What are the 4 levels of organizing structure for resources in Azure?
management groups, subscriptions, resource groups, and resources.
What is the top down hierarchy of organization structure for resources in Azure?
____________ are instances of services that you create, like virtual machines, storage, or SQL databases.
Resources
Resources are combined into ____________, which act as a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.
resource groups
A _____________ groups together user accounts and the resources that have been created by those user accounts. For each, there are limits or quotas on the amount of resources that you can create and use. Organizations can use these to manage costs and the resources that are created by users, teams, or projects.
subscriptions
These groups help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in it automatically inherit the conditions applied.
management group
Resources are created in _____________, which are different geographical locations around the globe that contain Azure datacenters.
regions
A ___________ is a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each to ensure workloads are appropriately balanced.
region
Name 2 benefits of regions
- Provide flexibility and scale to reduce customer latency
- Preserve data residency with a comprehensive compliance offering
True or False: Some services or VM features are only available in certain regions, such as specific VM sizes or storage types.
True
Name the 2 Azure special regions
- US DoD Central, US Gov Virginia, US Gov Iowa and more: These regions are physical and logical network-isolated instances of Azure for U.S. government agencies and partners. These datacenters are operated by screened U.S. personnel and include additional compliance certifications.
- China East, China North, and more: These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft doesn’t directly maintain the datacenters.
______________ are physically separate datacenters within an Azure region. Each is made up of one or more datacenters equipped with independent power, cooling, and networking. Each is set up to be an isolation boundary. If one zone goes down, the other continues working. Each is connected through high-speed, private fiber-optic networks.
Availability zones
True or False: Every region has support for availability zones.
False. For an updated list, see Regions that support availability zones in Azure Regions that support availability zones in Azure
You can use ________ to run mission-critical applications and build high-availability into your application architecture by co-locating your compute, storage, networking, and data resources within a zone and replicating in other zones.
availability zones
______________ are primarily for VMs, managed disks, load balancers, and SQL databases.
Availability zones
Azure services that support availability zones fall into three categories. What are those?
- Zonal services: You pin the resource to a specific zone (for example, VMs, managed disks, IP addresses).
- Zone-redundant services: The platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).
- Non-regional services: Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.
What is the term for this?
- At least 300 miles of separation between region pairs.
- Automatic replication for some services.
- Prioritized recovery in the event of an outage.
- Updates are rolled out sequentially to minimize downtime.
Azure region pairs
These are advantages of ______________:
- If an extensive Azure outage occurs, one region out of every pair is prioritized to make sure at least one is restored as quickly as possible for applications hosted in that region pair.
- Planned Azure updates are rolled out to paired regions one region at a time to minimize downtime and risk of application outage.
- Data continues to reside within the same geography as its pair (except for Brazil South) for tax- and law-enforcement jurisdiction purposes.
region pairs
What is the SLA for a single VM?
99.9%
What is the SLA for a VM replicated across availability zones?
99.99%
__________ is a manageable item that’s available through Azure. Virtual machines (VMs), storage accounts, web apps, databases, and virtual networks are examples.
Resource
_________ is a container that holds related resources for an Azure solution allowing you to manage resources as a common collection. You decide which resources belong to it based on what makes the most sense for your organization.
Resource group
True or false: All resources must be in a resource group, and a resource can only be a member of a single resource group.
True
True or false: Resource groups can be nested.
False
True or False: Before any resource can be provisioned, you need a resource group for it to be placed in.
True
A _________ is a container to manage & aggregate resources in a single unit.
- Resources can exist in only one.
- Resources can exist in different regions.
- Resources can be moved to different ones.
- Applications can utilize multiple ones.
resource group
True or false: If you delete a resource group, all resources contained within it still remain.
False
True or false: Resource groups make it easy to remove a set of resources all at once.
True
____________ are also a scope for applying role-based access control (RBAC) permissions. By applying RBAC permissions to a one, you can ease administration and limit access to allow only what’s needed.
Resource groups
_______________ is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features like access control, locks, and tags to secure and organize your resources after deployment.
Azure Resource Manager
When a user sends a request from any of the Azure tools, APIs, or SDKs, ____________receives the request. It authenticates and authorizes the request. It sends the request to the Azure service, which takes the requested action. Because all requests are handled through the same API, you see consistent results and capabilities in all the different tools.
Resource Manager
The ___________ provides a management layer that enable you to create, update, and delete resources in your Azure subscription.
Azure Resource Manager (ARM)
True or false: All capabilities that are available in the Azure portal are also available through PowerShell, the Azure CLI, REST APIs, and client SDKs.
True
True or false: Functionality initially released through APIs will be immediately available in the portal.
False. Functionality initially released through APIs will be represented in the portal within 180 days of initial release.
These are all benefits of using _____________:
- Manage your infrastructure through declarative templates rather than scripts. A Resource Manager template is a JSON file that defines what you want to deploy to Azure.
- Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.
- Redeploy your solution throughout the development life cycle and have confidence your resources are deployed in a consistent state.
- Define the dependencies between resources so they’re deployed in the correct order.
- Apply access control to all services because RBAC is natively integrated into the management platform.
- Apply tags to resources to logically organize all the resources in your subscription.
- Clarify your organization’s billing by viewing costs for a group of resources that share the same tag.
Azure Resource Manager
Using Azure requires an Azure ____________. It provides you with authenticated and authorized access to Azure products and services. It also allows you to provision resources.
subscription
An Azure __________ is a logical unit of Azure services that links to an Azure account, which is an identity in Azure Active Directory (Azure AD) or in a directory that Azure AD trusts.
subscription
True or false: An account can have one subscription or multiple subscriptions that have different billing models and to which you apply different access-management policies.
True
________ can be used to define boundaries around Azure products, services, and resources.
Azure subscriptions
What are the 2 types of subscription boundaries?
- Billing boundary: This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.
- Access control boundary: Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.
This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.
Billing boundary
What type of subscription boundary is this? Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.
Access control boundary
When managing your resources, you can choose to create ____________ to set up separate environments for development and testing, security, or to isolate data for compliance reasons. This design is particularly useful because resource access control occurs at this level.
subscriptions
You can create ____________ to reflect different organizational structures. For example, you could limit a team to lower-cost resources, while allowing the IT department a full range. This design allows you to manage and control access to the resources that users provision within each.
subscriptions
You might want to also create ___________ for billing purposes. Because costs are first aggregated at this level, you might want to create these to manage and track costs based on your needs. For instance, you might want to create one for your production workloads and another for your development and testing workloads.
subscriptions
True or false. Subscriptions are not bound to some hard limitations.
