Azure Notes

-

1. Which of the aforementioned security efforts is supported by Azure Security Center?

  • Azure Security Benchmark
  • Custom initiatives
  • Regulatory compliance standards

2. What conditions must be met before doing vulnerability assessments with Azure Defender for servers?

  • The Log Analytics (Microsoft Monitoring) VM extension
  • A Log Analytics workspace
  • Azure Defender for servers

3.What may be done in accordance with the STRIDE framework to recognize and address possible security issues?

  • Microsoft Threat Modeling Tool
4. What is a good reason to use the Azure CLI?
  • It rarely changes, and the commands stay the same for the most part.
The Azure CLI is all text based, so there is no user interface to change. This means the commands and procedures stay very static in the tool. You can use all products and services with the CLI.

5. Why would you use the Azure Cloud Shell?
  • Cloud Shell enables access to a browser-based command-line experience built with Azure management tasks in mind.
Cloud Shell is 100% browser based and provides a complete environment where you can choose between Bash or PowerShell.

6. What are three use cases for the Azure mobile app?
  • Respond to outages and emergencies from anywhere you have an internet connection.
  • Interact with your Azure resources via Azure Resource Manager.
  • Maintain insight on the go into the current status and health of your Azure environment.
More info : 
Alerts are instantly visible, and you can investigate all your resources as well.
All of your resources and subscriptions are visible on the mobile app. You can even manage resources in the CloudShell too. The Azure mobile app uses the Azure Resource Manager to interact with your Azure resources, which means it is in sync with the Azure CLI, Azure portal, or whatever else you use to interact with Azure.
The Azure mobile app provides a quick overview of your resources.

7. Which Azure products and services are available through the Azure portal?
  • All products and services that are generally available and in private or public preview
You can access all generally available Azure products and services through the Azure portal with any type of subscription. You will also see services in both private and public preview available in the Azure portal.

8. What is a PowerShell cmdlet?
  • A lightweight command that is used in the PowerShell environment to perform an action
Cmdlets make up the majority of Azure features for PowerShell. This makes it easier to be consistent and efficient when interacting with Azure resources. PowerShell works with many different services.

9. What are some of the key advantages of using ARM templates for creating cloud infrastructure?
  • Declarative
  • Source control
  • Idempotency
You only say "what" you want to create, not "how." Azure takes care of the "how."
Use source control to track changes to the ARM template over time. This can identify any issues that come from changes to the template.
You can execute a template any number of times with the same result.

10. What are some of the limitations with a free Azure account?
  • Included Azure credits will expire after 30 days, and included free popular services expire after 12 months.
When you start using Azure with a free account, you get USD200 credit to spend in the first 30 days after you sign up. In addition, you get free monthly amounts of two groups of services: popular services (which are free for 12 months), and more than 25 other services (which are free always).

11. What is high availability in cloud computing?
  • If one resource on Azure dies unexpectedly, another resource will almost instantly take over the workload.
High availability is one of the core benefits of using cloud computing. It ensures backup resources are ready to take over any workload.

12. What is consumption-based pricing on Azure?
  • Consumption-based pricing is when you are charged for only what you use (pay-as-you-go rate).
Consumption-based pricing is indeed when you are charged for only what you use (pay-as-you-go rate). Consumption-based pricing is not limited to free accounts, and the services are not necessarily consumed all the time.

13. What is the difference between OpEx and CapEx?
  • OpEx is an ongoing cost for running a business. CapEx is the cost of acquiring and maintaining assets.
Knowing the difference between OpEx and CapEx is critical to get the best value out of Azure for your company. Capital expenditures (CapEx) generally result in the acquisition and maintenance of assets, such as server hardware. Operating expenditures (OpEx) are the ongoing costs of running a business, such as paying for cloud services on a recurring basis. By moving costs to OpEx, businesses can plan for ongoing costs rather than large investments.

14. What does Infrastructure as a Service describe?
  • A type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis
Infrastructure as a service (IaaS) is a type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis. IaaS lets you bypass the cost and complexity of buying and managing physical servers and datacenter infrastructure. Each resource is offered as a separate service component, and you only pay for a particular resource for as long as you need it. Reference: What is IaaS? https://azure.microsoft.com/en-au/resources/cloud-computing-dictionary/what-is-iaas/

15. What is a benefit of a hybrid cloud approach?
  • It enables companies to use a mix of private and public cloud components.
A hybrid cloud model is the best of private and public cloud that can be used to avoid disruptions and outages, adhere to regulation and governance, span solutions across both public and private cloud, and alleviate CapEx investments.

16. What does fault tolerance describe for cloud computing?
  • Ensuring services and applications remain available in the event of a failure
Fault tolerance means a failure can occur on Azure services and applications, but it will not affect its availability.

17. Which cloud ability does elasticity describe?
  • The ability to quickly expand or decrease computer processing, memory, and storage resources
Elasticity is a core benefit of cloud computing and lets even small businesses take advantage of the cloud.

