Microsoft Azure Fundamentals Flashcards
1
Q
It is the delivery of compute services over the internet to provide faster innovation, flexible resources, and economies of scale.
You typically pay only for services you use.
A
Cloud Computing
2
Q
Cost
Improved Speed
Scalability
Increased Productivity
Better Performance
Reliability
Improved Security
A
Benefits of Cloud Computing
3
Q
A cloud computing service that offers compute, storage, and networking resources on demand. Service provider manages the infrastructure.
- Lift and shift scenario
- Storage and Backup
- Web Apps
- High-performance Computing
A
Infrastructure-As-A-Service
4
Q
A complete development and deployment environment in the cloud.
Includes servers, storage, networking, middleware, development tools, BI services, database management systems.
Supports the complete web application lifecycle
You manage the applications and services and the service provider manages everything else
- Development Framework
A
Platform-As-A-Service
5
Q
Provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider
Infrastructure, middleware, app software, and app data are located in the service provider’s data center
Service provider manages underlying hardware and software
Refers to cloud-based applications that users connect to and use over the internet.
A
Software-As-A-Service
6
Q
Cloud deployment model where services are offered over the public internet and available to anyone who wants to purchase them
A
Public Cloud
7
Q
Cloud deployment model used only by users from one business or organization.
Can be physically located in on-site datacenter, or can be hosted by a third-party service provider.
A
Private Cloud
8
Q
Cloud deployment model that combines a public cloud and a private cloud by allowing data and applications to be shared between them
A
Hybrid Cloud
9
Q
- No upfront costs
- No need to purchase or manage infrastructure
- Pay for additional resources only when needed
- Stop paying for unneeded resources
A
Benefits of a consumption based model
10
Q
Users pay only for the resources that they use
A
Consumption based model
11
Q
A continuous user experience with virtually no downtime
A
High Availability
12
Q
- Can scale vertically (increase compute capacity by adding RAM or CPUs)
- Can scale horizontally (increase compute capacity by adding instances of resources, such as adding VMs to the configuration)
A
Scalability
13
Q
Cloud-based apps can take advantage of autoscaling, where resources are always available when needed
A
Elasticity
14
Q
Deploy and configure cloud-based resources quickly as app requirements change
A
Agility
15
Q
Deploy apps and data to regional datacenters around the globe to ensure that your customers always have the best performance in their region
A
Geo-distribution
16
Q
Cloud-based backup services, data replication options, and geo-distribution allow you to deploy apps while ensuring that data is safe in the event of disaster
A
Disaster Recovery
17
Q
What features are deployed in each Azure region and are deployed within latency-defined parameters?
A
Datacenters
18
Q
What protect resources against rack failures within a datacenter?
A
Availability Sets
19
Q
What do you call physically separate locations within each Azure region that are tolerant to local datacenter failures?
A
Availability Zones
20
Q
True or False. An Azure resource group is a container that holds related resources for an Azure solution, and typically includes resources that you want to manage as a group.
A
True
21
Q
True or False. Azure is made up of datacenters located around the globe.
A
True
22
Q
An on-demand computing service for running cloud-based applications.
Popular services:
Azure Virtual Machines
Azure Container Instances
Azure App Service
Azure Functions
A
Azure Compute
23
Q
Container offering great for scenarios that can operate in isolated containers
A
Azure Container Instances
24
Q
Container offering that is great for full container orchestration
A
Azure Kubernetes Service
25
Azure service that allows your Azure resources like VMs, web apps and database to communicate with users on the internet and with on-prem clients computers
Azure Virtual Networks
26
Required when creating a VNET. Must be specified using public and private addresses.
Address Space
27
Enables you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network's address space to each subnet.
Subnets
28
True or False. VNet is scoped to a single region/location; however, multiple virtual networks from different regions can be connected together using Virtual Network Peering.
True
29
True or False. VNet is scoped to a subscription. You can implement multiple virtual networks within each Azure subscription and Azure region.
True
30
Allows virtual networks connection within the same Azure region
Virtual network peering
31
Allows virtual network connection across Azure regions
Global virtual network peering
32
True or False. Traffic between peered virtual networks is private
True
33
True or False. No public internet, gateways, or encryption is required in peered virtual networks.
True
34
Allows you to connect on-prem datacenters to vNets through a site-to-site connection, to connect individual devices to vNets through a point-to-site connection, and to connect vNets to other virtual networks through a network-to-network connection
VPN Gateway
35
A VPN gateway type that support IKEv1 and use static routing
Policy-based VPN
36
A VPN gateway type that support IKEv2 and use dynamic routing
Route-based VPN
37
It extends on-prem networks into the Microsoft cloud over a private connection and establish connections to Microsoft cloud services.