False. Subscription limits: Subscriptions are bound to some hard limitations. For example, the maximum number of Azure ExpressRoute circuits per subscription is 10. Those limits should be considered as you create subscriptions on your account. If there’s a need to go over those limits in particular scenarios, you might need additional subscriptions.
_____________ provide a level of scope above subscriptions. You organize subscriptions into containers and apply your governance conditions to the these.
Azure management groups. If your organization has many subscriptions, you might need a way to efficiently manage access, policies, and compliance for those subscriptions.
True or false: All subscriptions within a management group automatically inherit the conditions applied to the management group.
True
True or false: All subscriptions within a single management group must do not need to trust the same Azure AD tenant.
False
What would you use if you wanted to provide user access to multiple subscriptions through one role-based access control (RBAC) assignment?
A resource management groups is to provide user access to multiple subscriptions. By moving multiple subscriptions under that management group, you can create one role-based access control (RBAC) assignment on the management group, which will inherit that access to all the subscriptions. One assignment on the management group can enable users to have access to everything they need instead of scripting RBAC over different subscriptions.
What would you use when you want to create a hierarchy that applies a policy. For example, you could limit VM locations to the US West Region in a group called Production. This policy will inherit onto all the Enterprise Agreement subscriptions that are descendants and will apply to all VMs under those subscriptions. This security policy can’t be altered, which allows for improved governance.
Resource management group: You can create a hierarchy that applies a policy. For example, you could limit VM locations to the US West Region in a group called Production. This policy will inherit onto all the Enterprise Agreement subscriptions that are descendants of that management group and will apply to all VMs under those subscriptions. This security policy can’t be altered by the resource or subscription owner, which allows for improved governance.
What would you use to build a flexible structure of management groups and subscriptions to organize your resources into a hierarchy for unified policy and access management?
Resource management groups
True or false: No more than 1,000 management groups can be supported in a single directory.
False. 10,000 management groups can be supported in a single directory.
True or false: A management group tree can support up to six levels of depth. This limit doesn’t include the root level or the subscription level.
True
True or false: Each management group and subscription can relate to multiple parents.
False. Each management group and subscription can support only one parent.
True or false: Each management group can have many children.
True
True or false: All subscriptions and management groups are distributed across multiple hierarchies in each directory.
False: All subscriptions and management groups are within a single hierarchy in each directory.
Which of the following can be used to manage governance across multiple Azure subscriptions?
- Azure initiatives
- Management groups
- Resource groups
Management groups
Management groups facilitate the hierarchical ordering of Azure resources into collections, at a level of scope above subscriptions. Distinct governance conditions can be applied to each management group, along with Azure Policy and Azure role-based access controls, to manage Azure subscriptions effectively. The resources and subscriptions assigned to a management group automatically inherit the conditions applied to the management group.
Which of the following is a logical unit of Azure services that links to an Azure account?
- Azure subscription
- Management group
- Resource group
- Public cloud
Azure subscription
An Azure subscription is a logical unit of Azure services that links to an Azure account. An Azure subscription is an object that represents a container that you can put resources in. Subscriptions are tied to tenants, so one tenant can have many subscriptions, but not vice versa.
Which of the following features does not apply to resource groups?
- Resources can be in only one resource group.
- Role-based access control can be applied to the resource group.
- Resource groups can be nested.
Resource groups can be nested.
Resource groups cannot be nested.
Which of the following statements is a valid statement about an Azure subscription?
- Using Azure doesn’t require a subscription.
- An Azure subscription is a logical unit of Azure services.
An Azure subscription is a logical unit of Azure services.
A subscription is a set of Azure services bundled together for tracking and billing purposes. Resource access control occurs at the subscription level. Organizations use Azure subscriptions to manage and govern their Azure resources.
______________ is an on-demand computing service for running cloud-based applications. It provides computing resources such as disks, processors, memory, networking, and operating systems.
Azure compute
_______ are software emulations of physical computers. They include a virtual processor, memory, storage, and networking resources. These can host an operating system, and you can install and run software just like a physical computer.
Virtual machines
True or false: When you need total control over an operating system and environment, VMs are an ideal choice. Just like a physical computer, you can customize all the software running on the VM. This ability is helpful when you’re running custom software or custom hosting configurations.
True
_____________ are an Azure compute resource that you can use to deploy and manage a set of identical VMs. With all VMs configured the same, these are designed to support true autoscale. No pre-provisioning of VMs is required. For this reason, it’s easier to build large-scale services targeting big compute, big data, and containerized workloads. As demand goes up, more VM instances can be added. As demand goes down, VM instances can be removed. The process can be manual, automated, or a combination of both.
___________ are lightweight, virtualized application environments. They’re designed to be quickly created, scaled out, and stopped dynamically.
Containers
_______ and _______ are Azure compute resources that you can use to deploy and manage containers.
True or false: You can run only a single instance of a containerized application on a single host machine.
False: You can run multiple instances of a containerized application on a single host machine.
With _________, you can quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform. You can meet rigorous performance, scalability, security, and compliance requirements while using a fully managed platform to perform infrastructure maintenance.
True or false: App Service is a software as a service (SaaS) offering.
False. App Service is a platform as a service (PaaS) offering.
___________ are ideal when you’re concerned only about the code running your service and not the underlying platform or infrastructure. They’re commonly used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less.
Identify 4 use cases for the use of VMs.
when to use VMs
- During testing and development. VMs provide a quick and easy way to create different OS and application configurations. Test and development personnel can then easily delete the VMs when they no longer need them.
- When running applications in the cloud. The ability to run certain applications in the public cloud as opposed to creating a traditional infrastructure to run them can provide substantial economic benefits. For example, an application might need to handle fluctuations in demand. Shutting down VMs when you don’t need them or quickly starting them up to meet a sudden increase in demand means you pay only for the resources you use.
- When extending your datacenter to the cloud. An organization can extend the capabilities of its own on-premises network by creating a virtual network in Azure and adding VMs to that virtual network. Applications like SharePoint can then run on an Azure VM instead of running locally. This arrangement makes it easier or less expensive to deploy than in an on-premises environment.
- During disaster recovery. As with running certain types of applications in the cloud and extending an on-premises network to the cloud, you can get significant cost savings by using an IaaS-based approach to disaster recovery. If a primary datacenter fails, you can create VMs running on Azure to run your critical applications and then shut them down when the primary datacenter becomes operational again.
