az900

Question 1

What is cloud computing?

Answer 1

Simply put, cloud computing is the delivery of computing services—including servers, storage, databases, networking, software, analytics, and intelligence—over the Internet (“the cloud”) to offer faster innovation, flexible resources, and economies of scale. You typically pay only for cloud services you use, helping you lower your operating costs, run your infrastructure more efficiently, and scale as your business needs change.

Question 2

What are the different types of cloud computing services?

Answer 2

Cloud computing types are service deployment models that let you choose the level of control over your information and types of services you need to provide. There are three main types of cloud computing services, sometimes called the cloud computing stack because they build on top of one another.

The first cloud computing type is infrastructure-as-a-service (IaaS), which is used for Internet-based access to storage and computing power. The most basic category of cloud computing types, IaaS lets you rent IT infrastructure - servers and virtual machines, storage, networks, and operating systems - from a cloud provider on a pay-as-you-go basis.

The second cloud computing type is platform-as-a-service (PaaS) that gives developers the tools to build and host web applications. PaaS is designed to give users access to the components they require to quickly develop and operate web or mobile applications over the Internet, without worrying about setting up or managing the underlying infrastructure of servers, storage, networks, and databases.

The third cloud computing type is software-as-a-service (SaaS) which is used for web-based applications. SaaS is a method for delivering software applications over the Internet where cloud providers host and manage the software applications making it easier to have the same application on all of your devices at once by accessing it in the cloud.

Question 3

Shared responsibility in the cloud

Answer 3

As you consider and evaluate public cloud services, it’s critical to understand the shared responsibility model and which security tasks the cloud provider handles and which tasks you handle. The workload responsibilities vary depending on whether the workload is hosted on Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or in an on-premises datacenter

Question 4

What is a public cloud?

Answer 4

The public cloud is defined as computing services offered by third-party providers over the public Internet, making them available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume.

Unlike private clouds, public clouds can save companies from the expensive costs of having to purchase, manage, and maintain on-premises hardware and application infrastructure - the cloud service provider is held responsible for all management and maintenance of the system. Public clouds can also be deployed faster than on-premises infrastructures and with an almost infinitely scalable platform. Every employee of a company can use the same application from any office or branch using their device of choice as long as they can access the Internet. While security concerns have been raised over public cloud environments, when implemented correctly, the public cloud can be as secure as the most effectively managed private cloud implementation if the provider uses proper security methods, such as intrusion detection and prevention systems (IDPS).

Question 5

What is a private cloud?

Answer 5

The private cloud is defined as computing services offered either over the Internet or a private internal network and only to select users instead of the general public. Also called an internal or corporate cloud, private cloud computing gives businesses many of the benefits of a public cloud - including self-service, scalability, and elasticity - with the additional control and customization available from dedicated resources over a computing infrastructure hosted on-premises. In addition, private clouds deliver a higher level of security and privacy through both company firewalls and internal hosting to ensure operations and sensitive data are not accessible to third-party providers. One drawback is that the company’s IT department is held responsible for the cost and accountability of managing the private cloud. So private clouds require the same staffing, management, and maintenance expenses as traditional datacenter ownership.

Two models for cloud services can be delivered in a private cloud. The first is infrastructure as a service (IaaS) that allows a company to use infrastructure resources such as compute, network, and storage as a service. The second is platform as a service (PaaS) that lets a company deliver everything from simple cloud-based applications to sophisticated-enabled enterprise applications. Private clouds can also be combined with public clouds to create a hybrid cloud, allowing the business to take advantage of cloud bursting to free up more space and scale computing services to the public cloud when computing demand increases

Question 6

What is a hybrid cloud?

Answer 6

A hybrid cloud—sometimes called a cloud hybrid—is a computing environment that combines an on-premises datacenter (also called a private cloud) with a public cloud, allowing data and applications to be shared between them. Some people define hybrid cloud infrastructure to include “multicloud” configurations where an organization uses more than one public cloud in addition to their on-premises datacenter.

Question 7

Azure Cloud Services

Answer 7

Azure Cloud Services is a Platform as a Service (PaaS) technology engineered to deploy applications that are scalable, reliable and inexpensive to operate. With Cloud Services, you can focus on your applications, not on the underlying cloud infrastructure.

Question 8

Security governance

Answer 8

Security governance bridges your business priorities with technical implementation like architecture, standards, and policy. Governance teams provide oversight and monitoring to sustain and improve security posture over time. These teams also report compliance as required by regulating bodies.

Question 9

loud management gateway overview

Answer 9

The cloud management gateway (CMG) provides a simple way to manage Configuration Manager clients over the internet. You deploy CMG as a cloud service in Microsoft Azure. Then without more on-premises infrastructure, you can manage clients that roam on the internet or are in branch offices across the WAN. You also don’t need to expose your on-premises infrastructure to the internet.

Question 10

What is IaaS?

Answer 10

Infrastructure as a service (IaaS) is a type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis. IaaS is one of the four types of cloud services, along with software as a service (SaaS), platform as a service (PaaS), and serverless.
Migrating your organization’s infrastructure to an IaaS solution helps you reduce maintenance of on-premises data centers, save money on hardware costs, and gain real-time business insights. IaaS solutions give you the flexibility to scale your IT resources up and down with demand. They also help you quickly provision new applications and increase the reliability of your underlying infrastructure.

IaaS lets you bypass the cost and complexity of buying and managing physical servers and datacenter infrastructure. Each resource is offered as a separate service component, and you only pay for a particular resource for as long as you need it. A cloud computing service provider like Azure manages the infrastructure, while you purchase, install, configure, and manage your own software—including operating systems, middleware, and applications.

