Prerequisites for Azure administrators Flashcards

1
Q

What is Azure Policy

A

Azure Policy is an Azure service you use to create, assign and, manage policies. These policies enforce different rules and effects over your resources so that those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for noncompliance with assigned policies. For example, you might have a policy that allows virtual machines of only a certain size in your environment. After this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy, existing resources can be brought into compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How are Azure Policy and RBAC different?

A

At first glance, it might seem like Azure Policy is a way to restrict access to specific resource types similar to role-based access control (RBAC). However, they solve different problems. RBAC focuses on user actions at different scopes. You might be added to the contributor role for a resource group, allowing you to make changes to anything in that resource group. Azure Policy focuses on resource properties during deployment and for already-existing resources. Azure Policy controls properties such as the types or locations of resources. Unlike RBAC, Azure Policy is a default-allow-and-explicit-deny system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Create a policy

A
  1. Create a policy definition
  2. Assign a definition to a scope of resources
  3. View policy evaluation results
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a policy definition?

A

A policy definition expresses what to evaluate and what action to take. For example, you could ensure all public websites are secured with HTTPS, prevent a particular storage type from being created, or force a specific version of SQL Server to be used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How are policy definitions represented ?

A

The policy definition itself is represented as a JSON file - you can use one of the pre-defined definitions in the portal or create your own (either modifying an existing one or starting from scratch)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Assign a definition to a scope of resources

A

Once you’ve defined one or more policy definitions, you’ll need to assign them. A policy assignment is a policy definition that has been assigned to take place within a specific scope.

This scope could range from a full subscription down to a resource group. Policy assignments are inherited by all child resources. This inheritance means that if a policy is applied to a resource group, it is applied to all the resources within that resource group. However, you can exclude a sub scope from the policy assignment. For example, we could enforce a policy for an entire subscription and then exclude a few select resource groups.

You can assign any of these policies through the Azure portal, PowerShell, or Azure CLI. When you assign a policy definition, you will need to supply any parameters that are defined.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

initiative definition

A

An initiative definition is a set or group of policy definitions to help track your compliance state for a larger goal. Even if you have a single policy, we recommend using initiatives if you anticipate increasing the number of policies over time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Azure Management Groups

A

Azure Management Groups are containers for managing access, policies, and compliance across multiple Azure subscriptions. Management groups allow you to order your Azure resources hierarchically into collections, which provide a further level of classification that is above the level of subscriptions. All subscriptions within a management group automatically inherit the conditions applied to the management group. Management groups give you enterprise-grade management at a large scale no matter what type of subscriptions you might have

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Important facts about management groups

A
  1. Any Azure AD user in the organization can create a management group. The creator is given an Owner role assignment.
  2. A single Azure AD organization can support 10,000 management groups.
  3. A management group tree can support up to six levels of depth not including the Root level or subscription level.
  4. Each management group can have many children.
  5. When your organization creates subscriptions, they are automatically added to the root management group.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Azure Blueprints

A

enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and deploy new environments with the trust they’re building within organizational compliance using a set of built-in components, such as networking, to speed up development and delivery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Compliance Manager

A

Compliance Manager is a workflow-based risk assessment dashboard within the Service Trust Portal that enables you to track, assign, and verify your organization’s regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Microsoft 365, Dynamics 365, and Azure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Azure Monitor

A

Azure Monitor maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Activity Logs

A

Activity Logs record when resources are created or modified and Metrics tell you how the resource is performing and the resources that it’s consuming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Azure Monitor for containers

A

a service that is designed to monitor the performance of container workloads, which are deployed to managed Kubernetes clusters, hosted on Azure Kubernetes Service (AKS). It gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers, which are available in Kubernetes through the metrics API. Container logs are also collected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Azure Monitor for VMs

A

a service that monitors your Azure VMs at scale, by analyzing the performance and health of your Windows and Linux VMs (including their different processes and interconnected dependencies on other resources, and external processes). Azure Monitor for VMs includes support for monitoring performance and application dependencies for VMs hosted on-premises, and for VMs hosted with other cloud providers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Autoscale

A

Azure Monitor uses Autoscale to ensure that you have the right amount of resources running to manage the load on your application effectively. Autoscale enables you to create rules that use metrics, collected by Azure Monitor, to determine when to automatically add resources to handle increases in load. Autoscale can also help reduce your Azure costs by removing resources that are not being used. You can specify a minimum and maximum number of instances, and provide the logic that determines when Autoscale should increase or decrease resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Azure Service Health

A

a suite of experiences that provide personalized guidance and support when issues with Azure services affect you. It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved. Azure Service Health can also help you prepare for planned maintenance and changes that could affect the availability of your resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Azure Status

