AZ-900

Question 1

What is Platform as a Service (PaaS)?

Answer 1

Middle ground between IaaS and SaaS - only the data and application layers of the IT Stack are controlled by the customer.

Question 2

What is Infrastructure as a Service (IaaS)?

Answer 2

Places the most responsibility on the customer. The Cloud Service Provider only provides virtualized hardware resources.

Question 3

What is Software as a Service (SaaS)?

Answer 3

Most responsibility lies with the Cloud Service Provider. The customer only controls the data layer as the applications are installed by the CSP in their own environment.

Question 4

Define computing services.

Answer 4

Services that include common IT infrastructure such as Virtual Machines, Storage, Databases, and Networking.

Question 5

What kind of Cloud Models are there?

Answer 5

Public Cloud, Private Cloud, Hybrid Cloud, Multi-Cloud, Sovereign Cloud.

Question 6

What is a Private Cloud?

Answer 6

A cloud used by a single entity. Resources are owned by a single organization, not shared among others.

Question 7

What is a Public Cloud?

Answer 7

A cloud built, controlled, and maintained by a third-party cloud provider. E.g. AWS.

Question 8

What is a Hybrid Cloud?

Answer 8

A computing environment that uses both Public and Private clouds in an inter-connected environment.

Question 9

What is a Sovereign Cloud?

Answer 9

A cloud used by government entities that function as private clouds but have characteristics of public clouds due to their sheer scale.

Question 10

What is Operational Expenditure (OpEx)?

Answer 10

Money is spent on services over time.

Question 11

What is Capital Expenditure (CapEx)?

Answer 11

Money is spent once, up front to purchase or secure tangible resources.

Question 12

What is Scalability?

Answer 12

Refers to the ability to adjust resources based on demand.

Question 13

What is the difference between Horizontal Scaling and Vertical Scaling?

Answer 13

Vertical - Scale up or down in power to your existing resources. Horizontal - Scale out and add more machine nodes to existing infrastructure.

Question 14

What are the layers of the IT Stack?

Answer 14

Data
Application
Frameworks and Runtime
Patches and Hotfixes
Operating System
Hardware
Power, cooling, internet
Physical Space

Question 15

What are the key characteristics of Cloud Computing?

Answer 15

Resources Pooling, Elasticity, Pay-per-use, and Automation.

Question 16

What is Elasticity?

Answer 16

The ability to dynamically adjust resources based on current workload, scaling up or down.

Question 17

True or False - Elasticity in a cloud is preferred but ultimately optional.

Answer 17

False! A cloud should ALWAYS have an elastic infrastructure.

Question 18

What are the layers of Azure Architecture?

Answer 18

Geographies
Region Pairs
Regions
Availability Zones
Data centers

Question 19

What is Azure Geography?

Answer 19

Top layer of Azure Architecture. This is usually a country.

Question 20

What is a Region Pair?

Answer 20

Contained within Azure Geographies. Consists of two regions grouped together.

Question 21

What is a Region?

Answer 21

A single part within an Azure Geography.

Question 22

What are Availability Zones?

Answer 22

Areas within a region.

Question 23

What is a Datacenter?

Answer 23

Physical building within an Availability Zone.

Question 24

What is a Subscription?

Answer 24

A unit of consolidated billing. Managed by a Management Group.

Question 25

What is a Management Group?

Answer 25

Manages Subscriptions and controls access, policies, and compliance.

Question 26

What is a Resource Group?

Answer 26

A container that holds related resources like Virtual Machines, WebApps, and Databases. Held within a subscription.

Question 27

What are Resources in Azure?

Answer 27

End objects in Azure hierarchy. They are things like Compute, Network, and Storage applications.

Question 28

What is Microsoft Entra ID (Azure AD)?

Answer 28

Azure’s cloud-based Identity and Access Management (IAM) service.

Question 29

What are two factors that affect Azure costs?

Answer 29

Resources usage and Resource location.

Question 30

What are Resources Tags used for in Azure?

Answer 30

Grouping billing data and categorizing costs by runtime environment.

Question 31

What is Azure Total Cost of Ownership Calculator (TCO)?

Answer 31

Helps you estimate cost savings and benefits of migrating on-premises infrastructure and workloads to Azure.

Question 32

What is the difference between Azure Cost Management + Billing and Azure TCO Calculator?

Answer 32

Azure Cost Management + Billing - Provides tools for managing and optimizing the cost of workloads. Azure TCO - Helps estimate the costs of migrating on-premises to cloud.

Question 33

What are Cloud native users?

Answer 33

Users that are created in Entra ID.

Question 34

What are Non-Native users?

Answer 34

Users synced from Entra Connect.

Question 35

What is Entra ID Domain Services?