Question 11

What is PaaS?

Answer 11

Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. You purchase the resources you need from a cloud service provider on a pay-as-you-go basis and access them over a secure Internet connection.

Like IaaS, PaaS includes infrastructure—servers, storage, and networking—but also middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS is designed to support the complete web application lifecycle: building, testing, deploying, managing, and updating.

PaaS allows you to avoid the expense and complexity of buying and managing software licenses, the underlying application infrastructure and middleware, container orchestrators such as Kubernetes, or the development tools and other resources. You manage the applications and services you develop, and the cloud service provider typically manages everything else.

Question 12

Infrastructure as a service (IaaS) and platform as a service (PaaS) are cloud service models.

Answer 12

IaaS offers access to computing resources like servers, storage, and networks. The IaaS provider hosts and manages this infrastructure. Customers use the internet to access the hardware and resources.

In contrast, PaaS provides a framework for developing and running apps. As with IaaS, the PaaS provider hosts and maintains the platform’s servers, networks, storage, and other computing resources. But PaaS also includes tools, services, and systems that support the web application lifecycle. Developers use the platform to build apps without having to manage backups, security solutions, upgrades, and other administrative tasks.

Question 13

Advantages of PaaS over IaaS

Answer 13

When it’s possible, use PaaS instead of IaaS. IaaS is like having a box of parts. You can build anything, but you have to assemble it yourself. PaaS options are easier to configure and administer. You don’t need to set up virtual machines (VMs) or virtual networks. You also don’t have to handle maintenance tasks, such as installing patches and updates.

For example, suppose your application needs a message queue. You can set up your own messaging service on a VM by using something like RabbitMQ. But Azure Service Bus provides a reliable messaging service, and it’s simpler to set up. You can create a Service Bus namespace as part of a deployment script. Then you can use a client SDK to call Service Bus.

Question 14

What is SaaS?

Answer 14

Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365).

SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider. You rent the use of an app for your organization, and your users connect to it over the Internet, usually with a web browser. All of the underlying infrastructure, middleware, app software, and app data are located in the service provider’s data center. The service provider manages the hardware and software, and with the appropriate service agreement, will ensure the availability and the security of the app and your data as well. SaaS allows your organization to get quickly up and running with an app at minimal upfront cost.

Question 15

SaaS

Answer 15

The capability provided to the consumer for using the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Question 16

How does Microsoft host its online services?

Answer 16

Microsoft delivers more than 200 cloud services, including enterprise services such as Microsoft Azure, Microsoft 365, and Microsoft Dynamics 365, to customers 24x7x365. These services are hosted in Microsoft’s cloud infrastructure composed of globally distributed datacenters, edge computing nodes, and service operations centers. They are supported and connected by one of the world’s largest global networks, with an extensive fiber footprint.

The datacenters that power our cloud offerings focus on high reliability, operational excellence, cost-effectiveness, environmental sustainability, and a trustworthy online experience for customers and partners worldwide. Microsoft regularly tests our datacenter security through both internal and third-party audits. As a result, the most highly regulated organizations in the world trust the Microsoft cloud, which is compliant with more certifications than any other cloud service provider.

Question 17

What is a resource group

Answer 17

A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization. Generally, add resources that share the same lifecycle to the same resource group so you can easily deploy, update, and delete them as a group.

The resource group stores metadata about the resources. Therefore, when you specify a location for the resource group, you are specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.

Question 18

Azure Functions overview

Answer 18

Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.

Question 19

What is Azure Virtual Network?

Answer 19

Azure Virtual Network is a service that provides the fundamental building block for your private network in Azure. An instance of the service (a virtual network) enables many types of Azure resources to securely communicate with each other, the internet, and on-premises networks. These Azure resources include virtual machines (VMs).

Question 20

Azure Peering Service overview

Answer 20

Azure Peering Service is a networking service that enhances the connectivity to Microsoft cloud services such as Microsoft 365, Dynamics 365, software as a service (SaaS) services, Azure, or any Microsoft services accessible via the public internet. Microsoft has partnered with internet service providers (ISPs), internet exchange partners (IXPs), and software-defined cloud interconnect (SDCI) providers worldwide to provide reliable and high-performing public connectivity with optimal routing from the customer to the Microsoft network.

With Peering Service, customers can select a well-connected partner service provider in a given region. Public connectivity is optimized for high reliability and minimal latency from cloud services to the end-user location.

Question 21

What is Azure DNS?

Answer 21

Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

Question 22

What is Azure VPN Gateway?

Answer 22

Azure VPN Gateway is a service that uses a specific type of virtual network gateway to send encrypted traffic between an Azure virtual network and on-premises locations over the public Internet. You can also use VPN Gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. Multiple connections can be created to the same VPN gateway. When you create multiple connections, all VPN tunnels share the available gateway bandwidth.

Question 23

What is Azure ExpressRoute?

Answer 23

ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure and Microsoft 365.

Question 24

What are the benefits of using ExpressRoute and private network connections?

Answer 24

ExpressRoute connections don’t go over the public Internet. They offer higher security, reliability, and speeds, with lower and consistent latencies than typical connections over the Internet. In some cases, using ExpressRoute connections to transfer data between on-premises devices and Azure can yield significant cost benefits.

Question 25

What is a private endpoint?

Answer 25

A private endpoint is a network interface that uses a private IP address from your virtual network. This network interface connects you privately and securely to a service that's powered by Azure Private Link. By enabling a private endpoint, you're bringing the service into your virtual network. The service could be an Azure service such as: Azure Storage Azure Cosmos DB Azure SQL Database Your own service, using Private Link service.

