1

Respuesta de referencia

DevOps is a process that streamlines development, testing, release, deployment, and monitoring, involving collaboration between developers and operations teams. Tools like Eclipse, Visual Studio, TFS, Jira, CUDA server, Maven, and Gradle are used to streamline activities.

2

Respuesta de referencia

Azure Security Center (now Defender for Cloud) provides unified security management. Features: continuous security assessment (secure score), vulnerability scanning, threat protection, just-in-time VM access, adaptive application controls, and compliance dashboard. Improve posture by prioritizing recommendations and enabling security controls.

3

Respuesta de referencia

Use a Cluster placement group strategy. With this strategy, instances are physically close together (the same rack) in a single Availability Zone. This will achieve the requirements stated in the question. However, it should be noted that this strategy is not highly available, as instances only reside in a single AZ.

4

Respuesta de referencia

- Azure Data Lake Storage (ADLS): Optimized for big data analytics, integrates with Apache Spark. - Blob Storage: General-purpose object storage for unstructured data.

5

Respuesta de referencia

Google Cloud IAM (Identity and Access Management) is a service for managing access to GCP resources. It uses roles and policies to grant fine-grained permissions to users, groups, or service accounts, ensuring only authorized entities can perform specific actions.

6

Respuesta de referencia

With Azure Virtual Machine Scale Sets (VMSS), you may install and administer a group of virtual machines that are auto-scaling and similar. VMSS allows you to scale out or in automatically based on demand or a predetermined timetable for both Windows and Linux virtual machines. Applications that manage heavy workloads with varying performance requirements must have this feature. To distribute traffic and automatically modify capacity, VMSS works with Azure Autoscale, load balancers, and application gateways.

7

Respuesta de referencia

There are two deployment environments: - Staging environment: It is used to validate the changes of an application before making it live. - Production environment: This is where applications go live and can be accessed by target users with a DNS-friendly URL.

8

Respuesta de referencia

Private clouds are those that are constructed solely for an individual enterprise. They enable a firm to have applications in the cloud while tending to concerns with respect to data security and control that is frequently ailing in a public cloud environment. Private cloud is otherwise called an internal cloud or enterprise cloud and dwells on the organization's Intranet or hosted data center where the data is protected.

9

Respuesta de referencia

Answer: - Load Balancing: So that the load does not fall on a single server, divide the traffic among many servers. - Auto Scaling: As soon as the load increases (eg CPU reaches 80%), new servers start automatically. - Serverless Computing: Use serverless functions like Lambda — they scale automatically. - Decoupling: Loosely connect services to each other — like by sending messages through SQS (queue). This does not overload the backend. - CDN (Content Delivery Network): Cache static files near users to deliver them faster and reduce server load.

10

Respuesta de referencia

Azure Managed Disks are automatically managed by Azure, simplifying disk management by handling storage account creation and replication. Unmanaged disks require the user to manage storage accounts manually. Managed disks offer better scalability, reliability, and support for availability sets and zones.

11

Respuesta de referencia

Areas to Cover - Azure Monitor implementation - Log Analytics workspace design - Application Insights integration - Alert rule configuration - Dashboard and reporting approaches - Automation of remediation actions - Retention and archiving policies Possible Follow-up Questions - What metrics do you consider most important for monitoring application health? - How do you approach monitoring for cost optimization? - What strategies do you use for log aggregation across multiple services? - How do you implement alerts that reduce false positives? - How would you design monitoring for a microservices architecture?

12

Respuesta de referencia

There are three principal segments in Azure: 1. Windows Azure Compute This segment provides code that a hosting environment manages. Moreover, it consists of three roles which are Web Role, Worker Role, and VM Role. 2. Windows Azure Storage This provides storage solutions using the services like Queue, Tables, Blobs, and Windows Azure Drives (VHD). 3. Windows Azure AppFabric This consists of services like Service bus, Access, Caching, Integration, and Composite.

13

Respuesta de referencia

Azure Key Vault is a secure storage solution for managing sensitive information, including: - Encryption keys: Securely store cryptographic keys. - Secrets management: Store API keys, passwords, and certificates. - Secure access control: RBAC and Azure AD authentication.

14

Respuesta de referencia

- Azure Data Factory: Cloud-native ETL service for big data and hybrid workloads. - SQL Server Integration Services (SSIS): On-premises ETL tool for SQL Server databases.

15

Respuesta de referencia

To balance sub-second latency and regional compliance for a fintech app, I would deploy the application in the required region (e.g., Singapore for APAC) using AWS Local Zones or Azure Edge Zones for ultra-low latency. Use in-memory data stores like Amazon ElastiCache for Redis for trade data, and Amazon DynamoDB with global tables for low-latency reads. For compliance, data stays in the region with encryption at rest and in transit. Compute uses AWS Lambda or containerized microservices with AWS Global Accelerator for routing. For failover, deploy in multiple availability zones within the same region. Monitoring via AWS CloudWatch with custom metrics ensures latency stays under threshold. Use data masking or anonymization for non-critical data to reduce exposure.

16

Respuesta de referencia

- Azure Monitor, by definition, is a comprehensive monitoring service that enables deep insights into the performance and health of your application, together with your Azure resources. - It gathers data from various sources, such as application logs, metrics, and performance data. - It's crucial for maintaining application reliability, proactive issue detection, and making data-driven decisions to optimize resources over performance.

17

Respuesta de referencia

Azure Functions can execute code without a server. These services simplify complex orchestration and challenges. They help connect with other services without hard coding of integrations, which speeds up the development process. Developers can write and focus on the business logic code saving time and effort. Azure Application Insights can help analyze and monitor code performance as well as identify hiccups and failure points across various application components.

18

Respuesta de referencia

Core services include Compute (Azure VMs, Functions, App Service), Storage (Blob, Files, Disks), Networking (Virtual Networks, Load Balancers, VPN Gateway), Databases (Azure SQL, Cosmos DB), and Management (Azure Monitor, Resource Manager).

19

Respuesta de referencia

Usernames can be a maximum of 20 characters in length and cannot end in a period ("."). The following usernames are not allowed:

20

Respuesta de referencia

VM scale sets refer to the Azure compute resource whose function is to deploy and manage a set of identical VMs. These scale sets provide a simple process for creating large-scale services targeting big compute, big data, and containerized workloads if all the VMs configured the same.

21

Respuesta de referencia

NSG or Network Security Group contains a list of ACL rules that allow or deny network traffic to subnets, network interface cards (NICs) linked to a subnet, or both. When an NSG is connected to a subnet, the ACL rules are for all virtual machines that are located in that subnet. The traffic restrictions to an individual NIC are achieved by linking the NSG directly to that NIC.

22

Respuesta de referencia

Azure ML provides: - Automated ML (AutoML) for model training. - MLOps for CI/CD in ML pipelines. - Model registry and deployment in AKS or ACI.

23

Respuesta de referencia

Cloud service roles comprise a set of application and configuration files. There are 2 kinds of roles provided by Azure: - Web role: This provides a dedicated web server belonging to IIS (Internet Information Services) that is used for automatic deployment and hosting of front-end websites. - Worker role: These roles help the applications hosted within them to run asynchronously for longer durations and are independent of the user interactions and generally do not use IIS. They are also ideal for performing background processes. The applications are run in a standalone manner.

24

Respuesta de referencia

Azure Table storage is use for storing non-relational structured data in the cloud by providing a key/attribute store with a strategic design. This stores flexible datasets like - Firstly, user data for web applications address books - Secondly, device information - Lastly, types of metadata. - Further, it has the capability of storing large amounts of structured data.

25

Respuesta de referencia

- Azure Logic Apps is a cloud service that enables you to develop and automate workflows and application integration without writing code. - It is used to connect different services, such as Azure services, on-premises systems, and third-party APIs, through automated workflows called logic apps. - Logic Apps are extremely flexible and can be triggered by events or on a schedule. - Key usages also include synchronizing data, automating notifications, and orchestrating processes.

26

Respuesta de referencia

Azure Resource Groups are logical containers that hold related resources for an Azure solution. They enable users to manage and organize Azure resources like VMs, databases, and storage accounts as a single entity. The main use of Resource Groups is to ease the process of deploying, monitoring, and managing collective resources. It provides a way to apply consistent management policies and access controls.

27

Respuesta de referencia

- Web Role - Worker Role - Virtual Machine Role Web Role: It gives a web solution that is front-end. This is like an ASP.NET application. While under facilitating, Azure gives IIS and required services. Worker Role: It gives solutions for background service. It can run long activities. Virtual Machine Role: The roles of both web and worker are executed on virtual machines. The Virtual Machine Roles give the client the capacity to modify the Azure Virtual Machine on which the web and worker roles are running.

28

Respuesta de referencia

IaaS (Infrastructure as a Service): Provides virtualized computing resources like Compute Engine and Cloud Storage. PaaS (Platform as a Service): Offers managed services like App Engine and Cloud SQL for application development without managing underlying infrastructure. SaaS (Software as a Service): Delivers fully managed software applications like Google Workspace (Gmail, Drive) accessed via browser.

29

Respuesta de referencia

Aurora supports auto-scaling storage up to 128 TB, read replicas (up to 15) for scaling read traffic, and Aurora Auto Scaling for dynamically adding/removing replicas. For write scaling, use Aurora Serverless or Multi-Master.

30

Respuesta de referencia

For creating communication between two Virtual Network there is a requirement for firstly, creating a Gateway subnet. The gateway subnet is configured while defining the range of the Virtual network. Further, it uses the IP addresses for specifying the quantity of subnet to be contained.

