John Saville - Gemini Pro Flashcards
(154 cards)
1
Q
What is the new name for Azure AD?
A
entra ID
2
Q
What is the key difference between entra ID and Active Directory Domain Services?
A
entra ID speaks Cloud while ADDS speaks on-premises protocols
3
Q
What is the standard way to interact with entra ID?
A
Microsoft Graph
4
Q
What are the two technologies for replicating from Active Directory to entra ID?
A
entra Connect and entra Connect Cloud Sync
5
Q
Which way does the replication flow?
A
From Active Directory to entra ID
6
Q
What is the purpose of having a Cloud identity?
A
To allow applications to trust it for authentication and authorization
7
Q
What is the name of the particular instance of entra ID for an organization?
A
Tenant
8
Q
What is the default domain name for a new entra ID tenant?
A
something.onmicrosoft.com
9
Q
What is the purpose of external users?
A
To allow interaction with users from other organizations without creating separate accounts
10
Q
What is the difference between a guest and an external user?
A
Guests are external users by default, but they can be made members of the tenant
11
Q
What are the different ways to provision accounts in entra ID?
A
Synchronization, manual creation, bulk creation, and provisioning from external systems
12
Q
What are the two types of groups in entra ID?
A
Security groups and Microsoft 365 groups
13
Q
What is the difference between registering and joining a device in entra ID?
A
Registering is for personal devices, while joining is for corporate devices
14
Q
What are the different levels of entra ID licenses?
A
Free, P1, P2, and Governance add-on
15
Q
What is the purpose of conditional access?
A
To enforce additional security checks based on factors such as device, location, and risk
16
Q
What is the purpose of privileged identity management?
A
To manage and monitor privileged accounts
17
Q
What is the purpose of self-service password reset?
A
To allow users to reset their own passwords without contacting the help desk
18
Q
Who should have the global administrator role?
A
Only a few trusted individuals
19
Q
Is entra ID a hierarchical structure?
A
No, it is a flat structure
20
Q
What is the difference between the Azure commercial cloud and other clouds?
A
They have different URLs, tenants, regions, and availability zones
21
Q
What is the purpose of availability zones?
A
To provide redundancy and resilience within a region
22
Q
How many availability zones are exposed to a subscription?
A
Three
23
Q
What is the goal of using multiple regions?
A
To avoid single points of failure and improve disaster recovery
24
Q
What is the purpose of subscription?
A
To organize and manage resources
25
What is the purpose of management groups?
To organize subscriptions and apply policies, access control, and budgets
26
What are the three core things that management groups can be used for?
Access control, policy, and budgets
27
How are policies and budgets inherited?
They are inherited from parent management groups to child management groups and subscriptions
28
What is the purpose of a management group?
To organize subscriptions and apply policies, access control, and budgets
29
What is the purpose of a subscription?
To organize and manage resources
30
What is the purpose of a resource group?
To group related resources that will be provisioned, run, and decommissioned together
31
What is Azure Hybrid Benefit?
A program that allows customers to use existing Windows Server and SQL Server licenses in the cloud
32
What is Azure Reservation?
A one or three-year commitment to use a specific service in a specific region, which results in a discount
33
What is Azure Savings Plan?
A flexible one or three-year commitment to spend a certain amount on included compute services, which results in a discount
34
How does Azure Savings Plan apply to resources?
It applies the best discount to the resource that is running and then moves on to the next resource
35
Can a resource have both a Savings Plan and a Reserved Instance?
No, it can only have one or the other
36
What is the purpose of cost analysis?
To provide insights into spending and identify areas for optimization
37
What is the purpose of a budget?
To set a financial limit and receive alerts when it is reached or exceeded
38
What are tags?
Key-value pairs that can be applied to resources, resource groups, and subscriptions for organization and filtering
39
Do tags get inherited?
No, by default, tags are not inherited from parent to child resources
40
What is the purpose of Azure policy?
To set guard rails and configure requirements for resources
41
What is the difference between a policy and an initiative?
A policy is a specific condition and effect, while an initiative is a set of policies
42
What is the benefit of using initiatives?
Easier assignment and compliance tracking for multiple policies
43
What is the Microsoft Cloud Security Benchmark?
A free set of initiatives for security best practices
44
What is role-based access control (RBAC)?
A mechanism for assigning permissions to users and groups at different scopes (management group, subscription, resource group, resource)
45
What is the principle of least privilege?
Giving users and groups the minimum amount of permissions necessary to perform their tasks
46
What is the difference between owner, contributor, and reader roles?