Question 26

Introduction to Azure Storage

Answer 26

The Azure Storage platform is Microsoft's cloud storage solution for modern data storage scenarios. Azure Storage offers highly available, massively scalable, durable, and secure storage for a variety of data objects in the cloud. Azure Storage data objects are accessible from anywhere in the world over HTTP or HTTPS via a REST API. Azure Storage also offers client libraries for developers building applications or services with .NET, Java, Python, JavaScript, C++, and Go. Developers and IT professionals can use Azure PowerShell and Azure CLI to write scripts for data management or configuration tasks. The Azure portal and Azure Storage Explorer provide user-interface tools for interacting with Azure Storage.

Question 27

Azure Storage redundancy

Answer 27

Azure Storage always stores multiple copies of your data so that it's protected from planned and unplanned events, including transient hardware failures, network or power outages, and massive natural disasters. Redundancy ensures that your storage account meets its availability and durability targets even in the face of failures.

Question 28

What is Azure File Sync?

Answer 28

Azure File Sync enables you to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of a Windows file server. While some users might opt to keep a full copy of their data locally, Azure File Sync additionally has the ability to transform Windows Server into a quick cache of your Azure file share. You can use any protocol that's available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.

Question 29

Azure Migrate

Answer 29

Azure Migrate provides a simplified migration, modernization, and optimization service for Azure. All pre-migration steps such as discovery, assessments, and right-sizing of on-premises resources are included for infrastructure, data, and applications. Azure Migrate’s extensible framework allows for integration of third-party tools, thus expanding the scope of supported use-cases. It provides the following:

Question 30

Use tags to organize your Azure resources and management hierarchy

Answer 30

Tags are metadata elements that you apply to your Azure resources. They're key-value pairs that help you identify resources based on settings that are relevant to your organization. If you want to track the deployment environment for your resources, add a key named Environment. To identify the resources deployed to production, give them a value of Production. The full key-value pair is Environment = Production.

Question 31

What is Azure Policy?

Answer 31

Azure Policy helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, per-policy granularity. It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for new resources.

Question 31

What is the Azure portal?

Answer 31

The Azure portal is a web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure subscription using a graphical user interface. You can build, manage, and monitor everything from simple web apps to complex cloud deployments in the portal. The Azure portal is designed for resiliency and continuous availability. It has a presence in every Azure datacenter. This configuration makes the Azure portal resilient to individual datacenter failures and helps avoid network slowdowns by being close to users. The Azure portal updates continuously, and it requires no downtime for maintenance activities.

Question 32

Azure Arc overview

Answer 32

Today, companies struggle to control and govern increasingly complex environments that extend across data centers, multiple clouds, and edge. Each environment and cloud possesses its own set of management tools, and new DevOps and ITOps operational models can be hard to implement across resources. Azure Arc simplifies governance and management by delivering a consistent multicloud and on-premises management platform. Azure Arc provides a centralized, unified way to: Manage your entire environment together by projecting your existing non-Azure and/or on-premises resources into Azure Resource Manager. Manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure. Use familiar Azure services and management capabilities, regardless of where your resources live. Continue using traditional ITOps while introducing DevOps practices to support new cloud native patterns in your environment. Configure custom locations as an abstraction layer on top of Azure Arc-enabled Kubernetes clusters and cluster extensions.

Question 33

What is Azure Resource Manager?

Answer 33

Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

Question 34

Introduction to Azure Advisor

Answer 34

Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, Reliability (formerly called High availability), and security of your Azure resources.

Question 35

What is Azure Service Health?

Answer 35

Azure offers a suite of experiences to keep you informed about the health of your cloud resources. This information includes current and upcoming issues such as service impacting events, planned maintenance, and other changes that may affect your availability. Azure Service Health is a combination of three separate smaller services.

Question 36

Log Analytics

Answer 36

Log Analytics is a tool in the Azure portal to edit and run log queries from data collected by Azure Monitor logs and interactively analyze their results. You can use Log Analytics queries to retrieve records that match particular criteria, identify trends, analyze patterns, and provide various insights into your data.

Question 37

Important facts about management groups

Answer 37

10,000 management groups can be supported in a single directory. A management group tree can support up to six levels of depth. This limit doesn't include the Root level or the subscription level. Each management group and subscription can only support one parent. Each management group can have many children. All subscriptions and management groups are within a single hierarchy in each directory. See Important facts about the Root management group.

Question 38

Access tiers for blob data

Answer 38

Hot access tier: Optimized for storing data that is accessed frequently (for example, images for your website). Cool access tier: Optimized for data that is infrequently accessed and stored for at least 30 days (for example, invoices for your customers). Cold access tier: Optimized for storing data that is infrequently accessed and stored for at least 90 days. Archive access tier: Appropriate for data that is rarely accessed and stored for at least 180 days, with flexible latency requirements (for example, long-term backups).

Question 39

What permissions do I need to access Advisor?

Answer 39

You can access Advisor recommendations as Owner, Contributor, or Reader of a subscription, Resource Group or Resource.

Question 40

What resources does Advisor provide recommendations for?

Answer 40

Advisor provides recommendations for Application Gateway, App Services, availability sets, Azure Cache, Azure Data Factory, Azure Database for MySQL, Azure Database for PostgreSQL, Azure Database for MariaDB, Azure ExpressRoute, Azure Cosmos DB, Azure public IP addresses, Azure Synapse Analytics, SQL servers, storage accounts, Traffic Manager profiles, and virtual machines.

Question 41

What is Azure Resource Manager?

