Describe Azure Architecture and Service - Chapter 2 Flashcards
1
Q
What is a geography in Microsoft Azure ?
A
In order to provide Azure services to people around the world, Microsoft has created boundaries called geographies. A geography boundary is oftentimes the border of a country, and there’s good reason for that: regulations.
2
Q
List some Azure geographies
A
- US
- Canada
- UK
- etc.
3
Q
What is the division construct that come just after the geographies ?
A
The regions
4
Q
Why does Microsoft also operate some isolated regions ?
A
Microsoft also operates isolated regions that are completely dedicated to government data because of the additional regulations that governmental data requires.
5
Q
What is a regional pair ?
A
Within each geography, Microsoft has created another logical boundary called a regional pair.
Each regional pair contains two regions within the geography.
When Microsoft must perform updates to the Azure platform, they perform those updates on one region in the regional pair. Once those updates are complete, they move to the next region in the regional pair. This ensures that the availability of your services operating within a regional pair aren’t impacted by updates.
6
Q
In principle, what is the minimal number of regions within each eligible geography ?
A
2
it is not always possible. 2 options exists then:
- 1 region and another region that is only optional and for georedundancy purpose (this region cannot be a primary)
- have 1 region within the geography and another one out of the geography for redundancy.
7
Q
What are the Azure Government datacenters, and how are they different from public datacenters?
A
Azure Government datacenters are specifically developed for U.S. government needs. They are completely isolated from public datacenters, ensuring enhanced security and compliance.
8
Q
Who is eligible to work in Azure Government datacenters, and what are the requirements for Microsoft employees providing technical support to Azure Government customers?
A
All employees working in Azure Government datacenters must be U.S. citizens. This includes Microsoft employees who provide technical support to Azure Government customers.
9
Q
How does Microsoft ensure compliance of the network communications between the Azure Government cloud and on-premises government systems?
A
To maintain compliant communication between Azure Government cloud and on-premises government systems, Microsoft developed dedicated, isolated networking infrastructure with its own fiber-optic components.
10
Q
Can local governments, like cities and municipalities, use Azure Government services? What is the process for them to gain access?
A
Azure Government is accessible not only to federal agencies but also to local governments like cities and municipalities. They must be vetted by Microsoft to confirm their government agency status before receiving a subscription.
11
Q
What are some key differences between the Azure Government cloud and the public Azure cloud, particularly in terms of web portal URLs and domain names?
A
The Azure Government cloud has similar features and services as the public cloud, but with differences like the portal URL (https://portal.azure.us) and .us top-level domain for Azure services.
12
Q
How transferrable are Azure cloud development skills to Azure Government?
A
Skills in cloud development in Azure are directly transferable to Azure Government, as the services and functionalities are largely the same outside of specific compliance and domain differences.
13
Q
What is the DoD Impact Level 5 Provisional Authorization, and how does Azure Government comply with it?
A
This is a compliance requirement for the U.S. Department of Defense concerning controlled unclassified information needing higher protection. Azure Government meets these requirements through a subset of datacenters approved for DoD usage.
14
Q
What is Azure Germany, and how is it tailored to meet EU compliance needs?
A
Azure Germany is a distinct cloud system created for EU compliance needs, similar in concept to Azure Government but tailored for the EU, EFTA, and the UK.
15
Q
Who operates Azure Germany, and what control does the data trustee have over the data and infrastructure?
A
Operated by T-Systems International, Azure Germany datacenters are under the control of a local company acting as a data trustee, with full control over data and infrastructure.
16
Q
In what way is Microsoft’s involvement in Azure Germany limited, especially concerning customer data access?
A
Microsoft’s involvement in Azure Germany is limited to managing systems without access to customer data, ensuring high compliance with EU data protection standards.
17
Q
What is Azure China, and how is it operated differently from other Azure clouds?
A
Azure China, operated by Shanghai Blue Cloud Technology Co., Ltd. (BlueCloud), is a separate cloud service catering to Chinese regulations and compliance requirements.
18
Q
Who owns and operates BlueCloud, and how is it associated with Azure China?
A
BlueCloud, operating Azure China, is owned by Beijing 21Vianet Broadband Data Center Co., Ltd., a Chinese internet and datacenter service provider.
19
Q
How does Azure China differ in terms of features and services compared to other Azure clouds?
A
Azure China does not offer the full set of features available in other Azure clouds. However, Microsoft is continuously working to add more features and services.
20
Q
What is Microsoft’s approach to expanding features and services in Azure China?
A
Microsoft is actively working to enhance Azure China by adding additional features and services, adapting to the unique regulatory environment in China.
21
Q
Can international entities outside of the EU, EFTA, and the UK access Azure Germany, and if so, under what conditions?
A
Azure Germany is primarily available to customers doing business in the EU, EFTA, and the UK. The text does not specify whether entities outside these regions can access Azure Germany, but typically access would be restricted to entities within these regions due to compliance and regulatory reasons.
22
Q
What is the purpose of Azure availability zones?
A
Azure availability zones are designed to protect users from data loss and application outages by ensuring high availability and fault tolerance in the event of issues within a single building in a region.
23
Q
Are Azure availability zones available in all regions and for all services?
A
No, availability zones are not available in all Azure regions and not for all Azure services. The most current list of enabled regions and services can be found at https://bit.ly/az900-azones.
24
Q
How many availability zones are there in each enabled Azure region?
A
Each Azure region that supports availability zones has at least three availability zones.
25
What are the key features of an Azure availability zone?
