Az-900 Exam Cram Full Course Handout

COVERS FULL EXAM!
AZ-900
EXAM
CRAM
Exam DOMAINS for az-900 ©2021 INSIDE CLOUD & Security
01 Describe Cloud Concepts
02 Describe Core Azure Services
03 Describe core solutions and management tools on Azure
04 Describe general security and network security features
05 Describe identity, governance, privacy, and compliance features
06 Describe Azure cost management and Service Level Agreements
For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
1. Identify the benefits and

considerations of using cloud services
2. Describe the differences between
categories of cloud services
3. Describe the differences between types
of cloud computing
DOMAIN 1: Describe cloud concepts
❖ Identify the benefits of cloud computing, such as
High Availability, Scalability, Elasticity, Agility,
and Disaster Recovery
❖ Identify the differences between Capital
Expenditure (CapEx) and Operational
Expenditure (OpEx)
❖ Describe the consumption-based model
1. Identify the benefits and considerations

of using cloud services
❖ Describe the shared responsibility model
❖ Describe Infrastructure-as-a-Service (IaaS),
❖ Describe Platform-as-a-Service (PaaS)
❖ Describe serverless computing
❖ Describe Software-as-a-Service (SaaS)
❖ Identify a service type based on a use case
2. Describe the differences between
categories of cloud services
❖ Define cloud computing
❖ Describe Public cloud
❖ Describe Private cloud
❖ Describe Hybrid cloud
❖ Compare and contrast the three types
of cloud computing
3. Describe the differences between types

of cloud computing
COMPARE CLOUD
MODELS & SERVICES
COMPARE CLOUD
MODELS & SERVICES
PRIVATE HYBRID pUBLIC
IAAS PAAS SAAS

COMPARE CLOUD
MODELS & SERVICES
SHARED RESPONSIBILITY MODEL
shared responsibility model
100% YOURS
Applications Applications Applications Applications
Data Data Data Data
Runtime Runtime Runtime Runtime
Responsible Middleware Middleware Middleware Middleware
CSP OS OS OS OS
Customer Virtualization Virtualization Virtualization Virtualization
Servers Servers Servers Servers
Storage Storage Storage Storage
Networking Networking Networking Networking
On-premises IaaS PaaS SaaS
CLOUD MODELS & SERVICES - IAAS
Applications Applications
Data Data
Runtime Runtime CSP provides building blocks, like
Middleware Middleware networking, storage and compute
OS OS
Virtualization Virtualization CSP manages staff, HW, and
Servers Servers
datacenter
Storage Storage
Networking Networking
On-premises IaaS
CLOUD MODELS & SERVICES - IAAS
Data Data
Runtime Runtime
Middleware Middleware
OS OS
Virtualization Virtualization
Servers Servers Azure Virtual Amazon EC2 GCP Compute
Storage Storage Machines Engine
On-premises IaaS
CLOUD MODELS & SERVICES - PAAS
Data Data
Runtime Runtime Customer is responsible for
Middleware Middleware deployment and management of apps
OS OS
Virtualization Virtualization CSP manages provisioning,
Servers Servers
configuration, hardware, and OS
Storage Storage
On-premises PaaS
CLOUD MODELS & SERVICES - PAAS
Data Data
Runtime Runtime
OS OS
Servers Servers Azure SQL API Azure App
Storage Storage Database Management Service
On-premises PaaS
CLOUD MODELS & SERVICES - SAAS
Data Data
Runtime Runtime
Middleware Middleware Customer just configures features.
OS OS
Virtualization Virtualization CSP is responsible for management,
Servers Servers
operation, and service availability.
Storage Storage
On-premises SaaS
CLOUD MODELS & SERVICES - SAAS
Data Data
Runtime Runtime
OS OS
Servers Servers
Storage Storage
On-premises SaaS
describe CLOUD CONCEPTS
Describe the differences between Public, Private
and Hybrid cloud models
Benefits of Cloud is cost-effective,

Cloud global, secure, scalable,
Computing elastic, and always current
Describe Everything runs on your

Public Cloud cloud provider's hardware.
Describe Advantages include

Public Cloud scalability, agility, PAGY, no
maintenance, and low skills
Describe A cloud environment in your

Private Cloud own datacenter
Describe Advantages include legacy

Private Cloud support, control, and compliance
Combines public and private

Describe
clouds, allowing you to run your
Hybrid Cloud apps in the right location
Advantages include flexibility in

