Wednesday, February 5, 2020

Day 20: Review Day 1

Reviewing about

  • IaaS, PaaS, Saas
  • Public, Private and Hybrid Cloud
  • Scope of Azure Support Plans
    • Basic
    • Developer: Trial and non-production
    • Standard: Production workload environments
    • Professional Direct: Business-critical dependence
    • Premier: Substansial dependence across multiple products
  • Geographies, Availability Zones, Region Pairs, SLAs, etc.
  • Azure day-to-day management and interaction:
    • Azure portal (GUI)
    • Azure PowerShell and Azure CLI: command line and automation based interactions
    • Azure Cloud Shell: web based CLI
    • Azure Mobile App: monitoring and managing resources from your mobile devices
  • Azure Compute:
    • App Service. A managed service for hosting web apps, mobile app back ends, RESTful APIs, or automated business processes.
    • Azure Kubernetes Service (AKS). A managed Kubernetes service for running containerized applications.
    • Batch. A managed service for running large-scale parallel and high-performance computing (HPC) applications
    • Container Instances. The fastest and simplest way to run a container in Azure, without having to provision any virtual machines and without having to adopt a higher-level service.
    • Functions. A managed FaaS service.
    • Service Fabric. A distributed systems platform that can run in many environments, including Azure or on premises.
    • Virtual machines. Deploy and deploy and manage VMs inside an Azure virtual network.
  • Azure Data Storage:
    • Structured Data: Azure SQL Database
    • Semi-Structure Data: Azure Cosmo Database
    • Unstructured: Azure Blob Storage
    • Azure Data Lake Structure: Analytics on data usage and prepare reports
    • Azure Files: SMB Sharing
    • Azure Queue storage is a service for storing large numbers of messages that can be accessed from anywhere in the world.
    • Storage Tiers (Hot: frequently, Cool: infrequently and at least 30 days, Archive infrequently and at least 180 days)
  • Azure Networking
    • Azure Region
    • Azure Load Balancer (vm)
    • Azure Application Gateway
    • Azure Traffic Manager (end points)
Posted by at No comments:

Tuesday, February 4, 2020

Day 19: Microsoft Module Predict costs and optimize spending for Azure

Knowledge check:

  1. Which tab of the Azure pricing calculator will you use to put together your estimate?
  • Estimate
  • Products
This tab has all the Azure services listed and is where you'll add or remove services to get your estimate.

  1. True or false: You can share your estimate through an Excel spreadsheet or through a URL.
  • True
Clicking Export at the bottom of the estimate will export an Excel spreadsheet that you can share, or you can click Share to get a URL link that you can share with your team.
  • False

  1. Azure Advisor provides recommendations for _________.
  • Costs only
  • High availability, security, performance, and cost
Azure Advisor provides recommendations on high availability, security, performance, and cost.
  • High availability, performance, and cost

  1. Azure Cost Management allows you to _________.
  • See historical breakdowns of what services you are spending your money on.
Cost Management analyzes where you are historically spending your money and can track it against budgets you have set.
  • See estimates of what your services might cost if you make a change.

  1. Which one of these is not a cost-saving solution?
  • Deallocate virtual machines during off hours.
  • Use Azure Reserved Virtual Machine Instances.
  • Load balance your virtual machines for incoming messages.
Load balancing is used for performance optimization not cost savings.
  • Right-size underutilized virtual machines.

  1. True or false: PaaS is generally less expensive than IaaS.
  • True
IaaS requires Azure to dedicate resources while PaaS give Azure more flexibility in how services are delivered. This means Azure can fill and operate hardware efficiently and therefore offer PaaS services at a savings over IaaS.
  • False

  1. True or false: If you already have Windows Server licenses, you have to pay for them again on Azure.
  • True
  • False
Under certain circumstances, you can utilize the hybrid benefit for Windows Server and pay only the Linux rate.

  1. True or false: Azure has money-saving options for test and development servers.

  • True
The Azure Enterprise Dev/Test and Azure Pay-As-You-Go Dev/Test benefits give you several discounts, most notably for Windows workloads, eliminating license charges and billing you only at the Linux rate for virtual machines. This also applies to SQL Server and any other Microsoft software that is covered under a Visual Studio subscription.
  • False

  1. Which one of the following systems is used to determine Azure costs for each billing period?
  • The Azure website
  • Number of created virtual machines
  • The Azure pricing calculator
  • Usage meters
Correct. Azure is billed according to your consumption based on monthly usage meters.

  1. Which of the following factors affects costs?
  • Global infrastructure
  • Location
The location you place your resources will vary the price for the resource.
  • Availability zone

  1. Complete the following sentence. As an Azure customer, Azure Reservations offer discounted prices if you _________
  • Make upfront commitments on compute capacity
Azure Reservations offer discounted prices on certain Azure products and resources. To get a discount, you reserve products and resources through an upfront commitment. You can then either prepay or pay monthly for one or three years of usage of certain Azure resources.
  • Provision many resources
  • Have a free account
  • Set Spending Limits
Last module on Microsoft Learn. Starting tomorrow will be revision days
Posted by at No comments:

Monday, February 3, 2020

Day 18: Microsoft Module 900 XP Control and organize Azure resources with Azure Resource Manager