What would be the best time to use a VM?
VMs are also an excellent choice when you move from a physical server to the cloud (also known as lift and shift). You can create an image of the physical server and host it within a VM with little or no changes. Just like a physical on-premises server, you must maintain the VM. You update the installed OS and the software it runs.
Imagine you’re running a website that enables scientists to upload astronomy images that need to be processed. What would you run to support duplicating, to configure an additional service, and to route requests between multiple instances of the website.
Virtual machine scale sets could do that work for you. Virtual machine scale sets let you create and manage a group of identical, load-balanced VMs.
Scale sets allow you to centrally manage, configure, and update a large number of VMs in minutes to provide highly available applications. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. With virtual machine scale sets, you can build large-scale services for areas such as compute, big data, and container workloads.
What service would enables large-scale parallel and high-performance computing (HPC) with the ability to scale to tens, hundreds, or thousands of VMs.
Azure Batch
_________ enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability.
Azure App Service
True or false: Azure App Services is a fully managed platform to build, deploy, and scale web apps and APIs quickly.
True
What has these features?
- Works with .NET, .NET Core, Node.js, Java, Python, or PHP
- Is a PaaS offering with enterprise grade performance, security, and compliance requirements
- supports Windows and Linux and enables automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model
Azure App Service
True or false: You pay for a dedicated number Azure compute resources based on the App Service plan you choose.
False. You pay for the Azure compute resources your app uses while it processes requests based on the App Service plan you choose.
With the Azure App Service, what determines how much hardware is devoted to your host. For example, whether it’s dedicated or shared hardware and how much memory is reserved for it. There’s even a free tier you can use to host small, low-traffic sites.
The Azure App Service Plan
What are the 4 most common app service styles you can host with App Service?
- Web apps
- API apps
- WebJobs
- Mobile apps
True or false: App Service handles most of the infrastructure decisions you deal with in hosting web-accessible apps:
- Deployment and management are integrated into the platform.
- Endpoints can be secured.
- Sites can be scaled quickly to handle high traffic loads.
- The built-in load balancing and traffic manager provide high availability.
All of these app styles are hosted in the same infrastructure and share these benefits.
True
____________ are a light-weight, virtualized environment that does not require operating system management, and can respond to changes on demand.
Azure Containers
________ is a PaaS offering that runs a container in Azure without the need to manage a virtual machine or additional services.
Azure Container Instances
____________ is an orchestration service for containers with distributed architectures and large volumes of containers.
Azure Kubernetes Service
Containers are managed through a container orchestrator, which can start, stop, and scale out application instances as needed. What are the two ways to manage both Docker and Microsoft-based containers in Azure?
Azure Container Instances and Azure Kubernetes Service (AKS).
Containers are often used to create solutions by using a ______________. This architecture is where you break solutions into smaller, independent pieces. For example, you might split a website into a container hosting your front end, another hosting your back end, and a third for storage. This split allows you to separate portions of your app into logical sections that can be maintained, scaled, or updated independently.
microservice architecture
____________ is the abstraction of servers, infrastructure, and operating systems. With this, Azure takes care of managing the server infrastructure and the allocation and deallocation of resources based on demand. Infrastructure isn’t your responsibility. Scaling and performance are handled automatically. You’re billed only for the exact resources you use. There’s no need to even reserve capacity.
Serverless computing
Name 3 benefits of serverless computing.
- Abstraction of servers: Serverless computing abstracts the servers you run on. You never explicitly reserve server instances. The platform manages that for you. Each function execution can run on a different compute instance. This execution context is transparent to the code. With serverless architecture, you deploy your code, which then runs with high availability.
- Event-driven scale: Serverless computing is an excellent fit for workloads that respond to incoming events. Events include triggers by (1)Timers, for example, if a function needs to run every day at 10:00 AM UTC. (2) HTTP, for example, API and webhook scenarios. & (3) Queues, for example, with order processing. Instead of writing an entire application, the developer authors a function, which contains both code and metadata about its triggers and bindings. The platform automatically schedules the function to run and scales the number of compute instances based on the rate of incoming events. Triggers define how a function is invoked. Bindings provide a declarative way to connect to services from within the code.
- Micro-billing: Traditional computing bills for a block of time like paying a monthly or annual rate for website hosting. This method of billing is convenient but isn’t always cost effective. Even if a customer’s website gets only one hit a day, they still pay for a full day’s worth of availability. With serverless computing, they pay only for the time their code runs. If no active function executions occur, they’re not charged. For example, if the code runs once a day for two minutes, they’re charged for one execution and two minutes of computing time.
What are Azure’s 2 implementations of serverless compute
- Azure Functions: Functions can execute code in almost any modern language.
- Azure Logic Apps: Logic apps are designed in a web-based designer and can execute logic triggered by Azure services without writing any code.
True or false: When you’re concerned only about the code running your service, and not the underlying platform or infrastructure, do not use Azure Functions.
False. When you’re concerned only about the code running your service, and not the underlying platform or infrastructure, using Azure Functions is ideal.
_________ are commonly used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less.
Functions
True or false: Functions scale automatically based on demand, so they’re a solid choice when demand is variable.
True. For example, you might receive messages from an IoT solution that’s used to monitor a fleet of delivery vehicles. You’ll likely have more data arriving during business hours.
Using a virtual machine-based approach, you’d incur costs even when the virtual machine is idle. With functions, Azure runs your code when it’s triggered and automatically deallocates resources when the function is finished. In this model, you’re only charged for the CPU time used while your function runs.
_____________ can be either stateless or stateful. When they’re stateless (the default), they behave as if they’re restarted every time they respond to an event. When they’re stateful (called Durable), a context is passed through it to track prior activity.
Functions
True or false: Azure Logic apps are similar to functions. Both enable you to trigger logic based on an event. Where functions execute code, logic apps execute workflows that are designed to automate business scenarios and are built from predefined logic blocks.
True
An __________ is a collection of functions or steps that are executed to accomplish a complex task.
orchestration
Regarding state, what’s the difference between Functions and Logic Apps?
Functions are normally stateless but Durable Functions provide state.
Logic apps are always stateful.
Regarding development, what’s the difference between Functions and Logic Apps?
Functions provide code-first (imperative).
Logic apps are designer-first or declarative.
Regarding execution context, what’s the difference between Functions and Logic Apps?
Functions can run locally or in the cloud.