Describe
legacy, compliance, and
Hybrid Cloud scalability scenarios
KNOW THESE CLOUD
CONCEPts
Describe the benefits and considerations of using cloud services
The ability of a system to

Scalability handle growth of users or work
The ability of a system to automatically

Elasticity grow and shrink based on app demand
The ability to react quickly to changes in

Agility demand, without manual intervention
The ability to do things more efficiently

Economies
or at a lower-cost per unit when
of Scale operating at a larger scale.
Capital Capital Expenditure (CapEx) is the spending

Expenditure of money on physical infrastructure up front
Operational Operational Expenditure (OpEx) is

spending money on services or products
Expenditure
now and being billed as you go
Operational The cloud increases OpEx spending

Expenditure and reduces CapEx spending
Consumption- Pay for what you use, typically per unit

based model of time or capacity (min/gb/execution).
HIGH AVAILABILITY &
DISASTER RECOVERY
Fault The ability of a system to handle

faults in a service like power,
Tolerance
network, or hardware failures
Fault Generally refers to component-

Tolerance level failures
High The ability to keep services up and

Availability running for long periods of time.
High Generally refers to service-level

Availability failures
Disaster The ability to recover from an event

Recovery which has taken down a cloud service
Disaster Generally refers to recovery in the

Recovery event of a service or site failure
1. Describe the core architectural components

2. Describe some of the core resources available
in Azure
DOMAIN 2: Describe core architecture comp
Describe the benefits and usage of Regions and Region Pairs
❖ …Availability Zones
❖ …Resource Groups
❖ …Subscriptions
❖ …Management Groups
❖ …Azure Resource Manager
❖ Explain Azure resources
Describe core architecture components
A discrete market, typically containing

two or more regions, that preserves data
Azure residency and compliance boundaries
Geography
GEOGRAPHIES
A set of datacenters deployed within a

latency-defined perimeter and connected
through a dedicated regional low-latency
Azure
network.
Regions
REGIONS
A relationship between 2 Azure Regions

within the same geographic region for
Region Pairs disaster recovery purposes.
REGION PAIRS
chosen by Microsoft
300+ miles
Zone redundant
Availability Zones
Unique physical locations within
a region with independent
power, network, and cooling
Comprised of one or more

datacenters
Tolerant to datacenter failures

via redundancy and isolation
Management Subscriptions
Groups
Resources
Resource
Groups
Management
Groups
Subscriptions
Resource
Groups
Resources
Management Subscriptions
Groups
Resources
Resource
Groups
Management groups provide a level of

scope above subscriptions
Each directory is given a single top-level
Management
management group called the "Root"
Groups
✓ when subscription limits are

reached
✓ to use different payment methods
Subscriptions
Why would I create multiple

subscriptions?
✓ when subscription limits are
reached
Subscriptions ✓ to use different payment methods

✓ to isolate resources between
departments, projects, etc
A container that holds related

resources for an Azure solution.
Resource Used to group resources that share

Groups a common resource lifecycle.
An entity managed by Azure, like

a virtual machine, virtual network, or
Resources storage account.
Management Group
Can be used to aggregate policy and

initiative assignments via Azure Policy
Can contain multiple subscriptions
All new subscription will be placed under

the root management group by default
Management Group
Subscriptions
Are a unit of management, billing, and scale

within Azure.
Serve as a management boundary for assigning

Azure policies, governance, and isolation
Management Group
Subscriptions
Resource Groups
A container that holds for

resources with a common lifecycle
Management Group
Subscriptions
Resource Groups
Resources
Exam DOMAINS for az-900

2. Describe some of the core resources available
in Azure
compute, network, storage, and database
DOMAIN 2: Describe core azure services
❖ Describe the benefits and usage of Virtual Machines,
Azure App Services, Azure Container Instances (ACI),
Azure Kubernetes Service (AKS), and Windows
Virtual Desktop
❖ Describe the benefits and usage of Virtual Networks,
VPN Gateway, Virtual Network peering, and
ExpressRoute
COMPUTE AND NETWORK
2. Describe the core resources available in Azure
describe core services in azure - COMPUTE
Azure VMs App Service Azure Container