31

Respuesta de referencia

Azure Blueprints automate governance and compliance by pre-configuring policies, RBAC, and resources in a reusable template.

32

Respuesta de referencia

VPC is a logically isolated network within AWS. Benefits: control over IP addressing (subnets), routing (route tables), security (security groups, NACLs), connectivity to on-premises (VPN, Direct Connect), and hybrid architecture. It allows secure and scalable networking for AWS resources.

33

Respuesta de referencia

"Different contexts need different risk profiles—for financial clients, we could use separate AWS accounts for innovation, staging, and production with increasing governance controls. Feature flags control the blast radius of new capabilities, letting us gradually increase exposure based on observed stability. For critical systems, we can maintain parallel implementations during transitions, using canary deployments with automated rollback triggers if key metrics deteriorate."

34

Respuesta de referencia

Key components include: the control plane (API server, scheduler, controller manager, etcd) managing cluster state; worker nodes running pods; pods containing one or more containers; services for networking; and Deployments for declarative updates.

35

Respuesta de referencia

Discover if the candidate has invested in their personal and professional growth by herself.

36

Respuesta de referencia

Each data disk can be up to 1 TB. The number of data disks which you can use depends on the size of the virtual machine. Azure Managed Disks are the new and recommended disk storage offerings for use with Azure Virtual Machines for persistent storage of data. You can use multiple Managed Disks with each Virtual Machine. Managed Disks offer two types of durable storage options: Premium and Standard Managed Disks.

37

Respuesta de referencia

Pricing will vary based on product types. ISV software charges and Azure infrastructure costs are charged separately through your Azure subscription. Pricing models include: BYOL Model: Bring-your-own-license. You obtain outside of the Azure Marketplace, the right to access or use the offering and are not charged Azure Marketplace fees for use of the offering in the Azure Marketplace. Free: Free SKU. Customers are not charged Azure Marketplace fees for use of the offering. Free Software Trial: Full-featured version of the offer that is promotionally free for a limited period of time. You will not be charged Azure Marketplace fees for use of the offering during a trial period. Upon expiration of the trial period, customers will automatically be charged based on standard rates for use of the offering. Usage-Based: You are charged or billed based on the extent of your use of the offering. For Virtual Machines Images, you are charged an hourly Azure Marketplace fee. For Data Services, Developer services, and APIs, you are charged per unit of measurement as defined by the offering. Monthly Fee: You are charged or billed a fixed monthly fee for a subscription to the offering (from the date of subscription start for that particular plan). The monthly fee is not prorated for mid-month cancellations or unused services.

38

Respuesta de referencia

To secure Azure resources, you should implement access controls, use strong authentication mechanisms, encrypt data, and monitor and audit activity. You can use features such as Azure Security Center, Azure Key Vault, and Azure Active Directory to enhance security.

39

Respuesta de referencia

- Single Database: Standalone database with its own resources. - Managed Instance: Fully managed PaaS with near 100% SQL Server compatibility. - Elastic Pool: Shared resources among multiple databases.

40

Respuesta de referencia

- Read-Write can be define as when you share the Read-Write URL with other users. This allows them to view and change the databases, collections, queries, and other resources linked with that specific account. - Read can be define as when you share the read-only URL with other users. This allows them to view the databases, collections, queries, and other resources lined with that specific account. For example, if you want to share the output of a query with your teammates. So, you can provide them access by giving this URL.

41

Respuesta de referencia

i. Mapping data flow- This is a visually oriented data transformation task that allows users to create graphical data transformation logic without the need for any expert/professional. ii. Wrangling data flow- This is a Power Query Online-integrated data preparation process that doesn't require any coding.

42

Respuesta de referencia

For messaging: Commands = Service Bus, Streams = Event Hubs, Events = Event Grid.

43

Respuesta de referencia

Following is an example of how one can create a VM using Azure CLI: az vm create \ --resource-group myResourceGroupName \ --name myVM \ --image Win19Datacenter \ --public-ip-sku Standard \ --admin-username AzureuserNAME \ --admin-password AzurePASSWORD

44

Respuesta de referencia

Use Reserved Instances or Savings Plans for steady-state workloads. Implement Auto Scaling to match demand. Use S3 lifecycle policies to transition data to cheaper tiers. Analyze idle resources (e.g., unused EBS volumes) via Trusted Advisor. Use spot instances for fault-tolerant tasks. Right-size resources based on CloudWatch metrics.

45

Respuesta de referencia

Use uniform bucket-level access to disable ACLs and enforce IAM-only access. Grant least privilege roles (e.g., roles/storage.objectViewer). Enable Object Versioning and retention policies to protect data. Use Cloud KMS for encryption. Restrict public access with public access prevention. Audit access via Cloud Audit Logs.

46

Respuesta de referencia

SQL Azure database is just an approach to getting associated with cloud services where you can store your database in the cloud. Microsoft Azure is the most ideal approach to utilizing PaaS, where you can have different databases on a similar account. Microsoft SQL Azure has a similar component to SQL Server, i.e., high accessibility, versatility, and security in the core. The Microsoft Azure SQL database has an element: it makes backups of each active database automatically. Consistently, a backup is taken and geo-repeated to empower the 1-hour recuperation point objective (RPO) for geo-restore.

47

Respuesta de referencia

The datasets supported in Azure Data Factory are the following: - CSV - Excel - Binary - Avro - JSON - ORC - XML - Parquet

48

Respuesta de referencia

Update domain in Azure showcases the collection of underlying hardware capable of rebooting or undergoing maintenance. With the creation of virtual machines in an availability set, virtual machines are automatically distributed across update domains on Azure platform. As a result, one instance of the application is always active during the maintenance of Azure platform.

49

Respuesta de referencia

In the context of the cloud, IAM solutions are used to manage access to cloud-based resources, such as virtual machines, storage, and applications. Cloud IAM solutions typically use a combination of authentication mechanisms, such as passwords, multi-factor authentication, and single sign-on, and authorization mechanisms, such as role-based access control and attribute-based access control. When implementing IAM solutions in the cloud, there are several key considerations to keep in mind. These include: - Choosing the right IAM provider: There are many IAM providers in the market, and it's important to choose one that meets your organization's needs in terms of features, scalability, and security. - Defining roles and permissions: Before implementing an IAM solution, it's important to define roles and permissions for users and resources to ensure that access is granted only to authorized users. - Enforcing access policies: Access policies should be defined and enforced to ensure that users can only access resources that they are authorized to use. - Monitoring access: IAM solutions should be configured to log user access to resources to detect unauthorized access attempts and provide audit trails for compliance purposes. Overall, implementing IAM solutions in the cloud can help organizations manage access to their cloud-based resources in a secure and scalable way. However, it's important to carefully consider the various factors involved in implementing IAM solutions and to follow best practices to ensure that access is granted only to authorized users.

50

Respuesta de referencia

There are 3 models available for cloud deployment: - Public Cloud: In this model, the cloud infrastructure is owned publicly by the cloud provider and there are chances that the server resources could be shared between multiple applications. - Private Cloud: Here, the cloud infrastructure is owned exclusively by us or exclusive service is provided by the cloud provider to us. - This includes hosting our applications on our own on-premise servers or hosting the application on a dedicated server provided by the cloud provider. - Hybrid Cloud: As the name itself says, this model is the hybrid combination of private cloud and the public cloud. - This might include the scenario of using on-premise servers for processing confidential, sensitive data and using public cloud features for hosting public-facing applications. Here, we use the best of both worlds to our requirements and advantage.

51

Respuesta de referencia

Azure Active Directory (Azure AD) refers to a multi-tenant cloud-based identity and directory management service which is a mixture of core directory services, application access management, and identity protection.

52

Respuesta de referencia

Integration is achieved through federation, using Google Cloud Directory Sync to synchronize users from Active Directory, or configuring SAML 2.0/OpenID Connect with identity providers. This allows users to access GCP resources with their existing credentials.

53

Respuesta de referencia

- Windows Active Directory (AD) is an on-premises directory service that manages users, computers, and other devices within a network domain. It supports LDAP, Kerberos, and DNS for directory services. In contrast, Azure Active Directory (Azure AD) is a cloud-based identity and access management solution made to facilitate user access control in cloud and hybrid settings and contemporary cloud-based apps. - While Windows AD focuses on traditional network domain services, Azure AD provides identity as a service (IDaaS), offering features like single sign-on, multi-factor authentication, and conditional access to cloud resources. Azure AD is intended for organizations embracing cloud computing who need to manage identities and access cloud applications alongside traditional on-premises resources.

54

Respuesta de referencia

Benefits: cost savings (pay-as-you-go), scalability, disaster recovery, global reach, reduced maintenance. Drawbacks: security risks, compliance issues, internet dependency, migration complexity, vendor lock-in, potential unexpected costs.

55

Respuesta de referencia

This choice depends on many things: - Existing System: If the company is already dependent on Microsoft, then Azure will fit. - Special needs: If you want to do heavy analytics or machine learning then GCP will be best. For general-purpose or if variety is needed then AWS is the most versatile. - Cost: Compare the price of each service. See how much the total cost will be on which platform. - Knowledge of the team: Which provider's knowledgeable team you have is a big factor. - Compliance: Security or legal compliance is necessary in some industries then see which provider provides those certifications.

56

Respuesta de referencia

Use AWS Database Migration Service (DMS) for minimal downtime. First assess the database, create an RDS instance, configure DMS replication, and perform full load plus continuous replication. Validate and cutover.