Owner: Full access, contributor: All access except changing permissions, reader: Read-only access
47
Can you create custom roles?
Yes, you can create custom roles by cloning existing roles and adding or removing permissions
48
What is the difference between control plane and data plane?
Control plane: Managing Azure resources, data plane: Interacting with data (e.g., writing to a database)
49
What is a virtual network (vnet)?
A private network within Azure that provides IP addresses to resources and defines subnets
50
What is the purpose of a subnet?
To divide a vnet into smaller IP address ranges
51
How many IP addresses are lost in each subnet?
Five (network address, broadcast address, gateway, and two for DNS)
52
What is the difference between standard and basic public IPs?
Standard: Static, basic: Dynamic (retiring on 30th September 2025)
53
What is a public IP address?
An IP address that allows resources to communicate with the public internet
54
What is a prefix?
A contiguous block of IP addresses
55
Can you bring your own IP addresses to Azure?
Yes, but it requires a specific process
56
What is a peering?
A connection between two virtual networks that allows resources to communicate using private IP addresses
57
What is the difference between Gateway Transit and Use Remote Gateway?
Gateway Transit: Allows a virtual network to use the Gateway of another virtual network for connectivity, Use Remote Gateway: Allows a virtual network to use the Gateway of another virtual network for egress
58
What is Azure Virtual Network Manager?
A tool for managing virtual networks and configuring connectivity
59
What are Network Groups in Azure Virtual Network Manager?
Groups of virtual networks that can be used to define connectivity configurations
60
What are Security Admin Rules in Azure Virtual Network Manager?
Rules that apply before local virtual network rules and can be used to allow or deny traffic
61
What is a Network Security Group (NSG)?
A set of rules that control network traffic to and from a virtual network
62
What is a Service Tag?
A tag that represents a range of IP addresses for Azure services
63
What is an Application Security Group?
A tag that can be applied to a network interface to control access to resources
64
What is the default rule for inbound traffic in an NSG?
Deny all traffic except traffic from the virtual network itself
65
What is the default rule for outbound traffic in an NSG?
Allow all traffic
66
What is a Network Security Group (NSG)?
A set of rules that control network traffic to and from a virtual network
67
What is a Service Tag?
A tag that represents a range of IP addresses for Azure services
68
What is an Application Security Group?
A tag that can be applied to a network interface to control access to resources
69
What is the difference between Azure Firewall Basic, Standard, and Premium?
Basic: Low performance, Standard: Up to 30 Gbps, Premium: Up to 100 Gbps, Additional features such as intrusion detection and URL filtering
70
What is Azure DNS?
A public and private DNS service provided by Microsoft
71
What is the difference between public and private DNS zones in Azure?
Public zones are accessible from the internet, while private zones are only accessible within virtual networks
72
What is automatic registration in Azure Private DNS?
A feature that automatically creates DNS records for resources in a virtual network
73
What is Azure Private DNS Resolver?
A service that allows resources outside of a virtual network to resolve records in private DNS zones
74
What is the default DNS zone for a virtual network?
internal.cloudapp.net
75
Can custom DNS servers be used with virtual networks?
Yes, but they must also be able to resolve to the Azure DNS IP address (168.63.129.16)
76
What are the two types of VPN gateways?
Policy-based (static routing) and Route-based (dynamic routing)
77
What is the difference between policy-based and route-based VPN gateways?
Policy-based: One tunnel, restrictive, Legacy only, Route-based: Multiple tunnels, point-to-site VPN
78
What is Express Route?
A private connectivity service that extends a customer's network into Microsoft's backbone
79
What is private peering in Express Route?
A type of connectivity that connects private IP spaces within virtual networks
80
What is Express Route Global Reach?
Enables connectivity between different Express Route circuits and locations using the Microsoft backbone
81
What is Microsoft peering?
A type of connectivity that allows customers to connect to Azure PaaS services over Express Route
82
What is Azure Virtual WAN?
A managed service that provides connectivity and routing for virtual networks and other Azure resources
83
What is the difference between Azure Virtual WAN Basic and Standard?
Basic: Site-to-site VPN only, Standard: Express Route, intra-VNet connectivity, Azure Firewall integration, Network Virtual Appliance deployment
84
What are User Defined Routes (UDRs)?
Custom routing policies that override default routing tables
85
What are service endpoints?
Enable specific subnets to communicate with Azure PaaS services
86
How do service endpoints work?
