Section 3

Question 1

Is a combination of software, data access, computation, and storage services provided to clients through the internet. It is used to describe the internet infrastructure in computer network diagrams.

Answer 1

Cloud computing

Question 2

Anyone can access. Cloud-based computing resources (such as platforms, applications, and storage) are made available to the public by a cloud service provider. The service provider may require a fee for using these resources.

Answer 2

Public cloud

Question 3

Provides resources to a single organization. Access is granted only to users within the organization. Are typically hosted internally, but an organization may use third-party hosting because of the necessary expense and expertise.

Answer 3

Private cloud

Question 4

Is a combination of public and private clouds that are leveraged for certain kinds of apps.

Answer 4

Hybrid cloud

Question 5

Delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments. The customer rents the infrastructure components that they need.

Answer 5

Infrastructure as a Service (IaaS)

Question 6

With IaaS, the provider is responsible for managing the following aspects of the infrastructure:

Answer 6

Computing power
Storage
Networking

Question 7

With IaaS, the customer is responsible for managing:

Answer 7

Operating systems
Applications
Data
Access

Question 8

Examples of IaaS

Answer 8

Azure virtual machines and Azure storage.

Question 9

The deployment comes without the cost and complexity of buying and managing the underlying hardware and software layers. Is often used for development, analytics, and business intelligence.

Answer 9

Platform as a Service (PaaS)

Question 10

With Paas, the provider is responsible for managing the following aspects of the platform:

Answer 10

Operating Systems
Computing power
Storage
Networking

Question 11

With PaaS, the customer is responsible for managing:

Answer 11

Data
Access
Applications

Question 12

Examples of PaaS

Answer 12

Azure App Services and Azure SQL

Question 13

Delivers software applications to the client over the internet or on a local area network. It is by far the most used model.

Answer 13

Software as a Service (SaaS)

Question 14

With software as a service, the provider is responsible for managing the following aspects of the software applications:

Answer 14

Operating system
Networking
Storage
Computing power
Applications

Question 15

Examples of SaaS

Answer 15

Microsoft Outlook, Calendar, Teams, OneDrive, and Office 365

Question 16

Is a term used to define physical objects that communicate with other systems over a public or private network.

Answer 16

Internet of Thins (IoT)

Question 17

Azure services are managed through this, a dashboard with a graphical user interface.

Answer 17

Azure Portal

Question 18

Is a management service that provides a location to manage all resources in your Azure account.

Answer 18

Azure Resource Manager (ARM)

Question 19

provides a one-stop shop for organizations to purchase third-party software and services designed and certified to run on Azure.

Answer 19

Azure Marketplace

Question 20

Include one or more data centers within the same region that are located in different geographical locations.

Answer 20

Availability zones

Question 21

Resource groups are logical containers for resources.

Answer 21

Resources

Question 22

Combines user accounts with the resources each user has created.

Answer 22

Subscriptions

Question 23

Used to administer multiple subscriptions, policies, compliance, and access.

Answer 23

Management groups

Question 24

Data centers that are organized into geographical areas. Each one comprises of one or more data centers.

Answer 24

Regions

Question 25

Benefits of regions:

Answer 25

Resources can be closer to the user
Load balancing
Scalability
Redundancy
Resiliency

Question 26

Designed specifically to address governmental legal and compliance concerns. These regions may be specific to your state or country.

Answer 26

Azure’s special regions

Question 27

Include one or more data centers within the same region in different geographical locations. The centers are connected using private fiber-optic networks. Each center can operate on its own if needed so that if one location stops working, the other will continue operations.

Answer 27

Availability zones

Question 28

Established to provide even further redundancy. If a natural disaster or other event were to impact two or more data centers in the same region, all services would fail over to the region’s pair.

Answer 28

Region pairs

Question 29

Items that can be managed using Azure. This could include:
Virtual machines
SQL databases
Storage
Web apps

Answer 29

Resources

Question 30

Contain one or more resources to be managed and could include:
Virtual machines
SQL databases
Storage
Web apps

Answer 30

Management groups

Question 31

Using Azure Resource Manager, you can:

Answer 31

Create resources
Update resources
Delete resources
Secure resources

Question 32

Increase stability and reduce hardware costs. Windows Server, Windows Client, or Linux ones can be created on demand.

