Sunday, October 3, 2021

AZ-900 Exam Notes

AZ-900 Exam Notes: Microsoft Azure Fundamentals

Hi All,

This article includes some important notes for those who are preparing for AZ-900 certification.
Yesterday, I cleared my AZ-900 exam and to prepare that I created some notes which I am sharing
via this article.

What is Cloud Computing?

In very simple terms: -
"Cloud computing is basically a datacenter company that provides its resources i.e. servers, storage,
networking, security, Invested money on cooling/heating/security and ongoing maintenance etc on rent."

Why organizations are moving towards cloud computing?

An organization can cut down its costs on maintaining its on-premise physical datacenter it owns 
by migrating all its applications and data to the cloud service provider(s) that have redundant datacenters 
all across the globe.
By using the services of the Cloud Service Provider(s); organizations can reduce the overall costs that
the organization spends on the its IT budget.
Below are some key factors and benefits of migrating to cloud service provider(s):
Organizations does not have to pay anything upfront; which saves the heavy money earlier spent
on the Capital Expenditure (CapEx),
Pay only for what you use for a given period of time; Operation Expenditure (OpEx),
Fast services like a virtual server machine is ready for use within minutes which was not possible
before the concept of cloud computing.

What is AZ-900?

AZ 900 is one of the fundamental exams for a candidate working on Azure. It does not have expiry date :)
The AZ-900 exam is the lone exam expected to get the Azure Fundamentals certificate, and a discretionary
exam in the wide range of various Azure Paths. This exam is intended for applicants hoping to exhibit
fundamental level information on cloud administrations and how those administrations are given by Microsoft Azure.

Recommendation:

  • I would highly recommend to use the Azure AZ-900 documentation on their official website; it gives you everything you need for this course.
    Azure-Fundamentals Official Website
  • Go for the free tier Azure portal and explore, practice as much as you can. Spending first 200$ are free and more than sufficient to cover the AZ-900 exam topics. Free Sign up
  • Dedicate at least one hour per day and you will be ready for the exam within 10-15 days.

AZ-900 Exam Blueprint

The below skillsets are required to cover the AZ-900 exam.

  • Describe cloud concepts (20-25%),
  • Describe core Azure services (15-20%),
  • Describe core solutions and management tools on Azure (10-15%),
  • Describe general security and network security features (10-15%),
  • Describe identity, governance, privacy, and compliance features (20-25%),
  • Describe Azure cost management and Service Level Agreements (10-15%),
Click here for more details.

Azure Regions and Availability Zones

In this section, we will look into Azure Regions, Zones and availability.

  • Azure Provides 60+ regions around the globe and probably grow more,
  • A Region is a particular geographical location,
  • Deploy your services to multiple regions which will give High Availability, Low Latency, Geographical reach,
  • Azure provides multiple Availability zones in a single Azure region,
  • Each Availability Zone is one or more data centers and they have their own network connectivity and power resources,
  • Availability Zone in a region are connected with low latency link,
  • Availability Zones help to achieve high availability with low latency in same region,
  • Not all Azure regions have Availability Zones,
  • Some of the availability Zones available in Azure regions,
  • East US – 3, West Europe – 3, Southeast Asia – 3, West Central US – 0.

Subscription, Resource Groups, Management Groups and Tags

  • Resource Group is the group of resources like Virtual Machine, Database etc,
  • One resource group is associated with one Azure subscription,
  • Azure resource hierarchy –
    Management Groups –> Azure Subscription –> Resource Group –> Resources,
  • One resource can be associated with only one resource group,
  • A resource group can contain resources from multiple Azure regions,
  • Resource group are offered by Azure at no extra cost, we only pay for the resources and not for the resource groups,
  • Permission applied to a resource group is automatically applied to resources available in that resource group,
  • To manage cost and billing for different department within your organization, create different subscriptions,
  • You cannot merge two subscription into one, however you can move a resource from one subscription to other,
  • In case a subscription is expired, you cannot create a resource, but data can be accessed,
  • Tags are used to identify application, resources, environment for tracking and reporting purpose,
  • It helps us to categorize the resources in Azure. Tags are not automatically inherited from resource group to available resources within it.