A

provides a global view of the health state of Azure services. With Azure Status, you can get up-to-the-minute information on service availability. Everyone has access to Azure Status and can view all services that report their health state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Service Health

A

provides you with a customizable dashboard that tracks the state of your Azure services in the regions where you use them. In this dashboard, you can track active events such as ongoing service issues, upcoming planned maintenance, or relevant Health advisories. When events become inactive, they are placed in your Health history for up to 90 days. Finally, you can use the Service Health dashboard to create and manage service Health alerts, which notify you whenever there are service issues that affect you

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Resource Health

A

helps you diagnose and obtain support when an Azure service issue affects your resources. It provides you with details about the current and past state of your resources. It also provides technical support to help you mitigate problems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Azure Resource Manager

A

It organizes resources into named resource groups that let you deploy, update, or delete all of the resources together.

Resource Manager also allows you to create templates, which can be used to create and deploy specific configurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are Resource Manager templates?

A

Resource Manager templates are JSON files that define the resources you need to deploy for your solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

PowerShell Command: New Azure VMs?

A

New-AzVM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Azure CLI / CLI Command

A

The Azure CLI is Microsoft’s cross-platform command-line tool for managing Azure resources such as virtual machines and disks from the command line. It’s available for macOS, Linux, and Windows, or in the browser using the Cloud Shell. Like Azure PowerShell, the Azure CLI is a powerful way to streamline your administrative workflow. Unlike Azure PowerShell, the Azure CLI does not need PowerShell to function

az vm create

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Azure REST API

A
  1. Create and manage availability sets
  2. Add and manage virtual machine extensions
  3. Create and manage managed disks, snapshots, and images
    4 . Access the platform images available in Azure
  4. Retrieve usage information of your resources
  5. Create and manage virtual machines
  6. Create and manage virtual machine scale sets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Azure VM Extensions

A

are small applications that allow you to configure and automate tasks on Azure VMs after initial deployment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Availability and Instances

A

o ensure your services aren’t interrupted and avoid a single point of failure, it’s recommended to deploy at least two instances of each VM. This feature is called an availability set

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is an availability set?

A

An availability set is a logical feature used to ensure that a group of related VMs are deployed so that they aren’t all subject to a single point of failure and not all upgraded at the same time during a host operating system upgrade in the datacenter. VMs placed in an availability set should perform an identical set of functionalities and have the same software installed.

Microsoft offers a 99.95% external connectivity service level agreement (SLA) for multiple-instance VMs deployed in an availability set

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is a fault domain?

A

A fault domain is a logical group of hardware in Azure that shares a common power source and network switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is an update domain?

A

An update domain is a logical group of hardware that can undergo maintenance or be rebooted at the same time. Azure will automatically place availability sets into update domains to minimize the impact when the Azure platform introduces host operating system changes. Azure then processes each update domain one at a time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Azure Site Recovery

A

replicates workloads from a primary site to a secondary location. If an outage happens at your primary site, you can fail over to a secondary location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Azure Site Recovery: Benefits

A

Site Recovery enables the use of Azure as a destination for recovery, thus eliminating the cost and complexity of maintaining a secondary physical datacenter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Azure Site Recovery: Benefits / con’t

A

Site Recovery makes it incredibly simple to test failovers for recovery drills without impacting production environments. This makes it easy to test your planned or unplanned failovers. After all, you don’t have a good disaster recovery plan if you’ve never tried to failover

34
Q

Azure Backup

A

is a backup as a service offering that protects physical or virtual machines no matter where they reside: on-premises or in the cloud

35
Q

Advantages of using Azure Backup

A
  1. Automatic storage management. Azure Backup automatically allocates and manages backup storage and uses a pay-as-you-use model. You only pay for what you use.
  2. Unlimited scaling. Azure Backup uses the power and scalability of Azure to deliver high availability.
  3. Multiple storage options. Azure Backup offers locally redundant storage where all copies of the data exist within the same region and geo-redundant storage where your data is replicated to a secondary region.
36
Q

Advantages of using Azure Backup

A
  1. Unlimited data transfer. Azure Backup does not limit the amount of inbound or outbound data you transfer. Azure Backup also does not charge for the data that is transferred.
  2. Data encryption. Data encryption allows for secure transmission and storage of your data in Azure.
  3. Application-consistent backup. An application-consistent backup means that a recovery point has all required data to restore the backup copy. Azure Backup provides application-consistent backups.
  4. Long-term retention. Azure doesn’t limit the length of time you keep the backup data.
37
Q

Azure Backup

A

Azure Backup uses a Recovery Services.

