AZ-900 (Azure Fundamentals)

Question 1

Availability set

Answer 1

The spreading of VM’s across multiple servers and racks in the same datacenter

Question 2

Availability zone

Answer 2

Each availability zone is (group of) datacenter that is fully separate from other availability zones, complete with dedicated power, cooling, and data connections. If one zone is compromised, then replicated apps and data are instantly available in another zone.

Question 3

Region pair

Answer 3

Region pairs are datacenter regions that are intimately connected, and at least 300 miles apart. They are connected through a dedicated low latency connection.

Question 4

Geography

Answer 4

Geographic regions, such as: Europe, America, Asia, Middle East, etc

Question 5

Account

Answer 5

A connected identity, such as a natural person

Question 6

Subscription

Answer 6

A logical container used to provision cloud resources. Each subscription will result in a single invoice per month.

Question 7

Azure AD

Answer 7

Your Azure login identity that is provisioned under a specific tenant. It’s the cloud/azure evolution of Active Directory, which is a B2B identity management service.

Question 8

Azure Support plan

Answer 8

An additional program that can be requested / used by clients to support them in their onboarding. Contains of access to a develop (for 8 hours, in SLA and per mail), standard support (24/7 mail and phone, SLA within 1 hour), direct access to professionals (training, onboarding, seminars, etc) and Premier access (azure event management and TAM)

Question 9

Scale sets

Answer 9

Are sets of VM’s that can be managed and configured as a single unit. For example, a single web-app might require a multiple VM’s. You can create a single scale set (and all it’s required VM’s) to extend application capacity. Works with load balancer and application gateway

Question 10

Compute options

Answer 10

• Serverless computing
• Logic apps
• Functions
• Azure app service
• Container

Question 11

Serverless computing

Answer 11

Computing without infrastructure management and that is easily scalable, so that you only have to focus on application development.

Question 12

Logic app

Answer 12

A serverless compute model that is based on a graphical interface (WYIWYG editor) which can be used to visually build logic apps

Question 13

Functions

Answer 13

A serverless compute model, similar to logic apps, that is based on scripting. Only upload the actual logic script, no need to manage scalability or infrastructure

Question 14

App service

Answer 14

Service that hosts webapps, APIs and webjobs. More than a single script, but still no need to manage entire infrastructure

Question 15

Container

Answer 15

Lightweight OS virtualization. Where a VM virtualizes hardware, a container virtualizes the OS. Allows you to divide combined solutions into smaller microservices. E.g. front-end is in one container, back-end and database are in another. If one virtualized OS (container) crashes, it doesn’t affect other containers.

Question 16

Storage options

Answer 16

• SQL DB
• Cosmos DB
• Blobstorage
• AzureFiles
• Azure Queue
• Disk Storage;
• Hot, Cool, Arch(ive)

Question 17

SQL DB

Answer 17

Storage of structured data

Question 18

Cosmos DB

Answer 18

Database that is global automatically, and works schemaless. Can be accessed in multiple DB formats. Structured data

Question 19

BlobStorage

Answer 19

Storage for Blobs (Binary Large Objects), a form of unstructured data

Question 20

Datalake storage

Answer 20

Hierarchical data that is ready to be analyzed (structured, semi-structured and unstructured data)

Question 21

Azure Files

Answer 21

Fully managed files shares that are available in Server Message Block (SMB) or Network File System (NFS) format, accessible to Windows, Linux and macOS

Question 22

Azure Queue

Answer 22

Service for storing a large number of system messages, accessible via REST API

Question 23

Disk Storage

Answer 23

Block storage to be used by virtual machines, comes in formats such as: HDD, SSD< Premium SSD and Ultra Disk Storage.

Question 24

Hot storage

Answer 24

Online tier designed for data that is accessed/modified daily. High storage cost, low access cost

Question 25

Cool storage

Answer 25

Online tier designed for data that is accessed/modified monthly. Medium storage cost, medium access cost

Question 26

Arch(ive)

Answer 26

Offline tier designed for data that is not accessed/modified in intervals shorter than 180 days. Low storage cost, High access cost

Question 27

Network options

Answer 27

* Virtual network * VPN Gateway * Network Security group * High availability * Reliency * Load balancer * Application gateway * Content Distribution Network (CDN) * Traffic Manager

Question 28

Virtual Network

Answer 28

A virtual network in which azure resources can securely communicate with each other

Question 29

Multi-tier Web

Answer 29

* Web tier * Business tier * Data tier

Question 30

Web tier

Answer 30

Web tier: The top layer including the user interface. This layer parses user interactions and passes the actions to next layer for processing.

Question 31

Business tier

Answer 31

Business tier: Processes the user interactions and makes logical decisions about the next steps. This layer connects the web tier and the data tier.

Question 32

Data tier

Answer 32

Data tier: Stores the application data. Either a database, object storage, or file storage is typically used.

Question 33

VPN Gateway

Answer 33

Works on the webtier in Azure, and on data tier and service tier on prem. Allows for the creation of connections between cloud and on-prem

Question 34

Network Security Group

Answer 34

Group of resources for which certain traffic rules apply. Similar to a firewall. For example, the allowance of UDP connections on port 1337

Question 35

High Availability

Answer 35

Means that service will be operating for a long time without interruption

Question 36

Reliency

Answer 36

The staying operational during abnormal conditions. E.g. perseverance through traffic spikes, power fluctuations, weather events, maintenance

Question 37

Load Balancer

Answer 37

Distributes traffic evenly among webservers. Increases availability and resilience

Question 38

Azure load balancer

Answer 38

Load balancer service from Azure. Operates at level four (TCP/UDP) of the OSI-schema.