Logic apps run only in the cloud.
_____________ is a desktop and application virtualization service that runs on the cloud. It enables your users to use a cloud-hosted version of Windows from any location.
Azure Virtual Desktop
True or false: Azure Virtual Desktop works across devices like Windows, Mac, iOS, Android, and Linux. It works with apps that you can use to access remote desktops and apps. You can also use most modern browsers to access Azure Virtual Desktop-hosted experiences.
True
What are 3 benefits for Windows Virtual Desktop?
- Create a full desktop virtualization environment without having to run additional gateway servers.
- Publish unlimited host pools to accommodate diverse workloads.
- Reduce costs with pooled, multi-session resources.
Why should you use Azure Virtual Desktop?
- Provide the best user experience
- Enhance security
- User sessions are isolated in both single and multi-session environments.
User sign-in to Azure Virtual Desktop is fast because user profiles are containerized by using _________. At sign-in, the user profile container is dynamically attached to the computing environment. The user profile is immediately available and appears in the system exactly like a native user profile.
FSLogix
True or false: With Azure Virtual Desktop, you can provide individual ownership through personal (persistent) desktops. For example, you might want to provide personal remote desktops for members of an engineering team. Then they can add or remove programs without impacting other users on that remote desktop.
True
Azure Virtual Desktop provides centralized security management for users’ desktops with ____________.
Azure Active Directory (Azure AD)
True or false: With Azure Virtual Desktop, you can enable multifactor authentication to secure user sign-ins. You can also secure access to data by assigning granular role-based access controls (RBACs) to users.
True
True or false: With Azure Virtual Desktop, you can also secure access to data by assigning granular role-based access controls (RBACs) to users.
True
True or false: Azure Virtual Desktop also improves security by using reverse connect technology. This connection type is more secure than the Remote Desktop Protocol. We don’t open inbound ports to the session host VMs.
True
What are 3 key features of Azure Virtual Desktop?
Simplified management: Azure Virtual Desktop is an Azure service, so it will be familiar to Azure administrators. You use Azure AD and RBACs to manage access to resources. With Azure, you also get tools to automate VM deployments, manage VM updates, and provide disaster recovery. As with other Azure services, Azure Virtual Desktop uses Azure Monitor for monitoring and alerts. This standardization lets admins identify issues through a single interface.
Performance management: Azure Virtual Desktop gives you options to load balance users on your VM host pools. Host pools are collections of VMs with the same configuration assigned to multiple users. For the best performance, you can configure load balancing to occur as users sign in (breadth mode). With breadth mode, users are sequentially allocated across the host pool for your workload. To save costs, you can configure your VMs for depth mode load balancing where users are fully allocated on one VM before moving to the next. Azure Virtual Desktop provides tools to automatically provision additional VMs when incoming demand exceeds a specified threshold.
Multi-session Windows 10 deployment: Azure Virtual Desktop lets you use Windows 10 Enterprise multi-session, the only Windows client-based operating system that enables multiple concurrent users on a single VM. Azure Virtual Desktop also provides a more consistent experience with broader application support compared to Windows Server-based operating systems.
What are 2 ways you can reduce costs with Azure Virtual Desktop?
Bring your own licenses: Azure Virtual Desktop is available to you at no additional cost if you have an eligible Microsoft 365 license. Just pay for the Azure resources used by Azure Virtual Desktop.
Save on compute costs: Buy one-year or three-year Azure Reserved Virtual Machine Instances to save you up to 72 percent versus pay-as-you-go pricing.
Which Azure compute resource can be deployed to manage a set of identical virtual machines?
- Virtual machine scale sets
- Virtual machine availability sets
- Virtual machine availability zones
Virtual machine scale sets
Virtual machine scale sets let you deploy and manage a set of identical virtual machines.
Which of the following services should be used when the primary concern is to perform work in response to an event (often via a REST command) that needs a response in a few seconds?
- Azure Functions
- Azure App Service
- Azure Container Instances
Azure Functions
Azure Functions is used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less.
Your company has a team of remote workers that need to use Windows-based software to develop your company’s applications, but your team members are using various operating systems like macOS, Linux, and Windows. Which Azure compute service would help resolve this scenario?
- Azure App Service
- Azure Virtual Desktop
- Azure Container Instances
Azure Virtual Desktop
Azure Virtual Desktop enables your team members to run Windows in the cloud, with access to the required applications for your company’s needs.
________________ enable Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers.
Azure virtual networks
Azure virtual networks provide what key networking capabilities?
- Isolation and segmentation
- Internet communications
- Communicate between Azure resources
- Communicate with on-premises resources
- Route network traffic
- Filter network traffic
- Connect virtual networks
What are the 2 ways to enable Azure resources to communicate securely with each other?
- Virtual networks Virtual networks can connect not only VMs but other Azure resources, such as the App Service Environment for Power Apps, Azure Kubernetes Service, and Azure virtual machine scale sets.
- Service endpoints You can use service endpoints to connect to other Azure resource types, such as Azure SQL databases and storage accounts. This approach enables you to link multiple Azure resources to virtual networks to improve security and provide optimal routing between resources.
What can you use to connect to other Azure resource types, such as Azure SQL databases and storage accounts. This approach enables you to link multiple Azure resources to virtual networks to improve security and provide optimal routing between resources.
Service endpoints
Name the 3 mechanisms through Azure virtual networks that enable you to link resources together in your on-premises environment and within your Azure subscription.
Azure virtual networks enable you to link resources together in your on-premises environment and within your Azure subscription. In effect, you can create a network that spans both your local and cloud environments. There are three mechanisms for you to achieve this connectivity:
- Point-to-site virtual private networks The typical approach to a virtual private network (VPN) connection is from a computer outside your organization, back into your corporate network. In this case, the client computer initiates an encrypted VPN connection to connect that computer to the Azure virtual network.
- Site-to-site virtual private networks A site-to-site VPN links your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network. In effect, the devices in Azure can appear as being on the local network. The connection is encrypted and works over the internet.
- Azure ExpressRoute For environments where you need greater bandwidth and even higher levels of security, Azure ExpressRoute is the best approach. ExpressRoute provides dedicated private connectivity to Azure that doesn’t travel over the internet. (You’ll learn more about ExpressRoute in a separate unit later in this module.)
What is the typical approach to a virtual private network (VPN) connection is from a computer outside your organization, back into your corporate network. In this case, the client computer initiates an encrypted VPN connection to connect that computer to the Azure virtual network.