Answer 41

Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

Question 42

What is Azure role-based access control (Azure RBAC)?

Answer 42

Access management for cloud resources is a critical function for any organization that is using the cloud. Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management to Azure resources.

Question 43

What can I do with Azure RBAC?

Answer 43

Allow one user to manage virtual machines in a subscription and another user to manage virtual networks Allow a DBA group to manage SQL databases in a subscription Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets Allow an application to access all resources in a resource group

Question 44

Auto-Scale

Answer 44

In Azure, you can scale automatically by configuring Auto-Scale. Auto-Scale is an Azure service that can automatically scale applications running in many Azure services based on usage patterns, resource utilization, time of day, and much more.

Question 45

On-Premises Model

Answer 45

In the on-premises model, a business purchases physical computer hardware to be used for its IT needs. Because these computers are physical assets that are intended to be used for more than one year, they are usually purchased as capital expenses. There are several drawbacks to this model. When a business purchases computer hardware, it will typically keep that hardware in service until the return on that investment is realized. In the fast-evolving environment of computers, that can mean that hardware is outdated long before it makes financial sense to replace it. Another major drawback to this method is that it is not an agile approach. It may take months to requisition and configure new hardware, and in the era of modern IT, that approach often makes no sense. MORE INFO TYING UP MONEY Businesses need money for day-to-day operations, and when you have large amounts of money tied up in capital expenses, it can dramatically reduce the amount of money you can put toward your daily operations.

Question 46

Infrastructure-as-a-Service (IaaS)

Answer 46

Infrastructure refers to the hardware that your application uses, and IaaS refers to the virtualized infrastructure offered by a cloud provider. When you create an IaaS resource, the cloud provider allocates a VM for your use. In some cases, the cloud provider might do the basic operating system install for you. In other situations, you may need to install the operating system yourself. In either case, you are responsible for installing other necessary services and your application. Because you control the operating system install and installation of other services, IaaS gives you plenty of control over your cloud resources. However, it also means that you are responsible for making sure your operating system is patched with security updates, and if something goes wrong in the operating system, you’re responsible for troubleshooting it. The cloud provider is only responsible for providing the VM. You do, however, benefit from the underlying infrastructure in the area of fault tolerance and disaster recovery that we discussed earlier.

Question 47

REMOTE ACCESS TO IAAS VMS

Answer 47

You will have remote access to your IaaS VMs so that you can interact with them just as if you were using them in your on-premises environment. When you move to PaaS and SaaS services, you typically lose that capability because the infrastructure is managed by the cloud provider.

Question 48

Another popular use of IaaS

Answer 48

Another popular use of IaaS is when you need one or more powerful VMs for a temporary period. For example, you might need to analyze a large amount of data for a project. By utilizing IaaS VMs for your project, you can keep costs to a minimum, create resources quickly as you need them, and gain all the processing power you need.

Question 49

Platform-as-a-Service (PaaS)

Answer 49

In a PaaS environment, a cloud provider still provides the infrastructure for you, but they also provide the operating system, software installed in the operating system to help you connect to databases and network systems (often referred to as middleware), and many features that enable you to build and manage complex cloud applications.

Question 50

PaaS offering

Answer 50

In a PaaS offering, cloud providers offer numerous application frameworks such as PHP, Node.js, ASP.NET, .NET Core, Java, Python, and more. The cloud provider usually provides multiple versions of each framework so you can choose a version that you know is compatible with your application. The cloud provider will also ensure that common components necessary for data connectivity from your application to other systems is installed and configured. That usually means that your application code works without you having to do any kind of complex configuration. In fact, this is one of the main benefits of using a PaaS service; you can often move your application from on-premises to a cloud environment by simply deploying it to the cloud. This concept is often referred to as lift-and-shift.

Question 51

Software-as-a-Service (SaaS)

Answer 51

As you’ve learned, IaaS requires you to control both the operating system and middleware components along with your application. When you move to PaaS, you offload the control of the operating system and middleware components to the cloud provider, and you’re responsible only for your application code. As you move to the top of the cloud pyramid and into the SaaS realm, the cloud provider controls everything. In other words, a SaaS service is software provided by a cloud provider that’s installed on infrastructure completely controlled by the hosting provider.

Question 52

SaaS services

Answer 52

SaaS services aren’t just for the enterprise. In fact, most people use SaaS services all the time without even realizing it. If you use Hotmail or Gmail or another online email service, you’re using a SaaS service. The cloud provider hosts the email software in the cloud, and you log in and use that software using your web browser. You don’t have to know anything about the software. The cloud provider can offer new features with software updates, and those new features are available to you automatically without any action on your part. If the cloud provider finds a problem with the software, they can resolve it with a patch without you even realizing anything happened.

Question 53

Virtual network (VNet) peering

Answer 53

When you create a virtual network peering between two virtual networks, the system adds a route for each address range within the address space of each virtual network involved in the peering. Learn more about virtual network peering.

Question 54

Virtual network gateway

Answer 54

One or more routes with Virtual network gateway listed as the next hop type are added when a virtual network gateway is added to a virtual network. The source is also virtual network gateway, because the gateway adds the routes to the subnet. If your on-premises network gateway exchanges border gateway protocol (BGP) routes with a virtual network gateway, the system adds a route for each route. These routes are propagated from the on-premises network gateway. We recommend summarizing on-premises routes to the largest address range possible, so you propagate the fewest number of routes to an Azure virtual network gateway. There are limits to the number of routes you can propagate to an Azure virtual network gateway. For details, see Azure limits.

