Microsoft AZ-900 Summary!

나는 Seneca College 의 Microsoft Azure Fundamentals workshop 을 수강해서 textbook과 Voucher를 제공받아 무료로 시험을 응시했다!

Dump에 나온 주요 내용들을 정리했다 🔆

덤프 5번 정도 풀어서 정리한 내용이니 진짜 이것만 봐도 합격 ✌🏻

⏸ 시험을 영어로 보는 사람에게는 영어로 공부하는 게 더 편하다!
⏸ Dump 시험지만 그대로 외워서 시험을 봤다가는 낭패 !
⏸ 40%정도는 다른문제가 나오니 개념을 확실히 잡고 시험봐야함!

• Dump site: https://www.itexams.com/exam/AZ-900

• Microsoft learn 제외하고
  개념 잡기 괜찮은 site :
  https://onedrive.live.com/?authkey=%21AEiZCSu_FS4bLkw&cid=1590B798C9CD6D68&id=1590B798C9CD6D68%21137464&parId=1590B798C9CD6D68%21136912&o=OneUp

---

• VM → IaaS

• Adding data center → Increase the cost

• Hybrid cloud: public + private cloud
  cloud가 이미 존재할 경우에는 cheap way~

• CapEx: Capital Expenditure VS Operational Expenditure__pay-as-you-go

• Cosmos DB
  : fully managed No SQL Database for modern app development ,
  JSON data, multi-regions, multi-model database service.

• Azure Logic Apps
  a) cloud-based platform.
  b) creating and running automated workflows
  c) help you schedule, automate, orchestrate tasks.

• ARM (Azure Resource Management)
  : In application code we add JSON for infra also for automatic creation of resources as application demand. same templates, deploy, platform

• Files: windows 10 run, mapped drive

• contains: need to identify which storage sewice must be used to store the unmanaged data disks of the virtual machine.

• SLAs
  a) 99.99% : for all VM that 2 or more instances deployed across 2 or more availability zones in the same Azure region.
  b) 99.95% : same, in the same Dedicated Host Group.

• Azure Dev test Labs : for developers
  quickly create environments using reusable templates and artifacts.
  60% window, 40% Linux —→ use

• point-to-site (p2s) VPN Gateway
  : connect to your virtual network from a remote location (from an individual client computer)
  useful few clients that need to connect to a VNET

• AIP (Azure Information Protection)
  : cloud-based solution that enables organizations to discover, classify, protect documents and emails by applying labels to content.
  Automatically add a watermark to Microsoft documents

• Azure Key Vault
  a) server app에 대한 configuration 암호 저장 (사용자 데이터 저장은 SQL Database or storage Service에다가 해야함!!)
  b) encrypt keys. secure secrets. during the deployment, store certificates.
  c) the administrative credentials are encrypted using a suitable Azure solution.
  d) secure store for storage various type of information (password & certificates) .

• Azure identity protection policies
  : automatically encouraged to change password.

• Privileged Identity Management (PIM)
  : time-based, approval-based role in AD that enables you to manage, control, monitor access to important resources in your organization. (중요한 리소스에 과도한 액세스 권한, 등 완화)

• Azure Service Bus
  : message service on cloud used to connect any applications, devices,,

• Azure Network Security Group (NSG)
  a) to filter network traffic to and from Azure resources in an Azure virtual network.
  : contains security rules that allow or deny inbound network traffic to or outbound network traffic from
  (Q. web servers and database servers to be controlled)
  b) can associate network security group to each Virtual Network Subnet and Network Interface in a Virtual machine.