Point-to-site virtual private networks
A _________ links your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network. In effect, the devices in Azure can appear as being on the local network. The connection is encrypted and works over the internet.
Site-to-site virtual private networks
What communication type for environments where you need greater bandwidth and even higher levels of security to communicate with your on premise resources should be used? This set up provides dedicated private connectivity to Azure that doesn’t travel over the internet.
Azure ExpressRoute
What are 2 methods to control routing and override settings Azure uses to route traffic between subnets on any connected virtual networks, on-premises networks, and the internet?
- Route tables A route table allows you to define rules about how traffic should be directed. You can create custom route tables that control how packets are routed between subnets.
- Border Gateway Protocol Border Gateway Protocol (BGP) works with Azure VPN gateways or ExpressRoute to propagate on-premises BGP routes to Azure virtual networks.
A ______ allows you to define rules about how traffic should be directed. You can create custom route tables that control how packets are routed between subnets.
Route tables
___________ works with Azure VPN gateways or ExpressRoute to propagate on-premises BGP routes to Azure virtual networks.
Border Gateway Protocol
Name the 2 approaches that Azure virtual networks enable you to filter traffic between subnets.
- Network security groups A network security group is an Azure resource that can contain multiple inbound and outbound security rules. You can define these rules to allow or block traffic, based on factors such as source and destination IP address, port, and protocol.
- Network virtual appliances A network virtual appliance is a specialized VM that can be compared to a hardened network appliance. A network virtual appliance carries out a particular network function, such as running a firewall or performing wide area network (WAN) optimization.
A __________ is an Azure resource that can contain multiple inbound and outbound security rules. You can define these rules to allow or block traffic, based on factors such as source and destination IP address, port, and protocol.
- Network security groups
A _______ is a specialized VM that can be compared to a hardened network appliance that carries out a particular network function, such as running a firewall or performing wide area network (WAN) optimization.
Network virtual appliances
You can link virtual networks together by using virtual network ______, which enables resources in each virtual network to communicate with each other. These virtual networks can be in separate regions, which allows you to create a global interconnected network through Azure.
peering
_____ is a significant update to Azure’s Virtual Networks as this allows network admins to control the routing tables between subnets within a VNet, as well as between VNets, thereby allowing for greater control over network traffic flow.
UDR is user-defined Routing.
What 3 connectivity types are enables through a VPN gateway?
Azure VPN Gateway instances are deployed in Azure Virtual Network instances and enable the following connectivity:
- Connect on-premises datacenters to virtual networks through a site-to-site connection.
- Connect individual devices to virtual networks through a point-to-site connection.
- Connect virtual networks to other virtual networks through a network-to-network connection.
What at the 2 VPN types used with the VPN Gateway?
When you deploy a VPN gateway, you specify the VPN type: either policy-based or route-based. The main difference between these two types of VPNs is how traffic to be encrypted is specified.
_______ specify statically the IP address of packets that should be encrypted through each tunnel. This type of device evaluates every data packet against those sets of IP addresses to choose the tunnel where that packet is going to be sent through.
Policy-based VPN gateways
What are 3 Key features of policy-based VPN gateways in Azure?
- Support for IKEv1 only.
- Use of static routing, where combinations of address prefixes from both networks control how traffic is encrypted and decrypted through the VPN tunnel. The source and destination of the tunneled networks are declared in the policy and don’t need to be declared in routing tables.
- Policy-based VPNs must be used in specific scenarios that require them, such as for compatibility with legacy on-premises VPN devices.
With ______, IPSec tunnels are modeled as a network interface or virtual tunnel interface. IP routing (either static routes or dynamic routing protocols) decides which one of these tunnel interfaces to use when sending each packet. This type is the preferred connection method for on-premises devices. They’re more resilient to topology changes such as the creation of new subnets.
route-based vpn gateways
What VPN gateway if you need any of the following types of connectivity:
- Connections between virtual networks
- Point-to-site connections
- Multisite connections
- Coexistence with an Azure ExpressRoute gateway
a route-based VPN gateway
What are the Key features of route-based VPN gateways in Azure?
- Supports IKEv2
- Uses any-to-any (wildcard) traffic selectors
- Can use dynamic routing protocols, where routing/forwarding tables direct traffic to different IPSec tunnels In this case, the source and destination networks aren’t statically defined as they are in policy-based VPNs or even in route-based VPNs with static routing. Instead, data packets are encrypted based on network routing tables that are created dynamically using routing protocols such as Border Gateway Protocol (BGP).
What is the only appropriate use for the basic VPN gateway?
A Basic VPN gateway should only be used for Dev/Test workloads
What Azure resources are required before you can deploy an operational VPN gateway?
- Virtual network. Deploy a virtual network with enough address space for the additional subnet that you’ll need for the VPN gateway. The address space for this virtual network must not overlap with the on-premises network that you’ll be connecting to. You can deploy only one VPN gateway within a virtual network.
- GatewaySubnet. Deploy a subnet called GatewaySubnet for the VPN gateway. Use at least a /27 address mask to make sure you have enough IP addresses in the subnet for future growth. You can’t use this subnet for any other services.
- Public IP address. Create a Basic-SKU dynamic public IP address if you’re using a non-zone-aware gateway. This address provides a public-routable IP address as the target for your on-premises VPN device. This IP address is dynamic, but it won’t change unless you delete and re-create the VPN gateway.
- Local network gateway. Create a local network gateway to define the on-premises network’s configuration, such as where the VPN gateway will connect and what it will connect to. This configuration includes the on-premises VPN device’s public IPv4 address and the on-premises routable networks. This information is used by the VPN gateway to route packets that are destined for on-premises networks through the IPSec tunnel.
- Virtual network gateway. Create the virtual network gateway to route traffic between the virtual network and the on-premises datacenter or other virtual networks. The virtual network gateway can be either a VPN or ExpressRoute gateway, but this unit only deals with VPN virtual network gateways. (You’ll learn more about ExpressRoute in a separate unit later in this module.)
- Connection. Create a connection resource to create a logical connection between the VPN gateway and the local network gateway.
- The connection is made to the on-premises VPN device’s IPv4 address as defined by the local network gateway.
- The connection is made from the virtual network gateway and its associated public IP address.
You can create multiple connections.
What 2 on premise resources are required to connect your datacenter to a VPN gateway?
- A VPN device that supports policy-based or route-based VPN gateways
- A public-facing (internet-routable) IPv4 address
when using VPN gateways, what 4 fault tolerant configurations can be implemented to ensure high-availability?
