[Azure] Azure-900 덤프풀이 개념정리

[덤프 주소] https://www.examtopics.com/exams/microsoft/az-900/

Microsoft AZ-900 Certification with Actual Free Questions | ExamTopics

---

8/9 (1번~20번)

#8,9 PaaS VS IaaS

The company's migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure. (Yes or No)

 

#8 , You need to deploy an Azure environment that meets the company migration plan.
Solution: You create an Azure App Service (PaaS) and Azure SQL databases. (YES)

: Azure App Service and Azure SQL databases are examples of Azure PaaS solutions. Therefore, this solution does meet the goal.

 

#9 You need to deploy an Azure environment that meets the company migration plan.
Solution: You create an Azure App Service and Azure virtual machines(IaaS) that have Microsoft SQL Server installed.
Does this meet the goal? (No)  rf) Azure Storage accounts

: Azure App Service is a PaaS (Platform as a Service) service.

: Azure virtual machines are an IaaS (Infrastructure as a Service) service.

PaaS란?

클라우드에서 제공되는 완전한 개발 및 배포 환경, 클라우드 서비스 공급자로부터 종량제 방식의 필요한 리소스를 구매하고 보안 인터넷을 통해 해당 리소스에 연결하면 된다. IaaS에 포함된 서버, 저장소, 네트워킹과 같은 인프라 뿐 아니라, 미들웨어, 개발 도구, 비즈니스 인텔리전스 서빗, 데이터베이스 관리 시스템 등이 포함되어 있다.  (별도로 어플 설치 불가)

ex. Azure web app, Azure logic app and Azure SQL database, Cosmos DB

출처 - https://azure.microsoft.com/ko-kr/resources/cloud-computing-dictionary/what-is-paas/

 

Azure Site Recovery

helps ensure business continuity by keeping business apps and workloads running during outages.

Site Recovery는 네이티브 DRaaS(Disaster Recovery as a Service) Azure에서 기본으로 제공되는 재해 복구 서비스

 

Aure Virtual Muchine (IaaS)

- Run on Hyper-V physical servers

- you have no access to the physical servers

-  MS manage the replacement of failed server hardware and the security of the physical servers

What users should do => application data back up, OS updated, Data permission

Hybrid Cloud란

온프레미스, 프라이빗, 퍼블릭 클라우드의 다양한 조합으로 구축된 클라우드 서비스를 말한다.

 

OpEx: Ongoing costs (cost of operation) 매달 내는 비용

CapEx: Capital Expenditure 한번에 내는 비용

 

 

Resource Group

: No resource group inside resource group /  VM can be in one resource group / Multi regions in resource group but only metadata it contains.

 : Resource groups make the management of Azure resources easier. ex) delegate permission to many VM simultaneously. / deleting many resources

 

Microsoft Power BI (데이터 시각화)

=> Azure Data Lake

=> Azure Data Warehouse

 

Local network gateways

: object in Azure that represents your on-premise VPN device. /  기존 온프레미스와 연결하는 게이트웨이

온프레미스와 연결을 위해 Virtual Network Gateway (VPN) 그리고 이것이 전용으로 사용할 GatewaySubnet 이 두가지가 필요하다.

VPN Gateway

: Private 네트워크 연결을 위해 사용 Connect to Azure for a private network to be established

 

Private endpoint

: Private Link를 통해 Vnet에 접속할 수 있는 안전한 연결 서비스  / uses a private IP address from your virtual network.

 

 

Scale sets = create and manage a group of load balanced VMs

 

Active Policy(the compliance of Azure resources)

types or locations와 같은 resource의 properties를 배포 또는 이미 배포되었을 때 수정하게 해 준다.

 

Azure Subscription = container of Azure resources.

Resource group

= container of Azure resources. / 다른 리전의 리소스들을 가지고 있지만, 리소스들의 메타데이터를 가지고 있다.

 

Support trquest => request quota limit Azure구독의 상한선 수정 가능

 

Azure Storage account

The 'minimum' replication option is Locally Redundant Storage (LRS) = 한지역에 3개 복제

참고) Geo-redundant storage (GRS) = 다른 지역에 복제본

 

 

Availability zones

모두 한 리전에서 일어한다. 하지만, 모든 리전이 해당되는 건 아니다.

Files service

Azure Files is Microsoft's easy-to-use cloud file system (Azure file share 기능)

 

Azure storage tiers

hot: 바로바로 꺼내 쓰게 똑같이

cool

archive: Long-term backup, secondary backup, and archival datasets (higher data retrieval costs, 몇 시간 걸릴 수도)

그중 Blob in Archive는 rehydrate(해동) 시켜야 온라인으로 볼 수 있다.

 

 Azure Event Hubs

:  big data streaming platform and event ingestion service

Azure Service Health

: personalized view of the health of the Azure services and regions you're using

 

Azure and IoT

IoT Hub: bidirectional communication between IoT and Azure

IoT Central: SaaS to connect, monitor, mange IoT devices

Azure Sphere: Communication and security features for IoT devices.