Instance (ACI)
Azure Kubernetes Windows Virtual

Services (AKS) Desktop
describe core services in azure
Server virtualization (compute)

on-demand without need for
Azure VMs hardware purchase
An HTTP-based service for hosting

web applications, REST APIs, and
App Service mobile back ends.
Runs Docker containers on-demand in a

managed, serverless Azure environment.
Azure Container
Instance (ACI)
Runs Docker containers on-demand in a

managed, serverless Azure environment.
Azure Container A solution for any scenario that can operate

Instance (ACI) in isolated containers, without orchestration.
A hosted Kubernetes service, Azure

handles critical tasks like health
Azure Kubernetes
monitoring and maintenance for you.
Services (AKS)
A hosted Kubernetes service, Azure

handles critical tasks like health
monitoring and maintenance for you.
Azure Kubernetes AKS is free - you pay only for the agent
Services (AKS) nodes within your clusters, not for the
masters.
A desktop and app virtualization

Windows Virtual
service that runs in Microsoft Azure
Desktop
A desktop and app virtualization

service that runs in Microsoft Azure
Windows Virtual It enables IT Pros and MSPs to create
Desktop
Windows 10 virtual desktops in Azure
describe core services in azure - NETWORK
Virtual Network VPN Gateway
VNET Peering ExpressRoute

A logical representation of
your network in Azure.
Virtual Network
VNET
A VNET contains one or more SUBNETS
A logical representation of
your network in Azure.
Virtual Network
VNETs provide logical isolation in
VNET
Azure dedicated to your subscription.
✓ Create a dedicated private

cloud-only network
Virtual Network
VNET

cloud-only network
✓ Securely extend your data
Virtual Network
center (Site-to-Site VPN)
VNET
VMs in different VNETS cannot communicate by default!

cloud-only network
✓ Securely extend your data
Virtual Network center (Site-to-Site VPN)
VNET
✓ Enable hybrid cloud scenarios
site-to-site VPN traffic traverses the Internet
A virtual network gateway that sends

encrypted traffic between an Azure VNET and
an on-premises location over the Internet
VPN Gateway
Core component of “hybrid cloud”

Enables seamless connection of two

or more Virtual Networks in Azure
VNET Peering
Enables seamless connection of two

or more Virtual Networks in Azure
The two networks function as one
VNET Peering
in terms of connectivity
Extends your on-premises networks into

Azure over a private connection with
ExpressRoute the help of a connectivity provider
traffic does NOT traverse the Internet

❖ Describe the benefits and usage of Container (Blob)
Storage, Disk Storage, File Storage, and storage tiers
❖ Describe the benefits and usage of Cosmos DB, Azure
SQL Database, Azure Database for MySQL, Azure
Database for PostgreSQL, and SQL Managed Instance
STORAGE AND DATABASE
2. Describe the core services available in Azure
Describe core azure services - STORAGE
Blob Storage Disk Storage
File Storage Storage Tiers

Storage optimized for storing massive

amounts of unstructured data
Blob Storage
Fully managed file shares in

Azure accessible via SMB or NFS
File Storage
Azure managed disks are block-level

storage volumes that are managed
Disk Storage by Azure and used with Azure VMs
use lifecycle management policies to automate tiers
Azure storage hot, cool, and archive

access tiers to store blob object
Storage Tiers data in a cost-effective manner
Table Storage Queue Storage

A service that stores structured

NoSQL data in Azure, including a
Table Storage schemaless key/attribute store
A service for storing large numbers of

messages, accessible from anywhere
Queue Storage via authenticated HTTP or HTTPS calls
Describe core azure services - DATABASES
Cosmos DB MySQL PostgreSQL
MS SQL SQL Managed

Instance
A fully managed NoSQL database

for modern app development.
Cosmos DB
table – sql – JavaScript – API for MongoDB
– Gremlin – Cassandra – Spark – ETCD
It features ultra-low response

latency, and APIs for several popular
Cosmos DB languages and DB platforms.
fast global access and data convergence

A fully managed PaaS database engine that

handles most management functions such as
upgrading, patching, backups, and monitoring
MS SQL
A relational database service in the

Microsoft cloud based on
PostgreSQL the PostgreSQL Community Edition
A relational database service in the

Microsoft cloud based on the MySQL
MySQL Community Edition
Describe core azure services - DATABASES
Cosmos DB MySQL PostgreSQL
MS SQL SQL Managed

Instance
“migrate on-premises DBs” and “compatibility”
Cloud database service that combines the

broadest SQL Server database engine
SQL Managed compatibility with all the benefits of a PaaS
Instance
Catalog of more than 17,000 certified apps

and services
Azure
Marketplace
Catalog of more than 17,000 certified apps

and services
Azure Deploy seamlessly, and simplify billing with a

single bill for all Microsoft and third-party solutions
Marketplace
1. Describe core solutions available in Azure