Active/standby: By default, VPN gateways are deployed as two instances in an active/standby configuration, even if you only see one VPN gateway resource in Azure. When planned maintenance or unplanned disruption affects the active instance, the standby instance automatically assumes responsibility for connections without any user intervention. Connections are interrupted during this failover, but they’re typically restored within a few seconds for planned maintenance and within 90 seconds for unplanned disruptions.
Active/active: With the introduction of support for the BGP routing protocol, you can also deploy VPN gateways in an active/active configuration. In this configuration, you assign a unique public IP address to each instance. You then create separate tunnels from the on-premises device to each IP address. You can extend the high availability by deploying an additional VPN device on-premises.
ExpressRoute failover: Another high-availability option is to configure a VPN gateway as a secure failover path for ExpressRoute connections. ExpressRoute circuits have resiliency built in. But they aren’t immune to physical problems that affect the cables delivering connectivity or outages that affect the complete ExpressRoute location. In high-availability scenarios, where there’s risk associated with an outage of an ExpressRoute circuit, you can also provision a VPN gateway that uses the internet as an alternative method of connectivity. In this way, you can ensure there’s always a connection to the virtual networks.
Zone-redundant gateways: In regions that support availability zones, VPN gateways and ExpressRoute gateways can be deployed in a zone-redundant configuration. This configuration brings resiliency, scalability, and higher availability to virtual network gateways. Deploying gateways in Azure availability zones physically and logically separates gateways within a region while protecting your on-premises network connectivity to Azure from zone-level failures. These gateways require different gateway SKUs and use Standard public IP addresses instead of Basic public IP addresses.
______________ lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider. Further, you can establish connections to Microsoft cloud services, such as Microsoft Azure and Microsoft 365.
ExpressRoute
True or false: ExpressRoute connections use the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the Internet.
False
What are three models ExpressRoute supports that you can use to connect your on-premises network to the Microsoft cloud?
- CloudExchange colocation
- Point-to-point Ethernet connection
- Any-to-any connection
True or false: Even if you have an ExpressRoute connection, DNS queries, certificate revocation list checking, and Azure Content Delivery Network requests are still sent over the public internet.
True. With ExpressRoute, your data doesn’t travel over the public internet, so it’s not exposed to the potential risks associated with internet communications. ExpressRoute is a private connection from your on-premises infrastructure to your Azure infrastructure. Even if you have an ExpressRoute connection, DNS queries, certificate revocation list checking, and Azure Content Delivery Network requests are still sent over the public internet.
Tailwind Traders wants to create a secure communication tunnel between its branch offices. Which of the following technologies can’t be used?
- Point-to-site virtual private network
- Implicit FTP over SSL
- Azure ExpressRoute
- Site-to-site virtual private network
Implicit FTP over SSL
FTP over SSL can’t be used to create a secure communication tunnel.
Tailwind Traders wants to use Azure ExpressRoute to connect its on-premises network to the Microsoft cloud. Which of the following choices isn’t an ExpressRoute model that Tailwind Traders can use?
- Any-to-any connection
- Site-to-site virtual private network
- Point-to-point Ethernet connection
- CloudExchange colocation
Site-to-site virtual private network
A site-to-site virtual private network isn’t an ExpressRoute model.
Which of the following options can you use to link virtual networks?
- Network address translation
- Multi-chassis link aggregation
- Dynamic Host Configuration Protocol
- Virtual network peering
Virtual network peering
Virtual network peering can be used to link virtual networks.
Which of the following options isn’t a benefit of ExpressRoute?
- Redundant connectivity
- Consistent network throughput
- Encrypted network communication
- Access to Microsoft cloud services
Encrypted network communication
ExpressRoute does provide private connectivity, but it isn’t encrypted.
What is the first step to using Azure Storage that can be done by using the Azure portal, PowerShell, or the Azure CLI.
To begin using Azure Storage, you first create an Azure Storage account to store your data objects. You can create an Azure Storage account by using the Azure portal, PowerShell, or the Azure CLI.
True or false: Your storage account will contain all of your Azure Storage data objects, such as blobs, files, and disks.
True
True or false: Azure VMs use Azure Disk Storage to store virtual disks, which can be used to store a disk outside of a virtual machine.
False. Azure VMs use Azure Disk Storage to store virtual disks. However, you can’t use Azure Disk Storage to store a disk outside of a virtual machine.
True or false: Disk Storage allows data to be persistently stored and accessed from an attached virtual hard disk.
True.
___________ is an object storage solution for the cloud. It can store massive amounts of data, such as text or binary data. It is unstructured, meaning that there are no restrictions on the kinds of data it can hold. This storage type can manage thousands of simultaneous uploads, massive amounts of video data, constantly growing log files, and can be reached from anywhere with an internet connection.
Azure Blob Storage
True or false: Blobs are limited to common file formats.
False. Blobs aren’t limited to common file formats. A blob could contain gigabytes of binary data streamed from a scientific instrument, an encrypted message for another application, or data in a custom format for an app you’re developing.
True or false: One advantage of blob storage over disk storage is that it does not require developers to think about or manage disks; data is uploaded as blobs, and Azure takes care of the physical storage needs.
True
What storage type is ideal for:
- Serving images or documents directly to a browser.
- Storing files for distributed access.
- Streaming video and audio.
- Storing data for backup and restore, disaster recovery, and archiving.
- Storing data for analysis by an on-premises or Azure-hosted service.
- Storing up to 8 TB of data for virtual machines.
Blob Storage is ideal for:
- Serving images or documents directly to a browser.
- Storing files for distributed access.
- Streaming video and audio.
- Storing data for backup and restore, disaster recovery, and archiving.
- Storing data for analysis by an on-premises or Azure-hosted service.
- Storing up to 8 TB of data for virtual machines.
_________ offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block and Network File System (preview) protocols. This type can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS.
Azure Files
What storage type would be used in these situations?
- Many on-premises applications use file shares. Azure Files makes it easier to migrate those applications that share data to Azure. If you mount the Azure file share to the same drive letter that the on-premises application uses, the part of your application that accesses the file share should work with minimal changes, if any.
- Store configuration files on a file share and access them from multiple VMs. Tools and utilities used by multiple developers in a group can be stored on a file share, ensuring that everybody can find them, and that they use the same version.
- Write data to a file share, and process or analyze the data later. For example, you might want to do this with diagnostic logs, metrics, and crash dumps.