Each availability zone has its own isolated water supply, cooling system, network, and power supply, separate from other zones.
26
How do Azure availability zones contribute to high availability?
By deploying an Azure service in two or more availability zones, high availability is achieved, even if one zone experiences a problem.
27
What limitations do availability zones have in terms of disaster recovery?
Availability zones offer protection against localized disasters but may not be sufficient for large-scale natural disasters, as they are located within the same region.
28
Are all Azure services supported by availability zones?
No, not all services support availability zones because they are designed for enhanced infrastructure availability, and some services, like App Service Certificates, don't fit this model.
29
What types of services support Azure Availability Zones?
There are two categories: zonal services (like virtual machines) that must be explicitly deployed in zones, and zone-redundant services (like zone redundant storage) that are made zone redundant upon creation.
30
What is the difference between availability zones and availability sets in Azure?
Availability sets are about creating VMs in different physical server racks within a single Azure datacenter, offering a 99.95% SLA. In contrast, availability zones involve deploying to two or more distinct datacenters within a region, with a 99.99% SLA.
31
What are zonal services in Azure, and how do they relate to availability zones?
Zonal services in Azure, like virtual machines, managed disks, and public IP addresses, must be explicitly deployed into two or more zones to achieve high availability.
32
What happens when you create a virtual machine in an Azure availability zone (regarding to its associated resources - disks, IP, etc.)?
When a virtual machine is created in an Azure availability zone, Azure automatically deploys the associated managed disks and public IP address (if configured) to the same availability zone.
33
What are zone-redundant services in Azure, and how do they work?
Zone-redundant services, such as zone redundant storage and SQL databases, are replicated automatically to multiple availability zones by Azure for high availability. Options like ZRS for storage and zone redundancy for SQL databases are available during creation.
34
How can you check the status of Azure services?
The status of Azure services can be checked on the Azure Status page at https://status.azure.com, which shows the operational status of all Azure services.
35
How does the deployment to multiple availability zones affect the uptime guarantee for Azure virtual machines?
The deployment of Azure virtual machines to multiple availability zones increases the uptime guarantee from 99.95% (with availability sets) to 99.99%, as it involves deploying to distinct datacenters within a region.
36
What is the basic structure and function of Azure datacenters?
Azure datacenters are physical buildings located in each region, containing server racks and computer hardware. They operate on independent network infrastructures designed for low latency, ensuring reliable and fast network connectivity for Azure services within the same region.
37
How does Microsoft ensure power reliability in Azure datacenters?
Each Azure datacenter has an isolated power supply, backup power generators, and uses Microsoft's own fiber-optic network for data transfer. Microsoft aims for 100% renewable energy by 2025 and is developing natural gas-powered fuel cells to reduce reliance on third-party power providers.
38
What visibility do customers have regarding Azure's regional infrastructure?
Azure customers can only see and select regions when creating resources. They don't have visibility into Azure's internal geography or the concept of regional pairs, although they can see each region within a regional pair.
39
How does Azure manage data safety and disaster recovery?
To protect data from regional disasters or failures, Azure encourages customers to replicate data across multiple regions. This ensures data safety, as data replicated in a different region remains accessible even if one region faces a disaster.
40
What are Microsoft's commitments and advancements in datacenter power efficiency and sustainability?
Microsoft Azure was found to be up to 93% more efficient than on-premises services in a 2018 study. By 2025, Microsoft commits to using 100% renewable energy in Azure datacenters. Recent advancements include the development of a hydrogen-fueled cell capable of running an Azure datacenter for 48 consecutive hours.
41
What is an Azure resource group and its primary function?
An Azure resource group is a logical container for organizing Azure resources associated with a specific application or deployment. It allows for managing and deploying these resources as a single entity, simplifying administration and ensuring efficient resource management.
42
How do Azure Resource Manager (ARM) templates work with resource groups?
Azure Resource Manager (ARM) templates are used for deploying resources within a resource group. While it's typical to deploy to a single resource group using an ARM template, deploying to multiple resource groups is possible but requires a complex setup of interconnected ARM templates.
43
What are the benefits of using resource groups in Azure?
Resource groups in Azure offer several benefits, including easy deployment and management of resources, the ability to give recognizable names for quick identification, and the convenience of seeing all resources used in a particular application at a glance. They also facilitate cost tracking and management by grouping resources used by specific departments or for certain applications.
44
Can Azure resources belong to multiple resource groups? How are resources moved?
An Azure resource can only exist in one resource group at a time. It's possible to move resources from one resource group to another, but this process isn't without risks, and Microsoft provides guidance to avoid problems during such moves.
45
What happens when a resource group is deleted in Azure?
Deleting a resource group in Azure results in the automatic deletion of all resources contained within that group. This feature is particularly useful for managing resources in testing scenarios, allowing for the easy cleanup of multiple resources and avoiding unexpected costs from unused resources.
46
What is an Azure subscription, and how does it relate to Azure resources?
An Azure subscription is automatically created when signing up for Azure, and it's where all resources you create are housed. Additional subscriptions can be created for logical grouping or specific reporting needs, each with its own set of limits or quotas.
It is the primary isolation and access control boundary of resources within Azure.
47
What are the different types of Azure subscriptions available?
Azure offers various subscription types including Free Trial (limited-time free access), Pay-As-You-Go (pay only for used resources), and Azure For Students (special subscription with free credits and services for 12 months). The type of subscription depends on the Azure account.
48
How can you manage and analyze costs within an Azure subscription?