Question 55

VirtualNetworkServiceEndpoint

Answer 55

The public IP addresses for certain services are added to the route table by Azure when you enable a service endpoint to the service. Service endpoints are enabled for individual subnets within a virtual network, so the route is only added to the route table of a subnet a service endpoint is enabled for. The public IP addresses of Azure services change periodically. Azure manages the addresses in the route table automatically when the addresses change. Learn more about virtual network service endpoints, and the services you can create service endpoints for.

Question 56

What is Microsoft Entra ID?

Answer 56

Microsoft Entra ID is a cloud-based identity and access management service that enables your employees access external resources. Example resources include Microsoft 365, the Azure portal, and thousands of other SaaS applications.

Question 57

What is Azure SQL Database?

Answer 57

This article provides an overview of Azure SQL Database, a fully managed platform as a service (PaaS) database engine that handles most of the database management functions such as upgrading, patching, backups, and monitoring without user involvement.

Question 58

Describe Azure Monitor

Answer 58

Azure Monitor is a platform for collecting data on your resources, analyzing that data, visualizing the information, and even acting on the results. Azure Monitor can monitor Azure resources, your on-premises resources, and even multi-cloud resources like virtual machines hosted with a different cloud provider.

Question 59

What is serverless computing?

Answer 59

Serverless computing enables developers to build applications faster by eliminating the need for them to manage infrastructure. With serverless applications, the cloud service provider automatically provisions, scales, and manages the infrastructure required to run the code. In understanding the definition of serverless computing, it’s important to note that servers are still running the code. The serverless name comes from the fact that the tasks associated with infrastructure provisioning and management are invisible to the developer. This approach enables developers to increase their focus on the business logic and deliver more value to the core of the business. Serverless computing helps teams increase their productivity and bring products to market faster, and it allows organizations to better optimize resources and stay focused on innovation.

Question 60

Serverless functions

Answer 60

Serverless functions accelerate development by using an event-driven model, with triggers that automatically execute code to respond to events and bindings to seamlessly integrate additional services. A pay-per-execution model with sub-second billing charges only for the time and resources it takes to execute the code.

Question 61

Serverless Kubernetes

Answer 61

Developers bring their own containers to fully managed, Kubernetes-orchestrated clusters that can automatically scale up and down with sudden changes in traffic on spiky workloads.

Question 62

Serverless workflows

Answer 62

Serverless workflows take a low-code/no-code approach to simplify orchestration of combined tasks. Developers can integrate different services (either cloud or on-premises) without coding those interactions, having to maintain glue code, or learning new APIs or specifications.

Question 63

Serverless API gateway

Answer 63

A serverless API gateway is a centralized, fully managed entry point for serverless backend services. It enables developers to publish, manage, secure, and analyze APIs at global scale.

Question 64

Lock your resources to protect your infrastructure

Answer 64

As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions. You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly. CanNotDelete means authorized users can read and modify a resource, but they can't delete it. ReadOnly means authorized users can read a resource, but they can't delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.

Question 65

What is Azure Active Directory B2C?

Answer 65

Azure Active Directory B2C provides business-to-customer identity as a service. Your customers can use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs.

Question 66

AzCopy

Answer 66

AzCopy is a command-line utility that you can use to copy blobs or files to or from your storage account. With AzCopy, you can upload files, download files, copy files between storage accounts, and even synchronize files. AzCopy can even be configured to work with other cloud providers to help move files back and forth between clouds.

Question 67

Azure Storage Explorer

Answer 67

Azure Storage Explorer is a standalone app that provides a graphical interface to manage files and blobs in your Azure Storage Account. It works on Windows, macOS, and Linux operating systems and uses AzCopy on the backend to perform all of the file and blob management tasks. With Storage Explorer, you can upload to Azure, download from Azure, or move between storage accounts.

Question 68

Azure File Sync

Answer 68

Azure File Sync is a tool that lets you centralize your file shares in Azure Files and keep the flexibility, performance, and compatibility of a Windows file server. It’s almost like turning your Windows file server into a miniature content delivery network. Once you install Azure File Sync on your local Windows server, it will automatically stay bi-directionally synced with your files in Azure.

Question 69

What’s multifactor authentication?

Answer 69

Something the user knows – this might be a challenge question. Something the user has – this might be a code that's sent to the user's mobile phone. Something the user is – this is typically some sort of biometric property, such as a fingerprint or face scan.

Question 70

What's Microsoft Entra multifactor authentication?

Answer 70

Microsoft Entra multifactor authentication is a Microsoft service that provides multifactor authentication capabilities. Microsoft Entra multifactor authentication enables users to choose an additional form of authentication during sign-in, such as a phone call or mobile app notification.

Question 71

What’s passwordless authentication?

Answer 71

Features like MFA are a great way to secure your organization, but users often get frustrated with the additional security layer on top of having to remember their passwords. People are more likely to comply when it's easy and convenient to do so. Passwordless authentication methods are more convenient because the password is removed and replaced with something you have, plus something you are, or something you know.

Question 72

What is Azure DDoS Protection?

Answer 72

Distributed denial of service (DDoS) attacks are some of the largest availability and security concerns facing customers that are moving their applications to the cloud. A DDoS attack attempts to exhaust an application's resources, making the application unavailable to legitimate users. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet. Azure DDoS Protection, combined with application design best practices, provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes.

Question 73

What is cloud computing?

Answer 73

It's the delivery of computing services over the internet, which is otherwise known as the cloud. These services include servers, storage, databases, networking, software, analytics, and intelligence. Cloud computing offers faster innovation, flexible resources, and economies of scale.

Question 74

What are some cloud computing advantages?