2. Describe Azure management tools
DOMAIN 3: Describe core solutions & TooLS
Describe the benefits and usage of:
❖ Internet of Things (IoT) Hub, IoT Central, and Azure Sphere
❖ Azure Synapse Analytics, HDInsight, and Azure Databricks
❖ Azure Machine Learning, Cognitive Services and Azure Bot
Service
❖ Serverless computing solutions that include Azure Functions
and Logic Apps
❖ Azure DevOps, GitHub, GitHub Actions, and Azure DevTest Labs
1. Describe core solutions available in Azure
Describe core solutions available in azure
IoT Hub IoT Central Azure Sphere

A central message hub for bi-directional

communication between your IoT app and
the devices it manages
IoT Hub
An IoT application platform that

simplifies the creation of IoT solutions.
IoT Central
An IoT application platform that

simplifies the creation of IoT solutions.
Helps to reduce the burden and cost of IoT
IoT Central management operations, and development.
A fully managed SaaS solution

A secure, high-level application platform

with built-in communication and security
features for internet-connected devices.
Azure Sphere
A secure, high-level application platform

with built-in communication and security
features for internet-connected devices.
Basically, a Linux-based operating system
Azure Sphere (OS), and a cloud-based security service that
provides continuous, renewable security
Created by Microsoft to run on an Azure

Sphere-certified chip and to connect to the
Azure Sphere Security Service.
Azure Sphere
WORD ASSOCIATION:
DATA WAREHOUSE
Data Lake Synapse Analytics
HDInsight Databricks
A technology that enables big data analytics

and artificial intelligence.
Data Lake

Provides cloud storage that is less expensive
Data Lake than relational databases cloud storage

Provides cloud storage that is less expensive
than relational databases cloud storage
Data Lake
Stores data from business systems and data
warehouses, as well as device and sensor data
A place to store, organize, and analyze

large volumes structured and unstructured
Data Lake data of diverse data from diverse sources.
An integrated analytics service that

accelerates time to insight across data
Synapse
warehouses and big data systems.
Analytics
An integrated analytics service that

accelerates time to insight across data
warehouses and big data systems.
Synapse Was formerly known as Azure SQL Data
Analytics Warehouse
A cloud distribution of Hadoop components

that makes it easy, fast, and cost-effective to
HDInsight process massive amounts of data
A cloud distribution of Hadoop components

that makes it easy, fast, and cost-effective to
process massive amounts of data
Supports popular open-source frameworks
HDInsight
such as Hadoop, Spark, Hive, LLAP, Kafka,
Storm, R, and more.
A data analytics platform optimized for the

Microsoft Azure cloud services platform
Databricks
A data analytics platform optimized for the

Microsoft Azure cloud services platform
Offers two environments for developing data
Databricks intensive applications: Azure Databricks SQL
Analytics and Azure Databricks Workspace.
Azure Machine Cognitive Azure Bot

Learning Services Service
A cloud-based environment you can

use to train, deploy, automate, manage,
Azure Machine and track ML models.
Learning
Cloud-based services with REST APIs and

client library SDKs available to help you build
Cognitive cognitive intelligence into your applications.
Services
Provides cognitive understanding categorized

into five main pillars: vision, speech,
Cognitive language, decision, and search
Services
A managed bot development service that

helps you easily connect to your users via
Azure Bot popular channels
Service
A managed bot development service that

helps you easily connect to your users via
popular channels
Azure Bot Provides an integrated environment that is
Service purpose-built for bot development.
WORD ASSOCIATION:
serverless
Logic App Functions Event Grid

serverless computing solutions
A cloud service that helps you schedule,

automate, and orchestrate tasks, business
processes, and workflows
Logic App
A cloud service that helps you schedule,

automate, and orchestrate tasks, business
processes, and workflows
Logic App You can choose from a gallery of hundreds of pre-

built connectors for MSFT & 3rd party services
An event driven, compute-on-demand

experience that extends the
Functions existing Azure application platform…
…with capabilities to implement code

triggered by events occurring in Azure as
Functions well as on-premises systems.
Enables you to easily manage events across

many different Azure services and applications
Event Grid
Pub/Sub
model
image credit: Microsoft
app or service “reacting” to an event

