Examen AZ900

Compañía Azure

Autor：T30886
Version 2：

Contents

1 General Notes： 2

2 Public and Private clouds and their characteristics: 3

3 Azure built in solutions to day to day problems: 5

4 Azure Resources fundamentals 5

5 Azure Virtual Network fundamentals： 7

6 Azure Virtual Machines fundamentals： 8

7 Azure Storage fundamentals： 8

8 Azure security access fundamentals： 9

9 Azure cost fundamentals： 10

1
Examen AZ900
Compañía Azure

AZ900

1 General Notes：
• Availability zones are primarily for virtual machines, managed disks, load balancers,
and SQL databases.

• Azure Functions allows you to run code as a service without having to manage
the underlying platform or infrastructure. Azure Logic Apps is similar to Azure
Functions, but uses predefined workflows instead of developing your own code.

• If you have virtual machine workloads that are used only during certain periods,
but you run them every hour of every day, then you are wasting money. These
virtual machines are great candidates to deallocate when not in use and start back
when required to save compute costs while the virtual machines are deallocated.

• If you need to identify which Azure services are compliant with ISO 27001 Informa-
tion Security Management Standards you can locate that information in Microsoft
Trust Center. The Trust Center showcases the Microsoft principles for maintaining
data integrity in the cloud and how Microsoft implements and supports security,
privacy, compliance, and transparency in all Microsoft cloud products and services.

• You scale horizontally by increases compute capacity i.e. by adding instances of

resources, such as adding virtual machines to the configuration.

• You scale vertically by adding RAM or CPUs to a virtual machine.

• Disaster recovery keeps data and other assets safe in the event of a disaster.

• Disaster recovery uses services, such as cloud-based backup, data replication, and
geo-distribution, to keep data and code safe in the event of a disaster.

• Elasticity refers to the ability to scale resources as needed, such as during business
hours, to ensure that an application can keep up with demand, and then reducing
the available resources during off-peak hours.

• Agility refers to the ability to deploy new applications and services quickly.

• High availability refers to the ability to ensure that a service or application remains
available in the event of a failure.

2
Examen AZ900
Compañía Azure

• Geo-distribution makes a service or application available in multiple geographic

locations that are typically close to your users.

• Availability zones are physically separate datacenters within an Azure region. Each
availability zone is made up of one or more datacenters equipped with independent
power, cooling, and networking.

• Region pairs allow the replication of Azure resources across geographies to help
ensure that a secondary region is available in case of any disaster at the primary
region.

• IaaS is the most flexible category of cloud services. It aims to give you complete
control over the hardware that runs applications.

• Users do not control the operating system and do not configure the underlying
servers in PaaS. In PaaS, the cloud provider is responsible for the operating system,
physical datacenter, physical hosts, and physical network. In PaaS, the customer is
responsible for accounts and identities.

• With SaaS, you are using as-is software hosted in the cloud, instead of creating a
platform to host a software yourself.SaaS allows users to connect to and use cloud-
based apps over the internet. Common examples are email, calendaring, and Office
tools, such as Office 365.

• Azure Virtual Machines and Azure virtual network are examples of IaaS offering.
The customer is responsible for the configuration of the virtual machine as well as
all operating system configurations. Azure App Services and Azure Cosmos DB are
PaaS offerings. Microsoft Office 365 is a SaaS offering.

2 Public and Private clouds and their characteristics:

• Agility means that you can deploy and configure cloud-based resources quickly as
app requirements change.

• Scalability means that you can add RAM, CPU, or entire virtual machines to a con-
figuration.

• Elasticity means that you can configure cloud-based apps to take advantage of au-
toscaling, so apps always have the resources they need.

3
Examen AZ900
Compañía Azure

• High availability means that cloud-based apps can provide a continuous user expe-
rience with no apparent downtime, even when things go wrong.

• In a consumption-based model, you do not pay for anything until you start using
resources, and you only pay for what you use. If you stop using a resource, you
stop paying for it. High expenditures are usually associated with the purchase of
the physical infrastructure, which is not needed in a consumption-based model.

• Capital expenditures are one-time expenses that can be deducted over time. Oper-
ational expenditures are billed as you use services and a do not have upfront costs.

• Cloud-based apps can provide a continuous user experience with no apparent down-
time, even when things go wrong. You can deploy apps and data to regional dat-
acenters around the globe, thereby ensuring that your customers always have the
best performance in their region.

• Apps in cloud computing can scale vertically and horizontally.

• In a public cloud model, you do not get physical access to servers, as they are man-
aged by the cloud provider.

• In a public cloud, services are offered over the internet and are available to anyone
who wants to purchase them.

• A private cloud is limited to a single organization.

• Cloud resources, such as servers and storage, are owned and operated by a third-
party cloud service provider and delivered over the internet.

• A private cloud consists of computing resources used exclusively by users from one
business or organization.