Virtual Machines, Availability Set and Scale Set

  • We deploy software or any application in the cloud on a Virtual Machine (VM),
  • A single VM with premium SSD or Ultra disk will give 99.9% SLA,
  • A single VM with standard SSD disk will give 99.5% SLA,
  • A single VM with standard HDD disk will give 95% SLA,
  • 2 VMs in same availability set gives you 99.95% availability
  • Availability set is a logical grouping of VMs,
  • Azure provides two types of Availability Set. Fault Domain and Updated Domain,
  • Fault Domain – A group of VMs which share common network connectivity and power supply,
  • Updated Domain – This logical group get restarted at same time. All the maintenance happens in this group at the same time,
  • Distributing VMs across multiple fault domain will increase availability,
  • Creating multiple instances in two or more Availability Zones in same Azure region gives you 99.99% of availability,
  • Virtual Machine Scale Set (VM Scale Set) allows you to create and manage a group of Azure Virtual Machine,
  • VM Scale Set allows auto and manual scaling.
  • A single scale set can allow up to 1000 VM instances,
  • Auto scaling in VM Scale Set can be configured based on CPU threshold, memory utilization etc.,
  • VM Scale Set creates a private IP address by default,
  • Public IP addresses are chargeable,
  • There are two types of scaling – Vertical Scaling and Horizontal Scaling,
  • Vertical Scaling – Increase the available hardware capacity for eg Increasing RAM size,
  • Horizontal Scaling – Allows to increase the instance of number of Virtual Machines,
  • Two VMs of same size can cost differently because it vary with time and regions.

IaaS, PaaS, SaaS and Containers

  • IaaS (Infrastructure As A Service)– A cloud model which allows us to manage infrastructure from Cloud service provider. In this cloud model, we are responsible for managing Virtual Machine, Database, OS, Load Balancer etc. With software we have to manage underlying hardware as well,
  • PaaS (Platform As A Service) – We are responsible only for our application deployment and related configuration. No need to worry about underlying hardware. Azure App Service, Azure Container,  Azure Cosmos DB are example of PaaS model. In PaaS model, we can configure hardware needs and can configure for auto scaling need,
  • SaaS (Software as a service) – We are responsible for using application and not for deployment and maintenance. Google Docs, Office 365, Dropbox are example of SaaS model,
  • Azure Containers used to virtualize the software. We don’t need to manage any Virtual Machines,
  • We can deploy microservice based application to Azure with the help of Azure Containers,
  • Azure Containers create docker image for each microservice based on requirement,
    For eg – you can create a docker image for Windows + .NET and another image for Linux + PHP
  • Azure offers Azure Service Fabric and Kubernetes for container orchestration,
  • Kubernetes is a popular open source for container orchestration tool,
  • Azure Service Fabric is a container orchestration tool which runs on Azure cloud only.

Public Cloud, Private Cloud and Hybrid Cloud

  • Public cloud allows you to host and deploy applications in cloud with no data center available in on-premise. No Capital expenditure (CapEx) required, Pay as you go, underlying hardware maintained by Azure, hardware resource shared among multiple tenants,
  • Private Cloud – It allows you to host and deploy everything within your own data center,
    It needs Capital Expenditure, staff, maintenance. Private Cloud provides high level of security and privacy,
  • Hybrid Cloud – It is combination of Public and Private. For Example, Application server is in on-premise data center and database is in Azure cloud.

Serverless, Azure Functions and Logic Apps

  • Serverless doesn’t mean to “No Server”, it simply means no need to focus on server and related entities., it also means zero visibility of servers,
  • In Serverless, no request = no cost,
  • Azure function is an example of Serverless computing,
  • Azure function allows you to pay for number of requests raised and memory utilization. It supports all the major programming languages such as C#, Python, Java, TypeScript etc.,
  • To create Azure Function in Azure, search for Function App in Azure search bar,
  • While creating Azure Function in Azure portal, just select the runtime (.Net, Java  etc.) and selection for things like availability set  and availability zones are not available because it is not managed by us,
  • Azure Functions are auto scalable,
  • Logic App is a serverless orchestration service in Azure. It is a no code (or low code) solution and mostly works with GUI,
  • Logic App can be useful to trigger events on a specific action such as sending an email,
  • Azure offers in-built templates to create Logic Apps.