Azure provides tools for cost management and analysis within a subscription. Users can view spending rates, forecasted costs, and detailed breakdowns of expenses by service name, location, and resource group. Additionally, budgets can be created to manage costs effectively.
49
What are the limitations and capabilities when creating Azure subscriptions?
Each Azure subscription has its own unique identifier and can be given a descriptive name. Subscriptions have specific limits, but some can be increased by Microsoft support if justified. Subscriptions can be organized within management groups for better control.
50
What is a management group in Azure, and how does it function?
A management group in Azure is a container for organizing Azure resources, specifically subscriptions or other management groups. It allows for applying policies and access control more precisely. Each Azure organization has a limit of up to 10,000 management groups, with a hierarchy limit of six levels.
51
How does the hierarchy of resource groups, subscriptions, and management groups work in Azure ?
In Azure, the hierarchy starts with management groups at the top, followed by subscriptions, and then resource groups. The Tenant Root Group is the default management group. Each Azure resource must be created within a resource group, which is inside a subscription.
52
What are the restrictions for moving subscriptions and management groups?
In Azure, subscriptions and management groups can be moved around within the hierarchy. However, a management group or subscription cannot have multiple parents, and there are limitations to how many levels deep a management group hierarchy can be.
53
How does Azure handle resource groups and their creation?
In Azure, each resource must be created within a resource group, which is a container within a subscription. Unlike management groups, there is no default resource group; each must be explicitly created within the user's subscription.
54
What is Azure Compute ?
Azure Compute refers to cloud services that consume resources like CPU and memory, categorized as compute services. This includes virtual machines, container instances, and Functions
55
What are Azure Container Instances (ACI) ?
Azure Container Instances allow running containerized applications on a virtual machine without directly allocating a VM. It's used for applications that need to move between different environments.
56
What is a container in Azure ?
A container in Azure is a zipped version of an application, including everything it needs to run, like a database engine or web server. It operates in an isolated environment with its own network and storage.
57
What is the significance of Docker in Azure containers?
Docker is a popular container runtime in Azure, responsible for running applications in containers and ensuring a secure environment.
58
Can Docker images built for Linux run on Windows hosts?
No, Docker images built for Linux cannot run on Windows hosts and vice versa due to operating system compatibility.
59
How does ACI differ from traditional VMs in terms of cost?
ACI is generally more cost-effective than traditional VMs as you pay only for the memory and CPU used by the container, leading to lower costs for less frequent usage.
60
What are the limitations of Azure Container Instances (ACI)?
ACI is suitable for simple applications and not ideal for heavily used applications requiring scaling. For such needs, Azure Kubernetes Service (AKS) is a better choice.
61
How does Azure Kubernetes Service (AKS) differ from ACI?
AKS is better suited for scalable, containerized environments for running full workloads, unlike ACI, which is designed for simpler, less resource-intensive applications.
62
What is required to make an ACI instance internet-accessible?
To make an ACI instance accessible on the internet, you need to set the DNS name label for the instance during its creation.
63
Can the DNS Name Label or image of an ACI instance be changed after creation?
No, the DNS Name Label and the image of an ACI instance cannot be changed after creation. If changes are needed, the instance must be deleted and recreated.
64
What is the importance of planning ahead when creating an ACI instance?
Planning ahead is crucial as changing settings like the DNS Name Label or the image requires recreating the instance, which might result in losing the public IP address.
65
What are the options for Azure virtual machines?
Options for Azure virtual machines include various configurations of CPU, memory, and storage, tailored to different workload requirements.
66
What resources are required for virtual machines in Azure?
Virtual machines in Azure require resources like CPU, memory, storage, and network connectivity, which can be scaled based on the application needs.
67
What are the application hosting options in Azure?
Azure offers various application hosting options, including virtual machines, container instances, and managed services like Azure Kubernetes Service.
68
What is virtual networking in Azure?
Virtual networking in Azure refers to the creation of a virtual network infrastructure, including subnets, IPs, and DNS, to support and connect cloud resources.
69
What is an Azure Function ?
Azure Function is a service that runs on Azure App Service and is well-designed to accomodate a microservices architecture.
70
How does Azure bill for VMs?
Azure charges for VMs as long as they are running, and billing stops when the VM is in a stopped state.
71
What happens to the VM's IP address upon restart if not reserved?
The VM's IP address may change unless the IP address is reserved.
72
How can stopping a VM within the guest OS affect billing?
Stopping a VM from the guest OS may still incur charges as the VM continues to use Azure resources.
73
What are the types of maintenance and downtime events for Azure VMs?
Azure VMs can experience planned maintenance, unplanned maintenance, and unexpected downtime.
74
What are Availability Sets in Azure?
Availability Sets are used to ensure VMs remain available during maintenance events and hardware failures.
75
What are Fault Domains in Azure Availability Sets?
Fault Domains are logical groupings of VMs on separate physical racks to protect from hardware failures.
76
How do Update Domains work in Azure Availability Sets?
Update Domains are used to manage VM reboots during planned maintenance, minimizing downtime.
77
What is the configuration of VMs in an Availability Set?
VMs are assigned to fault and update domains to balance maintenance impact and ensure availability.
78
What are the disadvantages of using Azure Availability Sets?
Availability Sets require manual VM creation and configuration, and can increase costs due to over-provisioning.
79
What are Azure Scale Sets?
Azure Scale Sets allow automatic scaling of VMs based on demand, up to 1000 VMs, with easy setup.
