question 27

Which of the following elements is considered part of the “network” layer of network security?

Answer 27

seperate servers into distinct subnets by role

Question 28

Azure ExpressRoute

Answer 28

Azure ExpressRoute lets you seamlessly extend your on-premises networks into the Microsoft cloud. This connection between your organization and Azure is dedicated and private. Establishing an ExpressRoute connection enables you to connect to Microsoft cloud services like Azure, Office 365, and Dynamics 365. Security is enhanced, connections are more reliable, latency is minimal, and throughput is greatly increased.

Question 29

Azure Pipelines

Answer 29

Azure Pipelines is a CI/CD tool for building an automated toolchain. It lacks features to assign tasks for individual developers to work on. However, it can automate other tools to assign tasks to users.

Question 30

IoT Central

Answer 30

SaaS solution that allows to build ioT solutions without development exertise.

global iOT SaaS, connect, monitor and manage ioT resources

Question 31

Azure DevOps

Answer 31

GitHub is “lighter weight” than Azure DevOps, with a focus on individual developers contributing to open source. Azure DevOps, on the other hand, is more focused on enterprise development with heavier project management and planning tools, and finer-grained access control.

Question 32

Azure Synapse Analytics

Answer 32

Azure Synapse Analytics is a cloud-based Platform-as-a-Service (PaaS) offering from Microsoft. It is a large-scale, distributed, MPP (massively parallel processing) relational database technology in the same class of competitors as Amazon Redshift or Snowflake

Azure Synapse Analytics is an important component of the Modern Data Warehouse multi-platform architecture. Because Azure Synapse Analytics is an MPP system with a shared-nothing architecture across distributions, it is meant for large-scale analytical workloads which can take advantage of parallelism.

Question 33

What operating systems does Microsoft supply Azure Virtual Machine images for?

Answer 33

Windows and Linux

Question 34

Azure Databricks

Answer 34

≈ Azure Databricks helps you unlock insights from all your data and build artificial intelligence (AI) solutions. You can set up your Apache Spark™ environment in minutes, then autoscale and collaborate on shared projects in an interactive workspace. Azure Databricks supports Python, Scala, R, Java, and SQL, as well as data science frameworks and libraries including TensorFlow, PyTorch, and scikit-learn

an Apache Spark based analytics platform designed to provde a collaborative analytics workflow.

Question 35

What is the basic way of protecting an Azure Virtual Network subnet?

Answer 35

Networks Security Group

Question 36

Azure Content Delivery Network

Answer 36

Azure Content Delivery Network: Delivers high-bandwidth content to customers globally.

Question 37

Azure Synapse

Answer 37

Azure Synapse is a limitless analytics service that brings together enterprise data warehousing and Big Data analytics. It gives you the freedom to query data on your terms, using either serverless on-demand or provisioned resources—at scale. Azure Synapse brings these two worlds together with a unified experience to ingest, prepare, manage, and serve data for immediate BI and machine learning needs.

Question 38

Azure Boards

Answer 38

Azure Boards is an agile project-management tool

Question 39

Virtual Network Gateway.

Answer 39

The virtual network gateway needs to be located in a dedicated subnet in the Azure virtual network. This dedicated subnet is known as a gateway subnet and must be named “GatewaySubnet”.

Question 40

Azure Firewall

Answer 40

Azure Firewall is a stateful firewall. A stateful firewall analyzes the complete context of a network connection, not just an individual packet of network traffic. Azure Firewall features high availability and unrestricted cloud scalability.

Question 41

Azure Powershell

Answer 41

Azure PowerShell is a shell that allows developers, DevOps and IT professionals execute commands called cmdlets, or “command-lets”. These commands call the Azure Rest API to perform every possible management task in Azure. The cmdlets can be executed independently or combined into a script file and executed together to orchestrate routine setup, tear-down, and maintenance of a single resource, multiple connected resources, or orchestrate the deployment of an entire infrastructure containing dozens or hundreds of resources from imperative code. Capturing the commands in a script makes the process repeatable and automatable. Azure PowerShell is available for Windows, Linux, and Mac, and can be accessed in a web browser via the Cloud Shell.