Answer 35

Designed for applications that require traditional directory server services. Only used by legacy applications.

Question 36

What is the difference between Entra B2B and Entra B2C?

Answer 36

B2B (Business to Business) - Focuses on secure collaboration and resource sharing between businesses. B2C (Business to Customer) - Handles customer-facing identity management.

Question 37

What is a Zero Trust Approach?

Answer 37

A security framework that shifts from traditional perimeter-based security models to a 'never trust, always verify' principle.

Question 38

What are 3 guiding principles of Zero Trust?

Answer 38

Verify explicitly - Always verify the authenticity of a request using multiple data points, not just credentials. Least privilege - Always assign the least amount of permissions necessary for the user to perform the functions of their job. Assume breach - always assume anyone who is here is someone wanting to cause a breach.

Question 39

What is the Defense in Depth Model?

Answer 39

A strategy utilizing multiple layers of protection to secure services and data.

Question 40

What are 3 key things that Defense in Depth is designed to protect?

Answer 40

Confidentiality Integrity Availability ## Footnote (CIA)

Question 41

What is Entra ID Conditional Access?

Answer 41

Provides smart authentication using multiple data points (signals) to verify the authenticity of a request.

Question 42

What is Role Based Access Control (RBAC)?

Answer 42

Assigning permissions based on a user’s role within the company.

Question 43

What are the 3 parts to Role Based Access Control?

Answer 43

Security principle - what should have permissions granted. Role definition - Read, write, etc. Scope - scope to which the access will apply.

Question 44

What are Deny assignments?

Answer 44

Explicitly list permissions not allowed in Azure Role Based Access Control (RBAC).

Question 45

What are Role Assignments?

Answer 45

Attach role definitions to security principles in Azure.

Question 46

What is Microsoft Defender for Cloud?

Answer 46

A comprehensive security solution that provides threat protection and security management for cloud workloads and services.

Question 47

What is a Virtual Machine?

Answer 47

A virtualized version of a physical computer that runs on an elastic infrastructure pool.

Question 48

What is the purpose of Virtual Machine Availability Sets?

Answer 48

To prevent disasters by distributing VM instances across multiple server racks.

Question 49

What are the two orchestration modes for Scale Sets?

Answer 49

Uniform (identical VMs) and Flexible (similar but not necessarily identical VMs).

Question 50

What is Azure Virtual Desktop used for?

Answer 50

Centralized administration of users' apps and data, enabling remote desktop access.

Question 51

What is an Azure Container Instance?

Answer 51

A lightweight and faster way to deploy cloud applications using a containerization engine.

Question 52

What is the benefit of Azure Functions?

Answer 52

On-demand serverless compute for small code blocks, provisioning dependencies at runtime.

Question 53

What does Azure OpenAI provide access to?

Answer 53

OpenAI's large language models, including GPT 3.5, GPT 4, Codex, DALL-E, and Whisper.

Question 54

What is the difference between stateful and stateless applications?

Answer 54

Stateful applications retain data over time, while stateless applications do not store persistent data.

Question 55

What does a Storage Account hold?

Answer 55

Data services for applications, including Blobs, Queues, Tables, and Files.

Question 56

What are the two types of storage accounts?

Answer 56

Standard General Purpose (HDD) and Premium (SSD).

Question 57

What is the purpose of Blobs in Azure Storage?

Answer 57

Blobs store large chunks of unstructured data like videos, audio files, and executables.

Question 58

What is the function of Azure Queues?

Answer 58

They help process requests in order and provide asynchronous messaging between application components.

Question 59

What is the difference between Hot, Cool, and Archive access tiers in blob storage?

Answer 59

Hot is frequently accessed with high storage cost and low access cost, Cool is less accessed with lower storage cost and higher access cost, Archive has the lowest storage cost but the highest access cost.

Question 60

What does Azure File Sync do?

Answer 60

Synchronizes on-prem file shares with Azure Files and enables access across different sites.

Question 61

What are the different storage redundancy options available in Azure?

Answer 61

LRS (Locally Redundant Storage), ZRS (Zone Redundant Storage), GRS (Geo-Redundant Storage), RA-GRS (Read-Only GRS), GZRS (Geo-Zone Redundant Storage), and RA-GZRS (Read-Only GZRS).

Question 62

What are the two main data management tools in Azure?

Answer 62

AZCopy (command-line utility) and Storage Explorer (GUI for managing storage).

Question 63

What is the purpose of Azure Migrate Hub?

Answer 63

Provides resources for assessing and migrating workloads, including Discovery and Assessment Tools, Migration Tools, and Data Migration Assistance.

Question 64

What is a Virtual Network (VNet)?