Create a private connection between a subnet and a service, allowing only resources in the subnet to access the service
87
What is a private endpoint?
Creates an IP address in a subnet that connects to a specific instance of a service, providing a secure and direct communication channel
88
How does a private endpoint differ from a service endpoint?
A private endpoint provides an IP address in a subnet that can be accessed from outside the subnet, while a service endpoint only allows communication from within the subnet
89
What is Azure Bastion?
A managed jump box service that allows secure access to virtual machines from the internet
90
What are the different Azure Bastion SKUs?
Basic: Same VNet only, Developer: Same VNet only, Standard: Peered VNets, RDP to Linux, SSH to Windows, Azure CLI support, Sharable link, Copy/paste disable
91
What is Azure Application Gateway?
A Layer 7 load balancer that understands HTTP/S and websockets
92
What is Azure Load Balancer?
A Layer 4 load balancer that supports TCP and UDP
93
What are the two SKUs of Azure Load Balancer?
Basic and Standard
94
How does Azure Load Balancer work?
Has a front-end IP address and one or more backend pools, uses health probes to check backend pool instances
95
What are the differences between Azure Load Balancer Free and Standard SKUs?
Free: 300 backend instances, no SLA, no outbound rules, Basic IP only, Standard: 1000 backend instances, SLA, outbound rules, Nicknames or IP addresses
96
What is Azure Application Gateway?
A Layer 7 load balancer that understands HTTP/S, websockets, and other application-layer protocols
97
What are the benefits of using Azure Application Gateway?
URL-based routing and redirection, SSL/TLS termination, session affinity, web application firewall protection
98
What is Azure Traffic Manager?
A DNS-based global load balancer that distributes traffic based on performance, priority, and other factors
99
What is a cross-region load balancer?
A global IP address that points to multiple regional load balancers, providing a single endpoint for clients to access
100
What is the difference between Azure Storage General Purpose V2 and Premium Storage?
General Purpose V2 offers all types of blobs, queues, tables, and files, while Premium Storage is built on SSD technology and offers block blobs, page blobs, and files with higher performance
101
What is the difference between Premium Files and regular files?
Premium Files are provisioned based on size, meaning users pay for the size of the share they create rather than the amount of data written to it
102
What are the different types of Azure Storage services?
Blob, file shares, queues, tables
103
What is the purpose of Azure Storage Explorer?
A tool for interacting with Azure Storage accounts, including viewing contents, writing items to queues, and adding data to tables
104
What are the different redundancy options for Azure Storage accounts?
Locally redundant storage (LRS): Three copies within the same storage cluster, Zone redundant storage (ZRS): Three copies spread over three availability zones, Geo-redundant storage (GRS): Three copies within a storage cluster and three copies in a paired region, Geo-zone-redundant storage (GZRS): Three copies spread over three availability zones and three copies in a paired region's storage cluster
105
What are the different tiers available for Azure Blob storage?
Hot, Cool, Cold, Archive
106
How does pricing for Azure Blob storage differ across tiers?
Hot: Highest capacity cost, lowest transaction cost; Cool: Lowest capacity cost, highest transaction cost; Cold: Low capacity cost, high transaction cost; Archive: Super cheap capacity cost, no interaction (offline)
107
What is Azure Blob storage lifecycle management?
A feature that allows users to create rules for automatically moving data between tiers based on filters such as last access time or creation date
108
What is Azure Blob storage object replication?
A feature that enables users to replicate data from a container in one storage account to a container in another storage account, regardless of region
109
What is the difference between Azure Files tiers?
Transaction Optimized: Highest capacity cost, lowest transaction cost; Hot: Low capacity cost, high transaction cost; Cool: Lowest capacity cost, highest transaction cost; Premium: Different type of storage account with higher performance
110
What are some of the features available for Azure Files?
Performance configuration, backup snapshots, soft delete, backup Vault integration, Azure AD integration
111
What is Azure File Sync?
A service that enables synchronization of on-premises file shares with Azure Files
112
What are the benefits of using Azure File Sync?
Infinite scale, data resilience, offloading of less-used data to the cloud
113
How can I control access to Azure Storage data?
Using data plane role-based access control (RBAC) or shared access signatures (SAS)
114
What is the difference between a storage account key and a shared access signature?
Storage account keys are powerful and should be rotated regularly; shared access signatures are more granular and can be used for specific services or resources
115
What is encryption scope?
A feature that enables the use of different encryption keys for different containers or blobs within a storage account
116
What are the different types of Azure managed disks?