57

Respuesta de referencia

Majorly, two types of services you can build on Service Fabric:

58

Respuesta de referencia

Use Network Security Groups (NSGs) to control inbound/outbound traffic at subnet and VM levels. Deploy Azure Firewall for centralized, scalable threat protection and application-level filtering. Enable Azure DDoS Protection Standard to safeguard against volumetric and sophisticated DDoS attacks. Integrate these services to create layered security, ensuring comprehensive network protection.

59

Respuesta de referencia

Azure Service Bus Queues belong to the Azure messaging framework and include queuing, publishing, and subscribing, among other things. They also include built-in dead-letter queues for handling message failures and allow you to set message expiration times. Service Bus Queues are ideal for connecting disparate application components using communication protocols, data contracts, trust domains, or security protocols. Azure Storage Queues belong to the Azure storage framework and are known for their simplicity and ease of use. They allow easy debugging by using the local Azure Storage Emulator. The Azure Storage Queue tools enable you to quickly review the top 32 messages and visualize the contents of those belonging to XML/JSON right from Visual Studio. Another feature of storage queues that ensures smooth development and QA operations is that their contents can be emptied when needed.

60

Respuesta de referencia

Zero Trust security in Azure requires: - Multi-Factor Authentication (MFA). - Least privilege access using RBAC. - Azure Sentinel for threat detection. - Conditional Access policies to restrict access based on risk factors.

61

Respuesta de referencia

Cloud Data Catalog is a metadata management service that indexes data assets (e.g., BigQuery tables, Cloud Storage files). It provides search and discovery, data lineage, and tagging capabilities, helping teams find and govern data across the organization.

62

Respuesta de referencia

There are three cloud deployment models available in Azure: - Public cloud: Cloud infrastructure shared among multiple organizations, hosted by a third-party provider like Azure. Use cases: Cost-effective, scalable applications, web hosting. - Private cloud: Cloud infrastructure dedicated to a single organization, either on-premises or hosted by a third party. Use cases: Highly sensitive data, regulatory compliance requirements. - Hybrid cloud: Combines public and private clouds, allowing data and applications to be shared between them. Use cases: Workload distribution, disaster recovery, and flexibility.

63

Respuesta de referencia

Answer: - VPC and Subnets: Create a VPC with two subnets: Public (for web servers) and Private (for database and backend systems). - Security Groups: Create security groups to control who can connect to whom. Only app servers can access the database. - IAM (Identity and Access Management): Give each user or system only as much access as needed. Use roles, less passwords. - Data Encryption: At rest (such as in a database), data should be encrypted. In transit (when data is being sent), use SSL/TLS. - DDoS Protection and WAF: WAF protects against web attacks. DDoS protection will prevent the website from going down. - Compliance: If there is credit card or payment data, then PCI-DSS compliance has to be taken care of.

64

Respuesta de referencia

Azure Blob Storage is a service for storing unstructured data in the cloud, such as text or binary data. It is designed for massive-scale storage solutions and can efficiently handle petabytes of data. Use cases for Azure Blob Storage include: - Storing data for analysis by an on-premises or Azure-hosted service. - Backing up and archiving files, including disaster recovery scenarios. - Streaming video and audio for web applications and mobile apps. - Serving images or documents directly to a browser.

65

Respuesta de referencia

IAM roles provide temporary credentials for entities like EC2 instances, Lambda functions, or federated users. Attach policies to roles and assign them to resources, avoiding long-term access keys.

66

Respuesta de referencia

IaC tools like Terraform enable declarative management of GCP resources via code. Advantages include version control (tracking changes), automation (repeatable deployments), consistency across environments, reduced human error, cost management (tracking resource changes), and easy integration with CI/CD pipelines for cloud provisioning.

67

Respuesta de referencia

I implement governance using Azure Policy, Azure Blueprints, and Management Groups to enforce organizational standards and compliance. For example, I create policies to restrict resource regions, require tags, and enforce encryption. Azure RBAC controls access, and Azure Security Center provides continuous compliance monitoring. I also use the Cloud Adoption Framework's governance methodology to define and iterate on policies based on risk assessments and regulatory requirements.

68

Respuesta de referencia

Azure CDN reduces the bandwidth and load time. It also helps speed up the responsiveness.

69

Respuesta de referencia

CloudTrail logs API activity (who did what, when) for auditing, security analysis, and compliance. Use cases: track changes, detect unauthorized access. AWS Config records resource configurations and changes, enabling compliance rules (e.g., enforce encryption). Use cases: evaluate resource compliance, track configuration drift.

70

Respuesta de referencia

Serverless computing is a cloud computing model where the cloud provider manages the infrastructure and dynamically allocates resources based on the application's needs. This allows developers to focus on writing code and building applications without having to worry about managing servers or scaling infrastructure. Event-driven architecture (EDA) is a software architecture that emphasizes the production, detection, and consumption of events. An event is a signal that something has happened, such as a user clicking a button or a file being uploaded to a server. In an EDA, events trigger actions or responses, which can be handled by different components of the system. Serverless computing and event-driven architectures are often used together to build scalable and responsive applications. In a serverless architecture, individual functions can be triggered by events, allowing for a highly responsive system that can handle varying loads. This also allows for the creation of event-driven workflows, where different functions are executed in response to specific events.

71

Respuesta de referencia

Huge quantities of structured data are stored in the Windows Azure Table storage service. It is a NoSQL service that takes calls from both inside and outside the Windows Azure cloud. Table: A table is a grouping of objects. Tables do not impose a format on entities; therefore, a single table can contain entities with various sets of characteristics. Many tables can be found in a single account. Entity: Similar to a database entry, an entity is a collection of attributes. A single entity can be 1MB in size. Properties: A name-value pair is referred to as a property. Each object can have up to 252 properties. In addition, each entity has three system properties: a partition key, a row key, and a timestamp.

72

Respuesta de referencia

- Azure SQL Database refers to a fully managed platform as a service (PaaS) database engine that controls most of the database management functions like upgrading, patching, backups, and monitoring without user involvement. This always runs on the latest stable version of the SQL Server database engine. Moreover, it consists of PaaS capabilities that help in focusing on the domain-specific database administration and optimization activities that are critical for your business. - Azure SQL Managed Instance refers to an intelligent, scalable cloud database service that joins the broadest SQL Server database engine compatibility with all the benefits of a fully managed platform as a service. This is compatible with the latest SQL Server database engine, providing a native virtual network (VNet) implementation that addresses common security concerns, and a business model favorable for existing SQL Server customers. Further, it allows existing SQL Server customers to lift and shift their on-premises applications to the cloud with minimal application and database changes.

73

Respuesta de referencia

Microsoft Azure is a leading cloud service provider offering a wide range of cloud services, including computing, analytics, storage, and networking. It is important for cloud architecture because it enables organizations to build, deploy, and manage applications through a global network of data centers, providing scalability, reliability, and cost-efficiency.

74

Respuesta de referencia

GKE provides managed Kubernetes clusters, reducing operational complexity. Advantages include automatic upgrades, scaling, and repair; integration with GCP services (Cloud Logging, Monitoring, IAM); support for autopilot mode for serverless Kubernetes; and built-in security features (node auto-repair, shielded nodes, Workload Identity).

75

Respuesta de referencia

Design: - Event-Driven: The system starts working as soon as an event occurs (such as a photo upload to S3). - FaaS: Break down small tasks into different functions using tools like AWS Lambda, Azure Functions. - Managed Services: Get database, API, storage etc. from cloud managed services. Advantages: - No Server Management: No server hassle, cloud handles everything. - Auto Scalability: If traffic increases, it scales automatically. - Cost-Effective: Pay as much as you use. Disadvantages: - Cold Starts: If the function is sleeping, the first run can be slow. - State Management: Managing state is a difficult task. - Vendor Lock-in: Once it is built on a cloud, it can be difficult to move to another.

76

Respuesta de referencia

CloudFront is a CDN that caches content at edge locations, reducing latency and improving load times. It provides DDoS protection, integration with AWS services (S3, ELB), and cost-effective data transfer.

77

Respuesta de referencia

Azure Service Bus Queues belong to the Azure messaging framework and include queuing, publishing, subscribing, etc. They are part of the Service Bus and can pass messages through to other Queues and Topics. The Azure Service Bus Queues feature a built-in dead-letter queue and allow you to choose a timeline for messages so they can last as long as you want them to! They connect applications or parts of applications that cover different communication protocols, data treaties, trust domains, or security protocols. Azure Storage Queues belong to the Azure storage framework and are easy to use. They allow easy debugging by using the local Azure Storage Emulator. The set of Azure Storage Queue tools enables you to take a quick look at the top 32 messages and visualize the contents of those belonging to XML/JSON right from Visual Studio. Another feature of storage queues that ensures smooth development and QA operations is that the contents of these queues can be emptied when needed. Authenticated HTTP or HTTPS calls allow you to access the queue messages regardless of your geographical location. Queue messages have a maximum capacity of 64 KB and can hold millions of messages depending upon the storage account's overall capacity limit.

78

Respuesta de referencia

The dashboard in Azure Architect is a user interface that allows quick access to services and features, including creating a web app.

79

Respuesta de referencia

There can be 2 possible causes: - Client-side causes: - The application might have been redeployed. - The application might have just performed a scaling operation. - The client-side networking layer has been changed. - There might be transient errors in the client or the network between the client and the server. - Another possible reason could be the bandwidth threshold limits have been crossed. - Server-side causes: - It might occur if the Azure Redis Cache service itself might undergo a failover from the primary to the secondary node. - The server instance where the cache was deployed might have undergone patching or maintenance.

