AZ-900.1 Flashcards
(143 cards)
1
Q
CapEx, OpEx
A
Capacity Expenditure vs Op, on prem vs cloud
2
Q
IaaS
A
Infrastructure as a service. Basically the responsibility of a VM, not H/V. H/V done by host \ comp \ net \ storage
Line of responsibility - btw OS and H/V
3
Q
PaaS
A
Platform as a service
Line at Apps \ Runtime
4
Q
layers
A
Data
App
Runtime
OS
H/V
Computation
Net
Storage
5
Q
SaaS
A
SW as a Serv, not Azure but 365
6
Q
Serverless
A
enables developers to build applications faster by eliminating the need for them to manage infrastructure. a cloud-hosted execution environment
7
Q
Public Cloud
A
Azure, internet
8
Q
Private Cloud
A
mgmt sw. Capex. Can be setup on prem or 3rd party. Less benefits than public.
Azure Stack
9
Q
Hybrid
A
Pub + Priv cloud, Azure Arcs does this
10
Q
Region Lat speed
A
2ms travel time is region
11
Q
Availability Zones
A
Areas that replicate data and keep availability up. Data centers in the same region or close to it.
Regions have these availability zones in them
12
Q
Zone-Redundant
A
Services spread across local regions get redundantly backed up to other data centers in Availability Zone
Az Region -> Region Zone (holds datacenter)
Zone-redundant resources are replicated or distributed across multiple availability zones (in a single region) automatically
Zonal deployments - one zone for speed
13
Q
Resource Group
A
Variety of network resources grouped. Share lifecycle. RBAC \ Policy
14
Q
RBAC
A
Role Based Action Control
15
Q
Subs trust one thing
A
One Azure AD Tenant
16
Q
Sub inheritance
A
Goes to resource groups
17
Q
Management group
A
Budget, RBAC, Policy. AAD Tenant -> Root -> Mgmt Grp
18
Q
Subscriptions trust
A
Only one AD tenant
19
Q
Azure Capacity Resource
A
Pol, RBAC, Tag, Defender. Used for OpEx
20
Q
Azure Resource Manager
A
CLI, Portal, Template to interact with Azure
21
Q
ARC enabled server
A
Agent installed to lend resources to Azure. Kubernete, Servers, VMware.
Azure -> ARM -> Agent
Azure Arc-enabled servers lets you manage Windows and Linux physical servers and virtual machines hosted outside of Azure. They become hybrid machines
22
Q
Ephemeral disk
A
Ephemeral OS disks are created on the local vm storage and not saved to the remote Azure Storage. Faster load time \ imaging but might fail. Doesn’t save state and reloads each time.
23
Q
NSG
A
Network Security Group
24
Q
Everything lives in
A
Subscription -> then RG -> Resources. With the sub trusting the tenant.
25
VMSS
Virtual Machine Scale Set. Manages instances of VMs for redundancy. Can min \ max scale. Azure Batch
26
PaaS use
Faster than VMs to launch and complete a task. Containers.
27
Container registry
Holds images
28
ACI
Azure Container instance,
29
VM SKU
Ram, CPU, GPU added and scored
30
AKS
Azure Kubernetes Service. MGMT \ Data which lives on the data \ app level. Decides what VMSS to run on computer cluster.
31
Nodes
Container Hosts. Nodes -> Pools -> Pods -> Containers
32
App Service
Pick VMs but MS does all the OS and services.
33
Unit of VM vs serverless
VM runs whole computer. Serverless pays for what you use. Can run containers on Serverless.
34
Logic Apps
Basically UE blueprint for computer applications. Reduces need for code and automates workflow.
35
Remote desktop hosting reqs
RDP encapsulation, Broker to choose which host to use, the hosts themselves to run the desktop.
36
AVD
Azure Virtual Desktop, handles desktop experiences to users or publishes applications.
37
Win365
Pay for cloud desktop of windows
38
Route based P2S connection
Point to Site through MS network. Private connection to carrier neutral sites. Express routes
39
Express Routes
Connection to Meet Me connection through MS. Takes ISP out of it and connects direct. Uses express route gateway. Allowed to resources through route filter.
40
Service Endpoint
Things like storage accounts. Can allow subnets to connect.
Express Route -> Subnet -> Service Endpoint
41
Private Endpoint
Give subnet IP to Service. Gets around public IP.
42
Virtual networks
Organize subnets
43
Premium Storage
Block, Page, File blob storage. LRS ZRS only
44
Blob
Blob of binary data w/o file structure. No ACL \ No directories
Block - Storage
Page - Random access, uses managed disks
Append -
45
LRS
3 copies of data in one building. Z Regional Storage
46
ZRS, GZRS
3 data locations in a region. Copied to another region, 3 data locations in 3 region locations.
47
Hot Cool Cold Archived
Blob tiers to how much access. Cheaper to store slower options. More expensive to access colder assets (operations).
48
GRS
2 regions with data copied to 2 Region buildings. Not spread out like
49
Managed Disks
HDD, SDD, Prem SDD, Ultra. Ultra \ Prem SSDv2 dynamic use IOPS and T/P.
