Microsoft learn course Flashcards
What is Azure Portal?
Web based, unified console provides alternative to command line tools. Through it you access the GUI.
Present in every data center.
Updates continuously, requires no maintenance downtime.
What are the 10 main categories of azure services?
Compute (VM, apps) Networking (connect VPN, load balance. Link computing resources, provide app access, firewall, WAN, netwrk monitor) Storage Mobile (Build apps for mobile) Databases Web (web apps, api) IOT Big data (open source cluster tech) AI DevOps (automates software deployment)
What are the 4 main types of storage in Azure?
Blob storage: storage for large objects (video files, bitmaps)
File storage: File shares can be accessed & managed like a file server
Queue Storage: Data store for queuing & reliably delivering messages between apps
Table storage: stores non-relational structured data (no SQL) in cloud, providing key/attribute store with schemaless design.
What is the Azure IoT hub?
Acts as message hub between IoT device & device that manages it.
Managed service.
- connects IoT devices
What is Azure IoT central?
Adds dashboard allowing connection, monitoring, and managing IoT.
Prebuilt.
Device templates.
What is Azure Sphere?
Creates end to end highly secure IoT solution.
3 Parts:
- MCU (processes the OS & signals from attached sensors)
- Customized Linux OS (Handles communication w/ security service & can run vendors software)
- Azure Sphere Security Server (AS3) (Makes sure device hasn’t been maliciously compromised)
When would you choose Azure IoT Sphere for?
- Security is a priority
- Customer wants a dashboard
- Customer is connecting IoT devices
When would you choose Azure IoT central?
- Security isn’t a priority
- Customer wants a dashboard
- Customer is ok with a prebuilt dashboard
- Customer is connecting IoT devices
When would you choose Azure IoT hub?
- Security is not critical
- Customer does not want a dashboard
- Customer wants to connect IoT devices
What is a web API?
Accessible from servers that accept requests via HTTP
What is a web API endpoint?
Location of code library
What is a Azure Machine Learning?
Used for making predictions.
Connect data to train & test models to accurately predict a future result.
Experiment and then deploy and use model in real time VIA web API endpoint.
When would you choose Azure Machine Learning?
Data scientists need complete control over design & training of algorithm using your own data
What are Azure cognitive services?
Provides prebuilt machine learning models that enable apps to see, hear, speak, understand & even begin to reason. Pretrained models. Divided into the following categories: - Language services - Speech services - Vision services - Decision services
When would you choose Azure Cognitive Services?
You need to:
Analyze text for emotional sentiment
Analyze images to recognize objects/faces
Make personalized recommendations for users
Moderate content
Detect data abnormalities
What is Azure Bot Service & Framework?
Creates virtual agents (bots) that understand and respond to questions. Bots intelligently communicate w/ humans using other Azure services to understand what Azure counterparts are asking for.
When would you use Azure Bot Service & Framework?
For simple, repetitive tasks.
Customer service bots
What is serverless computing?
Normally for back end scenarios.
A server is still used, but it is obscured from the user.
The user only pays for the service they use.
What are Azure Functions?
You can host a single method or function by using a programmable language in the cloud that runs in response to an event.
Scales automatically, only charges when used.
Stateless.
Durable Functions chain function together.
What are Azure Logic Apps?
Low or no code platform to automate and orchestrate tasks.
Build app by linking triggers to actions w/ connectors.
What is the difference between Azure Functions and Azure Logic Apps?
Azure Functions = Serverless compute service
Azure Logic Apps = Serverless orchestration service
What are Azure DevOps Services?
Suite of services addressing every stage of the software development lifecycle
What is Azure Repos (Azure DevOps)?
Centralized source code repository where software developers, DevOps engineering & documentation professionals can publish code for review and collaboration.
What is Azure Board (Azure DevOps)?
Project management suite for working items and issues
What is Azure Pipeline (Azure DevOps)?
CI/CD pipeline ( series of processes responsible for creating automated and seamless software delivery) automation tool
What are Azure Artifacts (Azure DevOps)?
