Describe Azure Architecture & Services

Question 1

Region Definition

Answer 1

Multiple availability zones in close proximity geographically with low latency between them

Question 2

Region Pairs

(def & 3 advantages)

Answer 2

region pairing within the same geography: replication of resources and fault tolerance redundancy

• outage backup
• minimizing downtime during updates
• same geography (tax & regulatory concerns)
• lowest latency between regions

Question 3

Soverign Region

Answer 3

Exclusive public region region not available to everyone

ex. China, US gov, DoD

Question 4

Availability Zones

Answer 4

physically seperate data centers within a region, designed for hardware fault tolerance

(independant power, cooling, networking)

Question 5

Resource Group

(def & 3 rules)

Answer 5

• container to manage the reasources needed for an application to run
• rules:
  
  1. resource can only be aligned to one group
  2. can be moved across different regions
  3. application can have more than one resource group
• example resources:
  
  • metering & billing
  • policies
  • monitoring & alerts
  • quotas
  • access control

Question 6

Subscription

Answer 6

• whom the resources and resource group is billed to
• how you manage resource groups for billing

Question 7

Management Groups

Answer 7

• organization of subscriptions
• set governance (access, policies, and compliance) and this level

Question 8

Computing Services (6)

Answer 8

1. Virtual Machine
2. VM Scale Sets
3. App Services (web app)
4. Container Instances
5. Kubernetes Services
6. Windows Virtual Desktops

Question 9

Virtual Machine Definition

Answer 9

Virtual Machine: emulation of a computer, running on a server in one or more datacenters.

Question 10

VM Scale Sets Definition

availability set note as well

Answer 10

• 2+ virtual machines running exact same code
• autoscaling
• load balancer: manages traffic

availability set: stagger updates, varied network and power to prevent single point of failure

Question 11

App Services Definition

Answer 11

• code without access to the hardware or compute (OS)
• application hosting

Question 12

Azure Containers

2 types

Answer 12

1. Container Instances: single instance
2. Kubernetes: cluster of containers, needs a cluster of machines

for development, testing apps (PaaS)

Question 13

Windows Virtual Desktop

Answer 13

• MS 365: windows in the cloud

Question 14

Azure Functions

Answer 14

event driven, serverless computing

Question 15

Azure Networking Services

(4)

Answer 15

1. Virtual Networks
2. VPN Gateway
3. VNet Peering
4. ExpressRoute

Question 16

Virtual Private Network

Answer 16

1. connect two networks as-if its the same network (home to office network)
2. network gateway

Question 17

ExpressRoute

Answer 17

connect your private network to azure (no data over public internet)

Question 18

Subnet

Answer 18

subdivision of a virutal network with its own security rules

Question 19

Azure DNS

Answer 19

Azure Domain System Name is hosting service for websites

Question 20

Azure Storage Options

4 types

Answer 20

1. Blob
2. Disk
3. File
4. Queues

Question 21

Blob Storage Types

2

Answer 21

1. General Purpose: hanlde all types of data
2. Data Lake Gen2 (block blob): data analytics

Question 22

Blob Storage Tiers

3 types - 2 rules

Answer 22

1. hot: frequent access
2. cold: infequenty, but last at least 30 days
3. archive: rarely accessed sotred for at least 180 days

rules:
1. only hot and cold can be set at account level
2. archive is set at the blob level

Question 23

File Storage Definition

Answer 23

think share drive

Question 24

Queue Storage

Answer 24

storage a large number of messages

Question 25

Redundancy Options | 5 types

Answer 25

1. Local 2. Geo 3. Zone 4. Geo-Zone 5. Read Access Geo/Geo Zone

Question 26

Local & Geo Redundancy

Answer 26

local: single datacenter (availability zone) geo: single data center multiple regions

Question 27

Zone and Geo-Zone Redundancy

Answer 27

zone: multiple datacenters (availability zones) within region geo-zone: zone storage + single datacenter in 2nd region

Question 28

read-access redundancies | (2 types)

Answer 28

read-access geo: read-access in 2nd region read-access geo-zone: read-access version of geo-zone

Question 29

standard vs. premium redendancy

Answer 29

standard: get all 4 types of storage redundancy premium: only get local and zone, becuase premium is designed for low latency (data lake gen2, page, file,

Question 30

Azure Migrate Tools | 6 types

Answer 30

1. discovery & assement: assess on prem 2. server migration: VM migration 3. migration assistane: used for SQL server 4. database servies: on-prem databases (more general) 5. web app assistant: website migration 6. data box: large data migration, pyhsical devices (max 80 terabytes)

Question 31

AzCopy Definition

Answer 31

command line utility to copy files from storage account

Question 32

File Sync Definition

Answer 32

bi-directional syncing of local server data to Azure

Question 33

definition of identity within Azure | what 3 things can identity refer to

Answer 33

1. person 2. applications 3. devices

Question 34

Azure Active Directory (AAD) Model | what are the authentication steps

Answer 34

1. credentials to aad (identity provider in the visual) 2. signed token back to user 3. signed token then goes to server 4. aad sends a tust, key to server for verification

Question 35

Azure Activite Directory Domain Services (AAD DS)

Answer 35

stores centralized directory information and lets users and domains communicate

Question 36

Azure External Identities

Answer 36

* allows you to securely interact with users outside of your organizations * examples: consumer facing apps, corporate identity on social media

Question 37

Azure Conditional Access | defintion and conditions

Answer 37

only allow access to resources based on conditions (signals) 1. user location 2. device being used 3. who is the user

Question 38

Zero Trust Model | what does it require - 3 principles

Answer 38

requires authentication to each resource or from any device three principals: 1. verify explicitly 2. least privilege access 3. assume breach