Question 42

Azure Security Center

Answer 42

Azure Security Center is a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises. The term security posture refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats.

Question 43

Azure Advisor

Answer 43

Detects threats and vulnerabilities

ensures fault tolerance

helps you reduce spending

protects data from accidental deletion

speed up your applications

does not monitor on premises services, only colud services

Question 44

Azure DevTest Labs.

Answer 44

If your aim is to automate the creation and management of test lab environments, you should chose Azure DevTest Labs. It is the only of the three tools/services that offer this functionality.

Question 45

Azure Repos

Answer 45

is a centralized source code repository where software development, DevOps engineering, and documentation professionals can publish their code for review and collaboration.

Question 46

Azure Monitor

Answer 46

Azure Monitor is used to monitor the health of Azure services. Azure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.

Can use autoscale to add or remove resources as appropriate to minize costs and ensure performance

Question 47

Key Vault

Answer 47

helps provision, manage and deploy both public and private SSL/TLS certificates

Question 48

ARM templates

Answer 48

ARM templates are the best infrastructure-as-code option for quickly and reliably setting up your entire cloud infrastructure declaratively.

Use JSON not Powershell

Question 49

Azure SQL Database

Answer 49

Azure SQL Database is a relational database that is based on the latest stable version of the Microsoft SQL Server database engine. SQL Database is a high-performance, reliable, fully managed and secure database. You can use it to build data-driven applications and websites in the programming language of your choice without needing to manage infrastructure SQL Database can be the right choice for a variety of modern cloud applications because it enables you to process both relational data and non-relational structures, such as graphs, JSON, spatial, and XML.Azure SQL Database is a Platform as a Service Solution

Question 50

Azure Cloud Shell

Answer 50

Azure Cloud Shell allows access to the CLI and Powershell consoles in the Azure Portal

Question 51

resource group

Answer 51

A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.

Question 52

Service Health

Answer 52

Service Health tracks four types of health events that may impact your resources:

Service issues - Problems in the Azure services that affect you right now.

Planned maintenance - Upcoming maintenance that can affect the availability of your services in the future.

Health advisories - Changes in Azure services that require your attention. Examples include deprecation of Azure features or upgrade requirements (e.g upgrade to a supported PHP framework).

Security advisories - Security related notifications or violations that may affect the availability of your Azure services.

Question 53

Azure Logic Apps

Answer 53

Azure Logic Apps is intended to be a serverless orchestration service.

Question 54

Azure Cost Manager

Answer 54

provided at no cost. SaaS solution that lets your company monitor, allocate and optimizae cloud spend in a multi could environment.

Question 55

Azure IoT Hub

Answer 55

Platform as a Service solution that requires to write code to connect the ioT devices. Supports device to cloud messaging but cannot be used to analyze telemtry data

Question 56

Transfering billing ownership of a subscription from one Azure AD tenant to another

Answer 56

RBAC assignments do not carry over, all users and groups with RBAC access lose access.

Question 57

What benefit does a Content Delivery Network (CDN) provide its users?

Answer 57

allows you to reduce traffic coming into a webserver for static unchanging files such as images, pdfs

CDN is an umbrella term spanning different types of content delivery services: video streaming, software downloads, web and mobile content acceleration, licensed/managed CDN, transparent caching, and services to measure CDN performance, load balancing, Multi CDN switching and analytics and cloud intelligence

Question 58

Azure Active Directory Domain Services

Answer 58

Settings for user and computer objects in Azure Active Directory Domain Services (Azure AD DS) are often managed using Group Policy Objects (GPOs). There are some predefined built-in GPOs and you can customize these to configure Group Policy as needed for your environment.