Answer 32

Virtual Machines

Question 33

Azure Virtual Machines can be used for:

Answer 33

Times when you need full control over a machine.
Running custom software.
Testing and development.
Increasing the size of a data center.
Applications with fluctuating demands.

Question 34

Web apps, configurations, and files are packaged together so they can be consistently shared and deployed over the cloud.

Answer 34

Azure Container Instances

Question 35

Azure Container Instances can be used when:

Answer 35

You need to run multiple isolated container instances on one computer.
You do not need to have full control over the VM.
You want to develop without worrying about managing a full virtual machine.
You need to split your app into logical parts for maintenance and scalability.

Question 36

An application and desktop virtualization that can be run anywhere in the world using any operating system and any modern browser.

Answer 36

Azure Virtual Desktop

Question 37

Azure Virtual Desktop can be used when:

Answer 37

You do not want to risk personal data stored on a laptop or other physical device.
Your end-users are using different operating systems.
Your users are scattered across different locations and need anywhere-access.
You need to accommodate users using various operating systems.

Question 38

An orchestration service that can be used to manage numerous container instances (nodes).

Answer 38

Azure Kubernetes Service (AKS)

Question 39

Can be used when you need to manage a large number of container instances.

Answer 39

Azure Kubernetes Service

Question 40

Provide a method for Azure VMs, databases, and apps to communicate.

Answer 40

Azure virtual networks

Question 41

The following methods can be used to extend your virtual network:

Answer 41

Azure ExpressRoute
Point-to-site private networks
Site-to-site private networks

Question 42

Azure virtual networks can be used for:

Answer 42

Segmentation (subnets)
Isolation
Network traffic filtering
Communication between local and Azure resources

Question 43

Provides a secure connection between an Azure virtual network and another network.

Answer 43

Azure VPN Gateway

Question 44

VPN Gateways can be used to establish the following connections:

Answer 44

Network-to-network connection
Site-to-site connection
Point-to-site connection

Question 45

A private connection between your on-premises network and Microsoft cloud services such as Azure.

Answer 45

Azure ExpressRoute

Question 46

Unlike a VPN that is limited to around 1.25 Gbps network speed, Azure ExpressRoute can provide up to how many Gbps?

Answer 46

10

Question 47

Useful when you need faster speeds, lower latency, and increased reliability over regular internet connectivity.

Answer 47

Azure ExpressRoute

Question 48

Provides a low-latency option for connecting one virtual network to another. Traffic between the two networks is done on Microsoft’s private infrastructure instead of over the Internet.

Answer 48

Virtual network peering

Question 49

Is useful for database failover and data replication.

Answer 49

Virtual network peering

Question 50

Houses large amounts of unstructured data such as images, audio, video, and text.

Answer 50

Blob storage

Question 51

Items stored in blob storage are called?

Answer 51

Blobs

Question 52

Are organized into containers. This data is connected to user accounts and can be accessed from anywhere.

Answer 52

Blobs

Question 53

Blob storage is often used for:

Answer 53

Files that need distributed access
Streaming video
Backup and disaster recovery data
Browser images or documents

Question 54

Used with Azure Virtual Machines. Azure provides hard disks, solid-state drives, and ultra disks.

Answer 54

Azure-managed disks

Question 55

Azure-managed disks are valuable when you need:

Answer 55

A high level of availability
A large number (potentially thousands) of virtual machines
Protection against regional disasters
Protection from datacenter failures

Question 56

Provide cloud-based file shares. These file shares can be accessed by Windows, macOS, or Linux deployments can access these file shares on the premises or in the cloud.

Answer 56

Azure files

Question 57

Can be shared using a URL. Shares can be long-term or managed for a shorter term using Shared Access Signature (SAS) tokens.

Answer 57

Azure Files

Question 58

File storage are useful for:

Answer 58

Sharing files between on-premise or cloud-based applications
Sharing files between multiple virtual machines

Question 59

Designed to store important data, but does not need to be accessed regularly.