Azure Storage

  • Azure offers File Storage (Azure Files), Block Storage (Azure Disk) and Object Storage (Blob Storage),
  • File storage can be shared between multiple VMs,
  • Azure offers following data redundancy – LRS, ZRS, GRS, GZRS,
  • LRS (Locally Redundant Storage) – Sync 3 copies in same data center, less expensive and with least availability,
  • ZRS (Zone Redundant Storage) – Sync 3 copies in 3 Availability Zones in primary region,
  • GRS (Geo Redundant Storage) – It is LRS + Async copy to secondary region,
  • GZRS (Geo Zone Redundant Storage) – ZRS + Async copy of data to secondary region. It is most expensive and provide high availability,
  • Azure Disk with standard HDD is recommended for backup storage,
  • Standard SSD is recommended for light weight applications,
  • Azure Disk with premium/ Ultra SSD is recommended for production uses,
  • Blob storage allows to store huge unstructured data.

Azure Database

Microsoft Azure offers fully managed relational, NoSQL and in-memory databases for various uses.

Database TypePurpose
Azure SQL DatabaseManaged Intelligent SQL in Azure & always up-to-date SQL instance. Gives 99.99 % availability,
Azure Database for PostgreSQLBuild scalable, secure and fully managed enterprise-ready apps on open-source PostgreSQL,
Azure My SQLDeliver high availability  to open-source mobile and web apps with a managed community MySQL database, service
Azure Maria DBDeliver high availability  to open-source mobile and web apps with a managed community Maria database, service
Azure Cosmos DBBuild applications with guaranteed low latency and high availability anywhere, at any scale or migrate Cassandra, MongoDB and other NoSQL tasks to the cloud, 
Azure Cache for RedisPower fast, scalable applications with an open-source-compatible in-memory data store,
Azure Synapse AnalyticsDatabase for Analytics,

*Microsoft Azure Cosmos DB provides low latency and can offer sub 5-MS response time.

Azure Networking

  • Azure Virtual Network (VNet) is your own isolated network in Azure cloud, it is like LAN on your on-premise,
  • Each virtual network is associated with one region,
  • Subnet is used to isolate resources within Azure Virtual Network,
  • All subnet (Private or Public) in a single virtual network (VNet) can communicate with each other,
  • Each VM in a Virtual Network is assigned a private IP address by default. However we can assign it a public IP address as well,
  • Network peering is possible to connect resources in different Azure Virtual Networks (In different Azure region as well),
  • Network Security Group (NSG) is an internal Firewall inside Azure Virtual Network. It allow/block traffic based on IP address and Port. NSG can restrict traffic between resources, it can allow Database access only to a Web Servers from outside world,
  • NSG is attached with subnet and network interface,
  • Azure Application Gateway can do URL-based routing. It is a web traffic load balancer which enables us to manage traffic to our web application hosted in Azure,
  • Traditional Load balancer operates at transport layer (OSI Layer 4 – TCP, UDP) to route traffic,
  • Azure Firewall is a managed, centralized network firewall-as-a-service, it is in outside of Azure Virtual Network,
  • Allowed in-traffic will automatically pass out-traffic in Azure Firewall,
  • One Azure Firewall can control traffic to multiple Azure Virtual Networks across multiple Azure subscription,
  • Web Application Firewall is tied with one web application to protect from XSS (cross side scripting, SQL injection etc),
  • Azure Express Route is a private and dedicated connection between Azure cloud and on-premise data center. It gives high bandwidth with high security.