Use Azure Files for the following situations:
- Many on-premises applications use file shares. Azure Files makes it easier to migrate those applications that share data to Azure. If you mount the Azure file share to the same drive letter that the on-premises application uses, the part of your application that accesses the file share should work with minimal changes, if any.
- Store configuration files on a file share and access them from multiple VMs. Tools and utilities used by multiple developers in a group can be stored on a file share, ensuring that everybody can find them, and that they use the same version.
- Write data to a file share, and process or analyze the data later. For example, you might want to do this with diagnostic logs, metrics, and crash dumps.
True or false: One thing that distinguishes Azure Files from files on a corporate file share is that you can access the files from anywhere in the world, by using a URL that points to the file.
True
What are 3 access tiers that Azure Storage offers for your blob storage, helping you store object data in the most cost-effective manner.
The available access tiers include:
- Hot access tier: Optimized for storing data that is accessed frequently (for example, images for your website).
- Cool access tier: Optimized for data that is infrequently accessed and stored for at least 30 days (for example, invoices for your customers).
- Archive access tier: Appropriate for data that is rarely accessed and stored for at least 180 days, with flexible latency requirements (for example, long-term backups).
What is the first step that you would take in order to share an image file as a blob in Azure Storage?
- Create an Azure Storage container to store the image.
- Create an Azure Storage account.
- Upload the image file and create a container.
- Use a Shared Access Signature (SAS) token to restrict access to the image.
- Create an Azure Storage account.
You must create an Azure Storage account before you can use any Azure Storage features.
Which Azure Storage option is better for storing data for backup and restore, disaster recovery, and archiving?
- Azure Files Storage
- Azure Disk Storage
- Azure Blob Storage
Azure Blob Storage
Azure Blob Storage is your best option for storing disaster recovery files and archives.
____________ is a globally distributed, multi-model database service. You can elastically and independently scale throughput and storage across any number of Azure regions worldwide.
Azure Cosmos DB
True or false: Azure Cosmos DB supports schema-less data, which lets you build highly responsive and “Always On” applications to support constantly changing data. You can use this feature to store data that’s updated and maintained by users around the world.
True
True or false: Azure Cosmos DB provides best effort support for throughput, latency, availability, and consistency guarantees and will not provide service level agreements.
False. Azure Cosmos DB provides comprehensive service level agreements for throughput, latency, availability, and consistency guarantees.
____________ is a relational database based on the latest stable version of the Microsoft SQL Server database engine. It is a high-performance, reliable, fully managed–DBaaS, and secure database. You can use it to build data-driven applications and websites in the programming language of your choice, without needing to manage infrastructure.
Azure SQL Database
________________ is a platform as a service (PaaS) database engine. It handles most of the database management functions, such as upgrading, patching, backups, and monitoring, without user involvement.
Azure SQL Database
Name 4 benefits of Azure SQL Database
- SQL Database provides 99.99 percent availability.
- PaaS capabilities that are built into SQL Database enable you to focus on the domain-specific database administration and optimization activities that are critical for your business.
- SQL Database is a fully managed service that has built-in high availability, backups, and other common maintenance operations.
- Microsoft handles all updates to the SQL and operating system code. You don’t have to manage the underlying infrastructure.
You can migrate your existing SQL Server databases with minimal downtime by using the _______________.
Azure Database Migration Service
___________________ is a relational database service in the cloud, and it’s based on the OpenSource Community Edition. With it, you have a 99.99 percent availability service level agreement from Azure, powered by a global network of Microsoft-managed datacenters.
Azure Database for MySQL
As a fully managed service, Azure Database for MySQL delivers what 6 benefits?
- Built-in high availability with no additional cost.
- Predictable performance and inclusive, pay-as-you-go pricing.
- Scale as needed, within seconds.
- Ability to protect sensitive data at-rest and in-motion.
- Automatic backups.
- Enterprise-grade security and compliance.
____________ is a relational database service in the cloud. The server software is based on the community version of the open-source database engine.
Azure Database for PostgreSQL
Azure Database for PostgreSQL is available in what two deployment options?
Single Server and Hyperscale (Citus)
what Azure Database for PostgreSQL deployment option delivers:
- Built-in high availability with no additional cost (99.99 percent SLA).
- Predictable performance and inclusive, pay-as-you-go pricing.
- Vertical scale as needed, within seconds.
- Monitoring and alerting to assess your server.
- Enterprise-grade security and compliance.
- Ability to protect sensitive data at-rest and in-motion.
- Automatic backups and point-in-time-restore for up to 35 days.
Single Server
The Single Server deployment option offers what three pricing tiers? Each tier offers different resource capabilities to support your database workloads.
Basic, General Purpose, and Memory Optimized.
What Azure Database for PostgreSQL deployment option horizontally scales queries across multiple machines by using sharding. Its query engine parallelizes incoming SQL queries across these servers for faster responses on large datasets. It serves applications that require greater scale and performance, generally workloads that are approaching, or already exceed, 100 GB of data.
Hyperscale (Citus)
True or false: The Hyperscale (Citus) deployment option supports multi-tenant applications, real-time operational analytics, and high throughput transactional workloads. Applications built for PostgreSQL can run distributed queries on Hyperscale (Citus) with standard connection libraries and minimal changes.
True
________________ is a platform as a service (PaaS) database engine, which means that your company will be able to take advantage of the best features of moving your data to the cloud in a fully-managed environment. It allows existing customers to lift & shift their on-premises applications to the cloud with minimal application and database changes. Features include:
- Fully managed & evergreen PaaS
- Preserves all PaaS capabilities (automatic patching and version updates, automated backups, and high availability)
- Exchange existing licenses for discounted rates using the Azure Hybrid Benefit
- built-in high availability features and a 99.99% uptime service level agreement (SLA)
Azure SQL Managed Instance
True of false: Once you have resolved any issues, you can migrate your data, then cutover from your on-premises SQL Server to your Azure SQL Managed Instance by changing the connection string in your applications.
True
__________________ is a limitless analytics service that brings together enterprise data warehousing and big data analytics.
Azure Synapse Analytics (formerly Azure SQL Data Warehouse)
_________________ is a fully managed, open-source analytics service for enterprises. It’s a cloud service that makes it easier, faster, and more cost-effective to process massive amounts of data. You can run popular open-source frameworks and create cluster types such as Apache Spark, Apache Hadoop, Apache Kafka, Apache HBase, Apache Storm, and Machine Learning Services.