Enables you to easily manage events across

many different Azure services and applications
Once a subscription is created, Event Grid will
Event Grid push events to the configured destination
Makes it easy for any developer to utilize the

“push” model instead of the inefficient “pull”
across their Serverless architecture.
Event Grid
HOW
is SERVERLESS
Different
from PAAS in terms of
responsibility?
HOW
is SERVERLESS
Different
from PAAS in terms of
functionality?
PaaS Serverless
More control over Less control over

deployment environment deployment environment
Devs have to
write code
Application has to be Application scales
configured to auto-scale automatically
No server
management
Application takes Application code only
a while to spin up executes when invoked
Azure GitHub
DevOps Actions
GitHub Azure
DevTest Labs
A single platform for implementing DevOps,

deploying code using the CI/CD framework,
Azure facilitating Agile software development
DevOps
GitHub is a web-based Git repository hosting

service for source code management (SCM)
and distributed revision control
GitHub
GitHub is a web-based Git repository hosting

service for source code management (SCM)
and distributed revision control
It offers the functionality of Git as well as
GitHub
adding its own features.
Helps you automate software development

workflows from within GitHub.
You can build, test, package, release, or

GitHub
deploy any project on GitHub with a workflow.
Actions
CI/CD = continuous integration / continuous deployment
Provides a self-service sandbox environment

to quickly create Dev/Test environments while
Azure minimizing waste and controlling costs.
DevTest Labs
DOMAIN 3: Describe core solutions & TooLS
Describe the functionality and usage of:
❖ Azure Portal, Azure PowerShell, Azure CLI, Cloud
Shell, and Azure Mobile App
❖ Azure Advisor
❖ Azure Resource Manager (ARM) templates
❖ Azure Monitor
❖ Azure Service Health
2. Describe Azure management tools
Describe azure management tools ©2021 INSIDE CLOUD & Security
Azure Azure Azure CLI

Portal PowerShell
Azure Cloud Azure Mobile

Shell App
describe core SOLUTIONS in azure
A web-based, unified console where you

can manage your Azure subscription using a
Azure graphical user interface.
Portal
An interactive, authenticated, browser-

accessible shell for managing Azure resources.
Azure Cloud
Shell
An interactive, authenticated, browser-

accessible shell for managing Azure resources.
It includes both Bash and PowerShell options

Azure Cloud
Shell
A set of cmdlets for managing Azure

resources directly from the PowerShell
Azure command line.
PowerShell
App for iOS and Android that enables

managing, tracking health and status, and
Azure Mobile troubleshooting your Azure resources
App
The Azure command-line interface (Azure

CLI) is a set of commands used to create and
manage Azure resources.
Azure CLI Available on Windows, macOS, and Linux,

Docker, and Azure Cloud Shell.
Describe azure management tools
Scans your Azure configuration and

recommends changes to optimize deployments,
increase security, and save you money.
Azure Advisor
Scans your Azure configuration and

recommends changes to optimize deployments,
increase security, and save you money.
Analyzes the configuration of the resources
Azure Advisor present in the Azure subscriptions
high availability, security, performance, costs

A JavaScript Object Notation (JSON) file that

defines the infrastructure and configuration for
ARM your project.
Templates
A JavaScript Object Notation (JSON) file that

defines the infrastructure and configuration for
your project.
Templates use declarative syntax and are
ARM idempotent, which means you can deploy
Templates many times and get same resources and state
infrastructure as code
A service that collects monitoring telemetry

from a variety of on-premises and Azure sources.
Azure Monitor

Management tools, like Azure Security Center,

Azure Monitor push log data to Azure Monitor.

Management tools, like Azure Security Center,

push log data to Azure Monitor.
Azure Monitor Azure Monitor aggregates and stores this
telemetry in an Azure Log Analytics instance
backend data store

Notifies you about Azure service incidents

and planned maintenance so you can take
Azure Service action to mitigate downtime.
Health
1. Describe Azure security features

2. Describe Azure network security
DOMAIN 4: Describe general & network security
❖ Describe basic features of Azure Security Center,
including policy compliance, security alerts, secure
score, and resource hygiene
❖ Describe the functionality and usage of Key Vault
❖ Describe the functionality and usage of Azure Sentinel
❖ Describe the functionality and usage of Azure
Dedicated Hosts
1. Describe Azure security features
Describe azure security features ©2021 INSIDE CLOUD & Security
Azure Security Azure

