Wednesday, February 5, 2020

Day 20: Review Day 1

Reviewing about

  • IaaS, PaaS, Saas
  • Public, Private and Hybrid Cloud
  • Scope of Azure Support Plans
    • Basic
    • Developer: Trial and non-production
    • Standard: Production workload environments
    • Professional Direct: Business-critical dependence
    • Premier: Substansial dependence across multiple products
  • Geographies, Availability Zones, Region Pairs, SLAs, etc.
  • Azure day-to-day management and interaction:
    • Azure portal (GUI)
    • Azure PowerShell and Azure CLI: command line and automation based interactions
    • Azure Cloud Shell: web based CLI
    • Azure Mobile App: monitoring and managing resources from your mobile devices
  • Azure Compute:
    • App Service. A managed service for hosting web apps, mobile app back ends, RESTful APIs, or automated business processes.
    • Azure Kubernetes Service (AKS). A managed Kubernetes service for running containerized applications.
    • Batch. A managed service for running large-scale parallel and high-performance computing (HPC) applications
    • Container Instances. The fastest and simplest way to run a container in Azure, without having to provision any virtual machines and without having to adopt a higher-level service.
    • Functions. A managed FaaS service.
    • Service Fabric. A distributed systems platform that can run in many environments, including Azure or on premises.
    • Virtual machines. Deploy and deploy and manage VMs inside an Azure virtual network.
  • Azure Data Storage:
    • Structured Data: Azure SQL Database
    • Semi-Structure Data: Azure Cosmo Database
    • Unstructured: Azure Blob Storage
    • Azure Data Lake Structure: Analytics on data usage and prepare reports
    • Azure Files: SMB Sharing
    • Azure Queue storage is a service for storing large numbers of messages that can be accessed from anywhere in the world.
    • Storage Tiers (Hot: frequently, Cool: infrequently and at least 30 days, Archive infrequently and at least 180 days)
  • Azure Networking
    • Azure Region
    • Azure Load Balancer (vm)
    • Azure Application Gateway
    • Azure Traffic Manager (end points)
Posted by at No comments:

Tuesday, February 4, 2020

Day 19: Microsoft Module Predict costs and optimize spending for Azure

Knowledge check:

  1. Which tab of the Azure pricing calculator will you use to put together your estimate?
  • Estimate
  • Products
This tab has all the Azure services listed and is where you'll add or remove services to get your estimate.

  1. True or false: You can share your estimate through an Excel spreadsheet or through a URL.
  • True
Clicking Export at the bottom of the estimate will export an Excel spreadsheet that you can share, or you can click Share to get a URL link that you can share with your team.
  • False

  1. Azure Advisor provides recommendations for _________.
  • Costs only
  • High availability, security, performance, and cost
Azure Advisor provides recommendations on high availability, security, performance, and cost.
  • High availability, performance, and cost

  1. Azure Cost Management allows you to _________.
  • See historical breakdowns of what services you are spending your money on.
Cost Management analyzes where you are historically spending your money and can track it against budgets you have set.
  • See estimates of what your services might cost if you make a change.

  1. Which one of these is not a cost-saving solution?
  • Deallocate virtual machines during off hours.
  • Use Azure Reserved Virtual Machine Instances.
  • Load balance your virtual machines for incoming messages.
Load balancing is used for performance optimization not cost savings.
  • Right-size underutilized virtual machines.

  1. True or false: PaaS is generally less expensive than IaaS.
  • True
IaaS requires Azure to dedicate resources while PaaS give Azure more flexibility in how services are delivered. This means Azure can fill and operate hardware efficiently and therefore offer PaaS services at a savings over IaaS.
  • False

  1. True or false: If you already have Windows Server licenses, you have to pay for them again on Azure.
  • True
  • False
Under certain circumstances, you can utilize the hybrid benefit for Windows Server and pay only the Linux rate.

