AZ-900: Exam Notes

< AZ-900: Azure Fundamentals

 

Availability Set – a logical group capability; isolation of resources; redundancy

CapEx – money spent on fixed assets; owning property, computer/network equipment; one time purchases

OpEx – day to day business; used up within the year; leases equipment.

IaaS – test and dev, web hosting, storage, backup, and recovery; running web applications, big data analysis.

PaaS – dev and dev environment; includes tools, middleware, db management, etc.; connected with IaaS (where the vendor controls the IaaS), but also includes tools.

SaaS – apps over the internet; online email, office 365.

Public Cloud – most common.

Private Cloud – used exclusively by a business.

Hybrid – combine on-prem with public cloud; private and public resources.

Region – deployed within a latency-defined perimeter.

All regions are paired, as regional pairs.

Availability Zone – protects applications and data from datacenter failures.

Resource Groups – holds related resources for an Azure solution; management boundary.

Resource Manager – deploy objects and maintain consistency
resource – manageable item; VM, web apps
resource groups – contains resources
resource provide – supplies resources; microsot.compute, microsot.web
resource manager template –
declarative syntax –

Scale sets – create and manage a group of identical, load balanced VMs.

App Service – quickly build powerful web, mobile, and API apps.

Azure Functions – run code on demand, a serverless compute service.

Azure Virtual Networks – scoped to one region, secure, isolation and segmentation.
–deleting or reconfiguring VNGs is a good way to provide cost savings

Azure Load Balancer – scale applications and high availability.

Azure VPN Gateway – send encrypted traffic. Can take up to 45 minutes to create. Topologies: site-to-site, multi-site, point-to-point, vnet-to-vnet, expressroute

Content Delivery Network – point of presence, minimizes latency, delivers web content to users.

Blob Storage in Azure – store large, unstructured data
-store images directly to browser
-stream videos and audio
-writing logs
-storing data for backup/restore
-3 requirements: storage account, container, blob
-3 types: block, append, page

Azure Files – managed file shares in the cloud; shared access, fully managed, scripting and tooling.

Archive Storage – lowest cost, incurs higher retrieval costs
blobs in Archive can’t be read, copied, overwritten, or modified.

-long-term backup

CosmoDB – globally distributed, multi-model DB service; elastically scale.

Azure SQL DB – a relational DB-as-a-service.

Database Migration Service – fully managed service; enables seamless migrations; High availability.

Azure SQL Data Warehouse – enterprise data warehouse
-massively parallel processing
-simple polybase t-sql queries
-high performance analytics

Azure IoT – central message hub.

HDInsight – use Azure HDInsight to analyze streaming or historical data
-is a managed, full-spectrum, open-source analytics service for enterprises.
-HDInsight is a cloud service that makes it easy, fast, and cost-effective to process massive amounts of data.
-HDInsight also supports a broad range of scenarios, like extract, transform, and load (ETL); data warehousing; machine learning; and IoT.

Data Lake Analytics – on-demand analytics job service
-simplifies big data
-scale instantly

Azure Machine Learning Service – manage machine learning
-supports open source
-support for rich tools

Azure Machine Learning Studio – drag and drop tool build and manage predictive analytics
-publishes models as web services
-interactive
-no programming

Azure Logic Apps – automate and orchestrate tasks, processes, and workflows
-send email notifications in O365
-monitor tweets

Azure CLI – command line for managing azure resources
-build automation scripts

Azure PowerShell – cmdlets for managing Azure Resources
Az Module – run powershell 5x on Windows or powershell 6

Azure Advisor – personalized consultant
-recommends cost effectiveness, performance, High availability, and security.

Azure Firewall – cloud-based network security service
-Stateful
-High availability

Azure DDOS Protection –
-basic protection
-standard protection
-mitigation: volumetric attacks, protocol attacks, resource layer attacks

Network Security Groups – filter network traffic
-contain security rules

Authentication and Authorization
Authentication – act of validating users
Authorization – is the process of giving the user permission to access resources

Azure Active Directory – Cloud-based Identity and access management service
– sign in and access internal and external resources

Azure AD Identity Protection – enables organizations to configure automated responses to detected suspicious actions related to user identities.

Azure Multi-factor Authentication – requires two or more authentication methods
-something you have
-something you know
-something you are
-authentication methods image

Azure Security – Secure Platform, Privacy & Controls, Compliance, Transparency

Azure Security Center – Strengthen (security posture), Protect (against threats), Secure (get secure faster).

— Azure Key Vault – encrypt keys and small secrets.
-handles certificates and key management
-protects by HSMs (hardware security models)

Azure Information Protection – AIP – Use labels to classify/protect documents and emails.
-headers, footers, and watermarks.
-uses Azure Rights Management

Azure Advanced Threat Protection – ATP – a cloud-based security solution
-investigate advanced threats and malicious actions
-monitors and analyzes user activities

Azure Policies – Used to Create, Assign, and Manage Policies
-stay compliant
-enforce rules

RBAC – Role-based Access Control – manage access to resources
-authorization system
-fine-grained access management
-can split responsibilities
-create role assignments to enforce permissions

RBAC Roles
-Owner: full access
-Contributor: manage all types of access, cannot grant access
-Reader: view existing resources
-User Access Administrator: manage user access

Each subscription can support up to 2000 role assignments.