Repository for hosting artifacts, can be fed into testing or deployment pipeline steps
“Azure Artifacts enables developers to share and consume packages from different feeds and public registries.”
Supports multiple package types such as NuGet, Npm, Python, Maven, and Universal Packages.
What are Azure Test Plans (Azure DevOps)?
Automated test tool that can be used in CI/CD pipeline to ensure quality
What are Github actions? (DevOps)
CI/CD toolchains.
Toolchain for delivery, development, management of software apps throughout system development lifecycle. Output of one tool is input of next tool.
What is Azure DevTest Labs?
Automated means of managing process of building, setting up, tearing down VMs containing builds of software projects.
- Time saver for quality assurance
- Anything deployed in Azure via Arm Template can be provisioned via DevTest Labs
What is Infrastructure as a Code?
Managing hardware & cloud resources when writing code
What is imperative vs declarative code?
Imperative code: Details each invalid step to be performed to achieve desired outcome
Declarative code: Details only desired outcome
* Tools based on declarative code can provide more robust approach to deploying dozens/hundreds of resources at the same time
What is Azure powershell? Who is the ideal user?
Shell to execute CMDLETS, can perform every possible management task in Azure.
Those used to Windows will find this the same as Windows powershell
What is Azure CLI? Who is the ideal user?
Executable program to execute commands in Bash (same as powershell, different syntax)
Those used to Linux will find this familiar
What are ARM Templates?
Azure Resource Manager.
Describe resource you want to use in declarative JSON format. Entire format is verified before code is executed.
Creates resources in parallel (50 different instances built the same way)
What is the Azure Advisor Monitoring Solution?
Evaluates Azure resources & makes recommendations to improve reliability, security & performance, achieve operational excellence & reduce costs.
Save time on cloud optimization.
5 recommended categories to monitor: Reliability, Security, Performance, Cost, Operational Excellence
What is Azure Monitor Monitoring Solution?
Collect, analyze, visualize, potentially take action based on metric & logging data from Azure & on premises environment.
Uses it to react in real time.
Can be used to set thresholds for auto scaling
What is Azure Service Health Monitoring Solution?
Personalized view of health of Azure services, regions, resources, you rely on. Monitors service issues, planned maintenance, health advisories
When would you implement Azure Advisor Monitoring Solution?
Analyzing Azure usage for optimization.
When would you use Azure Monitor Monitoring Solution?
- Not concerned with optimization
- Want to look at specific service and user performance
- You want to measure customized instances
What are Azure storage services?
Different than a database. Stores files, messages, tables & other info. Data is secure, highly available, durable, scalable. Types: Disk storage. Blob Storage. Files.
What is Azure Disk storage service?
Provides disks for azure virtual machine
What is Azure Blob Storage?
Object storage solution. Unstructured.
Can store massive amounts of data.
Stored in containers.
What is Azure Files Storage?
Fully managed file shares in cloud accessible via server message block & network file system protocols.
Any number of users can access simultaneously.
Share files anywhere via URL & SAS access.
What are the Azure Blob Storage Access tiers?
Hot access tier: Storing data accessed frequently.
Cool access tier: Data infrequently accessed, stored at least 30 days.
Archive access tier: Data rarely accessed, stored @ least 180 days, flexible latency
What is Azure Cosmos Database?
Globally distributed multi model database service.
Elastically and independently scale thruput & storage across any number Azure regions worldwide.
- Supports schema: Less data, allows highly responsive/always on apps.
Store data updated & maintained by users around world
-API flexible
What is Azure SQL database?
Relational database based on Microsoft SQL server database.
Use it to build data driven apps & websites in any language without needing to manage infrastructures.
PaaS data base engine. Fully managed.
- Can process relational and non relational data
- Has newest SQL server capabilities.
- Azure database migration service
Azure database for PostGreSQL
Relational database server based on PostgreSQL database engine.
2 deployment options:
- Single Server (Basic, General Purpose, Memory Optimized): Vertical scalability, monitoring, 35 day backups, security, pay as you go, high availability.