Knowledge check:
  1. Tags can be applied to any type of resource on Azure
  • True
  • False
Not all resources support tags, so you will want to confirm that your resource type supports them.
  1. Tags applied at a resource group level are propagated to resources within the resource group.
  • True
  • False
Tags are not inherited. You need to apply tags to every supported resource that you need tagged.
  1. Which of the following is not a feature of resource groups?
  • Resources can be in only one resource group.
  • Resources can be moved from one resource group to another resource group.
  • Resource groups can be nested.
  • Role-based access control can be applied to the resource group.
  1. Which of the following might be a good usage of tags?
  • Using tags to associate a cost center with resources for internal chargeback
  • Using tags in conjunction with Azure Automation to schedule maintenance windows
  • Using tags to store environment and department association
  • All of the above are good ways to use tags
  1. Which of the following would be the most efficient way to ensure a naming convention was followed across your subscription?
  • Send out an email with the details of your naming conventions and hope it is followed
  • Create a policy with your naming requirements and assign it to the scope of your subscription
  • Give all other users except for yourself read-only access to the subscription. Have all requests to create resources sent to you so you can review the names being assigned to resources, and then create them.
  1. Which of the following would be good to put a resource lock on?
  • An ExpressRoute circuit with connectivity back to your on-premises network
  • A non-production virtual machine used to test occasional application builds
  • A storage account used to temporarily store images processed in a development environment


Posted by at No comments:

Sunday, February 2, 2020

Day 17: Microsoft Module Apply and monitor infrastructure standards with Azure Policy

Important points:

  • Azure Policy is a default allow and explicit deny system. It focuses on resource properties during deployment and for already existing resources. While RBAC focuses on user actions at different scopes. RBAC is explicit allow and default deny system.
  • The Microsoft privacy statement explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes.
  • Trust Center is a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services.
  • The Service Trust Portal (STP) hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services.
  • Compliance Manager is a workflow-based risk assessment dashboard within the Trust Portal that enables you to track, assign, and verify your organization's regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure.
Knowledge check:

  1. True or false: You can download published audit reports and other compliance-related information related to Microsoft’s cloud service from the Service Trust Portal
  • True
You can download published audit reports and other compliance-related information related to Microsoft’s cloud service from the Service Trust Portal.
  • False

  1. Which Azure service allows you to configure fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs?
  • Locks
  • Policy
  • Initiatives
  • Role-based Access Control
Role-based access control (RBAC) provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs. RBAC is provided at no additional cost to all Azure subscriber.

  1. Which Azure service allows you to create, assign, and, manage policies to enforce different rules and effects over your resources and stay compliant with your corporate standards and service-level agreements (SLAs)?
  • Azure Policy
Azure Policy is a service in Azure that you use to create, assign, and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service-level agreements (SLAs).
  • Azure Blueprints
  • Azure Security Center
  • Role-based Access Control

  1. Which of the following services provides up-to-date status information about the health of Azure services?
  • Compliance Manager
  • Azure Monitor
  • Service Trust Portal
  • Azure Service Health
Azure Service Health is the correct answer, because it provides you with a global view of the health of Azure services. With Azure Status, a component of Azure Service Health, you can get up-to-the-minute information on service availability.

  1. Where can you obtain details about the personal data Microsoft processes, how Microsoft processes it, and for what purposes?
  • Microsoft Privacy Statement
You can obtain the details about how Microsoft uses personal data in the Microsoft Privacy Statement.
  • Compliance Manager
  • Azure Service Health
  • Trust Center

Posted by at No comments:

Saturday, February 1, 2020

Day 16: Microsoft Module Security, responsibility, and trust in Azure

Read this module carefully and slowly since most of them are quite important and compact, I cannot summarize them here.

Knowledge check:
  1. Cloud security is a shared responsibility between you and your cloud provider. Which category of cloud services requires the greatest security effort on your part?
  • Infrastructure as a service (IaaS)
At this level, the cloud provider provides physical security to compute resources. However, it's your responsibility to patch and secure your operating systems and software, as well as configure your network to be secure.
  • Platform as a service (PaaS)
  • Software as a service (SaaS)

  1. Which of these options helps you most easily disable an account when an employee leaves your company?
  • Enforce multi-factor authentication (MFA)
  • Monitor sign-on attempts
  • Use single sign-on (SSO)
SSO centralizes user identity, so you can disable an inactive account in a single step.

  1. Which of these approaches is the strongest way to protect sensitive customer data?
  • Encrypt data as it sits in your database
  • Encrypt data as it travels over the network
  • Encrypt data both as it sits in your database and as it travels over the network
Encrypting your data at all times, both as it sits in your database and as it travels over the network, minimizes the opportunity for an attacker to access your data in plain text.

  1. There has been an attack on your public-facing website, and the application's resources have been overwhelmed and exhausted, and are now unavailable to users. What service should you use to prevent this type of attack?
  • DDoS protection
DDoS protection is the correct answer, because it will help prevent DDoS attacks.
  • Azure Firewall
  • Network Security Group
  • Application Gateway

  1. You want to store certificates in Azure to centrally manage them for your services. Which Azure service should you use?
  • AIP
  • Azure AD
  • Azure Key Vault
Azure Key Vault is the correct answer, because it is a centralized cloud service for storing application secrets, referred to as a secret store.
  • Azure ATP

Thats all about the security for today.

Posted by at No comments:
Subscribe to: Comments (Atom)