Center Sentinel
Key Vault Dedicated

Hosts
A unified infrastructure security management

system that strengthens the security posture
Azure Security of your data centers (cloud and on-premises)
Center
A unified infrastructure security management

system that strengthens the security posture
of your data centers (cloud and on-premises)
Azure Security Provides security guidance for compute, data,
Center network, storage, app, and other services
A cloud service for securely storing and

accessing secrets
Key Vault
A cloud service for securely storing and

accessing secrets
A secret is anything that you want to tightly
control access to, such as API keys, passwords,
Key Vault certificates, or cryptographic keys
A cloud-native, security information event

management (SIEM) and security orchestration
Azure automated response (SOAR) solution.
Sentinel
A service that provides dedicated physical

servers able to host one or more virtual
Dedicated machines in one Azure subscription
Hosts
DOMAIN 4: Describe general & network security
❖ Describe the concept of defense in depth
❖ Describe the functionality and usage of
Network Security Groups (NSG)
Azure Firewall
Azure DDoS protection
2. Describe Azure network security
Describe azure network security ©2021 INSIDE CLOUD & Security
Defense Azure
in-Depth Firewall
Network Azure
Security Group DDoS
Describe azure network security ©2021 INSIDE CLOUD & Security
A layered (defense in depth) approach that

does not rely on one method to completely
Defense protect your environment.
in-Depth
Describe azure network security
Contains security rules that allow or deny

inbound network traffic to, or outbound network
Network traffic from, several types of Azure resources.
Security Group

traffic from, several types of Azure resources.
Network For each rule, you can specify source and
Security Group destination, port, and protocol.

traffic from, several types of Azure resources.
For each rule, you can specify source and

Network
destination port and protocol.
Security Group
Can be applied to a subnet or network adapter
NIC
A managed, cloud-based network security

service that protects your Azure Virtual
Network resources.
Azure It's a fully stateful firewall as a service with

Firewall built-in high availability and unrestricted
cloud scalability.
Standard tier provides enhanced DDoS mitigation

features to defend against DDoS attacks.
Azure DDoS Also includes logging, alerting, and telemetry not

included in the free Basic tier present by default.
1. Describe core Azure identity services

2. Describe Azure governance features
3. Describe privacy and compliance resources
DOMAIN 5: Describe identity, governance…
❖ Explain the difference between authentication and
authorization
❖ Define Azure Active Directory
❖ Describe the functionality and usage of Azure Active
Directory
❖ Describe the functionality and usage of Conditional
Access, Multi-Factor Authentication (MFA), and
Single Sign-On (SSO)
1. Identify core Azure identity services
identify core azure identity services
Identity
Authentication (AuthN) is the process of

proving that you are who you say you are.
Authorization (AuthZ) is the act of granting an
AuthN and
authenticated party permission to do something.
AuthZ
Access
Azure Active Directory (Azure AD) is

Microsoft’s cloud-based identity and
Azure AD access management service….
…which helps your employees sign in and

Azure AD access resources in:
…which helps your employees sign in and

access resources in:
Internal resources, such as apps on your
corporate network or custom cloud apps
Azure AD
External resources, such as Microsoft 365,
the Azure portal, and many SaaS apps
Single Sign- Conditional

on (SSO) MFA Access
Single sign-on means a user doesn't have

to sign into every application they use.
The user logs in once and that credential is
used for multiple apps.
Single Sign-
on (SSO) Single sign-on based authentication systems
are often called "modern authentication".
Azure AD MFA works by requiring

two or more of the following
authentication methods:
MFA
Something you know (pin or password)

Something you have (trusted device)
Something you are (biometric)
MFA
Used by Azure Active Directory to bring

signals together, to make decisions, and
Conditional enforce organizational policies
Access
azure ad conditional access
image credit: Microsoft