80
How do Scale Sets compare with Availability Sets in terms of deployment?
Scale Sets are deployed in Availability Sets, offering both fault and update domain benefits.
81
What is Azure's autoscale feature in Scale Sets?
Autoscale automatically adjusts the number of VM instances based on defined rules like CPU and network usage.
82
What is the Service Level Agreement (SLA) for Azure multi-VM deployments?
Microsoft guarantees a 99.95% SLA for multi-VM deployment scenarios in Azure.
83
What SLA does Microsoft offer for single-instance VMs with premium storage?
A 99.9% SLA is provided for single-instance VMs using premium storage in Azure.
84
What is Azure Virtual Desktop (AVD)?
AVD is a Platform as a Service offering that provides desktop virtualization managed by Microsoft.
85
How is Azure Virtual Desktop configured?
AVD is configured by creating a tenant, host pools, session hosts, and app groups for user access.
86
What resources are automatically created with an Azure VM?
Resources like virtual network, public IP address, network security group, and disk are auto-created with a VM.
87
What additional resources are required for a VM in Azure?
A management group, an Azure subscription, and a resource group are also required.
88
What are Update domains in Azure, and how many are created by default?
Update domains in Azure are used during maintenance to reboot VMs systematically, with five domains created by default.
89
What is the role of a load balancer in an Azure Availability Set?
A load balancer distributes traffic among VMs in an Availability Set, ensuring efficient resource utilization and availability.
90
How do Availability Zones enhance the functionality of Azure VMs in Scale Sets?
Availability Zones offer additional protection by distributing VMs across different data centers, enhancing reliability and availability.
91
How do Fault Domains help in improving VM availability?
Fault Domains separate VMs physically within a data center, so if one physical server or rack fails, only the VMs on that server or rack are affected, not the entire Availability Set.
92
Can you explain how Update Domains function in Azure?
Update Domains are logical groups in an Availability Set that help in sequential rebooting of VMs during planned maintenance, ensuring that not all VMs are rebooted at once.
93
How many Fault Domains are assigned by default in Azure, and can this number be changed?
By default, Azure assigns 2 Fault Domains to an Availability Set, and this number can be adjusted based on the specific needs of the deployment.
94
What are the typical configurations for Update Domains in Azure Availability Sets?
Azure creates five Update Domains by default in an Availability Set to manage maintenance processes.
95
How do Scale Sets differ from Availability Sets in Azure?
Scale Sets provide automatic scaling of VMs to meet demand, whereas Availability Sets are focused on ensuring availability during maintenance and failures.
96
Can Scale Sets be used in conjunction with Availability Sets?
Yes, Scale Sets are deployed in Availability Sets automatically, benefiting from the high availability features of Fault and Update Domains.
97
How do Scale Sets interact with Availability Zones?
Unlike VMs in an availability set, however, VMs in a scale set are also compatible with availability zones, so you are protected from problems in an Azure data center.
98
What role do Update Domains play in Scale Sets?
In Scale Sets, Update Domains ensure that VM instances are not all updated or rebooted simultaneously, maintaining service availability.
99
How do Availability Sets protect against unplanned maintenance?
Availability Sets protect against unplanned maintenance by distributing VMs across Fault Domains, ensuring not all VMs are affected by a single hardware failure.
100
Can you have more than two Fault Domains in an Azure Availability Set?
Yes, while the default is two, Azure allows the creation of more Fault Domains for enhanced fault tolerance.
101
How does Azure ensure the distribution of VMs across Update Domains in Scale Sets?
Azure automatically distributes VM instances in Scale Sets across different Update Domains, balancing the load and minimizing the impact of updates.
102
What is Azure App Service?
Azure App Service is a Platform as a Service (PaaS) offering in Azure for hosting web apps in the cloud.
103
What are the key features of Azure App Service?
Azure App Service provides basic web hosting services and additional features like traffic distribution and scaling, within a user-friendly Azure Portal interface.
104
How is traffic distributed in Azure App Service?
Azure Load Balancer distributes traffic to a special VM within App Service called Front End, which distributes traffic to the VMs running your web app.
105
What is an App Service Plan in Azure?
An App Service Plan is a logical container for one or more VMs running your web app, specifying the number and properties of VMs.
106
Can multiple web apps run in a single App Service Plan?
Yes, multiple apps can run inside a single App Service Plan, sharing the same VMs.
107
What are the available pricing tiers in App Service?
The pricing tiers are Free, Shared, Basic, Standard, Premium, and Premium V2, each offering different features and levels of dedicated resources.
108
Are you charged for an App Service Plan even with no active web apps?
Yes, charges apply for App Service Plans even if no web apps are running or if they are stopped.
109
What does scaling up and scaling down mean in Azure App Service?
Scaling up involves moving to a higher pricing tier for more resources, while scaling down means moving to a lower tier.
110
How many instances can you scale to in different App Service tiers?
Basic allows up to 3 instances, Standard up to 10, and Premium and Premium V2 up to 20.
111
What happens when you create a web app in App Service that makes the process fast ?
Creating a web app in App Service allocates an existing VM for your use, making the process fast.
112
What options regarding the runtime environment do you have when creating a web app in App Service?
You can choose between a preconfigured VM with a runtime stack, a Docker container, or a static web app.
113
What are Static Web Apps in Azure?
Static Web Apps are automatically connected with a code repository, allowing automatic updates based on source code changes.
114
What is Azure Kubernetes Service (AKS)?