80

Respuesta de referencia

Cloud security involves protecting data, applications, and infrastructure from threats. Azure ensures it through built-in controls like Azure Security Center, encryption (at rest and in transit), identity management with Azure AD, and compliance certifications.

81

Respuesta de referencia

VM scale sets refer to the Azure compute resource whose function is to deploy and manage a set of identical VMs. These scale sets provide a simple process for creating large-scale services targeting big compute, big data, and containerized workloads if all the VMs configured the same.

82

Respuesta de referencia

Azure Scheduler helps us to invoke certain background trigger events or activities like calling HTTP/S endpoints or to present a message on the queue on any schedule. By using this Azure Schedule, the jobs present in the cloud call services present within and outside of the Azure to execute those jobs on-demand that are routinely on a repeated regular schedule or start those jobs at a future specified date.

83

Respuesta de referencia

Download the installation file for the Azure Site Recovery Provider. Download the vault registration key. Install the Azure Site Recovery Provider on Host1 and register the server.

84

Respuesta de referencia

A VPC is a logically isolated network in AWS where you launch resources. Benefits include network control (subnets, route tables), security (security groups, NACLs), and connectivity options (VPN, Direct Connect).

85

Respuesta de referencia

I once had to deal with a security breach where an unauthorized user gained access to one of our AWS S3 buckets. Upon discovering the breach, I immediately revoked the permissions that allowed the breach. After securing the environment, I conducted a thorough investigation to understand how the breach occurred and put measures in place to prevent future occurrences. This included tighter access controls and regular security audits.

86

Respuesta de referencia

The churn pattern is more relevant than the churn rate since agentless replication takes in data. When a file is written multiple times, the rate has little effect. In the next cycle, however, a pattern in which any other sector is written produces a lot of churns. You can let the data fold as much as necessary before scheduling the next cycle if you want to transfer the least volume of data possible.

87

Respuesta de referencia

In the context of Azure Landing Zones, a Landing Zone Archetype is a template or predefined configuration that serves as a blueprint for specific types of workloads or applications. Archetypes represent different categories of landing zones, each tailored to meet unique organizational or application needs, while following best practices in areas like security, scalability, governance, and compliance. Key Characteristics of Landing Zone Archetypes Each archetype incorporates predefined configurations in critical design areas, ensuring that the resulting environment is optimized for the intended workload. Landing zone archetypes help standardize cloud environments by applying configurations based on workload types, security requirements, and operational needs. Types of Landing Zone Archetypes Azure offers various archetypes to align with common use cases. Each archetype configures the landing zone based on the requirements of different application portfolios or operational needs: Connectivity Archetype: Provides the foundational network topology for connecting resources securely within Azure and to on-premises resources. Includes shared networking services such as Virtual Networks (VNets), VPNs, and ExpressRoute configurations. Identity Archetype: Establishes the core identity and access management setup, utilizing Azure Active Directory (AAD) and Role-Based Access Control (RBAC). Ensures secure, centralized identity management across applications and resources. Security and Governance Archetype: Defines security baselines, compliance standards, and governance policies using tools like Azure Policy and Azure Blueprints. Enforces rules and ensures adherence to internal policies and regulatory requirements. Management Archetype: Focuses on operational excellence, providing monitoring, logging, and automation tools like Azure Monitor and Log Analytics. Ensures resources are monitored, optimized, and maintained for high availability. Application Archetype: Provides a tailored environment for specific applications or workloads. Often includes custom configurations for compute, storage, networking, and security to meet application-specific requirements. Benefits of Using Landing Zone Archetypes Consistency and Standardization: Archetypes create a standardized environment based on best practices, reducing variability across deployments. Scalability: Archetypes allow organizations to easily replicate landing zones for different workloads and departments. Security and Compliance: Each archetype includes built-in configurations that adhere to security and compliance standards. Simplified Deployment: Using predefined templates and configurations, archetypes reduce setup time, allowing faster application deployment.

88

Respuesta de referencia

D. Hybrid Cloud Explanation: This type of architecture would be a hybrid cloud. Why? We are using both, public cloud and on premises servers i.e the private cloud. To make this hybrid architecture easy to use, wouldn't it be better if your private and public cloud were all on the same network (virtually). This is established by including your public cloud servers in a virtual private cloud, and connecting virtual cloud with your on premise servers using a VPN (Virtual Private Network).

89

Respuesta de referencia

To design for fault tolerance and high availability, I would implement redundancy across multiple levels, starting from the data center to the server and component levels. I would use services like AWS Elastic Load Balancer for distributing traffic and AWS Auto Scaling for automatic adjustment of capacity. Regular health checks and alerts would also be set up.

90

Respuesta de referencia

You should allow inbound traffic on Port 80 and outbound traffic on Ports 1024-65535. Ports 1024-65535 will cover ephemeral ports for common clients.

91

Respuesta de referencia

Azure Resource Manager (ARM) is the deployment and management service for Azure. It provides a consistent management layer that enables you to create, update, and delete resources in your Azure subscription. ARM uses declarative templates (ARM templates) to define and deploy resources as a group, ensuring idempotency and simplified management.

92

Respuesta de referencia

- These are the Azure computation resources that can be used to deploy and manage sets of identical Virtual Machines (VMs). - These scale sets are configured in the same manner and are designed to support the autoscaling of the applications without the need for pre-provisioning of the VMs. - They help to build large-scale applications targeting big data and containerized workloads in an easier manner.

93

Respuesta de referencia

- IAM (Identity and Access Management): First of all, follow the least privilege principle — meaning, give each person only the permissions they really need. - Encryption: Data should be encrypted both when stored (at rest) and when transferred (in transit). So that no one can intercept it. - Network Segmentation: Divide the network into parts using VPCs and Subnets. This will ensure that if something goes wrong in one part, the other part will remain safe. - Monitoring & Auditing: Keep logs running, install monitoring tools — so that any suspicious activity can be caught. - Regular Audits: Conduct security audits and penetration testing every few minutes, so that you can catch the problem before it happens. - Security Posture Management (CSPM): Deploy tools that continuously check misconfigurations in your cloud — like is the bucket public? - Patch Management: The system should not be outdated. Keep updating and patching everything from time to time.

94

Respuesta de referencia

Azure Architect DevOps offers a comprehensive solution for managing software projects, including work items, backlogs, sprints, and dashboards. By creating work items and log items and using Azure Architect boats, developers can streamline their workflow, ensure timely delivery, and optimise their resources.

95

Respuesta de referencia

Azure storage key is used to authenticate access to Azure storage service data depending on the project requirements. There are two types of storage keys that are used for authentication: - Primary access key - Secondary access key, to avoid downtime of the website or application

96

Respuesta de referencia

- Right-Sizing: Always check how much a particular service or instance is being used. Resize resources that are underutilized or underutilized to the right size and type so that you only spend what you need. - Elasticity: Use auto-scaling — this way resources increase when the load is high and decrease when the load is low. This helps you save on unnecessary costs. - Reserved Instances or Savings Plans: If your workload is predictable (i.e. you know for how long you will need which resources), then buy reserved instances. This is much cheaper than on-demand. - Spot Instances: For workloads that may stop occasionally (like testing or batch processing), use spot instances — they are quite cheap. - Storage Optimization: Shift old data that is not accessed frequently to cheaper storage — like AWS Glacier, etc. Set lifecycle policies for this. - Billing Alarms: Set alerts that ring when the expenditure exceeds a limit. This can help you avoid sudden high bills. - Tagging: Tag every resource — like which team created it, which project it is for, etc. This will help you understand where and why the money is being spent.

97

Respuesta de referencia

- Azure Policy and Azure Role-Based Access Control (RBAC) serve different purposes in governance and security. - Azure Policy focuses on enforcing rules and policy standards for Azure resources by auditing their compliance and remedying any non-compliance. - In contrast, Azure RBAC defines user roles and permission levels for accessing Azure resources. While both are crucial for governance, Azure Policy ensures resource compliance, whereas RBAC manages access and permissions.

98

Respuesta de referencia

There are three common cloud deployment models that explain the delivery of cloud services to users. The cloud deployment models include the public cloud, the hybrid cloud, and the private cloud.

99

Respuesta de referencia

To show your cloud service's dependencies on other resources, such as an Azure SQL Database instance, you can 'link' the resource to the cloud service. In the Preview Management Portal, you can view linked resources on the Linked Resources page, view their status on the dashboard, and scale a linked SQL Database instance along with the service roles on the Scale page. Linking a resource in this sense does not connect the resource to the application; you must configure the connections in the application code.

100

Respuesta de referencia

Types include general-purpose (B-series, D-series) for balanced workloads, compute-optimized (F-series) for CPU-intensive tasks, memory-optimized (E-series) for databases, storage-optimized (L-series) for high disk throughput, and GPU-optimized (N-series) for ML/rendering.

101

Respuesta de referencia

- Azure Functions is a serverless compute service that allows you to run event-driven code, providing flexibility and scalability for executing logic against specific events. - In contrast, Azure Logic Apps are designed to build automated workflows that integrate different services and applications without writing code. - While Azure Functions are code-centric and suited for complex processing, Logic Apps excel in creating workflows, making them ideal for application integration and task automation.

102

Respuesta de referencia

Systems Manager (SSM) Parameter Store. SSM Parameter Store is a valid way to store secrets and other information such as IDs in AWS. For data that is NOT encrypted (like mentioned in the question), this is the only option (AWS Secrets Manager requires encryption). Also, Parameter Store is free, up to 10,000 parameters, so this would be the most cost-effective option.