 

The Azure Total Cost of Ownership (TCO) Calculator

: Calculate cost savings due to reduced electricity and result of migrating on-premises to Azure

 

Subscription and Account

One subscription can have many admin, but one account admin.

Subscripttion = many resource / resource group can be belong to only one subscription

 

Azure Functions: Platform for serverless code

Azure Databricks: Big data analysis service for machine learning / Apache Spark-based analytics platform

Azure application Insights: Diagnoses anomalies in web apps

Azure App Service: Hosts web apps

Azure DevTest Labs:  pre-configured bases or Azure Resource Manager templates / ex.ompany plans to deploy, and then remove, 50 customized virtual machines each week

 

CLI tool for Azure => Command Prompt, Window PowerShell

 

PowerApps portal

:  lets you quickly build business applications with little or no code

 

 

Azure portal

: web-based, unified console that provides an alternative to command-line tools(graphical user interface)

: 간단한 웹앱에서 복잡한 클라우드 배포까지 모든 것을 빌드하고, 관리하고, 모니터링할 수 있습니다.

 

Azure Repos

: set of version control tools to manage code

Azure DevTest Labs :  pre-configured bases or Azure Resource Manager templates

 

Azure Cloud Shell : browser-based scripting environment CLI

 

Azure Service Health

Azure SQL Database: A managed relational cloud database service

Azure SQL Synapse Analtics: A cloud-basd PaaS, large-scale, distributed, MPP (massively parallel processing) / VS AWS Redshift, Snowflack

Azure Data Lake Analtics:  big data jobs in seconds,  petabytes of data for diverse workload categories such as querying

Azure HDInsight: fully managed Hadoop 설루션, full-spectrum, open-source analytics service in the cloud for enterprises, analyze data in parallel. 클라우드 

 

Azure Logic Apps

: cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations.

ex) email

 

Azure data lake

확장 가능한 데이터 저장소 및 분석 서비스

 

Controling the Azure

Azure CLI => Mac OS

The Azure portal & Azure Cloud Shell => control on Azure web app on iPhone.

---

Udemy 오답노트

Test A

Security of your Azure Storage account access keys => Customers are responsible to secure the access keys

Azure Machine learning = Cognitive Services

 

VMSS(Virtual machines Scale Set)의 최대 VM개수 = 1000개

 

 Formal support is not included in private preview mode.

 

Reserved Instance = 최대 40%까지 저렴하게 인스턴스 사용 가능함

 

Azure Compliance 관련 = Compliance manager

 

SLA of Availability Zones = 99.99%

 

Azure Security Center

= ecurity dashboard that contains all the security and threat protection in one place

 

Azure Pricing Calculator

Azure 가격 책정

 

Azure GA (General Availability) services have level of agreements (SLA).

 

Serverless model 모델 정리

: Azure Logic apps, functions, service fabric 등

 

Azure AD

 control access to your apps and your app resources / ex. 특정 앱에 대한 MFA 설정

 

Azure Virtual Network subnet을 지키는 방법 = Network Security Group (NSG) 인바운드, 아웃바운드 트래픽을 지정할 수 있는 기본 규칙 설정 가능

 

Azure Service Lifecycle

Private Preview, Public Preview, and General Availability

 

Log Analytics Workspace

: collect logs and metrics

 

Azure Advisor

: 사용량 분석 및 사용 셋에 따른 비용 관련 조언해주는 서비스

 

Azure DDoS Protection Standard

: upgraded protect (Basic => Standard)

 

Management Groups (구독의 그룹)

: hierarchy of subscriptions; can have many subscriptions, 여러 구독 관리 가능

 

---

Test B

ARM(Azure Resource Manager) [JSON]

:JSON으로 구성되어 있음. 프로그램 배포 CLI, REST API/SDK, Powershell, Azure Portal 등 모두 사용 가능하다.

 

Azure스토리지 데이터 비용 청구 = 데이터 나가는 비용 (들어오는 X)

 

 

Azure Marketplace: contains thousands of 3rd-party services you can rent within the cloud

Disaster Recovery(Business Recovery): the ability to recover from a big failure within an acceptable period of time

 

용량 관련

Aure의 한 개정당 용량 = 무한대

IaaS: Virtual Machine, SQL Server in VM, Azure SQL Database

PaaS: Azure SQL Database (Infra설정은 사용자가 할 수 없음)

Azure Government:  US Federal, State, Local and Tribal governments can use the US Government portal

 

SLA 관련

같은 지역, 같은 Availability Set(가용성 집합) 안의 Virtual Machines SLA = 99.95%

같은 리전의 다른 Availability Zones안의 가상 머신 간의 SLA = 99.99%

 

Service Lifecycle: GA, Private and Public Preview

General Availability mode(GA): Anyone can use the service for any reason개발 => Private Preview(MS 관계자에게만 서비스 오픈) => Public Preview (개발된 서비스에 대한 피드백을 전달) => General Avalibility(GA-MS가 관리도 해주고, 공개됨)

Private Preview는 사용을 위해 따로 신청해야 한다.