• Firewall VS NSG VS Gateway
  a) FirewallControl inbound traffic in VM, limit amount of traffic service, multiple subscriptions
  *b) **NSG_ just block or open a port for traffic inside a same virtual network.
  c) Gateway*** ___ Control outgoing traffic in VM

• Azure AD
  a) user accounts migrated —> user 에게 최대한 영향을 주지 않는 strategy. cloud-based service.
  authenticates users and provides access tokens
  b) AD tenants multiple subscriptions ok
  1 subscription —— 1 AD
  1:n AD tenants ——> more subscriptions
  c) To use AD credentials to sign in to a computer that runs Windows 10, the computer must be joined to Azure AD.
  d) users in AD are organized by using resource groups—→ no!
  Group policy is only available for Active Directory Domain Services (AD DS)
  e) account move —> to sync all the AD user accounts to Azure AD
  f) AD groups support dynamic membership rules. + assigned multiple licenses
  g) centralized identity provider in the cloud.
  This is primary built-in authentication & authorization service to provide secure access to
  Azure resources and Microsoft 365

• Subscriptions
  : be used to isolate resources between departments separate subscription per department
  a) 1 single MS account —> to manage multiple Azure subscriptions
  b) VM and resources —→ other subscription으로 이동 가능 (by using Azure portal) but, subscription merge 는 X
  c) A company can have multiple subscriptions + store resources in the different subscriptions.
  but, a resource instance can exist in only 1 subscription.

• Support plan

• web tier
  a) basic: 10GB only, free account, 247 access to billing
  b) standard: 50GB, 24/7 access to technical support by email & phone
  c) developer: the cheapest paid- for support plan. ONLY general guidance
  d) premier :
  (1) have architectural review (request an accessment of environment), 24/7 access to technical support by email & phone
  (2) can only be purchased by companies that have an Enterprise Agreement (EA) : have architectural review
  (3) pay-as-you-go
  (4) can get support from the MSEN forums and can use Azure cost management*
  e) professional Direct : has architectural guidance based on best practice delivered by proDirect Delivery Manager
  ⇒ Premier, professional , standard, developer only open a new support request from in the Azure Portal (Help+support)
• Support request
  : Microsoft SQL —> must increase subscription limits
  ⇒ Create a new support request

• GZRS / RA-GZRS
  : Read-access geo-redundant storage

• Management Groups
  : Help to manage access, policy, compliance for multiple subscriptions

• Azure Policy
  : provide organizations with the abillity to manage the compliance of Azure resources across multiple subscriptions.
  service in Azure that enables you to create, assign, manage policies that control or audit your resources in the way to get compliance with your business rules.
  collection of policy definitions.
  to define requirements for resource properties during deployment and for already existing resources.

• Account
  a) 1 account administrator — 1 service administrator. (200 co-administrators per subscription)
  b) subscription call contain multiple administrators.
  c) but, can only be one account administrator.
  d) Azure Active Directory account to manage a subscription.

• Availability Zones
  a) Deploy 2 or more availability zones and 2 or more regions for VMs
  b) Not all Azure regions support availability zones
  c) Availability zones are unique physical locations within a single Azure region
  d) protect applications and data on your VMs from a data center failure

• a Virtual Network
  a) can have multiple IP address space and multiple subnets.
  b) Azure automatically routes traffic between different subnets within a virtual network.
  c) separate network segement

• tag : tags for resources are not inherited by default from their resource group.

• resource group: resource level are inherited by the resources in the resource group.

• archive storage
  : access 'Hot, Cool, archive'
  a) The archive access tier has the lowest.
  b) higher data retrieval costs.
  c) While a blob is in archive storage, the blob data is offline and can't be read, overwritten or modified —→ You must first rehydrate it to an online tier

• Azure Event Hubs : streaming platform, event ingestion service
  correlate events — Log Analytics
  collect events —- Event Hubs

• Azure storage
  a) data —> automatically has at least 3 copies. (LRS)
  b) data is not backed up automatically to another Data center
  c) storage limit is 2PB, 500TB. no limits on the number of files

• Azure Service Health: Plan. maintenance
  a) Azure Status + Azure Service Health + Azure Resource Health
  (Azure Status: service outages in Azure on the Azure page ⇒ global view
  Azure Service Health: personalized view of the health of the Azure services + regions you're using
  Azure Resource Health: provides information about individual cloud resources such as a
  specific VM instances)
  b) administrator can view the health of all the services in an Azure environment
  c) an administrator can create a rule to be alerted if an Azure service fails
  but, can't prevent a service failure.
  d) Help + support