Answer 74

Reliability: Depending on the service-level agreement that you choose, your cloud-based applications can provide a continuous user experience with no apparent downtime even when things go wrong. Scalability: Applications in the cloud can be scaled in two ways, while taking advantage of autoscaling: - Vertically: Computing capacity can be increased by adding RAM or CPUs to a virtual machine. - Horizontally: Computing capacity can be increased by adding instances of a resource, such as adding more virtual machines to your configuration. Elasticity: Cloud-based applications can be configured to always have the resources they need. Agility: Cloud-based resources can be deployed and configured quickly as your application requirements change. Geo-distribution: Applications and data can be deployed to regional datacenters around the globe, so your customers always have the best performance in their region. Disaster recovery: By taking advantage of cloud-based backup services, data replication, and geo-distribution, you can deploy your applications with the confidence that comes from knowing that your data is safe in the event that disaster should occur.

Question 75

What are cloud service models?

Answer 75

IAAS: This cloud service model is the closest to managing physical servers. A cloud provider keeps the hardware up to date, but operating system maintenance and network configuration is left to the cloud tenant. For example, Azure virtual machines are fully operational virtual compute devices running in Microsoft's datacenters. An advantage of this cloud service model is rapid deployment of new compute devices. Setting up a new virtual machine is considerably faster than procuring, installing, and configuring a physical server. SAAS: In this cloud service model, the cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage, and applications. The cloud tenant only needs to provide their data to the application managed by the cloud provider. For example, Office 365 provides a fully working version of Office that runs in the cloud. All that you need to do is create your content, and Office 365 takes care of everything else. PAAS This cloud service model is a managed hosting environment. The cloud provider manages the virtual machines and networking resources, and the cloud tenant deploys their applications into the managed hosting environment. For example, Azure App Services provides a managed hosting environment where developers can upload their web applications without having to deal with the physical hardware and software requirements. DAAS DAAS is a form of Virtual Desktop Infrastructure (VDI), hosted in the cloud. With VDI, an organization deploys virtual desktops from its own on-premises data centers. In-house IT teams are responsible for deploying the virtual desktops as well as purchasing, managing, and upgrading the infrastructure.

Question 76

What is serverless computing?

Answer 76

Overlapping with PaaS, serverless computing enables developers to build applications faster by eliminating the need for them to manage infrastructure. With serverless applications, the cloud service provider automatically provisions, scales, and manages the infrastructure required to run the code. Serverless architectures are highly scalable and event-driven. They use resources only when a specific function or trigger occurs.

Question 77

What are public, private, and hybrid clouds?

Answer 77

Public cloud Services are offered over the public internet and available to anyone who wants to purchase them. Cloud resources like servers and storage are owned and operated by a third-party cloud service provider and delivered over the internet. Private cloud Computing resources are used exclusively by users from one business or organization. A private cloud can be physically located at your organization's on-site datacenter. It also can be hosted by a third-party service provider. Hybrid cloud This computing environment combines a public cloud and a private cloud by allowing data and applications to be shared between them.

Question 78

What can I do with Azure?

Answer 78

Azure provides more than 100 services that enable you to do everything from running your existing applications on virtual machines to exploring new software paradigms, such as intelligent bots and mixed reality. Many teams start exploring the cloud by moving their existing applications to virtual machines that run in Azure. Migrating your existing apps to virtual machines is a good start, but the cloud is much more than a different place to run your virtual machines. For example, Azure provides AI and machine-learning services that can naturally communicate with your users through vision, hearing, and speech. It also provides storage solutions that dynamically grow to accommodate massive amounts of data. Azure services enable solutions that aren't feasible without the power of the cloud.

Question 79

What is a benefit of a hybrid cloud approach?

Answer 79

A hybrid cloud solution can offer the best of public cloud and on-premises services for many companies. A hybrid solution enables businesses to use a mix of on-premises infrastructure whilst scaling certain resources in the cloud. Reference:Azure hybrid cloud approach

Question 80

What is high availability in cloud computing?

Answer 80

High availability is one of the core benefits of using cloud computing. It ensures that backup resources are ready to take over any workload

Question 81

Why is cloud agility important for businesses?

Answer 81

Cloud agility is tied to the rapid provisioning of computer resources. Cloud environments can usually provide new compute instances or storage in minutes, a far cry from the very common weeks (or months, in some organizations) the same provisioning process can take in typical IT shops.

Question 82

What is the difference between OPEX and CAPEX?

Answer 82

OPEX is an ongoing cost for running a business. CAPEX is the cost of acquiring assets.. Knowing the difference between OPEX and CAPEX is critical to get the best value out of Azure for your company. Capital Expenditures (CAPEX) are generally not recurring and result in the acquisition of assets, such as server hardware. Operating Expenditures (OPEX) are the ongoing costs of running a business, such as paying for cloud services on a recurring basis. By moving costs to OPEX, businesses can plan for ongoing costs rather than large investments.

Question 83

Which cloud ability does elasticity describe?

Answer 83

Elasticity is a core benefit of cloud computing and lets even small businesses take advantage of the cloud.

Question 84

Azure DDoS Protection

Answer 84

Protects Azure-hosted applications from distributed denial of service (DDOS) attacks.

Question 85

Azure ExpressRoute

Answer 85

Connects to Azure over high-bandwidth dedicated secure connections.

Question 86

Azure Firewall

Answer 86

Implements high-security, high-availability firewall with unlimited scalability.