50
Storage Account Resource Types
Blob
Files - SMD, windows file shares
Queue - event driven file in \ file out
Tables - Key \ value
Static Websites - Only for reading. Data Management to serve data
51
Azure Files Sync
Cloud endpoint to all windows file shares. Syncs data between file shares and manages data that needs to be stored vs used a lot.
52
Lifecycle Mgmt
Free Move data between tiers and deleting data.
53
Storage Tasks Payment Perks
Paid with more features and undelete
54
Azure SQL DB, MI
DB PaaS. fully online, scalable, talks to cloud apps
MI - managed instance. more like on prem, mimics this setup. Good for xfer to cloud. More control
55
CITUS
Sharding DBs in Postgres
56
COSMOS DB
Cloud based model
57
Azure File Sync
Register servers with group with cloud endpoint.
centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of a Windows file server
58
IoT Hub
Azure interacts with IoT devices without needing the live device to use their SDK
59
IoT Central
Device template, dashboard, common tasks. Simulated devices.
IoT Hub(PaaS) -> IoT Central(Saas)
60
MCU
Micro Controller Unit for Azure to IoT
Azure Sphere is a secured, high-level application platform with built-in communication and security features for internet-connected devices. It comprises a secured, connected, crossover microcontroller unit (MCU), a custom high-level Linux-based operating system (OS), and a cloud-based security service that provides continuous, renewable security.
61
Azure Sphere
Security and comms for MCU (controller unit for IoT). End to End, MCU to IoT.
Azure Sphere MCU
Linux based OS
AS3, Azure sphere security service
62
Transform Data
Cleaning data, ETL extract load transform
Azure Data Factory and Synapse pipelines that you can use to transform and process your raw data into predictions and insights. Uses Azure Databricks or Azure HDInsight to xfer to other Az services
63
HDInsight
runs code for opensource Framework for ETL \ Transforming data. Loads raw data into Az
Hadoop - disk based load balancing tasks
Storm
Spark
64
Azure Cognitive services
Pre built AI
65
Azure DevOps
Kanban boards
Repos
Git
Pipeline CI, continuous integration (bring into repo for live test)
66
Azure Dev Test Labs
Quickly create environments using reusable templates and artifacts. Free but charged for resources used. Dev Testing
67
Azure Resource Mgmt Tools used to interact with Az itself
Azure -> Azure Resource Mgmt -> Portal (tough scale and speed and consistency)
Mobile - Alerts \ Basics
Azure PS - scripts
" CLI - "
68
Azure Advisor
Tips for what to change on SLA \ Security ect
Advisor is a digital cloud assistant that helps you follow best practices to optimize your Azure deployments
69
ARM templates
Az Res Mgmt pre coded things. Can be transpiled into ARM template
To implement infrastructure as code for your Azure solutions
"resources": {
"mystore": {
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2023-04-01",
"name": "mystorageaccount",
"location": "[parameters('location')]",
"sku": {
"name": "Standard_LRS"
},
"kind": "StorageV2"
70
Az Monitor
No default logs for monitored resources
71
Azure security center
Reviews security features to change and compliance
72
Enhanced security features VMs and Apps
Just in time VM. Scheduled VM access
Adv application controls
Regularity company
Paas and azure VM security
73
Az key vault
Stores passwords and certifications
74
HSM
Hardware security models. Az vault can use these
75
Az key vault access
Access policy for groups. Total vault access. Rbac for granular support
76
Managed Identity
When an application needs access ahead of time
77
Az senitenal
Siem, security insurance and event manager
Soar, security orchestration automation response
Log analytics workspace with connectors that sentinel has integrated
78
Zero trust
1. Verify explicitly
2. Least privilege
3. Assume breach
79
Context
Identity, network, endpoint
80
NSG
Network security group. Almost like Port forwarding with more options
81
Service tag, nsg
Collection of IP addresses from service that are allowed
82
Azure firewall
Fully managed and scaled. Layer 7. Has it's own subnet.
83
User defined routes
Define the hops traffic takes with fqdn ext
a way to define custom, static routes that override Azure's default system routes
84
Az firewall premium
Can read tls. Can use certificates to decode incoming.
85
Ddos types
Volumetric- mas attempts
Protocol- malformed packets
Application- http
86
Enhanced standard protection az fw
Metrics, reports, to tune plan. Rapid response to get help. Get credits to failed protection
87
AuthN
Authentication. Valid user or service. Know, have, are
88
AuthZ
What privileges that is has
89
Lifecycle workflow
Pre defined tasks for join, leave, and moving in company. Sets entra permissions
90
Domain controller
Handles all the on premises active directory tasks.
91
Entra tenant
Cloud based dc
92
Entra connect sync
Original on premises to entra. Runs locally
93
Entra cloud sync
Prem could sync
94
Entra vs in tune
Entra is ad and in tune is for mdm
95
Entra legacy dc connection
Virtual network to convert dc or entra domain services insurance.
96
B2B entra
External id providers. External users can login. Associates with that company.