Azure Security

  • Azure Security Center is a threat management and protection feature for Azure cloud. It provides the security score to improve security by adding more security features,
  • Basic protection and security is free in Azure cloud,
  • Azure Defender is an additional security that you can enable. It is a costly feature by Azure. It provides threat protection for PaaS services,
  • Azure Sentinel is an intelligent security analytics service for entire enterprise. It is a security
    information and event management (SIEM),
  • Azure Sentinel detect threats and respond very fast with the help of AI,
  • To store access secrets such as API Keys, Password, Certificates we can use Azure Key Vault,
  • Official definition by Microsoft – Azure Key Vault is a safeguard cryptographic keys and others secrets used by cloud apps and services,
  • Azure AD Identity Management helps us to manage identity and access available in Azure cloud,
  • To synchronize on-premise Active Directory with Azure AD we can use Azure AD Connect,
  • Azure AD MFA (Multi factor Authentication) – Azure AD MFA uses any 2 of given authentication options – With user id and password, From a trusted device, Fingerprint or face recognition,
  • To enable Azure AD MFA, you need to use Azure AD Identity protection,
  • If a user is logging in from an unknow device or location, then mandate the MFA to provide security, this is called conditional access,
  • Conditional Access is one of the premium feature in Azure AD that comes with P1 and P2 licenses,
  • We can change default directory in Azure, but this will not change billing ownership,
  • One subscription can be connected to one Azure AD directory. You can associate multiple subscription to one Azure AD directory,
  • RABC stands for Role based access control,
  • When an Azure subscription expires, the associated Azure AD tenant is not deleted, later you can associate this to a different subscription.

Azure Management Tools

  • Azure Advisor is a tool for recommendation to improve reliability, security and performance to achieve great service at reduced cost. It recommends to optimize VM by applying auto scaling which can reduce the cost,
  • Azure Monitor is another tool which collect and analyze logs and metrics. It is used to track events at resource level. Azure Monitor can monitor resources across multiple subscription that helps to identify issues and send alerts. It can monitor on-premise environment as well,
  • Application Insight – Azure monitor service to monitor/ diagnose application related issues,
  • VM Insight – Monitor health of VM and scale set,
  • Container Insight -To monitor container available in your subscription,
  • Log Analytics – Azure monitor service to send SMS, Email based on log and metrics,
  • Azure Service Health is a personalized dashboard for receiving notifications, guidance, and technical support when Azure service issues, updates, or planned maintenance affect your Azure resources,
  • Visit status.azure.com go know the Azure health region wise,
  • Azure Service Health also tells about an Azure service which will be decommissioned.

Azure Service Level Agreement (SLA)

  • SLA stands for Service Level Agreement. It is an formal agreement between service provider and customer,
  • Azure gives a service credit in case it doesn’t meet the agreed SLA. If < 99.95 % then 10 %amount is credited, If < 99 % then 25 % amount is credited. You need to submit the SLA credit request to get service credit,
  • Monthly uptime % = (Maximum Available Minutes – Down time)/(Maximum Available Minutes) * 100,
  • Azure Service Lifecycle follows 3 phases – Private Preview – It is an evaluation purpose release for a specific customer. You need to apply for using Private Preview. This release do not follow any SLA. Public Preview – It is available to all the Azure customers and it also has no defined SLA. Public Preview is not recommended for production or any critical business
    application. General Availability – This release is available to all customers and follow SLA as well.

Azure Compliance, Privacy and Governance

  • Microsoft Azure policies assure that resources follow compliant with defined standards and SLA. Azure Policy allows you to manage compliance of resources across multiple Azure subscription,
  • You can create a group of policy; it is called Initiative,
  • Azure provides some predefined initiatives – UK Official, HIPAA, PCIDSS etc.,
  • In Compliance dashboard you can view overall compliance of a specific resource or policy,
  • If you want to prevent a specific size of VM, then you can apply policy which will prevent this action,
  • Azure Blueprints is the combination of one or more Policy, Role, ARM Template, Resource Group,
  • Resource Lock feature is used to prevent from accidental deletion or modification of resources,
  • There are 2 types of resource locks :
  • Read Only Lock – Users can read but they can’t modify or delete the resource,
  • Delete Lock – Users can read, modify but they can’t delete it,
  • You can apply multiple lock on a resource,
  • Resource Lock can be applied to subscription, resource group or resources,
  • Resources inherits Azure lock from subscription and resource group,
  • Azure compliance make sure that you follow industry and security standards,
  • Service Trust Portal allows you to check standard and regulation,
  • GDPR (General Data Protection Regulation) is introduced to provide security to personal data for the people in Europe,
  • RBI and IRDAI (India) – The Reserve Bank of India (RBI), the Insurance Regulatory and Development Authority of India (IRDAI), and the Ministry of Electronics and Information Technology (MeitY) comprise three of the key financial industry regulators overseeing banks, insurance organizations, and market infrastructure institutions,
  • Azure Government can be used by US government employees, entities and contractor
  • Azure China is not operated by Microsoft, 21ViaNet company operates Azure in China and they follow China Telecommunication Regulation.