Question 87

Azure Key Vault

Answer 87

Azure Key Vault is a centralized cloud service for storing an application's secrets in a single, central location. It provides secure access to sensitive information by providing access control and logging capabilities. Azure Key Vault can help you: Manage secrets, Manage encryption keys, Manage SSL/TLS certificates, Store secrets backed by hardware security modules (HSMs) etc.. The benefits of using Key Vault include: - Centralized application secrets - Securely stored secrets and keys - Access monitoring and access control - Simplified administration of application secrets - Integration with other Azure services

Question 88

What's Azure Security Center?

Answer 88

Azure Security Center is a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises. The term security posture refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats. Security Center can: - Monitor security settings across on-premises and cloud workloads. - Automatically apply required security settings to new resources as they come online. - Provide security recommendations that are based on your current configurations, resources, and networks. - Continuously monitor your resources and perform automatic security assessments to identify potential vulnerabilities before those vulnerabilities can be exploited. - Use machine learning to detect and block malware from being installed on your virtual machines (VMs) and other resources. You can also use adaptive application controls to define rules that list allowed applications to ensure that only applications you allow can run. - Detect and analyze potential inbound attacks and investigate threats and any post-breach activity that might have occurred. - Provide just-in-time access control for network ports. Doing so reduces your attack surface by ensuring that the network only allows traffic that you require at the time that you need it to.

Question 89

What's Azure Security Score?

Answer 89

Secure score is a measurement of an organization's security posture. Secure score is based on security controls, or groups of related security recommendations. Your score is based on the percentage of security controls that you satisfy. The more security controls you satisfy, the higher the score you receive. Your score improves when you remediate all of the recommendations for a single resource within a control. Secure score helps you: - Report on the current state of your organization's security posture. - Improve your security posture by providing discoverability, visibility, guidance, and control. - Compare with benchmarks and establish key performance indicators (KPIs).

Question 90

What's Azure Sentinel?

Answer 90

Azure Sentinel is Microsoft's cloud-based SIEM system. It uses intelligent security analytics and threat analysis. Azure Sentinel enables you to: - Collect cloud data at scale Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds. - Detect previously undetected threats - Minimize false positives by using Microsoft's comprehensive analytics and threat intelligence. - Investigate threats with artificial intelligence Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft. - Respond to incidents rapidly Utilize built-in orchestration and automation of common tasks.

Question 91

What is a definition of Authentication?

Answer 91

Authentication is the process of determining that you are you. This is most commonly done using a username and password, but could also be with a fingerprint or face recognition.

Question 92

Which are factors used to verify a user with multi-factor authentication?

Answer 92

Azure Multi-Factor Authentication (MFA) helps safeguard access to data and applications while maintaining simplicity for users. It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy to use authentication methods, being something you know, have or are.

Question 93

Using Single Sign-On.

Answer 93

Single Sign-On lets users use a single username and password to access all apps registered with AAD.

Question 94

What does Advanced Threat Protection do?

Answer 94

Azure Advanced Threat Protection helps you detect and investigate security incidents across your Azure accounts both on-premises and in the cloud. It monitors users, devices and resources in terms of their behavior. If any behavior is out of the ordinary an alarm can be raised.

Question 95

What is a distributed denial of service attack?

Answer 95

A distributed denial of service (DDoS) attack comes from a large number of sources with the sole aim of stopping your service. This is done through sending web traffic to your service until it can't handle it all and stops working. Azure has tools to protect against DDoS attacks, which sometimes aren't attacks at all, but just increased visitor interest in services or content.

Question 96

What is a security policy in Security Center?

Answer 96

A security policy defines the desired configuration of your workloads and helps ensure you're complying with the security requirements of your company or regulators.

Question 97

Which statements are true about Azure Key Vault?

Answer 97

Azure Key Vault is a secure place to store passwords and other secrets. Once stored, you can never retrieve the actual value, but you can share access to the value with other third party clients and other Azure services. You can also restrict or deny access easily and quickly, should it be necessary.

Question 98

What are features of role based access control?

Answer 98

Role-based access control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. You have very detailed control of resource actions and you assign roles to users to let them take those actions. You can define as many roles as you wish in RBAC.

Question 99

What are types of locks in Azure?

Answer 99

Locks can be put on resources to make sure there aren't any accidental or nefarious actions taken on them. The two types of locks are delete, which means you can't delete the resource, and "read only", which means you can't make any changes to the resources.

Question 100

Azure Cosmos DB

Answer 100

Azure Cosmos DB is a globally distributed, multi-model database service. You can elastically and independently scale throughput and storage across any number of Azure regions worldwide. You can take advantage of fast, single-digit-millisecond data access by using any one of several popular APIs. Azure Cosmos DB provides comprehensive service level agreements for throughput, latency, availability, and consistency guarantees.

Question 101

Azure SQL Database

Answer 101

Azure SQL Database is a relational database based on the latest stable version of the Microsoft SQL Server database engine. SQL Database is a high-performance, reliable, fully managed, and secure database. You can use it to build data-driven applications and websites in the programming language of your choice, without needing to manage infrastructure.

Question 102

Azure SQL Managed Instance

Answer 102

Azure SQL Managed Instance is a scalable cloud data service that provides the broadest SQL Server database engine compatibility with all the benefits of a fully managed platform as a service. Depending on your scenario, Azure SQL Managed Instance might offer more options for your database needs.