Answer 59

Archive storage

Question 60

Archive storage is useful for:

Answer 60

Storing old data for compliance purposes
Long-term backup
Surveillance footage

Question 61

Useful when you need a reliable relational database based on MySQL without the hassle of database design, build, and management.

Answer 61

Azure Database for MySQL

Question 62

An Azure hosted NoSQL database system. You can choose to use any of the following API/database types:
Core (SQL)
Cassandra
Gremlin
MongoDB
Azure Table

Answer 62

Cosmos DB

Question 63

Useful when you want to migrate your database to Azure, but you do not want to change your API.

Answer 63

Cosmos DB

Question 64

A platform as a service (PaaS) hosted by Microsoft. The backend infrastructure, upgrades, backups, and monitoring are fully managed, so you just need to focus on your data.

Answer 64

Azure SQL Database

Question 65

Useful when you need a highly reliable, high-performing relational database without the hassle of database management.

Answer 65

Azure SQL Database

Question 66

A relational database service hosted by Microsoft. The backend infrastructure, upgrades, and monitoring are fully managed so you can focus on your data.

Answer 66

Azure Database for MySQL

Question 67

Useful when you need a reliable relational database based on MySQL without the hassle of database design, building, and management.

Answer 67

Azure Database for MySQL

Question 68

A relational database service. Microsoft handles configuration, replication, backups, security, and monitoring.

Answer 68

Azure Database for PostgreSQL

Question 69

Is useful when you need a reliable relational database based on the PostgreSQL database engine.

Answer 69

Azure Database for PostgreSQL

Question 70

A more advanced version of the Azure SQL Database PaaS service.

Answer 70

Azure SQL Managed Instance

Question 71

Useful when you need the benefits of a hosted SQL database, but you need more functionality than is provided by Azure SQL Database.

Answer 71

Azure SQL Managed Instance

Question 72

Involves data collection, processing, and analytics; specifically, data that is too complicated or too large for standard analytics software.

Answer 72

Big data

Question 73

A big data solution that combines data warehousing and analytics, including:
Synapse SQL (distributed query service)
Spark (an open-source big data solution)
Synapse pipelines
Synapse tudio (data management, tasks, and user experience building)

Answer 73

Azure Synapse Analytics

Question 74

Can be used to quickly gather, analyze, and draw insights from all of your data warehouses.

Answer 74

Azure Synapse Analytics

Question 75

Useful when you need an open-source analytics solution that supports a variety of frameworks:
As a PaaS
As a cloud-based analytics service
To supports Hadoop, Apache Spark, R, Hive, and other frameworks

Answer 75

HDInsight

Question 76

Useful when focusing on data collaboration and transformation instead of data management.
Is a PaaS cloud-based analytics service
Works with the Hadoop framework
Has two development environments for data applications:
Azure Databricks Workspace
Azure Databricks SQL Analytics

Answer 76

Azure Databricks

Question 77

Computer software designed to simulate a human’s intelligence and information processing capabilities.

Answer 77

Artificial Intelligence (AI)

Question 78

Teaches computer software how to process information and make predictions based on that data.

Answer 78

Machine learning (ML)

Question 79

Azure Machine Learning is:

Answer 79

A cloud-based service
Used for training, deploying, and managing machine learning models

Question 80

Used to integrate cognitive intelligence into apps, including:
A cloud-based service
Four cognitive services:
Speech (speech recognition)
Vision (video and image analysis)
Decision (identify offensive content and personalize a user’s experience)
Language (interpret the intended message, not just individual words)

Answer 80

Cognitive Services

Question 81

A managed service for bot development.

Answer 81

Azure Bot Service

Question 82

A suite of services designed for use throughout the software development life cycle (SDLC).

Answer 82

Azure DevOps

Question 83

A repository where developers can publish source code for feedback and peer collaboration.

Answer 83

Azure Repos

Question 84

Uses continuous integration (CI) and continuous delivery (CD) for building, testing, and distribution.

Answer 84

Azure Pipelines

Question 85

A repository for source code artifacts.

Answer 85

Azure Artifacts

Question 86

A visual Kanban-style method for managing and tracking development projects.

Answer 86

Azure Boards

Question 87

Used to manage software testing.