18. What's the best definition for scalability on Azure?
  • Scalability is the ability of a system to handle increased load. Services covered by Azure Autoscale can scale automatically to match demand to accommodate workload.
Scalability is a core benefit of cloud computing and allows any application to add resources almost instantly as demand increases. Azure Documentation: Design for scaling.


19. Why is cloud agility important for businesses?
  • To enable the ability to rapidly develop, test, and launch software applications that drive business growth
Cloud agility is tied to the rapid provisioning of computer resources. Cloud environments can usually provide new compute instances or storage in minutes, a far cry from the common weeks (or months, in some organizations) that the same provisioning process can take in typical IT shops.

20. What is "serverless" computing?

A way for developers to build applications faster by eliminating the need for them to manage infrastructure

Serverless computing solutions provide a simple way to create manageable and scalable solutions at low costs. There is always a server somewhere to run your application, but you don't control it. Serverless is a kind of extreme PaaS.

21. What are the two types of scaling on Azure?
  • Scaling up/down and scaling out
Scaling up/down is making a resource, such as a VM, larger or smaller. This is also known as scaling vertically. Scaling out is adding more resources of the same type, known as scaling horizontally.

22. Select all the true statements per Microsoft's definitions of cloud types.
  • In private clouds, services and infrastructure are always maintained on a private network, and the hardware and software are dedicated solely to your organization.
  • Private clouds can be hosted at your datacenter or hosted by a third-party service. Private clouds offer advantages of flexibility, control, and scalability.
  • A hybrid cloud combines a public cloud (such as Azure) with on-premises infrastructure (private cloud).
A private cloud consists of cloud computing resources used exclusively by one business or organization. The private cloud can be physically located at your organization’s on-site datacenter, or it can be hosted by a third-party service provider. But in a private cloud, the services and infrastructure are always maintained on a private network, and the hardware and software are dedicated solely to your organization. Reference: What is a private cloud?

Microsoft defines private clouds as being able to be hosted at your datacenter or hosted by a third-party service. Microsoft considers private clouds as offering more flexibility, control, and scalability. Note: Other cloud vendors would not agree with those advantages of private clouds, but it is best to be aware of Microsoft's view in case it comes up on the exam.

Microsoft defines hybrid cloud as combining a public cloud (such as Azure) with on-premises infrastructure (private cloud).

23 Select all the true statements regarding Azure Resource Manager.
  • Azure Resource Manager is the deployment and management service for Azure.
  • If a user sends a request from any Azure tools, APIs, or SDKs, Azure Resource Manager handles the request.
  • Azure Resource Manager templates (ARM templates) always deploy resources in the same consistent state.
Azure Resource Manager enables you to create, update, and delete resources in your Azure account.

Azure Resource Manager handles the request for any Azure tools, APIs, or SDKs.

When you deploy your resources using ARM templates, you can be confident it happens in the same way every single time. Your resources will be deployed in a consistent state. Reference: What Are ARM Templates?

24. What is an availability zone?
  • A unique physical location within a region that is made up of one or more datacenters equipped with independent power, cooling, and networking
AZs are individual physical locations within a region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking.


25. Which statement is true of resource groups in Azure?
  • Resource groups are containers that hold related resources for an Azure solution.
Resources belong to a resource group, which can be a geographical, logical, customer-specific, or any other type of grouping.

26. When can you delete a resource group from Azure?
  • At any time, as long as your resources or resource group are not locked by a related service
When a resource group is removed or deleted, all of the resources within it are deleted with it. You can remove resource groups at any time. To delete a resource group, you need access to the delete action. You also need delete for all resources in the resource group. If you have the required access, but the delete request fails, it may be because there's a lock on the resources or resource group. Even if you didn't manually lock a resource group, it may have been automatically locked by a related service. Or, the deletion can fail if the resources are connected to resources in other resource groups that aren't being deleted. For example, you can't delete a virtual network with subnets that are still in use by a virtual machine. Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/delete-resource-group?tabs=azure-cli#required-access-and-deletion-failures

27. What is an Azure region?
  • A set of datacenters, deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network
An Azure region is a set of datacenters, deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network. With more global regions than any other cloud service provider, Azure gives customers the flexibility to deploy applications where they need. An Azure region has discrete pricing and service availability. Reference: https://azure.microsoft.com/en-au/global-infrastructure/


28. There is a potential threat to your Azure infrastructure from an outside attacker. Which service is best for detecting the threat and taking action?
  • Azure Sentinel.
Azure Sentinel will collate, aggregate, and analyze data from multiple Azure services to detect any unusual behavior or patterns. You can then take action on the information.


29. If you don't want to share the hardware your VMs run on, how can you manage that in Azure?
  • Use Azure Dedicated Host.
Azure dedicated hosts run on their own dedicated hardware inside the Azure datacenter and only your chosen VMs will run on it.

30. What is a distributed denial-of-service attack?
  • An attack where lots of computers target a single server or website with the aim of making it stop.
A distributed denial-of-service (DDoS) attack comes from a large number of sources with the sole aim of stopping your service. This is done through sending web traffic to your service until it can't handle it all and stops working. Azure has tools to protect against DDoS attacks, which sometimes aren't attacks at all but just increased visitor interest in services or content.