  1. True or false: Azure has money-saving options for test and development servers.

  • True
The Azure Enterprise Dev/Test and Azure Pay-As-You-Go Dev/Test benefits give you several discounts, most notably for Windows workloads, eliminating license charges and billing you only at the Linux rate for virtual machines. This also applies to SQL Server and any other Microsoft software that is covered under a Visual Studio subscription.
  • False

  1. Which one of the following systems is used to determine Azure costs for each billing period?
  • The Azure website
  • Number of created virtual machines
  • The Azure pricing calculator
  • Usage meters
Correct. Azure is billed according to your consumption based on monthly usage meters.

  1. Which of the following factors affects costs?
  • Global infrastructure
  • Location
The location you place your resources will vary the price for the resource.
  • Availability zone

  1. Complete the following sentence. As an Azure customer, Azure Reservations offer discounted prices if you _________
  • Make upfront commitments on compute capacity
Azure Reservations offer discounted prices on certain Azure products and resources. To get a discount, you reserve products and resources through an upfront commitment. You can then either prepay or pay monthly for one or three years of usage of certain Azure resources.
  • Provision many resources
  • Have a free account
  • Set Spending Limits
Last module on Microsoft Learn. Starting tomorrow will be revision days
Posted by at No comments:

Monday, February 3, 2020

Day 18: Microsoft Module 900 XP Control and organize Azure resources with Azure Resource Manager



Knowledge check:
  1. Tags can be applied to any type of resource on Azure
  • True
  • False
Not all resources support tags, so you will want to confirm that your resource type supports them.
  1. Tags applied at a resource group level are propagated to resources within the resource group.
  • True
  • False
Tags are not inherited. You need to apply tags to every supported resource that you need tagged.
  1. Which of the following is not a feature of resource groups?
  • Resources can be in only one resource group.
  • Resources can be moved from one resource group to another resource group.
  • Resource groups can be nested.
  • Role-based access control can be applied to the resource group.
  1. Which of the following might be a good usage of tags?
  • Using tags to associate a cost center with resources for internal chargeback
  • Using tags in conjunction with Azure Automation to schedule maintenance windows
  • Using tags to store environment and department association
  • All of the above are good ways to use tags
  1. Which of the following would be the most efficient way to ensure a naming convention was followed across your subscription?
  • Send out an email with the details of your naming conventions and hope it is followed
  • Create a policy with your naming requirements and assign it to the scope of your subscription
  • Give all other users except for yourself read-only access to the subscription. Have all requests to create resources sent to you so you can review the names being assigned to resources, and then create them.
  1. Which of the following would be good to put a resource lock on?
  • An ExpressRoute circuit with connectivity back to your on-premises network
  • A non-production virtual machine used to test occasional application builds
  • A storage account used to temporarily store images processed in a development environment


Posted by at No comments:

Sunday, February 2, 2020

Day 17: Microsoft Module Apply and monitor infrastructure standards with Azure Policy

Important points:

  • Azure Policy is a default allow and explicit deny system. It focuses on resource properties during deployment and for already existing resources. While RBAC focuses on user actions at different scopes. RBAC is explicit allow and default deny system.
  • The Microsoft privacy statement explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes.
  • Trust Center is a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services.
  • The Service Trust Portal (STP) hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services.
  • Compliance Manager is a workflow-based risk assessment dashboard within the Trust Portal that enables you to track, assign, and verify your organization's regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure.
Knowledge check:

  1. True or false: You can download published audit reports and other compliance-related information related to Microsoft’s cloud service from the Service Trust Portal
  • True
You can download published audit reports and other compliance-related information related to Microsoft’s cloud service from the Service Trust Portal.
  • False

  1. Which Azure service allows you to configure fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs?
  • Locks
  • Policy
  • Initiatives
  • Role-based Access Control
Role-based access control (RBAC) provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs. RBAC is provided at no additional cost to all Azure subscriber.