______________ helps you unlock insights from all your data and build artificial intelligence solutions. You can set up your Apache Spark environment in minutes, and then autoscale and collaborate on shared projects in an interactive workspace. Azure Databricks supports Python, Scala, R, Java, and SQL, as well as data science frameworks and libraries including TensorFlow, PyTorch, and scikit-learn.
________________ is an on-demand analytics job service that simplifies big data. Instead of deploying, configuring, and tuning hardware, you write queries to transform your data and extract valuable insights. The analytics service can handle jobs of any scale instantly by setting the dial for how much power you need. You only pay for your job when it’s running, making it more cost-effective.
Your development team is interested in writing Graph-based applications that take advantage of the Gremlin API. Which option would be ideal for that scenario?
- Azure Cosmos DB
- Azure SQL Database
- Azure Databricks
- Azure Database for PostgreSQL
Azure Cosmos DB
Azure Cosmos DB supports SQL, MongoDB, Cassandra, Tables, and Gremlin APIs.
Tailwind Traders uses the LAMP stack for several of its websites. Which option would be ideal for migration?
- Azure Cosmos DB
- Azure Database for MySQL
- Azure Database for PostgreSQL
Azure Database for MySQL
Azure Database for MySQL is the logical choice for existing LAMP stack applications.
Tailwind Traders has millions of log entries that it wants to analyze. Which option would be ideal for analysis?
- Azure Cosmos DB
- Azure SQL Database
- Azure Database for PostgreSQL
- Azure Synapse Analytics
Azure Synapse Analytics
Azure Synapse Analytics is the logical choice for analyzing large volumes of data.
True or false: Availability zones provide high-availability, fault tolerance, and disaster recovery in all potential disaster scenarios.
False. Availability zones provide high-availability and fault tolerance, but they might not help you with disaster recovery. If there is a localized disaster, such as a fire in a datacenter housing one zone, you will benefit from availability zones. Because availability zones are located in the same Azure region, if there is a large-scale natural disaster such as a tornado, you might not be protected. In other words, availability zones are just one facet to an overall disaster recovery and fault-tolerant design.
Comparing 2 different concepts: _____(1)____ allow you to create two or more virtual machines in different physical server racks in an Azure datacenter. Microsoft guarantees a 99.95 percent SLA with an this. In contrast, an ___(2)_____ allows you to deploy two or more Azure services into two distinct data- centers within a region. Microsoft guarantees a 99.99 percent SLA with this.
- Availability sets
- availability zone
True or false: An Azure resource can exist in multiple resource groups.
False. An Azure resource can only exist in one resource group. In other words, you can’t have a virtual machine in a resource group called WebStorefront and also in a resource group called SalesMarketing, because it must be in one group or the other. You can move Azure resources
Each Azure subscription has limits (sometimes called quotas) assigned to it. For example, you can have up to 250 Azure Storage accounts per region in a subscription, up to 25,000 virtual machines per region, and up to 980 resource groups per subscription across all regions. If you need to increase beyond this limit, what would you do?
Contact Microsoft Support as they can increase limits in some scenarios if you have a good business justifi- cation. Some limits, however, cannot be increased.
Each subscription is associated with a unique identifier called a __________. You can give each subscription a descriptive name to help you identify it, but Azure will always use the the unique identifier to identify your subscription.
subscription ID
Azure Resource Manager, or ARM, is a service that runs in Azure, and it’s responsible for all interaction with Azure services. When you create a new Azure service, ARM authenticates you to make sure you have the right access to create that resource, and then it talks to a ____________ for the service you’re creating. For example, if you’re creating a new web app in Azure App Service, ARM will pass your request on to the Microsoft.Web this because it knows all about web apps and how to create them.
resource provider
EXAM TIP
There are resource providers for every Azure service, but the names might not always make sense. For example, the Microsoft.Compute resource provider is responsible for creating virtual machine resources.
You don’t have to know details on resource providers for the AZ-900 exam, but you should understand the general concept because you are expected to know about Azure Resource Manager.
True or false: You are charged for App Service plans even when no web apps are running in them.
True. If you do have web apps in your App Service plan, you are still charged if you stop the web apps. The only way to avoid being billed for an App Service plan is to delete it.
True or false: You can’t change the DNS Name Label after the container instance is created. You also can’t change the image your instance uses.
True. If you want to change these settings, you’ll need to delete the instance and re-create it. However, doing so might mean that you lose your public IP address, so it’s best to plan ahead before you create your instance.
VPN Gateway has several pricing tiers, and each pricing tier has an associated bandwidth cap. When connecting two VNets using a VNet-to-VNet connection, you realize the bandwidth restrictions imposed by the VPN Gateway pricing tier are going to be too restrictive. What should you consider using in this case?
Virtual Network or VNet Peering
You can connect your VNets using virtual network peering. Traffic between two VNets that are peered travels over Microsoft’s private backbone infrastructure and not over the Internet; however, unlike a VNet-to-VNet connection, the traffic is not encrypted.
You can peer VNets that are in the same region or in different regions. Microsoft refers to peering VNets between two Azure regions as ____________.
global virtual network peering
Microsoft calls an ExpressRoute connection a _______.
circuit
True or false: You have mounted Azure Files shares on Azure VMs and want to on-premises on your Windows 7 or Windows Server 2008 Systems. This is a supported set up and will work.
False. You can mount Azure Files shares on Azure VMs and on-premises on Windows, Linux, and MacOS. You can’t, however, use Windows 7 or Windows Server 2008 to mount an Azure Files share on-premises because those operating systems only support SMB 2.1.
True or false: Azure Files shares use SMB, therefore you’ll need to make sure that TCP port 445 is open on your network.
True
True or false: Because relational databases don’t scale horizontally, there are limited options to scale horizontally. There are some options available for scaling out a read-only copy of your data- base, but in general, relational databases don’t offer the capability of scaling out to provide additional copies of your data in multiple regions.
True
True or false: Azure Database for MySQL secures your data at rest and in motion. That means that not only are your databases secure, but data is also secure when users are querying your database.
True
True or false: Unlike resources deployed by Azure Resource Manager, Azure Marketplace requires you to support the 3rd parties deployment model as ARM templates aren’t available for 3rd party service deployments.
False. All the templates in the Azure Marketplace are ARM templates that deploy one or more Azure services. Remember from our earlier discussion of Azure Resource Manager that all ARM deployments are deployed using ARM templates. The Marketplace is no different.