Resource Locks – prevent users from accidentally deleting or modifying resources
-Can set lock level CanNotDelete or ReadOnly
-Called Delete and Read-only in the Portal
-Inheritable
-Built-in Owner and User Access Administrator cal delete locks

Azure Advisor Security Assistance – Consolidated view of recommendation
-integrates with Azure Security Center
-prevent, detect, and respond to threats

Azure Monitor – Maximizes availability and Performance of Applications
-collects, analyzes,  and acts on telemetry
-identifies issues affecting apps and resources
-can collect data

Azure Service Health – Provides personalized guidance and support
-prepare for maintenance
-understand the impact of issues
-Azure Status, Service Health, Resource Health

Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. Configure customizable cloud alerts and use your personalized dashboard to analyze health issues, monitor the impact to your cloud resources, get guidance and support, and share details and updates.

GDPR stands for General Data Protection Regulation

Reference: https://docs.microsoft.com/en-us/office365/admin/security-and-compliance/gdpr-compliance?view=o365-worldwide

ISO stands for International Organization for Standardization

Microsoft Trust Center is now totally designed to provide support and resources. The information from this new fully equipped website can be used by professionals, legal and compliance community.

Reference: https://www.microsoft.com/en-ww/trust-center/product-overview

https://docs.microsoft.com/en-us/azure/security/fundamentals/trust-center

The Microsoft Service Trust portal or STP provides organizations with a variety of content tools and other resources that pertain to Microsoft security privacy as well as compliance practices.

Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/get-started-with-service-trust-portal

In Azure, you can scale automatically by configuring Auto-Scale. Auto-Scale is an Azure service Free Azure accounts have limited access to resources, such as data upload, web apps, and spending.

Activity logs can be used to track user activity with VMs. It is available on the blade, to the left of the VMs blade.

Azure Key Vault helps solve secret management, key management, certificate management, and stored secrets backed by HSMs

Reference: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatis

Azure Traffic Manager – is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness.

Reference: https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview

PowerShell Core 6.0 is a new edition of PowerShell that is cross-platform (Windows, macOS, and Linux), open-source, and built for heterogeneous environments and the hybrid cloud.

Reference: https://docs.microsoft.com/en-us/powershell/scripting/whats-new/what-s-new-in-powershell-core-60?view=powershell-6

When VMs are created, if you want to allow RDP, or other internet ports/services, you need to configure the network security group, under the Networking option.

Plans

Basic
Cheapest
No email, phone support

Developer
Business hours access to Support Engineers via email

Standard, pro, premier
24×7 access to Support Engineers via email and phone

Reference: https://azure.microsoft.com/en-us/support/plans/ (study this)

SLAs for VMs

Monthly Uptime Calculation and Service Levels for Single-Instance Virtual Machines
Monthly Uptime % = (Minutes in the Month – Downtime) / Minutes in the Month X 100
MM-D / MM x 100

Monthly Uptime Calculation and Service Levels for Virtual Machines in an Availability Set
Monthly Uptime % = (Maximum Available Minutes – Downtime) / Maximum Available Minutes X 100
MM-D / MM x 100

Monthly Uptime Calculation and Service Levels for Virtual Machines in Availability Zones
Monthly Uptime % = (Maximum Available Minutes – Downtime) / Maximum Available Minutes X 100
MM-D / MM x 100

Reference: https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_8/

SLAs for Azure AD

Azure Active Directory Basic
(User Minutes – Downtime) / User Minutes * 100
UM-D / UM * 100

Azure Active Directory Premium
(User Minutes – Downtime) / User Minutes * 100
UM-D / UM * 100

Reference: https://azure.microsoft.com/en-us/support/legal/sla/active-directory/v1_0/

Review this: https://azure.microsoft.com/en-us/support/legal/sla/summary/

Manage the availability of Windows virtual machines in Azure
To provide redundancy to your application, we recommend that you group two or more virtual machines in an availability set.

Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability#configure-multiple-virtual-machines-in-an-availability-set-for-redundancy

Azure HDInsight is a cloud-based service from Microsoft for big data analytics that helps organizations process large amounts of streaming or historical data.

Reference: https://whatis.techtarget.com/definition/HDInsight

Azure Data Lake Analytics is a distributed, cloud-based data processing architecture offered by Microsoft in the Azure cloud. It pairs with Azure Data Lake Store, a cloud-based storage platform designed for Big Data analytics.

Reference: https://www.blue-granite.com/blog/azure-data-lake-analytics-holds-a-unique-spot-in-the-modern-data-architecture

How to avoid unknown or accidental deletion of your Azure resources by other users.

Reference: https://whyazure.in/how-to-avoid-unknown-or-accidental-deletion-of-your-azure-resources-by-other-users/

 

< AZ 900: Azure Fundamentals