• Cloud computing allows you to scale more quickly. Owning your own CPUs and
having full access in the event of an internet outage are not features of cloud com-
puting. Working from multiple workstations is not specific to cloud computing
compared to an on-premises deployment.

• Different services have different SLAs. Sometimes different tiers of the same service
will offer different SLAs, which can increase or decrease the promised availability.

4
Examen AZ900
Compañía Azure

3 Azure built in solutions to day to day problems:

• The Azure portal provides a GUI to view all the services you are using, create new
services, configure your services, and view reports.

• The Azure portal can run on devices that have the Android operating system in-
stalled. The browser can be any type, such as Internet Explorer 11, Chrome, Fire-
fox, or Safari (all the latest versions). When you visit the portal, you will see Cloud
Shell. Users can then access Bash and PowerShell from within Cloud Shell. You can
use Bash and PowerShell to create Azure virtual machines.

• Azure CLI allows you to use the Bash shell to perform administrative tasks. Bash
is used in enviroments such as Linux.

• Application Insights is a feature of Azure Monitor that allows you to monitor run-
ning applications, automatically detect performance anomalies, and use built-in an-
alytics tools to see what users do on an app.

• Service Health notifies you of Azure-related service issues, such as region-wide

downtime.

• Azure Monitor is a platform for collecting, analyzing, visualizing, and alerting based
on metrics. Azure Monitor can log data from an entire Azure and on-premises
environment.

• All cloud providers provide compute and storage services. Colocation is when a
business rents space in a shared physical datacenter. Application development is
the responsibility of the customer and is typically done either in-house or through
a third party.

4 Azure Resources fundamentals

• Accounts are used to provide access to resources

• Resources are combined into resource groups, which act as a logical container into
which Azure resources like web apps, databases, and storage accounts, are deployed
and managed.

• Management groups can be used in environments that have multiple subscriptions

5
Examen AZ900
Compañía Azure

to streamline the application of governance conditions i.e. manage access, policies,

and compliance across multiple subscriptions .

• Administrative units are used to delegate the administration of Azure AD resources,

such as users and groups.

• A resource lock prevents resources from being accidentally deleted or changed. Re-
source tags offer the custom grouping of resources.

• An Azure role-based access control (AZURE RBAC) role is applied to a scope, which
is a resource or set of resources that the access applies to.

• Azure Policy is a service in Azure that enables you to create, assign, and manage
policies that control or audit resources. These policies enforce different rules across
all resource configurations so that the configurations stay compliant with corporate
standards.

• Azure Policy enables you to define both individual policies and groups of related
policies called initiatives. Azure Policy evaluates your resources and highlights
resources that are not compliant with the policies you created. Azure Policy can
also prevent noncompliant resources from being created.

• Azure Policy can help to create a policy for allowed regions, which enables you to
restrict the deployment of virtual machines to a specific location.

• An initiative is a way of grouping related policies together.

• Azure Resource Manager (ARM) is the deployment and management service for
Azure. It provides a management layer that enables you to create, update, and
delete resources in an Azure subscription. You use management features, such as
access control, resource locks, and resource tags, to secure and organize resources
after deployment.

• ARM templates define an application’s infrastructure requirements for a repeatable

deployment that is done in a consistent manner. A validation step ensures that all
resources can be created in the proper order based on dependencies, in parallel and
idempotent.

• Azure Blueprints simplifies large scale Azure deployments by packaging key envi-
ronment artifacts, such as Azure Resource Manager (ARM) templates, role-based

6
Examen AZ900
Compañía Azure

access controls (RBAC), and policies, into a single blueprint definition. You can
easily apply the blueprint to new subscriptions and environments.

• Azure Resource Manager (ARM) accepts requests from any Azure tool or API and
enables you to create, update, and delete resources in an Azure account

5 Azure Virtual Network fundamentals：

• You can link virtual networks together by using virtual network peering. Peering
enables resources in each virtual network to communicate with each other.

• Service endpoints are used to expose Azure services to a virtual network, providing
communication between the two.

• NSGs ( Azure network security groups ) allow you to configure inbound and out-
bound rules for virtual networks and virtual machines.

• Peering allows you to connect virtual networks together.

• ExpressRoute connections and Azure VPN Gateway are two services that you can
use to connect an on-premises network to Azure.

• Bastion provides a web interface to remotely administer Azure virtual machines by

using SSH/RDP.

• Azure Firewall is a stateful firewall service used to protect virtual networks.

• Azure Arc simplifies governance and management by delivering a consistent multi-

cloud and on-premises management platform.

• Azure AD Connect syncs user identities from an on-premises Active Directory Do-
main Services (AD DS) domain to Azure AD.

• Azure AD Connect allows you to use features such as single sign-on (SSO), MFA,
and self-service password reset (SSPR) in both systems. SSPR prevents users from
using known compromised passwords.