A vault is backed by Azure Storage blobs, making it a very efficient and economical long-term storage medium. With the vault in place, you can select the machines to back up and define a backup policy (when snapshots are taken and for how long they’re stored)

38
Q

ExpressRoute

A

a secure point-to-point service. To use this service, you use a third-party connectivity partner to provide and host the ExpressRoute circuits on your behalf

39
Q

Azure hub-spoke

A

Azure hub-spoke is a reference architecture. The hub is usually an Azure virtual network that acts as the central connection point between the cloud and an on-premises network. Each spoke is also an Azure virtual network, usually connected to the hub via a peer network. Connections between the cloud and the on-premises network can be made through a VPN gateway or Azure ExpressRoute.

40
Q

Azure Network Watcher

A

You can use Network Watcher to capture packet data from the Azure services you use. You can also understand the flow of data in network traffic patterns and troubleshoot network-related problems on your network

41
Q

Kerberos

A

is an authentication protocol used across different operating systems. Windows uses Kerberos as its default authentication protocol. Linux and Mac OSs can also use Kerberos

42
Q

Azure CLI

A

a command-line program to connect to Azure and execute administrative commands on Azure resources

az vm restart -g MyResourceGroup -n MyVm

43
Q

What is Azure AD?

A

Azure AD is a cloud-based identity management solution. It helps your company’s internal users to:

Access external resources, like Azure services, Microsoft 365, and third-party SaaS applications.

Access internal resources such as applications on your corporate network, and cloud-based applications that your company builds.

Azure AD also helps you keep user identities and applications secure through features like conditional access and identity protection

44
Q

Azure AD Store

A

Azure AD stores your users in a tenant that represents an organization

45
Q

Identity secure score in Azure AD

A

The identity secure score can help you understand. Azure AD gives an overall value between 1 and 223. This value represents how well you match the recommendations and best practices that Microsoft suggests for tenant security. The identity secure score reveals how effective your security is and helps you implement improvements.

46
Q

Azure AD password hash synchronization (PHS)

A

the user’s password is hashed twice and synchronized between the on-premises Active Directory and Azure AD. Users have the same credentials to access resources and applications both on-premises and in the cloud.

47
Q

Azure AD pass-through authentication (PTA)

A

an agent is installed on on-premises servers that authenticate against the on-premises Active Directory. When an Azure AD user account tries to authenticate, password authentication is handled on-premises through these servers and Active Directory

48
Q

Federated authentication

A

the authentication process is performed by an on-premises Active Directory Federation Services (AD FS) server that validates users’ passwords. Use this authentication method if you want advanced measures like smart card-based authentication for users

49
Q

Azure Active Directory Free

A

You can manage users and groups, and you get basic reports, on-premises Active Directory synchronization, and self-service password reset for Azure AD users. You also get single sign-on for Microsoft 365, Azure services, and many third-party SaaS applications

50
Q

Azure Active Directory Premium P1

A

You get all the features from the free tier, but you can also let users access on-premises and cloud-based services and resources. You can use self-service group management or dynamic groups, where users are added and removed automatically, based on your criteria. This tier supports on-premises identity management suites like Microsoft Identity Manager. Self-service password reset is also supported for users who are based on-premises

51
Q

Azure Active Directory Premium P2

A

You get all the features of the previous two tiers, along with Active Directory Identity Protection. This feature helps you configure risk-based conditional access to protect applications from identity risks. You can also use privileged identity management, which lets you monitor and put detailed restrictions on administrators

52
Q

Pay-as-you-go licenses for specific features

A

You access specific Azure AD features, like Azure AD B2C, on a pay-as-you-go basis. Azure AD B2C lets you manage identity and access for consumer users and the applications they use.

53
Q

Identity

A

Something that has to be identified and authenticated. An identity is typically a user who has username and password credentials, but the term can also apply to applications or services

54
Q

Account

A

An identity and its associated data. An account can’t exist without an identity.

55
Q

Azure AD account

A

An identity created in Azure AD or in services like Microsoft 365. These identities are stored in Azure AD. For example, internal staff members might use Azure AD accounts daily at work.

56
Q

Azure subscription

A

Your level of access to use Azure and its services. For pay-as-you-go access, use your credit card to set up an Azure subscription. There are several types of subscriptions. For example, enterprise-level customers can use Azure Enterprise Agreement subscriptions. Each account can use many subscriptions

57
Q

Azure AD tenant

A

An instance of an Azure AD. This tenant is created for you automatically when you first sign up for Azure or other services like Microsoft 365. A tenant, which represents an organization, holds your users, their groups, and applications.

58
Q

Multi-tenant

A

Multiple-tenant access to the same applications and services in a shared environment. These tenants represent multiple organizations.