❖ Describe the functionality and usage of Role-Based
Access Control (RBAC)
❖ Describe the functionality and usage of resource locks
❖ Describe the functionality and usage of tags
❖ describe the functionality and usage of Azure Policy
❖ Describe the functionality and usage of Azure Blueprints
❖ Describe the Cloud Adoption Framework for Azure
2. Describe Azure governance features
describe azure governance features
Azure RBAC helps you manage who has

access to Azure resources, what they
can do with those resources, and which
RBAC resources/areas they have access to.
Built on Azure Resource Manager that

provides fine-grained access
management of Azure resources.
Azure RBAC
Prevent other users in your organization

from accidentally deleting or modifying
Resource critical resources.
Locks
Prevent other users in your organization

from accidentally deleting or modifying
critical resources.
Resource
The lock overrides any permissions the
Locks
user might have.
BASICS OF AZURE
GOVERNANCE
cloud governance
Policy Initiative Blueprint
cloud governance
The definition of the conditions which you

want to control/govern.
cloud governance
A collection of Azure policy definitions that

are grouped together towards a specific goal
cloud governance

A container for composing sets of standards,
patterns, and requirements for implementation
of Azure cloud services, security, and design
cloud governance

Often used in the same sentence as the
phrase “new environments”
A name and a value pair used to to

logically organize Azure resources,
resource groups, and subscriptions into
Tags a logical taxonomy
Tags can be the basis for applying

business policies or tracking costs
You can also enforce tagging rules
Tags with Azure policies
Guidance designed to help you create and
implement the business and technology
strategies to succeed in Azure
❖ Describe the Microsoft core tenets of Security, Privacy, and
Compliance
❖ Describe the purpose of the Microsoft Privacy Statement, Online
Services Terms (OST) and Data Protection Amendment (DPA)
❖ Describe the purpose of the Trust Center
❖ Describe the purpose of the Azure compliance documentation
❖ Describe the purpose of Azure Sovereign Regions (Azure
Government cloud services and Azure China cloud services)
3. Describe privacy and compliance resources
Describe privacy and compliance resources
Describe the Microsoft core tenets of Security,
Privacy, and Compliance
Security, Protecting the data that's entrusted

Privacy and to Microsoft by using strong
Compliance encryption and access controls.
Security, Privacy is about making meaningful

Privacy and choices for how and why data is
Compliance collected and used.
Security, Compliance with regulations is

Privacy and critical, and Microsoft aims to ease
Compliance this task for Azure customers
Describe the purpose of the Azure compliance
documentation
Azure To make it easier to find, compliance

Compliance documentation is grouped
Documentation geographically, and by industry
Describe the purpose of the Azure compliance
documentation
Azure You'll also find template audit

Compliance documents that you can tailor to
Documentation your or your customers needs.
Describe the purpose of the
Microsoft Privacy Statement
Microsoft Privacy Statement Explains:

Microsoft ✓ What data Microsoft processes
Privacy
✓ How Microsoft processes it
Statement
✓ For what purpose data is utilized
WHY
Describe the purpose of the
Online Service Terms (OST)
Contains all the terms and

Online Service conditions for software and online
Terms (OST) services through Microsoft
Commercial Licensing programs.
Product Terms site
Describe the purpose of the Azure
Data Amendment (DPA)
Further defines the data processing and

Data Protection security terms for online services,
Amendment including data compliance, disclosure,
(DPA) security, transfer and retention
Data Protection Addendum
Where you can learn about the four

Trust
foundational principles of trust: security,
Center privacy, compliance, and transparency
https://microsoft.com/trust
operated by special trustees
Azure Special regions that you might need to

Sovereign for compliance or legal purposes:
Regions Government, China, Germany
physical and logical isolation
1. Describe methods for planning and

managing costs
2. Describe Azure Service Level Agreements
(SLAs) and service lifecycles
DOMAIN 6: Describe azure cost mgmt & SLAs
❖ Identify factors that can affect costs (resource types, services,
locations, ingress and egress traffic)
❖ Identify factors that can reduce costs (reserved instances,
reserved capacity, hybrid use benefit, spot pricing)
❖ Describe the functionality and usage of the Pricing calculator
and the Total Cost of Ownership (TCO) calculator
❖ Describe the functionality and usage of Azure Cost Management
1. Describe methods for planning and

managing costs
Describe methods for planning and managing costs
Factors that can affect Azure resource

costs include resource types, services,
Cost locations, ingress and egress traffic
Impacts
Factors that can reduce costs include

reserved instances, reserved capacity,
Reducing hybrid use benefit, spot pricing
Costs
Reserve virtual machines in advance and

Reserved
save up to 72 percent compared to PAYG
Instances pricing with 1-yr or 3-yr commitment
discount is product-specific!
Reserved Achieve significant savings on Azure SQL

Database, Azure Cosmos DB and Azure
Capacity Synapse Analytics and Azure Cache for Redis
Reserved Enables you to more easily manage costs across

predictable and variable workloads and help
Capacity optimize budgeting and forecasting.
also includes 1-year and 3-year options
A licensing benefit that helps you to