31. Which statements are TRUE about Azure Key Vault?
  • You can share a password with a third party to use, without ever revealing the password itself.
  • Access to secrets and passwords can be granted or denied very fast and as needed.
Azure Key Vault is a secure place to store passwords and other secrets. Once stored, you can never retrieve the actual value or keys, but you can share access to the value or specific versions of a secret with other third-party clients and other Azure services. You can also restrict or deny access easily and quickly, should it be necessary.


32. What does Microsoft Defender for Identity (formerly Azure Advanced Threat Protection, also known as Azure ATP) do?
  • Helps you monitor user behavior in your on-premises and cloud environments
Microsoft Defender for Identity helps you detect and investigate security incidents across your Azure accounts, both on-premises and in the cloud. It monitors users, devices, and resources in terms of their behavior. If any behavior is out of the ordinary, an alarm can be raised.

What is Microsoft Defender for Identity?
https://learn.microsoft.com/en-us/defender-for-identity/what-is

33. When creating a virtual machine in the portal, how many bits are used for the network address by default?
  • /16
34. Which two arguments are required when creating a virtual network by using the Azure CLI?
  • Resource group
  • Name
35. What Azure resource is required to protect Azure network traffic with Azure Firewall?
  • Route table 
36. Which type of rule is not supported by Azure Firewall?
  • Source NAT (SNAT)
37. A firewall appliance is implemented as:
  •  A virtual machine
38. You are using a pfSense appliance in a virtual network. You want to make sure all outbound traffic from virtual machines in the virtual network goes through the pfSense firewall. What resource must you configure for the subnets on the virtual network?
  • Route table
39.  You have three separate virtual networks in a single resource group. You need to view the topology for all three virtual networks, including any peering relationships. How can you view this information in the Azure portal with the least administrative effort?
  • View the topology under the Network watcher menu in Azure monitor.

40. Which of the following can be analyzed via Azure monitor? 
  • Network latency
  • Resource group activity log
41. Azure Firewall must be deployed to a subnet with which name?
  • AzureFirewallSubnet
42. A route table is associated with...?
  • Subnets

43. Which Azure feature represents a group of IP address prefixes for a service where Microsoft manages the address prefixes?
  • Service tag : A service tag represents a group of Microsoft-managed IP address prefixes.

44.  You have a virtual network configured so that network security groups (NSGs) are linked to both the subnet and network interface. For inbound network traffic to a virtual machine on this network, which NSG is applied first?
  • Subnet first, and then the network interface : Inbound traffic is always checked against a network security group linked to the subnet first. Then it is checked against a network security group linked to the network interface.



Comments

Post a Comment

Popular posts from this blog

What is Microsoft SharePoint ?

-
Microsoft SharePoint is a web-based collaborative platform that integrates with Microsoft Office. It's primarily used for document management and storage but also offers a wide range of capabilities such as intranet, content management, workflow management, business intelligence, and enterprise search. SharePoint allows users to create sites where they can share documents, information, and ideas within their organization. These sites can be customized to fit specific needs, such as team collaboration, project management, or departmental portals. Some key features of SharePoint include: Document Management: Users can upload, store, organize, and share documents within SharePoint sites. Version control ensures that users are always working with the latest version of a document. Collaboration: SharePoint facilitates collaboration among team members through features like document co-authoring, discussion boards, calendars, and task lists. Intranet and Portals: SharePoint can be used...
Read more

General Cybersecurity

-
What is perimeter security?  Perimeter security, in the context of cybersecurity, refers to the measures and strategies implemented to protect an organization's internal network from external threats. It establishes a boundary, or perimeter, between the organization's internal network and the external environment, such as the internet. The goal of perimeter security is to prevent unauthorized access, attacks, and breaches from reaching the internal network and its resources. Here are some key components and concepts related to perimeter security: Firewalls: Firewalls are the cornerstone of perimeter security. They inspect incoming and outgoing network traffic based on predefined rules and policies. Firewalls can block or allow traffic based on factors such as IP addresses, port numbers, and protocols. Intrusion Detection and Prevention Systems (IDPS): IDPS solutions monitor network traffic for signs of malicious activity or known attack patterns. They can detect and prevent i...
Read more

Well-Architected Framework | Solution Architect

-
The Well-Architected Framework is a set of best practices and guidelines designed to help cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications. The framework is developed by AWS (Amazon Web Services), but similar principles can be applied to other cloud platforms. The Well-Architected Framework consists of five pillars, each addressing a key aspect of building well-designed and well-operated systems. These pillars are: Operational Excellence: Focuses on operational practices that ensure efficient and effective use of cloud resources. Key considerations include monitoring, incident response, automation, and overall operational health. Security: Emphasizes the importance of implementing robust security measures to protect data, systems, and assets. Covers data protection, identity and access management, and incident response, among other security aspects. Reliability: Aims to ensure a system's ability to recover from failures ...
Read more