- Hyperscale (Citus): Horizontally scales queries across machines using sharding.
When would you use the Hyperscale Azure PostgreSQL database?
For apps that require greater scale and performance.
Workloads greater than 100 GB of data.
Faster responses on large databases.
When would you use the Single Server Azure PostgreSQL database?
Cloud native applications designed to handle automated patching without the need for granular control on the patching schedule and custom PostgreSQL configuration settings.
Why would you choose the Basic pricing tier of Single Server Azure PostgreSQL database?
Workloads that require light compute and I/O performance. Examples include servers used for development or testing or small-scale infrequently used applications.
Why would you choose the General Purpose pricing tier of Single Server Azure PostgreSQL database?
Most business workloads that require balanced compute and memory with scalable I/O throughput. Examples include servers for hosting web and mobile apps and other enterprise applications.
Why would you choose the Memory Optimized pricing tier of Single Server Azure PostgreSQL database?
High-performance database workloads that require in-memory performance for faster transaction processing and higher concurrency. Examples include servers for processing real-time data and high-performance transactional or analytical apps.
What is Azure SQL Managed Instance?
Scalable cloud data service. Provides broadest SQL Server database engine compatibility with all the benefits of a fully managed platform service.
- Easy to migrate on premises data.
- May offer more options.
Why would you choose to use Azure SQL managed instance?
For customers looking to migrate a large number of apps from an on-premises or IaaS, self-built, or ISV provided environment to a fully managed PaaS cloud environment, with as low a migration effort as possible.
Supports more server collation than Azure SQL database.
What are the Azure SQL Managed Instance service tiers?
- General purpose: Designed for applications with typical performance and I/O latency requirements.
- Business critical: Designed for applications with low I/O latency requirements and minimal impact of underlying maintenance operations on the workload.
Both offer 99.99% availiability.
What are the 5 steps of the SQL Managed Instance migration process flow?
Discover Assess Migrate Cutover Optimize
What are Azure Synapse Analytics?
- Limitless analytics service that brings together enterprise data warehousing & big data analytics.
- Can query data on your terms using serverless or provisioned resources at scale. Unified experience for immediate BI & Machine learning needs.
Why would you choose Azure Synapse Analytics?
- The only end-to-end platform that unifies data ingestion, big data analytics, and data warehousing.
- Unite their data, developers, and business users
- Ingestion & data analysis time significantly reduced
What is Azure HDInsight?
Fully serviced, open source analytics service for enterprises.
- Can run open source frameworks & create cluster types
- Supports extraction, transformation, loading (ETL), data warehousing, machine learning, IoT
Why would you choose Azure HDInsight?
- Easier, faster, more cost effective to process massive amounts of data
- Cloud native
- Scalable
- Secure & Compliant
- Monitoring
- Global availability
What is Azure Databricks?
Data analytics platform optimized for the Microsoft Azure cloud services platform.
Offers three environments for developing data intensive applications: Databricks SQL, Databricks Data Science & Engineering, and Databricks Machine Learning.
What would you use Azure Databricks SQL for?
Easy-to-use platform for analysts who want to run SQL queries on their data lake, create multiple visualization types to explore query results from different perspectives, and build and share dashboards.
What would you use Azure Databricks Data Science & Engineering for?
Provides an interactive workspace that enables collaboration between data engineers, data scientists, and machine learning engineers.
Use Azure Databricks to read data from multiple data sources and turn it into breakthrough insights using Spark.
What would you use Databricks Machine Learning for?
Integrated end-to-end machine learning environment incorporating managed services for experiment tracking, model training, feature development and management, and feature and model serving.
What is Azure Data Lake Analytics?
On demand analytics job service that simplifies big data.
- Write queries to transform data & extract valuable insights (instead of hardware)
- Set the dial for amount of power needed
What would you use Azure Data Lake Analytics for?
Easily develop and run massively parallel data transformation and processing programs in U-SQL, R, Python, and .NET over petabytes of data. With no infrastructure to manage, you can process data on demand, scale instantly, and only pay per job.
