A Flashcards
A Records (DNS)
Used to map a name to an IPv4 address.
AAAA Records (DNS)
Used to map a name to an IPv6 address.
Accelerated Networking
Enables single root I/O virtualization (SR-IOV) to a virtual machine, which greatly improves its networking performance. This feature improves performance by bypassing the virtual switch between the host VM and the physical switch.
Access controls for storage accounts
Storage accounts are managed through Azure Resource Manager. Management operations are authenticated and authorized via Azure AD and RBAC. (Storage Firewall - allows you to limit access to specific IP addresses or IP Address Range. It applies to ALL storage account services: Blobs, Tables, Queues and Files. NOTE: When creating a storage firewall, you must use public Internet IP address space and NOT IP’s in the private IP address space.
Azure Files
Provides managed file shares that are accessible over the SMB protocol. SMB is a network file-sharing protocol, and Azure Files provides flexibility to use the following two types of identity-based authentication in order to access shares:
- On-premise Active Directory Domain Services (AD DS)
- Azure Active Directory Domain Services (Azure AD DS)
Azure Active Directory Domain Services (Azure AD DS) authentication and authorization.
You can enable Azure AD DS authentication for your Azure file shares to authenticate with Azure AD Credentials. Azure AD DS-joined Windows machines can access Azure file shares with Azure AD credentials over SMB (Server Message Block).
Access Policies - What is the maximum number of allowable access policies on either a container, table, queue or file share?
5
Access Keys (Managing) for an Azure storage account
Each storage account has TWO access keys. This allows you to modify applications to use the second key instead of the first key and then regenerate the first key…this is known as KEY ROLLING and it allows you to reset the primary key with no downtime for applications that directly access storage using an access key.
ROLLING A STORAGE ACCOUNT ACCESS KEY WILL INVALIDATE ANY SAS TOKENS THAT WERE GENERATED USING THAT KEY
Access tiers (Blob Storage)
Applies only to BLOB STORAGE (DOES NOT APPLY TO OTHER STORAGE SERVICES TO INCLUDE BLOCK BLOB STORAGE).
- Hot - access tier used to store frequently accessed objects (Data access cost are low/storage cost are high).
- Cool - access tier used to store large amounts of data that is not accessed frequently and stored for atleast 30 days. SLA is lower than HOT tier. Data access cost are high/storage cost are lower.
- Archive - access tier support long term storage, accessed rarely, can tolerate several hours of retrieval latency, remains in archive tier for atleast 180 days (Most cost effective for storing data but accessing the data is more expensive than accessing HOT or COOL tiers. (NOT Supported ZRS, GZRS or RA-GZRS).
* *New blobs will default to the access tier that is set at the storage level**
Azure Traffic Manager service tag
Service tags are platform-defined shortcuts that maps to the IP ranges of various Azure services. Azure traffic manager is used to allow traffic from the source IP addresses of Traffic Manager health probes.
Azure RM module (PowerShell)
The consumption of resources within a subscription against a resource quota can also be viewed with PowerShell. There are multiple cmdlets available in the Az (formerly AzureRM) PowerShell modules for querying per-service quota usage.
Azure LoadBalancer server tag
Service tags are used in NSG rules as a quick and reliable way of creating rules that control traffic to each service. Azure LoadBalancer indicates the IP’s where Azure Load Balancer health probes will originate. Traffic from these addresses should be allowed for any load-balance VMs.