• IoT
  IoT Sphere = Secure
  IoT Central = Monitor
  IoT Hub = provides data from millions of sensors
  can route message to blob storage, Azure data lake

• Dump__Q. VM1 in Sub1 (RG1 - name VM1 — image UbuntuLTS — generate-ssh-keys) 생성하고자 할 때,
  ⇒ From the Azure portal, launch Azure Cloud Shell and Select Bash.
  Run the command in Cloud Shell

• link in Keyword
  a) Azure Virtual Machines — provide operating system virtualization
  b) Azure Container Instances — provide portable environment for virtualized applications
  c) Azure databricks — big data analysis, is an Apache Spark-based analytics service
  d) Azure Functions — serverless
  e) Azure App service — Host, used to build, deploy, scale web apps
  f) Azure Application insight — anomalies (Azure Monitor features)
  g) Azure DevOps — An integrated solution for the deployment of code
  e) Azure Advisor — A tool that provides guidance & recommendations to improve an Azure Environment
  h) Azure Cognitive Service — A simplified tool to build intelligent AI applications
  i) Azure Application insights — Monitors web applications
  j) VPN(a virtual network gateway) - a gateway subnet
  link client computers

• SET KEYWORD
  a) Windows PowerShell — Azure CLI — command prompt
  powerShell in Azure Cloud Shell : browser-based, can be run on a browser from a tablet that runs the Android operating system. + VM(Azure portal)
  b) Al — ML(Machine Learning)
  c) Azure Advanced Threat Protection(ATP) cloud-based security solution/ AD signals 를 활용해서 조직을 향한 threats 조사하는 solution_—- Monitor threats by using sensors
  d) Azure Active Directory (AD) Identity Protection —- Enforce Azure MFA(Multi-Factor Authentication) based on condition
  e) consumption-based plan —- pay-as-you-go
  f) Budget alerts —- to send email alerts when the cost of the current billing period for an Azure subscription exceeds a specified limit

• Azure Monitor
  a) Taking action
  b) can monitor the performance of on-premises computers
  c) Alert rules in Azure Monitor use action groups
  d) uses target resource, ((EX) VM, a storage account, a VM Scale set, a Log analytics workspace, an Application insights resource)
  d) can monitor resources across multiple Azure subscriptions
  d) Health / status of your application using insights & logs

• Azure Repos: a set of version control tools to manage code.

• can Run PowerShell scripts(file that contains PowerShell cmdlets and code) ——> core 6.0, PowerShell, CloudShell
  ⇒ You can run PowerShell cmdlets and scripts in a web browser.
  ⇒ You log in to the Azure portal and select the Azure Cloud Shell option.

• Azure SQL Data base: A managed relational cloud database service

• Azure SQL synapse Analytics ( Data Warehouse/ PaaS)
  : A cloud based service that leverages massively parallel processing to quickly run complex queries across petabytes of data in a relational database

• Azure data Lake Analytics
  : can run massively parallel data transformation and processing programs across petabytes of data

• Azure HD Insight
  : An open-source framework for the distributed processing and analysis of big data sets in clusters

• CDN (a content delivery network)
  : to provide the best video playback experience
  ⇒ distributed network of servers that can efficiently deliver web content to users. VERY QUIKLY

• Azure CLI : can be installed on Mac OS, iphone XX __ uses bash syntax
  Windows PowerShell: can be installed on Mac OS(6.0), iphone XX
  Cloud Shell —> Chrome, interactive. authenticated, browser- accessible shell for managing Azure resources
  create VM by using Bash or PowerShell

• the Azure portal & Azure Cloud Shell ⇒ web app from iphone

• Azure Security Center
  a) can monitor Azure resources and on-premises resources
  b) can download a Regulatory Compliance report
  but, continuous accessment & security recommandations and Azure Secure score ⇒ only free
  c) can enable just in time (JIT) VM access