What DB does Azure Cosmos DB support?
SQL MONGO DB Cassandra Tables Gremlin APIs
What DB would you use for existing lamp stack apps?
Azure DB for MySQL
What is the ideal option when you have millions of log entries to analyze?
Azure Synapse analytics
What key networking capabilities can Azure Virtual Networking provide?
- Isolation & segmentation
- Internet communications
- Communicate between Azure resources
- Communicate w/ on premises resources
- Connect virtual networks
- Route network traffic
- Filter network traffic
What networking capabilities are offered with isolation and segmentation?
- Create multiple isolated virtual networks
- Can use either DNS or name resolution service that’s built in Azure
What networking capabilities are offered with internet communication?
- VMs can connect to internet by default
- Enable incoming connections from internet by defining public IP address or a public load balancer
What networking capabilities are offered with communication between Azure resources?
- Enable Azure services secure communication with each other by:
- Virtual networks or
- Service Endpoints connect to other Azure resource types enabling you to link multiple Azure resources to virtual networks to improve security & provide optimal routing between resources
What networking capabilities are offered with communication with on premises resources?
You can create network connecting the cloud and on premises resources by:
- Point to site VPN
- Site to Site VPN
- Azure ExpressRoute (Environments when you need greater bandwidth, higher levels of security, dedicated private connectivity to Azure that doesn’t travel over internet)
What networking capabilities are offered with routing network traffic?
Default Azure routes traffic between subnets on networks, but you can control routing and override these settings using route tables or border gateway protocols
What networking capabilities are offered with filtering network traffic?
Filter traffic between subnets by:
Network security groups: Azure resource contains multiple inbound/outbound security rules
Network Virtual Appliances: Specialized VM, like a hardened network appliance
What networking capabilities are offered with connecting virtual networks?
Using Virtual Network Peering (enables resources in each virtual network to communicate with each other). Can be in separate global regions
What can you do with Azure VPN gateway?
- Connect on premises datacenters to virtual networks thru Site2Site connection
- Connect individual devices to virtual networks thru Point2Site connection
- Connect virtual networks to other virtual networks thru a Network2Network connection
What are the types of VPN gateways?
Policy-Based VPN Gateway
Route based VPN Gateway
A basic VPN gateway should only by used for Dev/Test workloads
What are the key features of a Policy-Based VPN Gateway?
- Specify statically the IP address of packets that should be encrypted thru each tunnel
- Support for IKEv1 only
- Use of static routing
- typically built on firewall devices that perform packet filtering.
- IPsec tunnel encryption and decryption are added to the packet filtering and processing engine.
- Must be used in specific scenarios that require them (EX: compatibility w/ legacy on premises VPN devices)
What are the key features of a Route-Based VPN Gateway?
- Preferred method for on premises devices
- Use Any2Any (wildcard) traffic selectors
- Can use dynamic routing protocols
- Use for: connections between virtual networks, Point2Site connections, Multisite connections, co-existence w/ an Azure ExpressRoute Gateway
What are the required Azure resources to deploy a VPN gateway?
Virtual network Gateway subnet Public IP address Local network gateway Virtual network gateway Connection Required on premises resources: VPN device supporting Route or Policy based VPN Gateway, Public facing IPv4 address
What are the high availability and Fault tolerant configurations for Azure VPN gateways?
- Active / Standby: Backup VPN gateway on standby to take over. Connection will be interrupted for a few seconds
- Active / Active: Extend availability by deploying VPNs w/ unique public IP & separate tunnels from on premises device to each IP address.
- ExpressRoute failover: Configure VPN gateway using internet as an alternative method of connection as a fail over
What is Azure ExpressRoute?
Allows you to extend on-premises networks into Microsoft cloud over private connection with help of connectivity provider.
- ExpressRoute connections do not go over the public internet.
What are the features and benefits of Azure ExpressRoute?