AKS is a scalable hosting option for containers, providing powerful container orchestration through Kubernetes.
115
How does AKS compare to hosting Docker containers in App Service?
While App Service supports Docker containers, AKS offers greater control and scalability, especially for large deployments.
116
What are Kubernetes pods and nodes?
Pods are groups of related containers in Kubernetes, and nodes are computers running container runtime and Kubernetes services.
117
What is the Kubernetes control plane?
The control plane manages the orchestration of pods and other Kubernetes entities in a cluster.
118
How does Azure Spring Cloud benefit Java developers?
Azure Spring Cloud provides easy hosting for Spring apps, offloading infrastructure management and integrating with Azure services.
119
What is the advantage of using virtual machines for application hosting?
Virtual machines offer maximum control and flexibility over the configuration and management of the underlying infrastructure.
120
What responsibilities come with using virtual machines?
Users must manage all aspects of configuration and security, including web servers, firewalls, and load balancers.
121
What is Platform as a Service (PaaS)?
PaaS is a cloud service model that provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining infrastructure.
122
How does Azure manage the scaling of web apps?
Azure automates the scaling of web apps, allowing quick and easy adjustments to the number of instances based on demand.
123
What is Azure Load Balancer's role in App Service?
It distributes incoming traffic across multiple servers to enhance efficiency and reliability of applications.
124
Can you change the pricing tier of an existing App Service Plan?
Yes, you can change the pricing tier at any time, which allows for flexibility in resource allocation and cost management.
125
What is the significance of region selection in App Service Plans?
Region selection impacts the latency and availability of the web app, as it determines where the physical servers are located.
126
What is the key difference between shared and dedicated VMs in App Service?
Shared VMs host multiple customer apps, offering lower costs but shared resources, while dedicated VMs provide exclusive resources for your app, offering better performance.
127
What are the limitations of the Free and Shared tiers in App Service?
These tiers are primarily for testing, offering limited resources and features compared to higher tiers.
128
How does AKS enhance container management?
AKS provides robust container orchestration, auto-scaling, and management of containerized applications for more complex deployments.
129
Why is Kubernetes considered advantageous for container management?
Kubernetes offers efficient container orchestration, auto-scaling, and resource optimization across clusters of containers.
130
With which Azure services Azure Spring Cloud integrate easily ?
It seamlessly integrates with services like Azure SQL Database and Azure Storage, enhancing functionality and data management.
131
What is Azure Container Instances (ACI)?
Azure Container Instances (ACI) is a service in Azure that allows you to easily run containers in the cloud without managing the underlying infrastructure.
132
What are the key benefits of using ACI?
ACI provides simplicity and speed for running containers, with no need to manage servers or clusters, and it offers flexible pricing based on usage.
133
How does ACI differ from AKS?
ACI is ideal for simple and isolated container deployments, while AKS offers more extensive orchestration, scalability, and management features for complex containerized applications.
134
What are pods in the context of AKS?
In AKS, a pod is a basic unit that hosts one or more closely related containers, which share resources and are scheduled on the same node.
135
What is the role of the Kubernetes control plane in AKS?
The control plane in AKS manages the orchestration of containers, handling tasks like scheduling, scaling, and maintaining application state.
136
How does AKS handle application scaling?
AKS automatically scales applications by adjusting the number of running container instances, based on predefined rules and real-time demand.
137
Can you deploy both Windows and Linux containers in AKS?
Yes, AKS supports both Windows and Linux containers, allowing for a diverse range of applications to be hosted in the Kubernetes environment.
138
What are the cost implications of using AKS?
While AKS itself is free, you pay for the Azure compute resources, such as VMs and storage, used within your cluster.
139
What are the billing implications for Azure App Service plans?
You are charged for App Service plans even if no web apps are running or if web apps are stopped. The only way to avoid charges is to delete the App Service plan.
140
How does scaling work in Azure App Service?
Scaling up involves moving to a higher pricing tier for more resources, while scaling down means moving to a lower tier. You can also scale out to multiple VMs in certain tiers.
141
What is the maximum number of VMs you can scale to in different App Service tiers?
The Basic tier allows scaling up to 3 VMs, Standard up to 10 VMs, and Premium and Premium V2 tiers up to 20 VMs.
142
How is the pricing tier of an App Service plan selected and changed?
The pricing tier can be selected when creating an App Service plan and changed at any point to adjust size and cost.
143
What should you consider when choosing a VM for a new web app in App Service?
When using VMs, you must manage all aspects of configuration and security, including installing and configuring web servers, firewalls, and possibly load balancers. This represents a significant increase in responsibility for the infrastructure.
144
What is Azure Virtual Network (VNet)?
Azure Virtual Network (VNet) enables Azure services to communicate internally and with the internet. It can also connect Azure resources with on-premises resources.
145
Why is a VNet essential for a virtual machine in Azure?
Without a VNet, it's impossible to remotely access or utilize a VM for applications in Azure.
146
Can you create your own VNet in Azure?
Yes, you can create and configure your own VNet in Azure.
147
What components make up an Azure VNet?
An Azure VNet comprises network interface cards (NICs), IP addresses, subnets, etc.
148
How are IP address ranges specified in a VNet?
IP address ranges in a VNet are specified using Classless Inter-Domain Routing (CIDR) notation.
149
What is the significance of reserving the first four and the last IP address in Azure?
Azure reserves these IP addresses for its own use within each subnet.
150
Can a VM be created without a VNET and further connected to a VNet after it’s been created?