Answer 64

A virtualized network provisioned from an elastic infrastructure pool to connect cloud resources, the internet, and on-prem environments.

Question 65

What does Virtual Subnet segmentation help with?

Answer 65

Easier administration, load balancing, security filtering, and traffic monitoring using network appliances.

Question 66

What is Virtual Network Peering used for?

Answer 66

To connect two VNets, either in the same region (Local Peering) or different regions (Global Peering).

Question 67

What is the purpose of Service Endpoints?

Answer 67

To create a dedicated path for reaching a resource, eliminating the need for public IPs.

Question 68

How does ExpressRoute work?

Answer 68

Establishes a private connection between on-prem and cloud using unique IP ranges and BGP route propagation.

Question 69

What is a Virtual Network Gateway?

Answer 69

An entry point for external network traffic into VNets, encrypting data transfer between on-prem and cloud.

Question 70

What does Azure DNS do?

Answer 70

Provides name resolution for resources, supporting public and private domains.

Question 71

What is Microsoft Entra ID?

Answer 71

A global Identity as a Service (IDaaS) that provides Identity and Access Management (IAM) for the modern cloud-based world. Formerly known as Azure AD.

Question 72

What are the key functions of Microsoft Entra ID?

Answer 72

Manages authentication and authorization, integrates with Windows Server AD using Entra Connect, and enables security using AI and machine learning.

Question 73

What are the three key pillars of any IT environment?

Answer 73

Users, Devices, and Applications.

Question 74

What are Cloud-native users in Entra ID?

Answer 74

Users created directly in Entra ID, as opposed to non-native users who are synced from an on-prem AD server.

Question 75

What authentication protocols does Entra ID support?

Answer 75

OAuth, SAML, OpenID, and WS-Federation for modern applications.

Question 76

What is Entra ID Domain Services used for?

Answer 76

Supports legacy applications that require traditional directory server functions, including Kerberos, NTLM, and LDAP.

Question 77

What is Entra ID B2B used for?

Answer 77

Enables collaboration between different organizations while managing local authorization within the Entra tenant.

Question 78

What is Entra ID B2C used for?

Answer 78

Allows businesses to provide authentication services for individual consumers using self-service lifecycle management.

Question 79

What is Multifactor Authentication (MFA)?

Answer 79

A security feature requiring two or more authentication factors, such as passwords, security tokens, or biometric data.

Question 80

What is Password-less Authentication?

Answer 80

Authentication without passwords, relying on attributes like security keys, biometrics, and device-based authentication.

Question 81

What is Single Sign-On (SSO)?

Answer 81

A system that allows a user to sign in once and access multiple apps and resources using an authorization token.

Question 82

What is Azure Resource Manager (ARM)?

Answer 82

A service that provides a unified management experience across Azure tools and services, ensuring standardized and secure interactions.

Question 83

What are some management tools used with ARM?

Answer 83

Azure Portal, PowerShell, CLI, and various client-based tools.

Question 84

What is an ARM template?

Answer 84

A JSON-based configuration file that defines Azure resources for consistent deployment.

Question 85

How does Azure Bicep enhance infrastructure management?

Answer 85

It provides a simplified syntax for ARM templates, making infrastructure as code (IaC) easier to write and maintain.

Question 86

What is Azure PowerShell used for?

Answer 86

A cross-platform scripting tool for managing Azure resources using Verb-Noun cmdlets.

Question 87

What is the difference between a Parameter and a Switch in PowerShell?

Answer 87

A Parameter requires a value to be specified, while a Switch does not.

Question 88

What is Azure CLI?

Answer 88

A cross-platform scripting module that interacts with Azure services using `az noun verb` syntax.

Question 89

What are the benefits of using Azure Cloud Shell?

Answer 89

Provides a cloud-based scripting environment accessible from a browser, eliminating the need to install local tools.

Question 90

What is Azure Arc used for?

Answer 90

Extends Azure's management capabilities to on-prem and multi-cloud environments, creating a 'projection' of non-Azure resources.

Question 91

How does Azure Arc communicate with external resources?

Answer 91

By installing an agent or running a script that sends a heartbeat to Azure every 5 minutes.

Question 92

What is Azure Monitor?

Answer 92

A comprehensive monitoring solution for Azure, on-prem, and multi-cloud environments that collects, analyzes, and responds to data.

Question 93

What is Azure Advisor?

Answer 93

A personalized cloud consultant that provides recommendations in reliability, security, performance, operational excellence, and cost optimization.

Question 94

What can you do with the Azure Mobile App?

Answer 94

Manage Azure resources, receive notifications, execute cloud commands, and monitor health status on the go.

Question 95

What is Azure Service Health?

Answer 95

A service that provides transparency into Azure's operational status, including platform events, advisories, and maintenance updates.