Azure ExpressRoute
38
True or False. Azure ExpressRoute don't go over the public Internet.
True
39
Allows you to access Azure PaaS Services and Azure customer-hosted services over a private endpoint in your virtual network
Azure Private Link
40
A network interface that uses a private IP address from your virtual network that connects you privately and securely to a service that's powered by Azure Private Link
A Private endpoint
41
True or False. Traffice between your vNet and the service you are connecting to via a private link travels the Microsoft backbone network.
True
42
Premium storage account type for page blobs only.
Premium page blobs
43
Premium storage account type for file shares only. Recommended for enterprise or high-performance scale applications. Supports both Server Message Block (SMB) and NFS file shares.
Premium File Shares
44
Premium storage account type for block blobs and append blobs. Recommended for scenarios with high transaction rates or that use smaller objects or require consistently low storage latency.
Premium Block Blobs
45
Standard storage account type for blobs, file shares, queues, and tables. Recommended for most scenarios using Azure Storage.
Standard general-purpose v2
46
It is optimized for storing massive amounts of unstructured data
Blob storage
47
True or False. Azure files are fully managed file shares in the cloud.`
True
48
True or False. Server Message Block (SMB) file shares are accessible from Windows, Linux, macOS.
True
49
True or False. Network File System (NFS) shares are accessible from Linux / macOS
True
50
To implement communication between components of a distributed app what does Azure Queue Storage implement?
Cloud-based queues
51
True or False. Each queue maintains a list of messages that can be added by a sender component and processed by a receiver component
True
52
A storage service that stores structured NoSQL data in the cloud and provides key/attribute store with a schemaless design
Azure Table storage
53
The following are examples of use case for what kind of Azure storage:
- Storing TBs of structured data capable of serving web scale applications
- Storing datasets that don't require complex joins, foreign keys, or stored procedures and can be denormalized for fast access
- Quickly querying data using a clustered index
- Accessing data using the OData protocol and LINQ queries with WCF Data Service .NET Libraries
Azure Table storage
54
A managed disk that's attached to a virtual machine to store application data, or other data you need to keep.
Data disk
55
A managed disk a pre-installed OS, which was selected when the VM was created. This disk contains the boot volume.
OS disk
56
Is not a managed disk, provides short-term storage for applications and processes, and is intended to only store data such as page or swap files
Temporary disk
57
Highest-performing storage option for Azure VMs
Ultra Disks
58
High-performance and low latency disk support for VMs with IO-intensive workloads
Premium SSDs
59
Designed for IO-intense enterprise workloads that require consistent sub-millisecond disk latencies and high IOPs
Premium SSD v2
60
Deliver reliable low-cost disk support for VMs running latency-tolerant workloads
Standard HDDs
61
What redundancy option provides the following:
- Replicates your data three times within a single data center in the selected region.
- Protects your data against server rack and drive failures.
- Provide at least 99.999999999% (11 9's) of durability over a given year.
Locally-Redundant Storage (LRS)
62
What redundancy option provides the following:
- Synchronously replicates your Azure managed disk across three Azure availability zones in the region you select.
- Provide at least 99.9999999999% (12 9's) of durability over a given year.
Zone-Redundant Storage (ZRS)
63
Copies your data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in the secondary region. Within the secondary region, your data is copied synchronously three times using LRS.
Geo-redundant storage (GRS)
64
Copies your data synchronously across three Azure availability zones in the primary region using ZRS. It then copies your data asynchronously to a single physical location in the secondary region. Within the secondary region, your data is copied synchronously three times using LRS.
Geo-zone-redundant storage (GZRS)
65
Command-line utility used to copy blobs or files to or from a storage account
AzCopy
66
AzCopy supported storage type
Blob Storage and File Storage
67
AzCopy supported authorization for Blob storage
Azure AD & SAS
68
AzCopy supported authorization for File storage
SAS only
69
It helps centralize file shares in Azure Files
Azure File Sync
70
It helps transform Windows Servers into a quick caches of Azure file shares
Azure File Sync
71
Some protocols used by Azure File Sync to access data on Windows server
SMB, NFS, FTPS
72
It allows discovery and assessment of servers including SQL and web apps
Azure Migrate: Discovery and assessment
73
It is used to migrate VMware VMs, Hyper-V Vms, physical servers, other virtualized servers and public cloud VMs to Azure
Azure Migrate: Server Migration
74
A stand-alone tool designed to allow you to asses SQL Server databases for migration to Azure SQL Database, Azure SQL Managed Instance, or Azure VMs running SQL Server
Data Migration Assistant
75
It allows you to migrate on-prem databases to Azure VMs running SQL Server, Azure SQL Database, or SQL Managed Instances
Azure Database Migration Service
76
It helps in assessing on-prem web apps before migration to Azure
Azure App Service Migration Assistant
77
It uses secure transfer of data via a physical storage device and migrate large amounts of offline data, up to 80 TB to Azure
Azure Data Box
78
Microsoft's managed network security service in Azure that protects Azure Virtual Network resources. A cloud-native and intelligent network firewall security service that provides the best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful, firewall as a service with built-in high availability and unrestricted cloud scalability. It provides both east-west and north-south traffic inspection.