Answer 87

Azure Test Plans

Question 88

What tools are available in the Azure DevOps?

Answer 88

Repos, Pipelines, Artifacts, Boards and Test Plans

Question 89

An environment for testing. You can test the creation and management of virtual machines, IaaS, and PaaS before purchasing and implementing them in a live setting.

Answer 89

DevTest Labs

Question 90

Designed for developers looking to create custom solutions for their IoT platform.

Answer 90

Azure IoT Hub

Question 91

A PaaS solution
Can be integrated with other Azure services
A bi-directional, centralized messaging hub that communicates between your IoT management application and its devices
Designed for developers looking to develop custom solutions for their IoT platform using Python, Java, C, C#, and Node.js
Secure, reliable, and scalable

Answer 91

Azure IoT Hub

Question 92

An application platform that provides software to connect your IoT devices to the cloud.

Answer 92

Azure IoT Central

Question 93

Is a SaaS solution
Provides standardized templates for building applications
Simplifies your design processes and reduces the cost of development and management
Is secure, reliable, and scalable
Can be used to manage your own IoT devices without in-depth knowledge of IoT application development

Answer 93

IoT Central

Question 94

Used for creating and programming IoT devices, including:
Certified chips known as microcontroller units (MCUs)
A Microsoft managed Linux-based operating system
Azure Security Service

Answer 94

Azure Sphere

Question 95

Run code when triggered by Azure and on-premises system events that need an immediate response
Allow you to focus on the code running your service instead of its infrastructure
Support .NET, Java, Python, PowerShell, and several other languages

Answer 95

Azure Functions

Question 96

Is used for scheduling, automating, and orchestrating workflow
Includes pre-built connectors for Microsoft services and third-party services

Answer 96

Logic Apps

Question 97

a centralized, web-based interface for creating, monitoring, and managing your simple Azure deployments and applications.

Answer 97

Azure Portal

Question 98

a command-line interface preferred by Windows users that:
Can be used with Linux, Windows, and iOS
Is used for automation
Uses simple commands (cmdlets)
Is run on a user’s local machine

Answer 98

Azure PowerShell

Question 99

Used with Linux, Windows, and iOS.
Is often used with a command-line interface
Is used for automation
Is run on a user’s local machine

Answer 99

Azure CLI

Question 100

Connects to a preinstalled Azure PowerShell or Azure CLI terminal.

Answer 100

Azure Cloud Shell

Question 101

Uses a web browser
Can be accessed using the Azure Mobile App on a mobile device
Is a free service

Answer 101

Azure Cloud Shell

Question 102

Used to deploy and manage all resources and resource groups.
Controls access to resources using the privileges defined by Azure Active Directory.

Answer 102

Azure Resource Manager (ARM)

Question 103

You can use to connect to your Azure resources. You can monitor and manage virtual devices and applications using this.

Answer 103

Azure Mobile App

Question 104

Outlines issues related to personal data. It applies to all Microsoft products, including services, apps, software, servers, and devices.

Answer 104

Microsoft Privacy Statement

Question 105

Personal data Microsoft collects
How collected data is used
Reasons for sharing personal data
Information about cookies, web beacons, and other data collection tools
Situation and product-specific privacy information
Methods for accessing and controlling a user’s data

Answer 105

Microsoft Privacy Statement topics

Question 106

A legal agreement. When customers sign the OST, they agree to the privacy terms and conditions that apply to the purchased online service(s).

Answer 106

Online Services Terms (OST)

Question 107

An addendum to the OST. It provides additional information about the data processing and security terms and conditions for purchased service(s). Topics include:
Government compliance
Data security
Data handling

Answer 107

Data Protection Addendum (DPA)

Question 108

A website for an individual or an organization who wants to learn more about all of Microsoft’s privacy, security, and compliance efforts.

Answer 108

The Microsoft Trust Center

Question 109

Created to address information and data security for the criminal justice and law enforcement fields. It is a collection of requirements and standards for local, state, and federal agencies.

Answer 109

Criminal Justice Information Services (CJIS)

Question 110

A standard created to address information and data security for the health care field.