 

Public Preview

: No SLA, 몇 서비스가 지원되지 않음, 모든 지역이 되는 건 아님, 기능도 조금 없음, 가격 변동 큼

Azure Portal Preview (대안책 존재)

 

Cosmos DB

: extremely low latency (fast) storage designed for smaller pieces of data quickly; SaaS

 

Azure AD: Identity service for web protocols (Identity-as-a-Service).

 

 

CLI (Powershell 등)

장점 = 자동화

사용하는 언어가 같은가 X PowerShell, CLI 둘이 다른 언어 사용

 

Azure App Services : give Azure the code and configuration, and you have no access to the underlying hardware

 

Azure리전 개수

There are 60+ Azure regions currently, in 10+ geographies

 

Azure Service Health

: Azure-related service issues including region-wide downtime

Azure Staatus, Service Health, Resouce Health 등 확인 가능

 

Azure Monitor, 새로운 VM생성시 알림받게 설정 가능

그냥 외우기 (CapEx의 단점) : One of the downsides of CapEx is that the money invested cannot be deducted immediately from your taxes

 

Azure Functions

: designed for short pieces of code that start and end quickly. 백엔드가 계속 돌아가도록 설계되었음

 

Azure AD의 특징

: Custom banned password list, Device Management, Single sign-on, Smart lockout

주의) Log Alert Rule은 AD기능이 아님

---

TestC

 

Azure Service Health

: Azure-related service issues including region-wide downtime / 애저에서 일어나는 일들을 모두 알려준다.

Azure Staatus, Service Health, Resouce Health 등 확인 가능

 

Microsoft Service Trust Portal (서비스 신뢰 포탈)

: 보안, 개인정보 및 규정 준수 사례에 대한 다양한 콘텐츠, 도구 및 리소스 제공

: pen test result, white papers, security assessments... MS's compliance efforts

 

Trust Center

: MS가 충족하는 컴플라이언스의 기준을 볼 수 있는 곳 / The list of standards that Azure has been certified to meet is in the Trust Center

 

Management Groups

: Group of subscriptions

 

Azure Advisor

: Specific usage of Azure and makes helpful suggestions/Recomandation on how it can be improved.

 

Privileged Identity Management

: MFA(Multi-Factor Authentication) 설정 가능, ensure privileged users have to jump through additional verification because of their role.

 

Migration이 가장 쉬운 서비스 = IaaS

Infrastructure as a service is the easiest to migrate into, from an existing hosted app - lift and shift

 

Azure VM에서 지원하는 OS = MS & Linux (mac은 지원 안 해)

 

Azure Firewall

threat-intelligence option that will automatically block traffic to/from bad actors on the Internet.

 

---

Test new A

Express Route

: Private connection Data Center-Azure

 

Region Pair

:  additional high-availability options / 같은 지리적 위치에서 다른 리전끼리 백업을 하는 경우

 

Azure Data Box

: MS가 하드 드라이브 보내주고 다시 보내면 업로드해주는 서비스

 

Azure Arc

: 온프레미스 환경의 윈도 리눅스를 마치 Azure가상 환경에 있는 것처럼 구동시킬 수 있는 서비스

 

Azure storage access tier

 

---

 

Test New B

Budgets in Cost Management 

: Inform others about their spending to proactively manage costs, and to monitor how spending progresses over time.

 

 

Business Continuity / Disaster Recovery (BC/DR)

: being able to get your applications and data running in another environment quickly.

 

Geo-redundant storage (GRS) Copy의 개수

GRS는 한 지역의 3개의 카피본 생성

LRS를 사용하여 다시 3개 복사 총 6개

 

Resource Tag

: Tags are metadata elements that you apply to your Azure resources.

 

Azure App Service Environment 

: Vnet에 프라이빗으로 App Service를 배포할 수 있는 서비스  single-tenant instance of the Azure App Service that runs right in your own Azure virtual network (VNet)

---

 

Test new C

Azure Storage Explorer 

: upload, download, and manage Azure Storage blobs, files, queues, and tables, as well as Azure Data Lake Storage

 

Storage account, General purpose v2

: 가장 잘 사용되는 스토리지 타입, standard storage account type for blobs, file shares, queues, and tables. 

 

Azure Monitor 

: Azure Active Directory monitor activity logs는 못 본다.

 

Azure DNS Private Zones: Private 서비스에 대한 DNS주소 받을 수 있다.

 

AZcopy

command-line utility that you can use to copy blobs or files to or from a storage account.

한계정이 가질 수 있는 구독 개수의 조건 = 제한 없음, 무한정 가능함

 

CDN(Content Delivery Netwrok) 처리 가능한 것 = Video, JavaScript files, Images, PDFs 등

 

Paired regions (네트워크 지연시간이 짧게 연결된 데이터 센터 집합을 뜻한다.)

: in the same geo (not always) but are the most logical place to store backups because they have a high speed connection and Azure staggers the service updates to those regions.