No, a VM can't be created without a VNET with the plan to be connected to a VNet post-creation; it must be connected during the creation process.
However, a new VNET can be connected to VM after its creation (with a VNET at creation time)
151
What is VNet Integration in Azure App Service?
VNet Integration allows a web app in Azure App Service to integrate with an existing VNet.
152
Do Azure resources need a reserved public IP to connect outbound to the internet?
No, Azure uses a pool of public IPs for outbound internet connectivity without assigning them to specific resources.
153
What is Virtual Network Peering in Azure?
Virtual Network Peering connects VNets to each other over Microsoft's private backbone, not over the internet.
154
Can VNets in different Azure regions be peered?
Yes, VNets in different regions can be peered, known as global virtual network peering.
155
What limitation exists with global virtual network peering and Azure Load Balancer?
You cannot connect to resources behind a Basic tier Azure Load Balancer using its public IP with global virtual network peering.
156
What is Azure DNS?
Azure DNS is a service for managing DNS records, integrated with Azure for enhanced control.
157
What types of records are involved in DNS configuration?
Common DNS records include A, AAAA, CNAME, and MX records.
158
What is a CNAME record?
A CNAME record maps a domain alias or subdomain to a hostname or IP address.
159
What are Public and Private DNS zones in Azure?
Public zones are for internet-facing DNS entries, while private zones are for Azure VNet use.
160
Can Azure resources have both public and private endpoints?
Yes, Azure resources can have both public and private IP addresses for different connectivity purposes.
161
Which diffence exist in creating public and private DNS zone creation in Azure?
A public DNS zone is created using the DNS Zone resource, while a private DNS zone uses the Private DNS Zone resource.
162
What are NS and SOA records in DNS?
NS records define authoritative nameservers, and SOA records contain administrative domain information.
163
What is Azure VPN Gateway?
Azure VPN Gateway enables secure connectivity between an Azure VNet and other networks using VPN connections.
164
What is the difference between a VPN Gateway and a virtual network gateway?
They are the same; the terms are used interchangeably in Azure.
165
What protocols does Azure VPN Gateway use for security?
Azure VPN Gateway uses IPSec and IKE protocols for secure, encrypted connections.
166
What is a gateway subnet in Azure VPN Gateway?
A gateway subnet is a subnet that hosts the VPN Gateway VMs and services and should be dedicated solely for this purpose.
167
What are the types of connections supported by Azure VPN Gateway?
VPN Gateway supports VNet-to-VNet, site-to-site, and point-to-site connections.
168
What is a VNet-to-VNet connection?
It connects two Azure VNets, allowing encrypted communication over Microsoft’s infrastructure.
169
What considerations should be made for VPN Gateway pricing tiers?
Each pricing tier has bandwidth limitations that should align with your connectivity needs.
170
What is required for a site-to-site VPN connection?
An on-premises VPN device with a public-facing IP address is required for a site-to-site connection.
171
What devices can use a point-to-site VPN connection in Azure?
Point-to-site connections can be made with computers, tablets, or smartphones.
172
What authentication methods are available for site-to-site connections?
Azure certificate, RADIUS, Azure Active Directory authentication, or OpenVPN can be used.
173
What is Azure ExpressRoute?
ExpressRoute provides high-speed, dedicated network connections between Azure and on-premises networks.
174
What are the limitations of Azure VPN Gateway compared to ExpressRoute?
VPN Gateway is limited to 1.25 Gbps and uses public internet, while ExpressRoute offers higher speeds and dedicated connections.
175
What is an MSEE router in ExpressRoute?
The Microsoft Enterprise Edge router connects on-premises networks to Azure in ExpressRoute.
176
What role do service providers play in ExpressRoute?
ExpressRoute Direct allows direct connection to an MSEE router for higher bandwidth needs.
177
How does ExpressRoute ensure high availability?
ExpressRoute uses redundant connections, doubling the allocated bandwidth for reliability.
178
Can Azure ExpressRoute and VPN Gateway be used simultaneously?
Yes, they can be used together for different connectivity needs.
179
What is the significance of the gateway subnet name 'GatewaySubnet'?
Naming the subnet 'GatewaySubnet' informs Azure where to deploy the VPN gateway VMs and services.
180
What are the considerations for choosing a gateway subnet size?
The size should accommodate the number of IP addresses needed for your specific VPN configuration.
181
What is an edge network device in the context of ExpressRoute?
An edge device operates as the access point into a network, connecting to the MSEE router in ExpressRoute.
182
What should you consider when peering VNets in Azure?
Consider if VNets are in the same region or different regions, and be aware of the limitations with Azure Load Balancer in the Basic tier.
183
How does Azure allocate IP addresses in a VNet subnet ?
Azure reserves the first four and the last IP address in each subnet range for its own use.
184
What is important to remember about creating VNets in relation to VMs?
VNets should generally be created before the resources that use them, especially VMs, as VMs can't be connected to a VNet after creation.
185
When would you use global virtual network peering?
Use global virtual network peering to connect VNets located in different Azure regions.
186
What are the key features of Azure DNS?
Azure DNS integrates with Azure for domain management and supports both public and private DNS zones. Azure DNS offers integrated management tools, access control, logging, and governance policies.
187
When is Azure VPN Gateway preferable over VNet peering?
VPN Gateway is preferable when secure, encrypted connectivity is required, especially for site-to-site or point-to-site connections.
188
What factors should be considered when configuring Azure ExpressRoute?