59
Q

Azure AD directory

A

An Azure resource that’s created for you automatically when you subscribe to Azure. You can create many Azure AD directories. Each of these directories represents a tenant.

60
Q

Custom domain

A

A domain that you customize for your Azure AD directory. When you create an Azure AD directory, Azure automatically assigns it a default domain like .onmicrosoft.com. But you can customize domain names. Your users could then have accounts like joesmith@contoso.com instead of joesmith@contoso.onmicrosoft.com.

61
Q

Owner role

A

The role you use to manage all resources in Azure, including the access levels that users need for resources.

62
Q

Global administrator

A

The role that gives you access to all administrative capabilities in Azure AD. When you create a tenant, you automatically have this role for the tenant. This role allows you to reset passwords for all users and administrators, for example

63
Q

Azure AD B2B

A

Use Azure AD to invite external users to your tenant. Your organization can then collaborate with external healthcare partner staff members through Azure AD B2B Collaboration

64
Q

Azure AD B2C

A

You can also use Azure AD B2C to manage your customers’ identities and access. Your doctors’ accounts should have protected access to resources and services. Use Azure AD B2C to securely authenticate the doctors through their preferred identity provider

65
Q

Azure AD DS

A

Azure AD DS lets you add virtual machines to a domain without needing domain controllers. Your internal staff users can access virtual machines by using their company Azure AD credentials

66
Q

conditional-access policies

A

require users to pass additional authentication challenges before they access an app. For example, you can configure a conditional-access policy to require users to complete a multi-factor authentication challenge after their credentials are verified and before they access the app

67
Q

Azure AD Identity Protection

A

Azure AD Identity Protection helps you to automatically detect, investigate, and remediate identity risks for users. Identity Protection also lets you export all the information that was collected about risks. Export the information to third-party tools and solutions so that you can further analyze it

68
Q

Azure AD Application Proxy

A

This process creates secure remote access for your on-premises apps. To connect them, download and install the Application Proxy connector on-premises

69
Q

What is a container?

A

A container is a loosely isolated environment that allows us to build and run software packages. These software packages include the code and all dependencies to run applications quickly and reliably on any computing environment. We call these packages container images.

70
Q

What is Docker?

A

Docker is a containerization platform used to develop, ship, and run containers

71
Q

Docker Engine

A

The Docker Engine consists of several components configured as a client-server implementation where the client and server run simultaneously on the same host. The client communicates with the server using a REST API, which allows the client to also communicate with a remote server instance

72
Q

The Docker server

A

The Docker server is a daemon named dockerd. The dockerd daemon responds to requests from the client via the Docker REST API and can interact with other daemons. The Docker server is also responsible for tracking the lifecycle of our containers

73
Q

Docker objects

A

There are several objects that you’ll create and configure to support your container deployments. These include networks, storage volumes, plugins, and other service objects. We won’t cover all of these objects here, but it’s good to keep in mind that these objects are items that we can create and deploy as needed

74
Q

Docker Hub

A

Docker Hub is a Software-as-a-Service (SaaS) Docker container registry. Docker registries are repositories that we use to store and distribute the container images we create. Docker Hub is the default public registry Docker uses for image management

75
Q

What is the Stackable Unification File System (Unionfs)?

A

unionfs is used to create Docker images. Unionfs is a filesystem that allows you to stack several directories, called branches, in such a way that it appears as if the content is merged
the content is physically kept separate.
Unionfs allows you to add and remove branches as you build out your file system

76
Q

What is a base image?

A

A base image is an image that uses the Docker scratch image. The scratch image is an empty container image that doesn’t create a filesystem layer. This image assumes that the application you’re going to run can directly use the host OS kernel

77
Q

What is a parent image?

A

A parent image is a container image from which you create your images.

For example, instead of creating an image from scratch and then installing Ubuntu, we’ll rather use an image already based on Ubuntu. We can even use an image that already has Nginx installed. A parent image usually includes a container OS

78
Q

Structured data

A

Structured data, sometimes referred to as relational data, is data that adheres to a strict schema, so all of the data has the same fields or properties

79
Q

Semi-structured data

A

Semi-structured data is less organized than structured data, and is not stored in a relational format, as the fields do not neatly fit into tables, rows, and columns. Semi-structured data contains tags that make the organization and hierarchy of the data apparent

80
Q

What is a transaction?

A

A transaction is a logical group of database operations that execute together.

81
Q

Azure Cosmos DB

A

supports semi-structured data, or NoSQL data, by design. So, supporting new fields, such as the “Bluetooth-enabled” field or any new fields you need in the future, is a given with Azure Cosmos DB