7
Examen AZ900
Compañía Azure

6 Azure Virtual Machines fundamentals：

• Virtual machines are software emulations of physical computers. They include a
virtual processor, memory, storage, and networking resources. Virtual machines
host an operating system, and you can install and run software just like on a physical
computer.

• Containers are a virtualization environment. Much like running multiple virtual

machines on a single physical host, you can run multiple containers on a single
physical or virtual host. Unlike virtual machines, you do not manage the operating
system for a container.

• Azure Container Instances and Azure Kubernetes Service (AKS) allow you to run
applications in containers.

• Virtual Machine Scale Sets are an Azure compute resource that you can use to de-
ploy and manage and scale a set of identical virtual machines.

• Azure Virtual Desktop is a desktop and application virtualization service that runs
in the cloud. It enables your users to use a cloud-hosted version of Windows from
any location. Azure Virtual Desktop works across devices such as Windows, Mac,
iOS, Android, and Linux. It works with apps that you can use to access Remote
Desktops and apps. You can also use most modern browsers to access Azure Virtual
Desktop-hosted experiences.

7 Azure Storage fundamentals：

• Azure Blob storage is an object storage solution that you can use to store massive
amounts of unstructured data, such as text or binary data.

• Azure blob has three tiers: the Hot tier is optimized for storing data that is accessed
frequently. The Cool access tier has a slightly lower availability SLA and higher
access costs compared to hot data, which are acceptable trade-offs for lower storage
costs. Archive storage stores data offline and offers the lowest storage costs, but also
the highest costs to rehydrate and access data.

• Low storage costs and unlimited file formats make blob storage a good location to
store backups and archives. Blob storage can be reached from anywhere by using

8
Examen AZ900
Compañía Azure

an internet connection.

• Azure Disk Storage provides disks for Azure virtual machines. Azure Files supports
mounting file storage shares.

• Azure Files offers fully managed file shares in the cloud with shares that are acces-
sible by using Server Message Block (SMB) protocol. Mounting Azure file shares is
just like connecting to shares on a local network.

• Azure Files offers fully managed file shares in the cloud that are accessible via
industry-standard SMB and NFS protocols.

8 Azure security access fundamentals：

• Conditional Access is a tool that Azure AD uses to allow or deny access to resources
based on identity signals, such as the device being used.

• SSO enables a user to sign in one time and use that credential to access multiple
resources and applications from different providers.

• MFA is a process whereby a user is prompted during the sign-in process for an
additional form of identification.

• Hybrid identity solutions create a common user identity for authentication and au-
thorization to all resources, regardless of location.

• A defense in depth strategy uses a series of mechanisms to slow the advancement

of an attack that aims to gain unauthorized access to data.

• The principle of least privilege means restricting access to information to only the
level that users need to perform their work.

• A DDoS attack attempts to overwhelm and exhaust an application’s resources.

• The perimeter layer is about protecting an organization’s resources from network-

based attacks.

9
Examen AZ900
Compañía Azure

9 Azure cost fundamentals：

• Usage meters, such as CPU time, disk size, and write operations, are used to calcu-
late your bill for an Azure resource. Deleting or deallocating a resource means that
you will no longer be billed for it. Different regions can have different associated
prices. Resources cost the same no matter the time of day or the day of the week.

• You can use tags to categorize costs by department, such as human resources, mar-
keting, or finance, or by environment, such as test or production.

• Resizing underutilized virtual machines is a good cost saving measure and provi-
sioning resources in lower cost regions is a good practice, but resource tags do not
help with this.

• The Azure Pricing calculator allows you to estimate and configure according to your
specific requirements. You will then receive a consolidated estimated price and a
detailed breakdown of the costs associated with each resource you added to your
solution.

• The TCO Calculator helps you estimate the cost savings over time of operating a
solution in Azure compared to operating in an on-premises datacenter.

• Azure Cost Management allows you to create and manage cost and usage budgets
by monitoring resource demand trends, consumption rates, and cost patterns. It
also allows you to use historical data to generate reports and forecast future usage
and expenditures.

• Azure Advisor evaluates Azure resources and makes recommendations to help im-
prove reliability, security, and performance, achieve operational excellence, and
reduce costs.

• Azure Service Health allow you to find information about planned maintenance
for Azure services that are critical to your organization. You can drill down to the
affected services, regions, and details to show how an event will affect you and what
you must do. Most of these events occur without any impact to you and will not be
shown. In a rare case that a reboot is required, Service Health allows you to choose
when to perform the maintenance to minimize the downtime

• Health advisories are issues that require that you take proactive action to avoid

10
Examen AZ900
Compañía Azure

service interruptions, such as service retirements and breaking changes. Service

issues are problems such as outages that require immediate actions.

• Azure Monitor is a platform that collects metric and logging data, such as CPU
percentages. The data can be used to trigger autoscaling.

11