97
CA
Conditional access. Surrounds entra tenant instance. Sets requirements for getting in and rbac
98
B2C tenant
Isolating from corporate tenant and more id support. Keeps large amounts of companies out. Offers account creations
99
Azure premium 1, id features
Microsoft Entra ID P1
Allows id through app for mfa. Sms and tokens. Ids the user and sets up things like MFA. Start of RBAC
100
Management groups vs resource groups
Mg: Root group that branches into hierarchy. Subs live under these.
Rg, subscription group that has network resources
101
Role assignment
Scope (resource and MGMT groups), Identity, and role actions (things done in resource groups)
102
Resource lock
Owner of scope can modify these permissions. Prevents deletion through many different policies \ RBAC.
103
Tag inheritance
Not inherited unless tag is missing, then copies
104
Set of policies
Initiative. Groups policies together to reduce quantity of policies needed
105
Policy Effects
Audit, Denny, append, if checks
106
Microsoft purview
Data MGMT, where and what. Helps prevent Data leaks. Catalogs, Meta Data, Data sharing. Access.
Starts off compliance. Thanks sensitive Data. Maintains Data between services.
107
Purview Enterprise
More sources. Ties in DB like windows network?
helps organizations manage, protect, and govern their data across various cloud and on-premises locations.
108
Budget can be applied to
Subscription, policy, resource group.
109
How to apply things to templates
Blueprint - sub - rg - arm template
110
Blueprints modifiable?
Yes, can set restrictions and deny because owners can edit blueprints
111
Az cloud adoption framework
Helps beginners plan cloud deployment
112
DPA
Data protection addendum. Legal agreement on security and compliance
113
Cost reductions
Hours of operation, delete unused, instance everything server less, auto scale
114
Az reservations
Pay for years to reduce cost. Will still cost if you don't use all of that resource
115
Az spare capacity
Cheaper but VMs can be deallocated if demand increases. Workflow storage needs tolerance
116
Cost management
Shows spending and allows tweaking
117
Preview vs GA in Az versions
Preview URL and title to beta features. GA is generally available
118
Horizontal scaling
Adding VMs and other independent things
119
Vertical scaling
Adding more power to components
120
Direct scaling
Quickly increasing resources for a single batch
121
IaaS is like renting
Hardware in a data center with nothing on it
122
Total cost of ownership calculator
Preview of costs for service
123
Agility
Agility means that you can deploy and configure cloud-based resources quickly as app requirements change.
124
Scalability
Scalability means that you can add RAM, CPU, or entire virtual machines to a configuration
125
Elasticity
Elasticity means that you can configure cloud-based apps to take advantage of autoscaling
126
Which top level thing is billed seperetly?
Azure Subscription generates separate billing reports and invoices for each subscription so that you can organize and manage costs
127
Azure Functions
Azure Functions allows you to run code as a service without having to manage the underlying platform or infrastructure.
Azure Logic Apps is similar to Azure Functions, but uses predefined workflows instead of developing your own code.
128
Peering
Peering enables resources in each virtual network to communicate with each other.
129
Service Endpoints
Service endpoints are used to expose Azure services to a virtual network, providing communication between the two. ExpressRoute is used to connect an on-premises network to Azure
130
Cond Access
Conditional Access is a feature that Microsoft Entra uses to allow or deny access to resources based on identity signals, such as the device being used
131
RBAC and Scope
An Azure RBAC role is applied to a scope, which is a resource or set of resources that the access applies to
132
Az Cost Mgmt
Azure Cost Management allows you to create and manage cost and usage budgets by monitoring resource demand trends, consumption rates, and cost patterns
133
Application Insights
Application Insights is a feature of Azure Monitor that allows you to monitor running applications, automatically detect performance anomalies, and use built-in analytics tools to see what users do on an app.
134
Purview Features
Data Catalog –– This enables data discovery.
Data Sharing –– This shares data within and between organizations.
Data Estate Insights –– This accesses data estate health.
Data Policy –– This governs access to data.
135
Scope
Resource or set of resources
136
azure event hub
basically a huge event viewer
137
az service bus
Azure Service Bus is a fully managed enterprise message broker with message queues and publish-subscribe topics. Service Bus is used to decouple applications and services from each other, providing the following benefits:
Load-balancing work across competing workers
Safely routing and transferring data and control across service and application boundaries
Coordinating transactional work that requires a high-degree of reliability
138
portal website
portal.azure.com
139
logic apps vs az functions
Azure Functions is a serverless compute service whereas Azure Logic Apps is a serverless workflow automation platform. Both these services can address your integration problems and automate business processes, but each has its unique advantages
140
Windows Hello
Windows Hello is a Windows feature that allows you to sign in to your device using your face, fingerprint, or a PIN, instead of a password
141
Azure Policy
Azure Policy is the primary resource for defining and enforcing corporate standards across your cloud environment. It allows you to create, assign, and manage policies that define the rules and effects for your resources, ensuring they adhere to your organization's requirements
142
Microsoft Entra ID Protection
Microsoft Entra ID Protection helps organizations detect, investigate, and remediate identity-based risks
143
AzCopy
AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.