Question 59

Big Data and Analytics

Answer 59

Azure Synapse Analytics

HD Insights

Azure Databricks

Question 60

Azure Cosmos DB

Answer 60

Azure Cosmos DB supports schema-less data, which lets you build highly responsive and Always On applications to support constantly changing data. Azure Cosmos DB stores data in atom-record-sequence (ARS) format. The data is then abstracted and projected as an API, which you specify when you are creating your database. Your choices include SQL, MongoDB, Cassandra, Tables, and Gremlin.

fast NoSQL database with open APIs for any scale. Not a big data solution. allows to store non structured information as JSON files

Question 61

Subscription

Answer 61

is a billing unit.

users can have access to one or more subscriptions

all resources consumed by a subscription will be billed to the owner

Question 62

Azure Functions

Answer 62

Azure Functions is a serverless compute service, allows to write code that executs a trigger

while Azure Logic Apps is intended to be a serverless orchestration service.

implement smal pieces of code to execute in response to triggering events without the need to deploy application infrastructure

Question 63

Cloud Services

Answer 63

Question 64

LAMP

Answer 64

The LAMP stack is the foundation for Linux hosted websites is the Linux, Apache, MySQL and PHP (LAMP) software stack.

Question 65

Azure Advisor

Answer 65

integrates with Azure Security Center to prevent, detect and respond to threats.

Question 66

Azure Files

Answer 66

the only storage option that supports persistent storage for ACI

Question 67

Disk Storage

Answer 67

stores data as a Virtual Hard disk that is available to the VM that the disk is attached to. this storage does not provide outside access

Question 68

Service Health does not:

Answer 68

allow you to receive e-mail swhen unauthorized users attempt to access a VM, this is captured in resource logs.

does not allow to view App service performance with Windows Task manager

Question 69

Application Insights

Answer 69

monitors performance, availability and usage of web applications, exposes an API so that developers can send telemetry data to Azure

A feature of Azure Monitor that allows you to visually analyze telemetry data. It is an application performance management service

Question 70

Application Security Group

Answer 70

lets you group virtual machines and define network security policies

Question 71

Azure Event Grid

Answer 71

Solution for builiding event driven architechtures that subscribe to Azure Resources and route events to different end points

Question 72

Horizontal scaling

Answer 72

add more machines. vertical scaling, add more CPU’s

Question 73

Azure Resource manager

Answer 73

integrates with Azure Portal, Powershell,CLI and RestAPI to perform deployment and management tasks

Question 74

Azure Event Grid

Answer 74

Provides a solution for building event driven architectures that subscribe to Azure resources and route events to different endpoints

Question 75

MFA and SSPR Authentication types

Answer 75

password

SMS

Voice call

Question 76

Azure DDoS

Answer 76

Standard version is not set up automatically.

detect, prevent and automatically mitigate against DDoS attacks.

Basic version is automatic

Protection is not provided for App service envirionments

Question 77

Security Center

Answer 77

provides security recommendations and suggests remediation actions

monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises. The term security posture refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats.

Question 78

Azure information Protection

Answer 78

AIP) is a cloud-based solution that enables organizations to discover, classify, and protect documents and emails by applying labels to content.

AIP is part of the Microsoft Information Protection (MIP) solution, and extends the labeling and classification functionality provided by Microsoft 365.

Question 79

Shared Responsibility Model

Answer 79

Question 80

Fault Tolerance

Answer 80

ability of a system to remain operational after critical failure through configurations.

Question 81

Application Gateway

Answer 81

Load balancing solution that uses routing to send HTTP traffic to a pool of backend instances

Question 82

Traffic Manager

Answer 82

allows users to access Azure reources from a datacenter that is nearest to them by using Domain Name Systems (DNS)

Question 83

Regions

Answer 83

always paired iwth other regions.

Question 84

Azure Database for PostgreSQL Hyperscale

Answer 84

PaaS that can scale horizontally by breaking up large data tables into smaller chunks so called shards. Hyperscale also enables query parallelization across multiple servers.

Question 85

Scalabiity

Answer 85

increasing or decreasing resources to meet demand