103

Respuesta de referencia

For promoting a deployment in the Azure staging environment to the production environment, you can swap the deployments by moving the VIPs by which the two deployments are accessed. After deploying, the DNS name for the cloud service points to the deployment which is present in the staging environment.

104

Respuesta de referencia

The VMs placed in the Availability set are run across various physical servers, storage units, compute racks, and network switches in Azure. If any failure occurs, only VMs subset is affected, and the overall solution stays operational.

105

Respuesta de referencia

Because Git is designed to function as a distributed version control system, each developer's working copy of the code doubles as a repository, storing the whole history of all modifications. Git allows changes to be moved between repositories and provides each developer with a local copy of the complete development history, in contrast to centralized version control solutions. Working offline or on their branch, developers can independently commit changes and merge them into the main or feature branches as required. Git supports labeling specific points in history for release or versioning purposes, merges change for collaboration, and employs branches for feature development, fixes, or experiments.

106

Respuesta de referencia

- Azure Synapse Analytics: Scalable data warehouse with integrated BI and analytics. - Azure Data Factory: Automates ETL processes. - Azure Data Lake: Stores raw, structured, and unstructured data.

107

Respuesta de referencia

To standardize and govern a complex cloud environment, I would first conduct an audit using tools like AWS Config or Azure Resource Graph to inventory all resources. I'd then define naming conventions (e.g., project-env-region-resource-type) and apply tags via scripts or infrastructure-as-code (Terraform). For governance, I'd implement Azure Policy or AWS Service Control Policies to enforce rules, and use AWS Organizations or Azure Management Groups for hierarchical management. Documentation is created in a centralized wiki (e.g., Confluence) with automated diagrams from Cloudcraft. I'd also create a migration plan to rename resources, using blue-green deployment to avoid downtime. Regular compliance scans via AWS Security Hub or Azure Security Center track adherence.

108

Respuesta de referencia

Use Azure AD for identity management and MFA. RBAC grants specific permissions to users/groups at management group, subscription, resource group, or resource scope. Regularly review assignments with Privileged Identity Management (PIM).

109

Respuesta de referencia

Azure Search is a cloud search-as-a-service solution that delegates server and infrastructure management to Microsoft, leaving you with a ready-to-use service that you can populate with your data and then use to add search to your web or mobile application. Azure Search allows you to easily add a robust search experience to your applications using a simple REST API or .NET SDK without managing search infrastructure or becoming an expert in search.

110

Respuesta de referencia

Azure Architect keyword service is a feature that helps connect your app service or front end with your backend database.

111

Respuesta de referencia

Use least privilege IAM roles for service accounts (e.g., Cloud Build service account). Store secrets in Secret Manager instead of code. Enable vulnerability scanning in Artifact Registry. Use signed container images. Implement approval gates in Cloud Deploy. Enable audit logging with Cloud Audit Logs. Regularly rotate keys and use VPC-SC for pipeline isolation.

112

Respuesta de referencia

Azure Architect is a set of best practices and patterns for building applications on Azure Architect using various Azure Architect workloads or services. It provides solutions for designing the Architect of your next project and includes reference Architects for the primary web application.

113

Respuesta de referencia

- Handling compliance in Azure environments involves implementing best practices and utilizing compliance tools provided by Azure. - Organizations should use Azure Policy to enforce compliance standards across resources. - Azure Security Center offers insights into the security posture and compliance status of the environment. - Regular auditing and assessment with tools like Azure Blueprints and Azure Compliance Manager help ensure adherence to industry regulations. - Training and educating team members on compliance practices are also essential for maintaining a compliant Azure environment.

114

Respuesta de referencia

Azure Resource Manager, offered by Azure, provides management and application deployment in Azure. The management layer helps to build, modify, or delete resources in the Azure subscription account. It is useful while managing access controls, locks, and security of resources.

115

Respuesta de referencia

Storage classes include Standard (high performance, frequent access), Nearline (30-day minimum), Coldline (90-day minimum), and Archive (365-day minimum). Cost decreases with less frequent access, but retrieval fees and minimum storage durations apply. Performance is highest for Standard.

116

Respuesta de referencia

Ensuring compliance and governance in Azure involves implementing policies and best practices to manage resources and enforce standards. These are some of the Azure services that can help implement a governance model. - Azure Policy: Defines and enforces rules across Azure resources. This tool allows organizations to apply governance standards, such as naming conventions, resource configurations, and allowed resource types. - Azure Blueprints: Azure Blueprints can automate the deployment of compliant environments. Blueprints provide templates for deploying resources that adhere to organizational policies and regulatory requirements. - Role-Based Access Control (RBAC): Implement RBAC to manage access to Azure resources. RBAC allows organizations to assign specific roles and permissions to users, ensuring that only authorized personnel can access sensitive resources. - Security Center and Compliance Manager: Utilize Azure Security Center and Compliance Manager to continuously monitor and assess compliance with industry standards, such as GDPR, HIPAA, and ISO 27001. By leveraging these tools and practices, organizations can maintain control over their Azure environments and ensure compliance with internal policies and external regulations.

117

Respuesta de referencia

The command is, az ad user create.

118

Respuesta de referencia

Compute: Azure VMs, App Services, Functions, AKS. Storage: Blob Storage, Files, Disks, Data Lake Storage. Networking: Virtual Network (VNet), Load Balancer, VPN Gateway, Azure DNS. Databases: Azure SQL Database, Cosmos DB, MySQL/PostgreSQL. Others: Azure Active Directory, Azure DevOps, Monitor, and AI/ML services.

119

Respuesta de referencia

- Public cloud: The resources are owned and managed by a third-party cloud provider (such as AWS, Amazon or Google), and used by businesses and individuals. - Private cloud: The resources are owned and managed by an organization, and used by its employees and customers. - Hybrid cloud: A setup that includes both public and private cloud services. For example, maybe a company houses the majority of its applications on AWS, but for compliance reasons, they have to keep Human Resources applications in their own private cloud.

120

Respuesta de referencia

Azure Architectutilises virtual networks to represent your cloud network, enabling communication scale and logical isolation of resources, allowing them to feel like part of your network.

121

Respuesta de referencia

- BLOB: Utilized to store large volumes of unstructured data like images or videos. - Table Storage: Designed to store structured data in key-value format across distributed systems. - Azure Queue Storage: Helps with communication between different app components by storing messages for asynchronous processing.

122

Respuesta de referencia

IaaS- IaaS stands for Infrastructure as a Service. It is a cloud computing service that hosts apps on the infrastructure and allows you to avail storage, networking resources, etc., on demand. Each resource is available as an individual service facility, and one has to only pay for it for as long as he needs to use it. Azure VM, VNET, etc., are some popularly known examples of IaaS. - PaaS- PaaS stands for Platform as a Service. It offers both- a cloud development and deployment environment, with facilities that enable users to produce simple cloud-based apps or even complex, cloud-enabled business systems. A user only pays for the resources he needs from a cloud service provider and accesses them over a secure Internet connection. Users are in charge of the applications and services they create, and the cloud service provider manages the rest. Azure web apps, Storage services, cloud services, and other services are all examples of PaaS. - SaaS- SaaS stands for Software as a Service. Organizations avail SaaS applications through a service delivery mechanism. This works by charging the organization for their use or by displaying advertisements. User interaction with cloud-based programs through the Internet can occur through software as a service (SaaS). The service provider's data center hosts the underlying infrastructure, software, and app data. Applications such as Office 365, Gmail, SharePoint Online, and others are examples of SaaS.

123

Respuesta de referencia

A cmdlet is a lightweight command that is utilized as a part of the Microsoft PowerShell environment. The cmdlets are summoned by the Windows PowerShell to automate the scripts which are in the command line. Windows PowerShell runtime additionally invokes them automatically through Windows PowerShell APIs.

124

Respuesta de referencia

Conditional Access is used by Azure AD as a tool to make decisions, bring signals together, and impose organizational policies. Through Conditional Access policies, one can implement the right access controls whenever required to keep the organization secure and stay out of the users' way when not needed.

125

Respuesta de referencia

Deployment slots located under the Azure Web App Service. They are basically of two types, Production slot, and Staging slot. Where the production slot refers to the default one that is used for running applications. And the staging slots help in testing the application usability before promoting to the production slot.

126

Respuesta de referencia

Azure Virtual Machines are virtualized server instances (for Windows or Linux) in the cloud. You have full control of the OS and the apps. On the other hand, Azure App Services is a streamlined service for web apps and APIs, so you don't have to worry about the underlying structure. While Virtual Machines give you a deep level of control, App services are great when you want to focus more on the code and less on the setup.

127

Respuesta de referencia

Azure Architect App Service is a tool used to define an application's underlying infrastructure and settings. It allows users to create a web application that can be deployed as a web service. In the web application Architect, Azure Architect App Service makes a separate deployment slot for the web app, which can be used in the standard premium or isolated App Service plan. This allows for easy validation of app changes and the ability to switch between different environments.

128

Respuesta de referencia

Azure Web App provides high scalability, Multi-Language support, DevOps Optimization, Compliance and Security, Easy Integration with Visual Studio and Code, Serverless Code, and low maintenance cost.

129

Respuesta de referencia

- Fault Domain: A group of VMs sharing a common power source and network reduces the chance of hardware failures. - Update Domain: A group of VMs that can be rebooted or updated simultaneously to ensure that the operation itself remains continuous throughout the updates of the platform.