• DDoS protection : basic/ standard. specific attack

• Role-based-access Control
  a) Can created custom Azure roles to control access to resources
  b) A user account can be assigned to multiple Azure roles
  c) A resource group can have the owner role assigned to multiple users

• Azure Sentinel
  a) SIEM, SOAR (보안정보관리, 자동응답)system
  b) delivers intelligent security analytics and threat intelligence across the enterprise
  c) to collect and automatically analyze security events from Azure AD

• Azure Activity Log : can view which user turned off a specific virtual machine during the last 14days. + 90 days kept.

• Azure Compliance Manager
  a) in the service Trust Portal
  b) workflow-based risk accessment tool that helps you track, assign, verify your organizations regulatory compliance activities related to Microsoft Cloud services such as MS 365, Dynamics 365 and Azure.
  c) to evaluate Regulatory requirements
  d) your company from CloudShell

• General Data Protection Regulation (GDPR)
  a) defines data Protection and privacy rules
  b) applies to companies that offer goods or services to individuals in the EU
  c) can be used to build a GDPR-compliance infrastructure
  d) A European policy that regulates data privacy and data protection

• Azure blueprint
  a) can add Azure Resource Manager template (ARM) to an Azure blueprint
  b) can use blueprints to grant permissions to a resource
  c) can be saved to a management group or subscription
  d) package for creating specific sets of standards and requirement that govern the implementation of Azure services, security, and design

• Azure Government
  a) A dedicated public cloud for federal and state agencies in the US
  b) is operated by Microsoft (Azure China is operated by 21 vianet)
  c) available only to US government agencies and their partners

• NIST : An organization that defines standards used by the US government

• An Azure resource
  a) can have multiple Delete locks
  b) inherits locks from its resource group
  c) If Azure resource has a Read-Only lock, you can add a Delete lock to the resource
  d) can configure a lock on a resource group to prevent the accidental deletion of resource group. The lock applies to everyone, including global administrators.

• Authorization and Authentication
  a) Authorization to access Azure resources can be provided by other identity providers by using federation
  b) Identities stored in Azure AD, third-party cloud services, and on-premises AD can be used to access Azure resources
  c) Azure has built-in authentication and authorization services the provide secure access to Azure resources

• MFA (Multi-Factor Authentication)
  a) can have a cloud-only environment and use MFA
  b) valid methods: Password, MS Authenticator App, SMS, Voice call (not passport number)
  c) can configure MFA to be required for administrator accounts only or configure MFA for any user account

• Storage account Billing
  a) inbound is free
  b) outbound is paid per GB
  c) storage rent is paid per GB/month
  d) storage read/write operations are paid

• private & public preview
  a) private preview can be viewed in the regular Azure Portal
  b) public preview can be used in production environment (from the portal)
  but, not subject an SLA!!
  and anyone available! (Azure subscription)

• Modern Lifecycle Policy
  : If MS plans to end support for an Azure Service that does NOT have a successor service, MS will provide notification at least 12 months before

• A subscription owner
  a) only the billing administrator of an account can transfer ownership of a subscription
  b) can manage all resources and permissions within the subscription
  but! cannot transfer ownership of the subscription
  c) can remove the spending limit
  but! cannot increase or decrease it

• How to calculate the monthly uptime percentage
  = (Maximum Available Minutes - Downtime) / Maximum Available Minutes * 100

• Q. How to reduce cost?
  20 user accounts in Azure AD
  5 groups
  10 public IP addresses
  10 network interfaces
  ⇒ remove the unused Public IP addressed*
  ( not remove NIC, unused user account__always free)

• Q. account expired?
  The free account is only 120 days → start an existing Azure Virtual machine.
  ( * Azure free account
  a) spending limit (200USD or 150 GBP)
  b) 5GB blob storage limit & 5GB file storage limit
  c) limit of 10 web, mobile or API apps

---