- Offers higher reliability, faster speeds, consistent latencies, higher security than typical internet
- Connectivity to Microsoft Cloud Services across all regions in geopolitical region (can upgrade to global connectivity to all regions)
- Dynamic routing between your network and Microsoft via BPG
- Built in redundancy in every peering location
- Connection uptime SLA
- Layer 3 connectivity between on premises network & Microsoft cloud thru connectivity provider
What are the 3 connectivity models to connect on premises network to Microsoft cloud that Azure ExpressRoute supports?
- Cloud Exchange Colocation: Offer layer 2 & 3 connections between infrastructure & Microsoft Cloud
- Point2Point Ethernet connection: Layer 2 & 3 connectivity between on premises site & Azure
- Any2Any Networks: integrate your WAN w/ Azure by providing connections to your offices & data centers. Layer 3 behaves like connectivity between datacenter & any branch offices
What is a unique security considerations for Azure ExpressRoute?
Data doesn’t travel over public internet, it is a private connection from on premises infrastructure to Azure infrastructure
What is Azure Sentinel?
Microsoft cloud based SIEM (sec. info & event management) using intelligent security analytics & threat analysis
What does Azure Sentinel enable you to do?
- Collect cloud data @ scale
- Detect previously undetected threats (built in or custom analytics)
- Investigate threats with AI (investigation graphs)
- Respond to incidents rapidly (Azure Monitor playbooks are used to automate responses to threats via Block or Ignore)
What is Azure Key Vault?
Centralized cloud service for storing apps secrets in a single, central location. Provides secure access to sensitive info by providing access control & logging capabilities
Azure Key Vault can:
- Manage secrets (tokens, passwords, certificates, API keys etc)
- Manage encryption keys
- Manage SSL/TLS certs (provision, manage, deploy public/private SSL/TLS certs for Azure & internal resources)
- Store secrets backed by hardware security modules & protected by software or FIPS 140-2 LEVEL 2 VALIDATED HSMs
What are the benefits of Azure Key Vault?
- Centralized app secrets
- Securely stored secrets & keys
- Access monitoring & control
- Simplified admin of application secrets (enroll/renew CA)
- Integration w/ other Azure services
What is an Azure Dedicated Host?
Provides dedicated physical servers to host your Azure VMs for Windows & Linux
What are the benefits of Azure Dedicated Host?
- Visibility into & control over server infrastructure running your Azure VM
- Helps address compliance requirements by deploying workloads on an isolated server
- Lets you choose # of processors, server capabilities, VM series, VM sizes w/in same host
What are some availability considerations for Azure Dedicated Host?
- Provision multiple hosts in a host group & deploy VMs across this group for high availability
- VMs on dedicated hosts are also able to have Maintenance Control
What are the layers of Defense in Depth?
Physical Security Identity & access Perimeter (DDoS protection to filter large scale attacks) Network Compute (Secures access to VMs) Application Data
What is Azure Firewall?
Stateful firewall
- offers high availability, unrestricted cloud scalability
- Uses static public IP address for virtual network resources, enabling outside firewalls to ID traffic coming from your virtual network
- Integrated w/ Azure Monitor
What can you configure with Azure Firewall?
- App rules that define fully qualified domain names that can be accessed from a subnet
- Network rules that define source address, protocol, destination port, destination address
- NAT rules that define destination IP addresses & ports to translate inbound requests
What is Azure DDoS protection?
Protects Azure apps by analyzing/discarding DDoS traffic @ Azure network edge before it can effect availability
What are the Azure DDoS Protection Service Tiers?
Basic: Automatically enabled for free
Standard: Additional mitigation capabilities tuned specifically to Azure Virtual Network Resources
What are Azure Network Security Groups?
Enables you to filter traffic to & from Azure resources w/in an Azure virtual network
- Like an internal firewall
- Can specify as many rules as you need w/in Azure Subscription limits
What Azure Services would you use to Secure the perimeter layer to form a complete Network Security Solution?
- Azure DDoS protection (filter large scale attacks)
- Perimeter Azure Firewalls to ID & alert malicious attacks against the network
What Azure Services would you use to Secure the network layer to form a complete Network Security Solution?