  1. Which Azure service allows you to create, assign, and, manage policies to enforce different rules and effects over your resources and stay compliant with your corporate standards and service-level agreements (SLAs)?
  • Azure Policy
Azure Policy is a service in Azure that you use to create, assign, and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service-level agreements (SLAs).
  • Azure Blueprints
  • Azure Security Center
  • Role-based Access Control

  1. Which of the following services provides up-to-date status information about the health of Azure services?
  • Compliance Manager
  • Azure Monitor
  • Service Trust Portal
  • Azure Service Health
Azure Service Health is the correct answer, because it provides you with a global view of the health of Azure services. With Azure Status, a component of Azure Service Health, you can get up-to-the-minute information on service availability.

  1. Where can you obtain details about the personal data Microsoft processes, how Microsoft processes it, and for what purposes?
  • Microsoft Privacy Statement
You can obtain the details about how Microsoft uses personal data in the Microsoft Privacy Statement.
  • Compliance Manager
  • Azure Service Health
  • Trust Center

Posted by at No comments:

Saturday, February 1, 2020

Day 16: Microsoft Module Security, responsibility, and trust in Azure

Read this module carefully and slowly since most of them are quite important and compact, I cannot summarize them here.

Knowledge check:
  1. Cloud security is a shared responsibility between you and your cloud provider. Which category of cloud services requires the greatest security effort on your part?
  • Infrastructure as a service (IaaS)
At this level, the cloud provider provides physical security to compute resources. However, it's your responsibility to patch and secure your operating systems and software, as well as configure your network to be secure.
  • Platform as a service (PaaS)
  • Software as a service (SaaS)

  1. Which of these options helps you most easily disable an account when an employee leaves your company?
  • Enforce multi-factor authentication (MFA)
  • Monitor sign-on attempts
  • Use single sign-on (SSO)
SSO centralizes user identity, so you can disable an inactive account in a single step.

  1. Which of these approaches is the strongest way to protect sensitive customer data?
  • Encrypt data as it sits in your database
  • Encrypt data as it travels over the network
  • Encrypt data both as it sits in your database and as it travels over the network
Encrypting your data at all times, both as it sits in your database and as it travels over the network, minimizes the opportunity for an attacker to access your data in plain text.

  1. There has been an attack on your public-facing website, and the application's resources have been overwhelmed and exhausted, and are now unavailable to users. What service should you use to prevent this type of attack?
  • DDoS protection
DDoS protection is the correct answer, because it will help prevent DDoS attacks.
  • Azure Firewall
  • Network Security Group
  • Application Gateway

  1. You want to store certificates in Azure to centrally manage them for your services. Which Azure service should you use?
  • AIP
  • Azure AD
  • Azure Key Vault
Azure Key Vault is the correct answer, because it is a centralized cloud service for storing application secrets, referred to as a secret store.
  • Azure ATP

Thats all about the security for today.

Posted by at No comments:

Friday, January 31, 2020

Day 15: Microsoft Module Core Cloud Services - Azure networking options

Important points:
  • Azure Load Balancer distributes traffic within the same region to make your services more highly available and resilient. Traffic Manager works at the DNS level, and directs the client to a preferred endpoint. This endpoint can be to the region that's closest to your user.
  • Load Balancer and Traffic Manager both help make your services more resilient, but in slightly different ways. When Load Balancer detects an unresponsive VM, it directs traffic to other VMs in the pool. Traffic Manager monitors the health of your endpoints.When Traffic Manager finds an unresponsive endpoint, it directs traffic to the next closest endpoint that is responsive.

Knowledge check:

  1. What is an Azure region?
  • One or more Azure data centers within a specific geographical location.
Azure regions help you deliver your apps and services closest to your users. West US and North Europe are examples.
  • A way of breaking networks into smaller networks.
  • Firewall rules which define the flow of traffic in and out of Azure.