Consider the required bandwidth, whether to use a service provider, and if ExpressRoute Direct is necessary for higher bandwidth or direct connectivity.
189
What are the key differences between Azure VPN Gateway and ExpressRoute?
VPN Gateway uses public internet for connectivity with bandwidth limitations, and is encrypted, while ExpressRoute provides higher speed through dedicated fiber-optic connections and is not encrypted.
190
How does Azure ensure high availability for ExpressRoute?
ExpressRoute uses redundant connections and allows for bandwidth bursting.
191
What is essential to remember about Azure Load Balancer tiers in relation to global virtual network peering?
Resources behind a Basic tier Azure Load Balancer cannot be accessed using the load balancer's public IP address when using global virtual network peering.
192
What are some key considerations when connecting Azure VNets to each other?
Consider the types of connections (VNet-to-VNet, site-to-site, point-to-site), the required security (VPN Gateway), and the bandwidth requirements.
193
What does SKU mean in Azure ?
SKU in the context of Microsoft Azure refers to "Stock Keeping Unit". It's a term used to uniquely identify a product or service offered in Azure. Each SKU represents a combination of related services or features, and it often includes information about the performance level, capabilities, and pricing tier of the service. For example, different SKUs might be available for a virtual machine, each offering various levels of CPU power, memory, and storage capacity, with corresponding differences in pricing. This concept allows users to select the most appropriate version of a service based on their specific needs and budget.
194
What is Azure Blob storage?
Azure Blob storage is designed for unstructured data like text files, images, videos, and documents, stored as Blobs within storage containers for organization.
195
What are the three types of Blobs in Azure Blob storage?
The three types are Block Blobs (for storing application files), Append Blobs (optimized for append operations like logs), and Page Blobs (for virtual hard disk files).
196
What is Azure Disks?
Azure Disks provides disks for virtual machines in Azure, including temporary storage disks and persistent data disks in HDD and SSD forms.
197
What are the different ways to create a new disk in Azure Disks?
A new disk can be created from a snapshot, a Blob, or as an empty disk. Snapshots are full copies of another disk.
198
What are Azure Files?
Azure Files offers managed file shares that can be mounted like any SMB file share, without managing a VM.
199
How are Azure Files shares backed?
Azure Files shares are backed by Azure Storage and require a storage account.
200
What is Azure Queue Storage?
Azure Queue Storage is a service for storing large numbers of messages, which can be accessed via URLs and authenticated requests.
201
What are the size limitations for messages in Azure Queues?
A single message can be up to 64KB, and a message queue can be up to 500 tebibytes.
202
What are the storage tiers in Azure Blob Storage?
There are three:
- Hot (high access, low storage cost)
- Cool (less frequent access, lower storage cost)
- Archive (lowest storage cost, highest access cost).
203
What is the minimum storage duration for data in the Cool and Archive tiers?
For the Cool tier, it's 30 days, and for the Archive tier, it's 180 days.
204
What redundancy options does Azure Storage provide ?
Azure offers locally redundant storage (LRS), zone-redundant storage (ZRS), geo-redundant storage (GRS), and geo-zone-redundant storage (GZRS).
205
What are the differences between LRS and ZRS?
LRS stores three copies of data within a single datacenter, while ZRS stores data across multiple datacenters in separate availability zones.
206
How do GRS and GZRS work?
GRS replicates data using LRS in a primary and a secondary region. GZRS combines ZRS in the primary region with LRS replication in a secondary region.
207
What is Azure Migrate?
Azure Migrate is a service for migrating servers, databases, web apps, and more to Azure.
208
What are the three steps in the Azure Migrate process?
The steps are Discover, Assess, and Migrate.
209
What methods are available for discovering resources for Azure Migrate?
Resources can be discovered manually using a CSV file or automatically using the Azure Migrate appliance.
210
What is the Azure Migrate appliance?
It's a VM that automatically collects information on resources in your environment for Azure Migrate.
211
What are Data Box Disk, Data Box, and Data Box Heavy in Azure Migrate?
These are physical devices for transferring large amounts of data to Azure, with varying storage capacities and transfer rates.
212
What is the purpose of Azure Blob storage containers?
Containers in Blob storage are used to organize and manage Blobs, like grouping video files or image files together.
213
What is the maximum size of a data disk in Azure Disks?
Each data disk can have a maximum size of 32,767 gibibytes.
214
How does Azure File Sync work?
Azure File Sync synchronizes files in Azure Files with on-premises servers for faster local access.
215
What is the AzCopy utility?
AzCopy is a command-line tool for copying files and Blobs to and from Azure Storage.
216
How does Azure Storage Explorer assist in managing storage resources?
It's an application for managing storage resources, like generating SAS tokens, managing containers, and changing storage tiers.
217
What is the significance of gibibytes in Azure Storage?
A gibibyte is a unit of digital information storage, equivalent to 1,073,741,824 bytes (2^30 bytes), used in Azure to measure data sizes.
218
How does Azure ensure data redundancy?
Data is replicated in multiple copies across datacenters or regions, depending on the chosen redundancy option.
219
What are Premium storage account types in Azure?
Premium storage accounts offer high performance with solid-state drives and support specific types like Block Blobs, file shares, and Page Blobs.
220
What is the purpose of the "Make read access to data available in the event of regional unavailability" option?
This option allows read access to replicated data in a secondary region, even when the primary region is available, and including times when the primary region is no more available and the failover has not yet happened.
221
What are the redundancy options for Azure Files?