Question 39

Application Gateway

Answer 39

Web traffic load balancer for web applications. Operates at level seven (url-based routing). Allows for secure (HTTPS) transport of data such as images or video.

Question 40

Content Distribution Network

Answer 40

Network that distributes (caches) content on geographically dispersed and strategic locations around the world

Question 41

Traffic Manager

Answer 41

Redirects end-users to the closest datacenters, for improved latency (packet travel time)

Question 42

Network Security Options

Answer 42

* Azure Firewall * Application Gateway * Web application firewall * DDOS Protection * Azure Express Route * Azure Information Protection * Azure Threat Protection

Question 43

Azure Firewall

Answer 43

Firewall service by Azure that protects your virtual network. Protects for inbound and outbound traffic. Can block on port, ip and protocol level (e.g. 80, 192.168.1.1, RDS/FTP)

Question 44

Application Gateway

Answer 44

Contains a web application firewall

Question 45

Web Application Firewall

Answer 45

Centralized servers that filters invalid requests. For example, SQL injection and XSS attacks are filtered before they reach the web application

Question 46

DDOS Protection

Answer 46

Protection against denial of service attacks. Exists in both Basic and Standard form.

Question 47

Basic DDOS Protection

Answer 47

Defense against common network-layer attacks through always-on traffic monitoring and real-time mitigation.

Question 48

Standard DDOS Protection

Answer 48

Includes same as basic, plus: availability guarantee, cost protection (overcosts are compensated), metrics & alerts, mitigation reports, rapid response support

Question 49

Azure Express Route

Answer 49

Private fiber connection from own premise to MS Cloud

Question 50

Azure Information Protection

Answer 50

The making confidential of files, e-mails and other data

Question 51

Azure Threat Protection AKA Defender for Identity

Answer 51

Protection against attacks, malicious insider actions and includes a ATP portal. Works through analyzing logs including tenant's users behaviour

Question 52

Security Options

Answer 52

* Defense in Depth * Encryption * Encryption at rest * Encryption in Transit * Azure Storage Service Encryption * Azure Disk Encryption * Transparent Data Encryption * Key Vault

Question 53

Defense in Depth

Answer 53

Defend not a single layer, but all layers: Data, Application, Compute (VM access), Networking (deny by default), Perimeter (DDOS), Identity (access), Physical (datacenter building)

Question 54

Encryption at rest

Answer 54

Encryption of physically stored data

Question 55

Encryption in transit

Answer 55

Encryption of data moving on the internet

Question 56

Azure Storage Service Encryption

Answer 56

Encryption of Azure storage service. Is standard in blob storage and queue storage

Question 57

Azure Disk Encryption

Answer 57

Encryption of the disk for the VM (even when account is breached, data is still encrypted)

Question 58

Transparent Data Encryption

Answer 58

Opaque encryption voor databases, is default in SQL DB

Question 59

Key Vault

Answer 59

Vault for Passwords, certificates and API keys

Question 60

Azure Policy

Answer 60

Allows enforcing rules and standards for resources. E.g. certain tag is required

Question 61

Initiative

Answer 61

A collection (/group) of policies.

Question 62

Azure Management Group

Answer 62

Allows creation of hierarchical order of resources and apply policies accordingly

Question 63

Blueprint

Answer 63

Collection of role assignments, policies, resources and groups. Can be applied to easily roll out an entire environment (for a new web-app for example).

Question 64

Azure Resource Manager

Answer 64

Management to to create roles for RBAC, to creates policies, etc

Question 65

Azure Security Center

Answer 65

Management console/center to protect azure and hybrid resources, including compliancy. It gives resources a security score depending on whether certain security aspects are met.

Question 66

Azure Monitor Metrics

Answer 66

Shows telemetry regarding applications, servers. Also allows for creation of alerts and rule-based auto-scaling

Question 67

Azure Service Health

Answer 67

Shows Azure service issues, planned maintenance and other health alerts relevant to tenant usage

Question 68

Trust Center

Answer 68

A center where privacy, compliancy and security policies are displayed (general for all Azure clients)

Question 69

Service Trust Portal

Answer 69

Portal to review independently available audit reports, which provides details on data protection compliance. E.g. ISO, SOC, NIST, FedRAMP & GDPR.

Question 70

TCO Calculator

Answer 70

Calculator for total cost of ownership, mainly to differentiate between costs of on-prem and cloud based workloads

Question 71

Pricing Calculator

Answer 71

Calculator to estimate pricing of individual resources in Azure

Question 72

Azure reservations

Answer 72

Reserve resources in order to gain discounted prices on certain Azure services

Question 73

Azure Cost Management + Billing

Answer 73

Service that helps you understand your Azure bill, manage your account (and subscriptions), monitor and control resource and optimize spending. Includes tools to budget, get alerts and enrich data.

Question 74

SLA Up-Time: 99%, 99.9% (how much downtime)

Answer 74

1.66 hrs/week & 7.2hrs/month | 10 mins/week & 43.2 mins/month

Question 75

Service Level Agreement (SLA)

Answer 75

Formal agreement between a service provider (Azure) and a customer about what level of service is offered. For Azure, this mainly means how much uptime Azure services have

Question 76

Azure Status

Answer 76

Service that provides a global overview of the health of Azure services and regions. This is a good place to check if you think Azure has an outage

Question 77

Application SLA

Answer 77

Defines the SLA requirements for a specific application. Generally, this is the application built by the tenant (how critical is your webapp, what should be its uptime?). These requirements can be mapped to Azure SLA

Question 78

Composite SLA

Answer 78

The combination of multiple SLAs to determine the total SLA. For example, you need a VM (SLA=99.9%) and an application gateway (SLA=99.99%). Composite SLA is calculated as 0.999*0.9999 = 0,9989001 = 99,89001%