130

Respuesta de referencia

Azure Availability Sets are logical groupings of VMs that protect against hardware failures within a single data center by distributing VMs across multiple fault domains and update domains. Availability Zones are physically separate data centers within an Azure region, providing higher availability by replicating VMs across zones to protect against data center failures.

131

Respuesta de referencia

- Implementing Azure DevOps for CI/CD involves creating Azure Pipelines, which automate the build, testing, and deployment phases of your software release process. First, you create a project in Azure DevOps and then define a build pipeline that compiles and builds the code. - Next, create a release pipeline that deploys the build artifacts to various environments (e.g., development, staging, production) using approval workflows and gates for safe deployments. - Integration with GitHub or Azure Repos for source control makes the process seamless, supporting continuous integration and continuous delivery (CI/CD) practices.

132

Respuesta de referencia

- Traffic Manager: Routes global traffic across multiple regions. - Load Balancer: Distributes traffic within a region across VMs.

133

Respuesta de referencia

134

Respuesta de referencia

Microsoft Azure Active Directory provides a fully-managed multi-tenant service for implementation of identity and access functionalities for applications running on Azure. It is also suitable for applications operating in the on-premises environment. The single sign-on and multi-factor authentication features in Azure Active Directory provide assurance of protection from attacks.

135

Respuesta de referencia

Azure Blueprints pre-configure Azure policies, RBAC, and resources to enforce security and compliance.

136

Respuesta de referencia

Benefits: cost savings (pay-as-you-go), scalability, flexibility, disaster recovery, automatic updates, and global reach. Drawbacks: potential security concerns, compliance challenges, dependency on internet connectivity, migration complexity, and potential for unexpected costs if not managed properly.

137

Respuesta de referencia

As the name suggests, Azure SLA (Service Level Agreement) is a service contract stating that when you deploy two or more role instances of a service on Azure, access to that cloud service is available for at least 99.9% of the time. It also indicates that if the role instance is not functioning, it will identify and resolve that role instance 99.9% of the time. Suppose any of the points mentioned above fail to satisfy at any moment. In that case, Azure will credit the concerned user a certain percentage of their monthly payments based on the pricing model of the Azure services in question.

138

Respuesta de referencia

Azure Storage provides various storage options such as Blob, File, Queue, and Table storage. These services have different use cases and are designed for storing and processing different types of data. Regarding data redundancy and disaster recovery, Azure Storage offers data replication in different data centers and geographical regions to ensure high availability and protection against data loss. Storage redundancy is achieved through mechanisms like locally redundant storage, geo-redundant, and zone-redundancy. When considering between Azure Blob Storage, File Storage, and Queue Storage, use cases and access patterns should be taken into account.

139

Respuesta de referencia

Azure's Private Link provides a secure way to connect to Azure services, Azure-hosted customer-owned services, and Microsoft Partner Services via a private endpoint in your virtual network without exposing your data to the public Internet. This improves network security by ensuring that data traverses only through Microsoft's backbone network, reducing exposure to the public Internet and potential threats. Private Link is ideal for use cases that require secure access to Azure PaaS services (like Azure Storage, Azure SQL Database, etc.) from on-premises networks or peered VNet environments.

140

Respuesta de referencia

Microservices are an architectural style in which the application is divided into small parts (services). Each service does a specific task and is loosely connected to the rest. Advantages: - Agility: Different teams can work on different services, without disturbing each other. - Scalability: Scale only the service that is needed, not the whole app. - Resilience: If one service fails, the whole app will not fall. - Tech Diversity: Different languages, databases or frameworks can be used in each service.

141

Respuesta de referencia

The SPSite Data query is use for retrieving the data present in different lists. This is to sort and aggregates data using the help of SharePoint.

142

Respuesta de referencia

Azure Synapse Analytics is an analytics service that brings together enterprise data warehousing and Big Data analytics. Dedicated SQL pool refers to the enterprise data warehousing features that are available in Azure Synapse Analytics. A dedicated SQL pool represents a collection of analytic resources that are provisioned when using Synapse SQL. The size of a dedicated SQL pool (formerly SQL DW) is determined by Data Warehousing Units (DWU). Once your dedicated SQL pool is created, you can import big data with simple PolyBase T-SQL queries, and then use the power of the distributed query engine to run high-performance analytics. As you integrate and analyze the data, a dedicated SQL pool (formerly SQL DW) will become the single version of truth your business can count on for faster and more robust insights. Dedicated SQL pool (formerly SQL DW) stores data in relational tables with columnar storage. This format significantly reduces data storage costs and improves query performance. Once data is stored, you can run analytics on a massive scale. Compared to traditional database systems, analysis queries finish in seconds instead of minutes or hours instead of days.

143

Respuesta de referencia

Azure Architect Resource Groups are logical containers that manage resources and provide quotas, resource logs, billing plans, and role-based access control policies. They are used to create a resource group and manage other components like SQL databases, services, keyboards, and more.

144

Respuesta de referencia

Enable cross-region replication (CRR) to a secondary region, use versioning to protect against accidental deletion, set up lifecycle policies for backups, and regularly test recovery with IAM permissions.

145

Respuesta de referencia

- Usage trends - AJAX call responses - Page load speed by browser server and browser exceptions What should you do? The Azure Application Insights site extension should be enabled in this scenario. For web pages, Application Insights JavaScript SDK automatically collects AJAX calls as dependencies.

146

Respuesta de referencia

The Azure Storage Queue is simple and the developer experience is quite good. It uses the local Azure Storage Emulator and debugging is made quite easy. The tooling for Azure Storage Queues allows you to easily peek at the top 32 messages and if the messages are in XML or Json, you're able to visualize their contents directly from Visual Studio Furthermore, these queues can be purged of their contents, which is especially useful during development and QA efforts. The Azure Service Bus Queues are evolved and surrounded by many useful mechanisms that make it enterprise-worthy! They are built into the Service Bus and are able to forward messages to other Queues and Topics. They have a built-in dead-letter queue and messages have a time to live that you control, hence messages don't automatically disappear after 7 days. Furthermore, Azure Service Bus Queues have the ability of deleting themselves after a configurable amount of idle time. This feature is very practical when you create Queues for each user, because if a user hasn't interacted with a Queue for the past month, it automatically gets cleaned up. It's also a great way to drive costs down. You shouldn't have to pay for storage that you don't need. These Queues are limited to a maximum of 80gb. Once you've reached this limit, your application will start receiving exceptions.

147

Respuesta de referencia

URL format: Blobs are addressable using the following URL format:

148

Respuesta de referencia

Azure Virtual WAN provides a global, scalable network for securely connecting branches, data centers, and remote users using ExpressRoute, VPNs, and SD-WAN.

149

Respuesta de referencia

This can be performed by associating a Variable Group with the build pipelines. However, variable groups are used for storing pipeline-based variables and can be associated with Azure Key Vault.

150

Respuesta de referencia

Adopt Role-Based Access Control (RBAC) to assign minimal necessary permissions. Use Azure AD Privileged Identity Management (PIM) for just-in-time access. Implement Multi-Factor Authentication (MFA) for all users. Regularly review and audit access roles and permissions. Utilize Conditional Access policies to enforce access based on context, ensuring secure, least-privilege IAM in Azure.

151

Respuesta de referencia

Benefits include no server management, automatic scaling, pay-per-use pricing, and reduced operational overhead. Use cases include event-driven applications, APIs, data processing, and web backends.

152

Respuesta de referencia

By creating a cloud service, you can deploy a multi-tier web application in Azure, defining multiple roles to distribute processing and allow flexible scaling of your application. An Azure cloud service consists of one or more web roles and/or worker roles, each with its own application files and configuration.

153

Respuesta de referencia

An Azure Landing Zone is a foundational cloud environment structured according to key design principles across eight essential design areas. These principles provide a standardized framework that accommodates diverse application portfolios, supporting seamless migration, modernization, and innovation at scale. By adhering to these principles, an Azure Landing Zone ensures a scalable, secure, and well-governed foundation for deploying workloads in Azure. Key Design Areas in Azure Landing Zones The eight core design areas cover critical aspects that ensure the environment is both robust and adaptable: Enterprise-scale Architecture: A blueprint for building and scaling Azure environments that align with organizational standards. Identity and Access Management (IAM): Ensures secure user and identity access through Azure Active Directory (AAD) and Role-Based Access Control (RBAC). Network Topology and Connectivity: Sets up Virtual Networks (VNets), peering, and secure connectivity with on-premises systems. Resource Organization and Hierarchy: Uses management groups, subscriptions, and resource groups for efficient resource categorization. Security and Compliance: Enforces standards and baselines through Azure Policy, Security Center, and Azure Blueprints. Operations and Monitoring: Includes tools like Azure Monitor, Log Analytics, and Application Insights for health monitoring and operational insights. Cost Management and Billing: Helps control expenses through budgets, cost analysis, and tagging. Business Continuity and Disaster Recovery (BCDR): Ensures high availability and resilience using backup, restore, and failover strategies. Structure of an Azure Landing Zone An Azure Landing Zone uses subscriptions to separate and scale different types of resources, distinguishing between: Application Landing Zones: These subscriptions host application-specific resources, providing isolated environments tailored to individual applications or workloads. Platform Landing Zones: These are dedicated to core platform resources, such as shared networking, identity, and security services, which are common across multiple applications. By organizing resources in this way, an Azure Landing Zone supports scalability, allowing for consistent application deployment, modernization, and governance across multiple environments. Benefits of an Azure Landing Zone Scalability and Isolation: Subscriptions provide logical boundaries, enabling secure and scalable resource isolation. Standardized Management: The eight design areas create a cohesive framework that ensures consistency across different applications. Security and Compliance: Aligns with regulatory standards and internal policies, promoting secure cloud practices. Accelerated Deployment: Predefined architecture and policies enable quicker setup and application deployment. Azure Landing Zones thus offer a comprehensive, modular foundation for enterprises, simplifying cloud adoption and providing a structured, scalable environment optimized for secure, consistent, and cost-effective operations.