Azure Files supports all redundancy options except for Read Access Zone-Redundant Storage and Read Access geo-zone-redundant storage (RA-ZRS and RA-GZRS).
222
How is data transferred using Azure Data Box?
Data is copied onto Data Box devices, shipped back to Microsoft, uploaded to Azure Storage, and then wiped according to NIST standards.
223
What is the maximum size of a message in Azure Queues?
The maximum size of a single message in Azure Queues is 64KB.
223
Can Azure Blobs be used for storing large log files?
Yes, Azure Blobs, particularly Append Blobs, are suitable for storing large, constantly updated data like log files.
224
What are the characteristics of Azure Premium Disk?
Azure Premium Disk offers high performance for heavy use and is based on solid-state drive (SSD) technology.
225
What operating systems cannot mount Azure Files shares on-premises?
Windows 7 and Windows Server 2008 can't mount Azure Files shares on-premises due to their support only for SMB 2.1.
226
How large can a message queue in Azure Queues be?
An Azure Queue can have a maximum size of approximately 550 terabytes (500 tebibytes).
227
What programming languages does Microsoft support for interacting with Azure Queues?
Microsoft supports languages like .NET, Java, Python, Node.js, C++, PHP, and Ruby for Azure Queue interactions.
228
What are the access time guarantees for Azure Blob Storage tiers?
The Hot and Cool tiers guarantee access within milliseconds, while the Archive tier guarantees access within 15 hours (or faster with high priority).
229
What is Locally Redundant Storage (LRS) in Azure?
LRS replicates data within a single datacenter, protecting against server rack and drive failures.
230
What is Zone-Redundant Storage (ZRS) in Azure?
ZRS replicates data across separate datacenters in different availability zones for high availability scenarios.
231
How can you upload files to Azure Storage?
Files can be uploaded to Azure Storage using tools like AzCopy, Azure Storage Explorer or Data Box options.
232
What is the process of creating a snapshot in Azure ?
A snapshot in Azure is created by making a full copy of a disk, which can be used for VM backup or to create another VM.
233
How does the Archive storage tier in Azure Blob Storage work?
The Archive tier offers low-cost storage for long-term data with high access costs and slow retrieval times.
234
How are storage tiers priced in Azure Blob Storage?
Storage tiers are priced based on data access frequency, storage duration, and other factors like storage and access costs.
235
What types of storage accounts are available in Azure?
Azure offers Standard tier general-purpose v2 accounts for most uses and Premium tier accounts for high-performance needs.
236
Can data writes in Azure Storage be synchronous?
Yes, data writes to Azure Storage in LRS and ZRS are synchronous, ensuring successful replication across all copies.
237
What is the Azure Storage Explorer?
Azure Storage Explorer is a free application for managing Azure storage resources across multiple platforms.
238
How is data security managed in Azure Data Box?
Data Box devices use AES 256-bit encryption and physical security features to protect data during transport.
239
What are the network interface options in Data Box and Data Box Heavy?
Data Box has gigabit Ethernet interfaces, while Data Box Heavy offers 40 GbE interfaces for faster data transfer.
240
Can you change the redundancy type of an Azure storage account after creation?
No, the redundancy type cannot be changed after the storage account has been created.
241
How does Azure Migrate assist in pricing estimates for migration?
The assessment phase of Azure Migrate can provide a pricing estimate for Azure resources post-migration.
242
What can you use a snapshot of a VM's OS disk for in Azure?
You can use it to create another VM or to create a backup of the VM at a specific point in time.
243
Where do Azure Files shares could be mounted?
Azure Files shares can be mounted on Azure VMs and on-premises on Windows, Linux, and macOS, but not on Windows 7 or Windows Server 2008.
244
What network configuration is required for Azure Files shares?
TCP port 445 must be open on your network for SMB connectivity.
245
What is the default time-to-live for a message in Azure Queues?
The default time-to-live for a message in Azure Queues is seven days, but it can be specified to a different duration when adding a message.
246
What must you do to access a Blob in the Archive tier?
To access a Blob in the Archive tier, you must first move it to the Hot or Cool tier, a process known as rehydration.
247
How is data replicated in GRS and GZRS?
In GRS and GZRS, data in the primary region is replicated synchronously, while data replication to the secondary region is asynchronous.
248
What is recommended for discovering servers in Azure Migrate?
The Azure Migrate appliance is the preferred method for discovery as it automates the process.
249
Can third-party tools be used for assessment in Azure Migrate?
Yes, third-party assessment tools from Microsoft's partners can be used to discover physical servers and servers in other cloud providers.
250
What is Data Box Disk used for in Azure Migrate?
Data Box Disk is used to copy data to a single storage account and has a capacity of about 35 TB.
251
How many storage accounts can Data Box and Data Box Heavy support?
Data Box and Data Box Heavy can be used to copy data across 10 separate storage accounts.
252
What is the purpose of the management network interface in Data Box?
The management network interface in Data Box is used for the initial setup and management of the device, not for data transfer.
253
What is the maximum storage capacity of Data Box Heavy?
Data Box Heavy offers a storage capacity of about 770 TB.
254
What is the encryption standard used in Data Box?
Data on the Data Box is encrypted using AES 256-bit encryption.
255
What is the maximum size for a data disk in Azure Disks?
Each data disk in Azure Disks can be up to 32,767 gibibytes in size.
256
How does Azure handle redundancy in primary and secondary regions in GZRS?
In GZRS, data is replicated synchronously in the primary region and asynchronously in the secondary region.