Standard HDD, Standard SSD, Premium SSD, Premium SSD V2, Ultra Disk
117
How is performance determined for Azure managed disks?
Performance is tied to the size of the disk, with larger disks providing better performance
118
How can I modify the performance of a Premium SSD V2 or Ultra Disk?
By adjusting the IOPS and throughput settings
119
How can I encrypt Azure managed disks?
By creating a disk encryption set that uses a key in Azure Key Vault
120
What is the best way to provision Azure resources?
Using declarative templates such as ARM JSON or Azure Bicep
121
What are the benefits of using templates for provisioning?
Ensures consistency, reduces errors, and allows for version control
122
What is the difference between Infrastructure as a Service (IaaS) and Platform as a Service (PaaS)?
IaaS: Vendor manages hypervisor, physical servers, storage, networking; customer manages OS, patching, backup, etc.; PaaS: Vendor manages all of the above except customer application and data
123
What is the ultimate level of service in the cloud?
Serverless offerings like Azure Functions and Logic Apps
124
What are the different dimensions of a virtual machine?
CPU, memory, storage, network capabilities, special GPUs (e.g., ratio of CPU cores to memory)
125
Why is it important to match the VM skew and size to the workload?
To optimize resource utilization and avoid wasting resources
126
What is the concept of scaling in Azure?
Adding or removing VM instances based on changing workload requirements
127
What are the different types of virtual machine storage?
Ephemeral, temporary, premium, standard
128
What is the purpose of a virtual machine extension?
To add capabilities to a virtual machine, such as running scripts or integrating with Azure services
129
What is Azure Bastion?
A service that provides secure access to virtual machines through a managed jumpbox environment
130
What is the difference between a fault domain and an availability zone?
Fault domains are within a single data center, while availability zones are isolated across multiple data centers
131
What is a virtual machine scale set?
A group of virtual machines that can be scaled up or down automatically based on demand
132
What is the difference between uniform and flexible virtual machine scale sets?
Uniform scale sets have a fixed scaling profile, while flexible scale sets allow for more customization and the inclusion of spot instances
133
What is a container registry?
A repository for container images
134
What is the difference between a virtual machine and a container?
A virtual machine virtualizes the hardware, while a container virtualizes the operating system
135
What is the purpose of a container registry?
To store and manage container images
136
What is the role of the control plane in Kubernetes?
To manage the cluster and schedule containers
137
What is a pod in Kubernetes?
A container instance
138
What is persistent volume claim?
A request for storage that can be mapped to a persistent volume
139
What is the purpose of the cluster autoscaler in Kubernetes?
To add or remove nodes as needed to meet the demand for pods
140
What is the difference between Azure Container Instances and AKS?
Azure Container Instances is a managed service for running containers without the need for an orchestrator, while AKS is a managed Kubernetes service
141
What is the purpose of an app service plan in Azure?
To define the resources and configuration for a group of app service instances
142
What is the difference between standard and elastic scaling in app service plans?
Standard scaling requires manual configuration of scaling rules, while elastic scaling automatically adjusts the number of instances based on load
143
What is the purpose of the activity log in Azure?
To record control plane operations at the subscription level
144
What is the difference between metrics and logs in Azure Monitor?
Metrics are time-based signals, while logs are structured events
145
What is the purpose of diagnostic settings in Azure Monitor?
To configure the collection and destination of logs
146
What is the benefit of using a log analytics workspace for log storage?
Powerful analytics capabilities using KQL
147
What is the purpose of Azure Monitor?
To collect and analyze metrics and logs from Azure resources
148
What is the difference between metrics and logs in Azure Monitor?
Metrics are time-based signals, while logs are structured events
149
What is the purpose of diagnostic settings in Azure Monitor?
To configure the collection and destination of logs
150
What is the purpose of alerts in Azure Monitor?
To notify you when certain conditions are met
151
What is the difference between alert processing rules and action groups?
Alert processing rules determine which action groups to call and when to suppress alerts, while action groups define the actions to be taken
152
What is the difference between common and basic log analytics workspaces?
Common workspaces have full KQL capabilities and included data ingestion and storage costs, while basic workspaces have a subset of KQL capabilities and require payment for data ingestion and storage
153
What is the purpose of Network Watcher?
To troubleshoot network-related issues
154
What are some of the capabilities of Network Watcher?
IP flow verification, next hop determination, VPN troubleshooting, connection troubleshooting, packet capture, and NSG diagnostics