Hybrid Use
significantly reduce the costs of running
Benefit your workloads in the cloud.
Windows Server, SQL Server, Redhat and Suse Linux
Let’s you use your on-premises

Hybrid Use
Software Assurance-enabled Windows
Benefit Server and SQL Server licenses on Azure
Access unused Azure compute capacity

Spot
at deep discounts—up to 90 percent
Pricing compared to pay-as-you-go prices
applies to Azure VMs only!
Interactive calculator that allows you to

estimate Azure resource costs.
Pricing
Calculator
BEFORE you deploy
Interactive calculator that allows you to

estimate Azure resource costs.
Pricing Enables you to choose region, instance, tiers,

etc., to match functionality and budget needs.
Calculator
AFTER you deploy
A suite of tools provided by Microsoft

that help you analyze, manage, and
Azure Cost optimize the costs of your workloads.
Management
DOMAIN 6: Describe azure cost mgmt & SLAs
❖ Describe the purpose of an Azure Service Level
Agreement (SLA)
❖ Identify actions that can impact an SLA (i.e.
Availability Zones)
❖ Describe the service lifecycle in Azure (Public
Preview and General Availability)
2. Describe Azure SLAs and service lifecycles
Describe Azure SLAs and service lifecycles
PURPOSE of an Azure SLA?
To provide a clear explanation of

availability (and sometimes performance)
Azure
of an Azure service
SLAs
ACTIONS that can affect an SLA?
Failing to deploy a service in a manner

Azure that meets the SLA requirements
SLAs
for evaluation only!
Private Preview
Service
Lifecycle
open only to companies or users invited

Private Preview
Public Preview
Service
Lifecycle
open to public, but Preview limitations apply!

Private Preview
Public Preview
Service
Lifecycle General Availability (GA)
BONUS
to assess your readiness
FREE PRACTICE
questions
for the AZ-900 exam
INSIDE CLOUD
THANKS
F O R W A T C H I N G!

Az-900 Exam Cram Full Course Handout

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Az-900 Exam Cram Full Course Handout

Uploaded by

Copyright:

Available Formats

COVERS FULL EXAM!

01 Describe Cloud Concepts

02 Describe Core Azure Services

03 Describe core solutions and management tools on Azure

04 Describe general security and network security features

05 Describe identity, governance, privacy, and compliance features

06 Describe Azure cost management and Service Level Agreements

01 Describe Cloud Concepts

02 Describe Core Azure Services

03 Describe core solutions and management tools on Azure

04 Describe general security and network security features

05 Describe identity, governance, privacy, and compliance features

06 Describe Azure cost management and Service Level Agreements

01 Describe Cloud Concepts

1. Identify the benefits and

1. Identify the benefits and considerations

3. Describe the differences between types

IAAS PAAS SAAS

On-premises IaaS PaaS SaaS

Benefits of Cloud is cost-effective,

Describe Everything runs on your

Describe Advantages include

Describe A cloud environment in your

Describe Advantages include legacy

Combines public and private

Advantages include flexibility in

The ability of a system to

The ability of a system to automatically

The ability to react quickly to changes in

The ability to do things more efficiently

Capital Capital Expenditure (CapEx) is the spending

Operational Operational Expenditure (OpEx) is

Operational The cloud increases OpEx spending

Consumption- Pay for what you use, typically per unit

Fault The ability of a system to handle

Fault Generally refers to component-

High The ability to keep services up and

High Generally refers to service-level

Disaster The ability to recover from an event

Disaster Generally refers to recovery in the

01 Describe Cloud Concepts

02 Describe Core Azure Services

03 Describe core solutions and management tools on Azure

04 Describe general security and network security features

05 Describe identity, governance, privacy, and compliance features

06 Describe Azure cost management and Service Level Agreements

02 Describe Core Azure Services

1. Describe the core architectural components

1. Describe the core architectural components

A discrete market, typically containing

A set of datacenters deployed within a

A relationship between 2 Azure Regions

Comprised of one or more

Tolerant to datacenter failures

Management groups provide a level of

✓ when subscription limits are

Why would I create multiple

Subscriptions ✓ to use different payment methods

A container that holds related

Resource Used to group resources that share

An entity managed by Azure, like

Can be used to aggregate policy and

Can contain multiple subscriptions

All new subscription will be placed under