Question 103

Azure compute

Answer 103

Azure compute is an on-demand computing service for running cloud-based applications. It provides computing resources such as disks, processors, memory, networking, and operating systems. The resources are available on-demand and can typically be made available in minutes or even seconds. You pay only for the resources you use, and only for as long as you're using them. Azure supports a wide range of computing solutions for development and testing, running applications, and extending your datacenter. The service supports Linux, Windows Server, SQL Server, Oracle, IBM, and SAP. Azure also has many services that can run virtual machines (VMs). Each service provides different options depending on your requirements. Some of the most prominent services are: - Azure Virtual Machines - Azure Container Instances - Azure App Service - Azure Functions (or serverless computing)

Question 104

Azure Storage

Answer 104

Azure Storage is a service that you can use to store files, messages, tables, and other types of information. Clients such as websites, mobile apps, desktop applications, and many other types of custom solutions can read data from and write data to Azure Storage. Azure Storage is also used by infrastructure as a service virtual machines, and platform as a service cloud services. Here are different types of Azure storage: Azure Blob Storage: object storage solution for the cloud. It can store massive amounts of data, such as text or binary data. Azure Disk Storage: provides disks for Azure virtual machines. Azure Files Storage: fully managed file shares in the cloud that are accessible via the industry standard Server Message Block and Network File System (preview) protocols. Azure Blob Access tiers: Hot access tier, Cool access tier, Archive access tier

Question 105

What is the purpose of the Resource Manager in Azure?

Answer 105

The Azure Resource Manager is the common architectural layer which all commands must go through to interact with Azure resources. The Resource Manager manages all resources on Azure, and is the only tool that creates resources on Azure.

Question 106

What is an availability zone?

Answer 106

AZs are individual physical locations within a region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking.

Question 107

What is a scale set?

Answer 107

Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications, and allow you to centrally manage, configure, and update a large number of VMs. With virtual machine scale sets, you can build large-scale services for areas such as compute, big data, and container workloads

Question 108

What is a fully managed platform on Azure?

Answer 108

A fully managed platform means the provider manages the infrastructure layer, such as VMs, disks, networks and more. You only have to focus on the core functionality of your application. Fully managed services on Azure are available on all subscription types and comes at no extra cost.

Question 109

What is an Azure Function?

Answer 109

Azure Functions are single-task services that can take an input, process it, and then die. It is the first serverless product on Azure. It is a stand-alone product which doesn't rely on other Azure services, although Functions can certainly integrate with them. Functions are available on all subscriptions and are very inexpensive to use.

Question 110

TCO Calculator

Answer 110

The TCO Calculator helps you estimate the cost savings of operating your solution on Azure over time, instead of in your on-premises datacenter. With the TCO Calculator, you enter the details of your on-premises workloads. Then you review the suggested industry average cost (which you can adjust) for related operational costs. These costs include electricity, network maintenance, and IT labor. You're then presented with a side-by-side report. Using the report, you can compare those costs with the same workloads running on Azure

Question 111

What types of Azure subscriptions can I use?

Answer 111

- Free trial A free trial subscription provides you with 12 months of popular free services, a credit to explore any Azure service for 30 days, and more than 25 services that are always free. Your Azure services are disabled when the trial ends or when your credit expires for paid products, unless you upgrade to a paid subscription. - Pay As You Go A pay-as-you-go subscription enables you to pay for what you use by attaching a credit or debit card to your account. Organizations can apply for volume discounts and prepaid invoicing. -Member offers our existing membership to certain Microsoft products and services might provide you with credits for your Azure account and reduced rates on Azure services. For example, member offers are available to Visual Studio subscribers, Microsoft Partner Network members, Microsoft for Startups members, and Microsoft Imagine members.

Question 112

What factors affect cost?

Answer 112

The way you use resources, your subscription type, and pricing from third-party vendors are common factors. - Resource type - Usage meters - Resource usage - Azure subscription types - Azure Marketplace

Question 113

Does location or network traffic affect cost?

Answer 113

When you provision a resource in Azure, you need to define the location (known as the Azure region) of where it will be deployed. Let's see why this decision can have cost consequences. - Location Different regions can have different associated prices. Because geographic regions can impact where your network traffic flows, network traffic is a cost influence to consider as well. - Zones for billing of network traffic Billing zones are a factor in determining the cost of some Azure services.Bandwidth refers to data moving in and out of Azure datacenters. Some inbound data transfers (data going into Azure datacenters) are free. For outbound data transfers (data leaving Azure datacenters), data transfer pricing is based on zones.

Question 114

How can I estimate the total cost?

Answer 114

The Pricing calculator displays Azure products in categories. You add these categories to your estimate and configure according to your specific requirements. You then receive a consolidated estimated price, with a detailed breakdown of the costs associated with each resource you added to your solution. You can export or share that estimate or save it for later. You can load a saved estimate and modify it to match updated requirements. You also can access pricing details, product details, and documentation for each product from within the Pricing calculator.

Question 115

How do you sign up for a service level agreement with Azure?

Answer 115

Service Level Agreements are implicit for all Azure paid services. You get an SLA included with every subscription level and support level. In general, there are no SLAs associated with free products on Azure.

Question 116

What kind of questions and answers can you find in the Azure Knowledge Center?

Answer 116

The Knowledge Center provides answers to a range of the most common questions asked. The focus is in particular on foundational answers, or answers to popular questions that are seen again and again. Users can't submit questions nor answers, and there are few to no expert level articles.

Question 117

What is the response time for Severity B on the Professional Direct Support Plan?

Answer 117

The Professional support agreement is not quite as fast as one hour response. It is 2 hours.

Question 118

Which are valid support channels for Azure?

Answer 118

The Azure documentation, technical forums and official Azure social media accounts are all good ways to interact with experts and Azure professionals. There is no regional standard phone support. Pressing all the buttons may be fun, but you might also pay for that new NS48 v3 virtual machine at $6.8 per hour.

Question 119

Where can you open a new Azure support request

Answer 119

A support request can only be opened via the Azure Portal.