  1. Which of the following is true about virtual networks?
  • You configure virtual networks through software.
Software enables you to treat a virtual network just like your own network. Azure maintains the physical hardware for you.
  • A virtual network accepts network traffic on all ports. You configure the firewall through virtual machines.
  • Virtual networks are always reachable from the internet.

  1. Which is true about Azure Load Balancer?
  • You must use Azure Load Balancer if you want to distribute traffic among your virtual machines running in Azure.
  • Azure Load Balancer works with internet-facing traffic only.
  • Azure Load Balancer distributes traffic among similar systems, making your services more highly available.
If one system is unavailable, Azure Load Balancer stops sending traffic to it. It then directs traffic to one of the responsive servers.

  1. What is network latency?
  • The amount of data that can fit on the connection.
  • The distance data must travel to reach its destination.
  • The time it takes for data to travel over the network.
Latency measures the time it takes for data to reach its destination. Latency is typically measured in milliseconds.

  1. How does Azure Traffic Manager reduce latency?
  • It chooses only the fastest networks between endpoints.
  • It chooses the endpoint that's closest to the user's DNS server.
Choosing the server that's closest to the user is a good way to reduce latency.
  • It caches content, similar to how content delivery networks work.


Posted by at No comments:

Thursday, January 30, 2020

Day 14: Microsoft Module Core Cloud Services - Azure data storage options

What I learned today on this module,

Here are some of the important benefits of Azure data storage:
  • Automated backup and recovery: mitigates the risk of losing your data if there is any unforeseen failure or interruption.
  • Replication across the globe: copies your data to protect it against any planned or unplanned events, such as scheduled maintenance or hardware failures. You can choose to replicate your data at multiple locations across the globe.
  • Support for data analytics: supports performing analytics on your data consumption.
  • Encryption capabilities: data is encrypted to make it highly secure; you also have tight control over who can access the data.
  • Multiple data types: Azure can store almost any type of data you need. It can handle video files, text files, and even large binary files like virtual hard disks. It also has many options for your relational and NoSQL data.
  • Data storage in virtual disks: Azure also has the capability of storing up to 32 TB of data in its virtual disks. This capability is significant when you're storing heavy data such as videos and simulations.
  • Storage tiers: storage tiers to prioritize access to data based on frequently used versus rarely used information.

There are three primary types of data that Azure Storage is designed to hold.
  1. Structured data : SQL
  2. Semi-structured data : NoSQL
  3. Unstructured data : JPG, PDF, JSON, etc. 

Knowledge check:
  1. Suppose you work at a startup with limited funding. Why might you prefer Azure data storage over an on-premises solution?
  • To ensure you run on a specific brand of hardware, which will let you form a marketing partnership with that hardware vendor.
  • The Azure pay-as-you-go billing model lets you avoid buying expensive hardware.
There are no large, up-front capital expenditures (CapEx) with Azure. You pay monthly for only the services you use (OpEx).
  • To get exact control over the location of your data store.

  1. Which of the following situations would yield the most benefits from relocating an on-premises data store to Azure?
  • Unpredictable storage demand that increases and decreases multiple times throughout the year.
Azure data storage is flexible. You can quickly and easily add or remove capacity. You can increase performance to handle spikes in load or decrease performance to reduce costs. In all cases, you pay for only what you use.
  • Long-term, steady growth in storage demand.
  • Consistent, unchanging storage demand.

  1. A newly released mobile app using Azure data storage has just been mentioned by a celebrity on social media, seeing a huge spike in user volume. To meet the unexpected new user demand, what feature of pay-as-you-go storage will be most beneficial?
  • The ability to provision and deploy new infrastructure quickly
As the user demand increases, the agility to deploy new servers or services as needed can help scale to meet the increased user load.
  • The ability to predict the service costs in advance
  • The ability to meet compliance requirements for data storage

Posted by at No comments:
Subscribe to: Comments (Atom)