- Implement secure connectivity to on premises networks
- Restrict inbound internet access & limit outbound where appropriate
- Deny by default
- Limit communication between resources by segmenting network & configuring access controls
What are some recommended Azure services to combine for added security?
- Network Security Groups & Azure Firewall
- Azure Application Gateway Web App Firewall & Azure Firewall
What is Azure Active Directory?
Microsofts could based identity & access management service.
You control identity accounts, Microsoft makes service globally available
- Connecting on premises AD with Azure AD Microsoft monitors suspicious sign in attempts
What services does Azure AD provide?
- Authentication
- Single Sign on
- Application Management
- Device management (Azure AD supports registration of devices)
What is Azure AD connect
Synchronizes user identities between on premises AD & Azure AD
What services provide Azure AD multifactor authentication?
Azure AD
Multifactor authentication for Office 365
What is Azure Conditional Access?
Tool Azure AD uses to allow/deny access to resources based on signals (who, where, what device)
What is Azure RBAC?
Controls access, built in or defined
- Applied to scope (resource/set of resources):
Management group, single subscription, single resource, resource group
What is an Azure management group?
A collection of multiple subscriptions
How is Azure RBAC enforced?
Thru Azure Resource Manager
application security must be handled by the application
What does Azure Resource Lock do?
Prevents resources from being accidentally deleted or changed
What are the levels of locking available for Azure Resource Lock?
CanNotDelete: Authorized people can still read/modify, no delete
Read only
What would be a good Azure resource to combine with Azure Resource Lock to define a set of standard Azure resources that your organization requires?
Azure Blueprint
What are Resource Tags in Azure?
Organizes resources, provide extra info (metadata)
- Azure Policy can be used to do this
What does Azure Policy allow you to do?
- Enables you to define individual or groups of policies (known as initiatives)
- Evaluates resources & highlights what isn’t compliant with policies you have made
- Can also prevent noncompliant resources from being created
- In some cases, autoremediates noncompliant resources/configs (ie togs)
- Integrates into DevOps
How do you create an Azure Policy?
- Create policy definition
- Assign the definition to resources (policy assignment = policy definition that takes place w/in specific scope)
- Review evaluation results (compliant/non compliant)
What is an Azure Policy Initiative?
Way of grouping related policies into one set
- Initiative definition contains all policy definitions (i.e enable monitoring in Azure Security Center
What is Azure Blueprints?
Dfine a repeatable set of governance tools & standard Azure resources your organization requires
- With this, you can rapidly build & deploy new environments w/in compliance
How do you implement an Azure Blueprint?
- Create Azure Blueprint
- Assign the Blueprint
- Track Blueprint Assignments
What are Azure Blueprint Artifacts?
Each component in the Blueprint
- Can/May not have parameters
What is Cloud Adoption Framework for Azure?
Helps customers create & implement business & tech strategies needed to succeed in Cloud
What stages are included in the Cloud Adoption Framework for Azure?
- Define your strategy
- Make a plan
- Ready your organization
- Adopt the cloud
- Govern & manage your cloud environments
What is TCO in relation to Azure Cloud Services?
Total Cost of Ownership
- Define workloads
- Adjust assumptions
- View report
What are Azure Management Groups?
organize subscriptions into containers called “management groups” and apply your governance conditions to the management groups
What is an Azure Tenant?
Azure Active Directory entity that encompasses a whole organization. A tenant has one or more subscription and user.
What is an Azure Resource Group?
A container that holds related resources for an Azure solution.
A resource group might contain storage, virtual machines, apps, dashboards, services, or almost anything you deal with in Azure.
What are the three main types of test management artifacts in Azure Test Plans?
- TEST CASES validate individual parts of your code or app deployment. You can ensure your code works correctly, has no errors, and meets business and customer requirements.
- TEST SUITES group test cases into separate testing scenarios within a single test plan. Grouping test cases makes it easier to see which scenarios are complete.
- TEST PLANS group test suites and individual test cases together. Test plans include static test suites, requirement-based suites, and query-based suites.