154

Respuesta de referencia

Benefits: no server management, automatic scaling, pay-per-use pricing, reduced operational overhead. Use cases: event-driven applications (e.g., image processing via Cloud Storage triggers), lightweight APIs (Cloud Functions), web apps and microservices (Cloud Run), real-time data processing (Pub/Sub with Cloud Functions), and scheduled tasks (Cloud Scheduler).

155

Respuesta de referencia

Profiling is only a procedure for measuring the performance analysis of an application. It is normally done to guarantee that the application is sufficiently steady and can maintain overwhelming traffic. Visual Studio gives us different tools to do it by gathering the performance information from the application that likewise helps in troubleshooting issues. Once the profiling wizard is run, it sets up the execution session and collects the data of the sample. The profiling reports help in: - Deciding the longest-running strategies inside the application - Measuring the execution time of every strategy in the call stack - Assessing memory allocation

156

Respuesta de referencia

Site Recovery orchestrates and automates the replication of Azure VMs in different locations—on-premises machines to a secondary data center, and on-premises VMs and physical servers to Azure. It contributes to business continuity and disaster recovery (BCDR) by enabling access to apps from the secondary location in case of an outage at the primary site.

157

Respuesta de referencia

- Azure Traffic Manager is a global traffic-routing service that directs user traffic based on various policies, including performance, priority, or geographic location. This enhances the user experience by routing requests to the most suitable endpoint.

158

Respuesta de referencia

Start every design with SLIs/SLOs (p99 latency, availability, RPO/RTO).

159

Respuesta de referencia

- Azure Site Recovery is a replication service that enhances business continuity by replicating on-premises workloads to Azure or across Azure regions. - In the event of a failure or outage, it allows organizations to fail over to the replicated environment, minimizing downtime. - Site Recovery offers configuration options and recovery plans for testing disaster recovery scenarios without affecting production workloads, ensuring that critical applications remain available during disruptions.

160

Respuesta de referencia

Azure Service Fabric is the distributed platform tailored for providing development, deployment, and management of applications with high scalability and customizability. Applications created in the Azure Service Fabric environment would include detached microservices communicating with each other over service application programming interfaces.

161

Respuesta de referencia

For getting temporary access to your Azure Cosmos DB account, you can use the read-write and read access URLs.

162

Respuesta de referencia

CloudFront is a CDN that delivers content with low latency and high transfer speeds via edge locations. Benefits: global reach, DDoS protection (AWS Shield), SSL/TLS termination, integration with AWS origins (S3, ELB, EC2), caching for performance, and reduced origin load.

163

Respuesta de referencia

RDS is a relational database service (SQL) for structured data, supports ACID transactions, and requires schema design. DynamoDB is a NoSQL key-value and document database (serverless) for high-throughput, low-latency workloads, with flexible schema and automatic scaling. Choose RDS for complex queries, joins; DynamoDB for high-performance, scalable applications.

164

Respuesta de referencia

"Security requires defense-in-depth. We've implemented a multi-layered approach including IAM with least privilege, network segmentation with security groups, and encrypted data both in-transit and at-rest. After a security assessment identified potential permission escalation paths, we implemented automated scanning using custom AWS Config rules to detect policy drift. For our Azure resources, we've centralized monitoring through the Security Center and implemented just-in-time VM access to reduce the attack surface."

165

Respuesta de referencia

Migrating a stateful monolith requires a 'Lift-and-Shift' approach initially, with a future path to modernization. For high availability (HA), I would deploy the application on a set of Azure Virtual Machines placed inside an Availability Set or, even better, across multiple Availability Zones if the application supports it. This protects against hardware failures and entire datacenter outages. The stateful data, residing on disks, would be configured using Azure Managed Disks with Premium SSDs for performance, and these VMs would be placed behind an Azure Load Balancer to distribute traffic. For Disaster Recovery (DR), the primary solution is Azure Site Recovery (ASR). I would configure ASR to continuously replicate the VMs and disks to a secondary Azure region. This automates the entire failover process, ensuring a low Recovery Time Objective (RTO). Crucially, I would also design the backup strategy using Azure Backup for operational recoveries with point-in-time restores. While this VM-based approach works, I would document a future state architecture that breaks the monolith using Azure App Service and Azure SQL Database to achieve greater scalability and reduce management overhead.

166

Respuesta de referencia

A collective name of Microsoft's Platform as a Service (PaaS) offering which provides a programming platform, a deployment vehicle, and a runtime environment of cloud computing hosted in Microsoft data centers.

167

Respuesta de referencia

Security groups are stateful firewalls at the instance level, allowing traffic based on rules. NACLs are stateless firewalls at the subnet level. Both filter traffic; security groups are evaluated first for instance traffic, and NACLs for subnet boundaries.

168

Respuesta de referencia

Azure Load Balancer is a service that distributes incoming network traffic across multiple backend resources to ensure high availability and reliability. It supports automatic failover and load distribution across virtual machines or instances. There is a paid version (Standard) and a free one (Basic). Both of them can be deployed as: - Public load balancer: Distributes incoming internet traffic to virtual machines or instances in the backend pool and provides outbound connectivity for VMs. - Internal load balancer: Balances traffic within a virtual network, enabling applications to communicate efficiently within a private or hybrid environment. The Load Balancer operates at Layer 4, handling TCP and UDP traffic. It performs fundamental load-balancing tasks by directing incoming traffic from its front end to backend pool instances through configured load-balancing rules and health probes. These backend pool instances can consist of Azure Virtual Machines or Virtual Machine Scale Sets.

169

Respuesta de referencia

Azure App Service is a completely managed platform for quickly and effectively developing, launching, and growing web applications and APIs. It supports many languages and frameworks, including Java, Ruby, Node.js, PHP, Python, and .NET, .NET Core. Its main features include: - Ease of Deployment - Automatic Scaling - Integrated DevOps - Scalability Options - High Availability - Built-in Services - Managed Infrastructure

170

Respuesta de referencia

The process for uploading files to an Azure Architect website typically involves using the Azure Portal, Azure CLI, or FTP. First, you need to access your App Service resource in the Azure Portal. From there, you can use the Advanced Tools (Kudu) or Deployment Center to deploy files directly. Alternatively, configuring FTP access allows you to upload files using an FTP client. For automated deployments, integrating with Azure DevOps or GitHub Actions can streamline the process, enabling continuous integration and deployment pipelines that automatically deploy the latest version of your web application upon code commits.

171

Respuesta de referencia

Azure Backup includes three types of replications that keep both storage and data highly available. - Geo-redundant storage (GRS): The default and recommended option that replicates data to a secondary region far from the primary location - Locally redundant storage (LRS): Creates three copies of the data in a storage scale unit within a data center - Zone-redundant storage (ZRS): Replicates the data in availability zones with data residency and resiliency in the same region and has no downtime

172

Respuesta de referencia

"For financial apps requiring RPO under 15 minutes and RTO under 1 hour, we can implement multi-region active-passive with Aurora Global Database maintaining RPO under 1 minute in normal operations. Application infrastructure is pre-provisioned at 30% capacity with automated scaling during failover, using Route 53 health checks with DNS failover configured with 60-second TTL. In my experience, monthly chaos tests have validated recovery within 38 minutes in actual failover events—well within SLA requirements."

173

Respuesta de referencia

The answer is, Set-AzVMDiskEncryptionExtension.

174

Respuesta de referencia

IAAS VS PAAS VS SAAS | IAAS | PAAS | SAAS | | In infrastructure as a service, you get the raw hardware from your cloud provider as a service i.e you get a server which you can configure with your own will. | Platform as a Service, gives you a platform to publish without giving the access to the underlying software or OS. | You get software as a service in Azure, i.e no infrastructure, no platform, simple software that you can use without purchasing it. | | For Example: Azure VM, Amazon EC2. | For example: Web Apps, Mobile Apps in Azure. | For example: when you launch a VM on Azure, you are not buying the OS, you are basically renting it for the time you will be running that instance. |

175

Respuesta de referencia

- Global Load Balancer: Like AWS Global Accelerator, so that the user can be connected to the nearest region. - Multi-Region Deployment: Deploying the application in different regions so that latency is reduced. - CDN (Content Delivery Network): Like CloudFront – static content gets cached near the user so that it does not have to be taken from the server every time. - Global Database: Like Amazon Aurora Global or Azure Cosmos DB – so that all users get fast and synced data.

176

Respuesta de referencia

- Azure CLI: Command-line tool for Linux/macOS-friendly scripting. - Azure PowerShell: PowerShell-based automation for Windows environments.

177

Respuesta de referencia

Use AWS Lambda for compute, API Gateway for REST APIs, DynamoDB for database, S3 for storage, SQS/SNS for messaging, Step Functions for orchestration, and CloudFront for CDN. All services scale automatically and charge per use, reducing operational overhead.

178

Respuesta de referencia

Cloud KMS manages encryption keys for GCP services, enabling centralized key lifecycle management. Cloud SCC provides a security dashboard for threat detection, vulnerability scanning, and policy monitoring. Together, they enhance data protection and security visibility.