Answer 110

The Health Insurance Portability and Accountability Act (HIPAA)

Question 111

Standards include the following enforcements for cloud-stored data. These standards ensure that customer data is not used for marketing or advertising purposes and that the data will not be shared unless there is a legally binding order for disclosure.

Answer 111

International Organization of Standards/International Electrotechnical Commission (ISO/IEC)

Question 112

An agency of the U.S. Department of Commerce.
Encourages technological advancements and provides recommendations for data protection.

Answer 112

National Institute of Standards (NIST)

Question 113

The name for Azure cloud regions designed only for United States government use.
Physically managed separately from the traditional Microsoft Azure service.

Answer 113

Azure Government

Question 114

It is designed to address special requirements and regulations specific to a particular government, whether on a country, state, or local level.

Answer 114

Azure Government

Question 115

The United States Department of Defense (DoD) uses Azure Government. The United States is divided into several regions, including:

Answer 115

S DoD East
US DoD Central
US Gov Texas
US Gov Arizona
US Gov Virginia

Question 116

Is the responsibility of both the customer and the cloud provider.

Answer 116

Cloud security

Question 117

Microsoft has approached security measures based on:

Answer 117

Confidentiality, integrity and availability (CIA principles).

Question 118

Includes data stored in databases, virtual machines, cloud storage, and SaaS applications. Many regulatory requirements are in place to ensure that data remains confidential.

Answer 118

Data layer

Question 119

Includes applications and application secret storage. Ideally, an organization should integrate security into its application development process.

Answer 119

Application layer

Question 120

Includes virtual machines, systems, and endpoints. Each of these should be secured and should have access controls in place.

Answer 120

Compute layer

Question 121

Includes all network resources. Network segments, secure connectivity, limited internet access, and secure connectivity between cloud and on-premises networks help with this defense.

Answer 121

Network

Question 122

Firewalls and DDoS protection are the primary defenses at this level. It’s harder to eliminate a threat once it has breached your perimeter.

Answer 122

Perimeter level

Question 123

Defense measures include SSO and multifactor authentication, control access, and event audits, ensuring that access is only granted as needed and logging all events and changes.

Answer 123

Identity and access

Question 124

Includes building security and data center access. Physical defenses help to ensure that only authorized individuals have access to a building or a data center and that any loss or theft is documented and addressed

Answer 124

Physical layer

Question 125

A centralized security monitoring service that helps to protect your services from security threats.

Answer 125

Azure Security Center

Question 126

Monitors cloud and on-premises services
Monitors resources
Performs security assessments
Identifies vulnerabilities
Detects and stops malware installation
Applies security settings to new resources

Answer 126

Azure Security Center

Question 127

A security information and event management (SIEM) system. SIEM systems collect data from various sources for threat detection and response that includes:
Data collection from cloud and on-premises
Microsoft analytics and threat intelligence to detect hidden threats
Task automation to respond to incidents quickly

Answer 127

Azure Sentinel

Question 128

A centralized cloud service that stores highly sensitive secrets such as passwords, certificates, tokens, and API keys.

Answer 128

Azure Key Vault

Question 129

Stores and manages sensitive information
Can be used to create and manage encryption keys
Can be used to create and manage SSL/TLS certificates for both internal and Azure resources
Provides access control and access monitoring

Answer 129

Azure Key Vault

Question 130

Ensures that your VMs are hosted on dedicated physical servers. You can select the appropriate Azure region, availability zone, and fault domain to help ensure high availability.

Answer 130

Azure Dedicated Host

Question 131

Inspects network traffic and filters network traffic. Traffic can be filtered by port number, protocol, FQDN, and network address. Network administrators can set NAT, network, or application rules to deny or allow various traffic types.

Answer 131

Azure Firewall

Question 132

Reviews the traffic, compares it to the existing rules, and permits or blocks the traffic accordingly.

Answer 132

Azure Firewall

Question 133

Provides a level of defense against several types of distributed denial-of-service attacks, including:
Volumetric attacks
Resource-level attacks
Protocol attacks

Answer 133

Azure DDoS Protection

Question 134

Firewall services offered by Azure. These NSGs filter network traffic between services in an Azure virtual network.

Answer 134

Network security groups (NSG)