Azure Firewall
79
Provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes.
Azure DDoS Protection
80
It filters network traffic between Azure resources in an Azure virtual network. Contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. You can specify source and destination, port, and protocol for each rule.
Azure network security group
81
Enable you to configure network security as a natural extension of an application's structure, allowing you to group virtual machines and define network security policies based on those groups. You can reuse your security policy at scale without manual maintenance of explicit IP addresses.
Application security groups
82
It identifies the entity seeking access to a resource. Challenges for credentials. Basis for creating secure identity & access control principles.
Authentication
83
It is separate from authentication. Establishes an authenticated entity's level of access. Which data can be accessed, and what can be done with it.
Authorization
84
Microsoft's Azure-based identity and access management service
Azure Active Directory
85
Provides added security for user authentications by requiring two or more elements for authentication
Multi-Factor Authentication
86
A thing that can get authenticated.
Identity
87
An identity created through Azure AD Account or another Microsoft cloud service such as Microsoft 365
Azure AD Account
88
Includes the tenant's users, groups, and apps and is used to perform identity and access management functions for tenants resources
Azure AD Directory
89
Automatically assigned to whomever created the Azure AD tenant.
Azure AD Global Administrator
90
True or False. An Azure Active Directory domain services managed domain is a standalone domain
True
91
Azure Active Directory domain services managed domain is not an extension of an on-prem Active Directory domain.
True
92
Allows uses to change their passwords via a web browser from virtually any device
Self-Service Password Reset (SSPR)
93
Requires a second form of authentication
Multi-factor authentication
94
Requires a combination of
- Something the user knows
- Something the user has
- Something the user is
Azure multi-factor authentication
95
User credentials are provided via methods like biometrics through Windows Hello for Business or through FIDO2 security key
Passwordless Authentication
96
Allows you to specify conditions under which users can access apps and data. Relies on several signals to determine who can access which apps and data
Conditional Access
97
Used to dictate what happens when conditions of a Conditional Access policy are met. Used to determine whether access should be granted or not. Used to determine if extra verification should be required.
Access Controls
98
True or False. Conditional Access is only available in the paid editions of Azure AD.
True
99
True or False. Conditional Access is only available in the paid editions of Azure AD.
True
100
Used to control permissions for Azure AD resource management
Azure AD Roles
101
True or False. Custom roles can be created if you require more flexibility when granting access.
True
102
Management of access using Roles
Role-Based Access Control
103
The central feature in Defender for Cloud
Secure Score
104
True or False. The higher the score the lower the identified risk level.
True
105
It allows you to continually assess your environment, secure it, and defend against threats.
Defender for Cloud
106
Collect, analyze, and act upon telemetry from both cloud and on-prem environments
Azure Monitor
107
Provides personalized guidance and support whenever issues with Azure services affect you
Azure Service Health
108
- Provide metadata for resources
- Locally organize resources
- Consist of a name-value pairs
- Organize resources for billings
Tags
109
- Performs evaluations of resources and scans for those that are non-compliant.
- Can automatically remediate non-compliant resources and configurations.
- Uses policies and initiatives
Azure Policy
110
- Based on allow model
- Provides fine-grained access management for Azure resources
- Allows certain actions at each scope level
Role Based Active Control
111
- Used to prevent accidental deletion or modification of Azure resources
- Managed from within Azure portal
Resource Locks
112
- Used to define repeatable sets of Azure resources that implement and adhere to standards, patterns, and requirements
Azure Blueprints
113
Set of tools that organizations can use to monitor, allocate and optimize Azure costs
Azure Cost Management
114
This tool can be used by organizations to manage governance across multiple Azure subscriptions
Management Groups
115
It is used by organizations to define performance targets (uptime) for Azure products and services
Service Level Agreements
116
A logical collection of Azure services that links to an Azure account
Azure subscription
117
The support plan that does not offer 24x7 access to Support Engineers by email and phone
Developer
118
True or False. An organization that pays for resources in advance can take advantage of discounted pricing through Azure Reservation offers
True
119
This give all Azure customers a chance to test beta and other pre-release features
Public Preview
120
A product or feature that is released to all Azure customers
General availability