179

Respuesta de referencia

The Azure Architect Keyword service is recommended for modern cloud applications and helps capture authentication details like connection string, username, password, and details.

180

Respuesta de referencia

One cloud solution that facilitates task, process, and workflow automation is Azure Logic Apps. It allows users to create scalable cloud-based workflows and integrations for services like Office 365, Azure, and outside apps. Logic Apps streamlines the process of designing and developing scalable solutions for enterprise workflows, data processing, system automation, and app integration.

181

Respuesta de referencia

- Azure Managed Disks are a type of storage where virtual machines are decoupled from storage accounts. - This abstraction simplifies the management of disks in Azure, as scaling and performance are automatically handled. - Managed Disks provide increased reliability, scalability, and seamless integration with Azure backup services. - Users can focus on deploying virtual machines without worrying about the underlying storage infrastructure, easing the management of virtual machine environments.

182

Respuesta de referencia

Benefits: wide service range, global infrastructure, pay-as-you-go, scalability, security certifications, innovation speed. Drawbacks: complexity in service selection, cost management challenges, potential vendor lock-in, steep learning curve for advanced features.

183

Respuesta de referencia

S – Situation I was leading the architecture and implementation of a new enterprise-wide data analytics platform on Azure for a large retail client. The project aimed to consolidate data from various disparate sources (e-commerce, POS systems, inventory management, CRM) into a central data lake, enabling advanced analytics and business intelligence. The challenge was that the project involved numerous key stakeholders from different departments – Marketing, Sales, Finance, and IT – each with distinct, and often conflicting, priorities regarding data sources, reporting requirements, budget allocations, and timelines. Initial phases suffered from communication breakdowns and significant scope creep due to these unaligned expectations. T – Task My core task was not just the technical design and delivery of the Azure data platform, but critically, to effectively manage these diverse stakeholders. This involved aligning their varied expectations, resolving conflicts proactively, and ensuring the project delivered a unified solution that met the core needs of all departments, all while staying within the defined budget and timeline. The success of the technical solution depended heavily on my ability to foster collaboration and consensus among these groups. A – Action Recognizing the initial communication challenges, I immediately established a structured communication plan and a clear governance model. This included regular executive steering committee meetings (bi-weekly) to report on overall progress, address high-level blockers, and manage budget adherence. For technical alignment, I scheduled weekly syncs with the IT operations and development teams. Crucially, I implemented bi-weekly working sessions and workshops directly with the business stakeholders from Marketing, Sales, and Finance. In these workshops, I focused on translating complex Azure data services – such as Azure Data Lake Storage Gen2, Azure Databricks, and Azure Synapse Analytics – into clear business value propositions. I used simplified architectural diagrams and data flow visuals to explain how each component would directly support their specific use cases, like enabling personalized marketing campaigns or improving sales forecasting accuracy. When conflicting requirements emerged, for instance, Marketing demanding real-time data feeds with specific attributes that Finance considered non-critical and too expensive, I didn't immediately side with one department. Instead, I facilitated structured discussions, acting as a mediator. I presented the technical implications and cost trade-offs of each proposed solution, guiding them towards a common ground. Often, this involved proposing hybrid solutions, like a batch process for financial reporting and a near real-time stream for critical marketing segments, clearly defining data ownership, access roles using Azure RBAC, and data quality standards. I also championed an iterative, agile approach. Instead of waiting for a "big bang" launch, we focused on delivering minimum viable products (MVPs) for specific departmental needs early on. This allowed stakeholders to see tangible results quickly, provide feedback, and feel a sense of ownership, which helped build trust and adjust the project direction proactively. We utilized Azure DevOps Boards to maintain a transparent backlog, track requirements, and monitor progress, ensuring all stakeholders had visibility into the development lifecycle and decision-making process. R – Result Through consistent, transparent, and proactive stakeholder management, coupled with a focus on delivering incremental value, we successfully launched the Azure data analytics platform on schedule and within 5% of the initial budget. All key stakeholders felt their departmental requirements were heard and addressed, leading to strong adoption of the new platform across all business units. The platform enabled the client to achieve a 15% increase in the effectiveness of targeted marketing campaigns and improved sales forecasting accuracy by 10%, directly impacting their bottom line. The collaborative approach fostered a more data-driven culture and established a positive, cooperative working relationship among departments, paving the way for future successful projects.

184

Respuesta de referencia

To design a scalable solution on Azure, you need to consider factors such as resource utilization, load balancing, auto-scaling, and caching. You can use Azure features such as Azure Autoscale, Azure Load Balancer, and Azure Cache for Redis to ensure scalability.

185

Respuesta de referencia

Azure Machine Learning is a cloud-based ML service that enables: - Automated machine learning (AutoML). - Model training, evaluation, and deployment. - MLOps for continuous integration and deployment (CI/CD).

186

Respuesta de referencia

To ensure reliability, traceability, and security for weekly deployments of 50+ microservices, I would implement a CI/CD pipeline using Jenkins or GitLab CI with automated testing (unit, integration, and security scans). Containerize microservices with Docker and orchestrate via Kubernetes (EKS/AKS) with Helm charts for version control. Reliability uses canary deployments and rolling updates with health checks via Kubernetes readiness probes. Traceability requires centralized logging with ELK stack (Elasticsearch, Logstash, Kibana) or Azure Monitor, and distributed tracing via Jaeger or OpenTelemetry. Security includes image scanning with Aqua Security, secrets management via HashiCorp Vault or AWS Secrets Manager, and network policies in Kubernetes. IAM roles with least privilege and automated compliance checks via OPA Gatekeeper ensure governance.

187

Respuesta de referencia

In Azure, a static IP address is used when the address connected to the device is not to be changed.

188

Respuesta de referencia

A network security group (NSG) contains a list of Access Control List (ACL) rules that allow or deny network traffic to subnets, NICs, or both. NSGs can be associated with either subnets or individual NICs connected to a subnet. When an NSG is associated with a subnet, the ACL rules apply to all the VMs in that subnet. In addition, traffic to an individual NIC can be restricted by associating an NSG directly to a NIC.

189

Respuesta de referencia

Azure AD Conditional Access.

190

Respuesta de referencia

- Azure Backup is a cloud-based, enterprise-wide backup solution for your data. - It allows on-premises data and Azure VMs to be backed up to the cloud. In case of data loss or corruption, safely recover it from the Azure Backup repository. - It supports myriad backup strategies, with incremental backups being one of them, helping make sure compliance and data retention policies are met.

191

Respuesta de referencia

Auto-scaling in Azure Architect Cloud Platform allows users to configure their web app to scale as needed, with two options: scale up and scale out. Users can add rules that specify the metrics they want to watch and scale according to monitor and scale metrics.

192

Respuesta de referencia

Yes, it can be done by defining a separate Load Balancer Role in Azure.

193

Respuesta de referencia

The main advantage of cloud services is the ability to support more complex multi-tier architectures.

194

Respuesta de referencia

- Horizontal scaling (scaling out/in) involves adding or removing instances of a resource to meet demand without changing the capacity of each instance. It's well-suited for distributed systems and applications designed for scalability. - Vertical scaling (scaling up/down) refers to increasing or decreasing the capabilities (e.g., CPU, RAM) of a single instance. It's simpler but has limitations based on the maximum capacity of the instance type. Azure supports both, allowing applications to scale by changing the number of instances or their size, depending on the scenario.

195

Respuesta de referencia

The first iteration of Azure Architect DevOps currently underway involves the design phase, which is being completed.

196

Respuesta de referencia

Azure Service Bus Queues are storage locations for messages. When you have numerous apps or pieces of a distributed application that need to communicate with each other, service bus queues prove to be very helpful. Multiple messages are received and subsequently sent from the queue, which is similar to a distribution center.

197

Respuesta de referencia

Areas to Cover - Learning resources and methods used - Time dedicated to professional development - Process for evaluating new services for potential adoption - How they've implemented new Azure features in previous roles - Knowledge sharing with team members Possible Follow-up Questions - How have you incorporated a new Azure service into an existing architecture? - How do you decide when to adopt new features versus sticking with proven solutions? - How do you validate that new services will meet your requirements before implementing them? - How do you balance innovation with stability in cloud environments?

198

Respuesta de referencia

In addition to deployment, Azure Architect also offers login analytics and the Azure Architect monitor service to monitor the behaviour of your frontend database backend. To improve the solution, you can also add services like public IP addresses and DNS entries.

199

Respuesta de referencia

The user launches Putty software, pastes the IP address, and completes the process. However, users must add a rule for S SH in their firewall if the connection times out. After adding the rule, the user logs in to their server using a new raker username and authenticates the user. The server will then allow S SH to connect.

200

Respuesta de referencia

In Azure, break-fix issues are referred to as technical problems. It is an industry term used when 'work involved in supporting a technology when it fails its normal course of action'.

¿NO QUIERES PERDERTE NADA?

¡Pase 100% la prueba de práctica de Cisco, PMP, CISA, CISM, AWS en OFERTA!
Obtener ahora

Obtenga una certificación para destacar su currículum.

¿NO QUIERES PERDERTE NADA?

¡Pase 100% la prueba de práctica de Cisco, PMP, CISA, CISM, AWS en OFERTA! Obtener ahora

Obtenga una certificación para destacar su currículum.

¡Pase 100% la prueba de práctica de Cisco, PMP, CISA, CISM, AWS en OFERTA!
Obtener ahora