Azure Cost Management

  • Capital Expenditure (CapEx) – The money spend to buy infrastructure and cost to maintain the infrastructure. Example – Paying of a software on lease, Physical data center,
  • Operation Expenditure (OpEx) – Money spent to consume a service or product. Example – Azure Functions, Azure VM Provisioning etc.,
  • Azure Function is the best example for Consumption based price model,
  • Fixed Price Model – You are charged for number of instances doesn’t matter whether the resource is being used or not. Example – Azure App Service, Azure VM etc.,
  • TCO or Total Cost of Ownership is used to estimate the cost savings you calculate after migrating your workloads to Azure,
  • Pricing Calculator is to estimate the cost of Azure services that you are planning to use,
  • In-bound data from on-premise to Azure is free,
  • Out-bound traffic from Azure to on-premise is not free,
  • Data traffic between Azure service in the same region or Availability zone is free.

Azure IoT, Big Data, AI and Machine Learning

  • Azure IoT Hub is used to manage message hub for IoT enabled devices. Allows you to present reports programmatically,
  • Azure IoT Central – It is IoT hub with dashboard. It represents reports with UI instead of programming,
  • Azure Sphere – It provides comprehensive solutions for IoT devices with high security. It is useful in voting machine, ATM, Point of Sale Device where high security needed,
  • Big Data Solution – For end-to-end analytic solution of Big data to run complex queries we can use Azure Synapse Analytics; it is earlier known as Azure SQL Data Warehouse,
  • Azure HDInsight-Hadoop based open source analytic service. Compatible with Apache Hadoop, Spark, Hive,
  • Azure Databricks – It is an Apache Spark based analytics service,
  • Talk with human through an AI system, uses Azure Bot service,
  • Azure Cognitive service is a pre-built Machine Learning that is used for Language service, Vision service, Text to speech service.

Azure DevOps

  • Microsoft Azure DevOps helps in Continuous integration, Continuous Deployment and Continuous Integration,
  • It is a private source control to manage source code with versions,
  • Azure DevTest Lab – Allows you to Quickly create environments using reusable templates and artifacts. It allows you to create Windows and Linux environment quickly, with Azure DevTest Lab you can set automated shutdown to minimize the cost,
  • ARM (Azure Resource Manager) Template is a to implement Infrastructure as a code in Azure. ARM template is a JSON based file which defines the infrastructure and related configuration. For example – You can create a VM and SQL Database of your required configuration from Azure portal, if you have been asked to create the same environment
    you have to repeat the same steps instead of doing that you can create ARM Template and create environment with same JSON file quickly.

AZ-900 after training and exam insights

  • Once you are prepared for exam, go to Microsoft website and schedule your exam,
  • At the scheduled exam time, be prepare with your laptop or desktop
    (Personal Laptop or Desktop is preferable to avoid any communication breakage),
  • Be ready with a valid ID proof issued by government,
  • Make sure you have good internet connection,
  • The mic and webcam should work properly in your laptop or desktop,
  • You need to score at least 70% to pass. Till now, there is no negative marking,
  • Number of questions may vary. In my case there were 45 questions and most of the
    questions have 2 or 3 parts and each parts contains 1 point/mark.

If you think I have missed something; please let me know - I will provide the required details with an update.


I hope this article will be helpful for your AZ-900 journey; good luck!!

No comments:

Post a Comment

AZ-500 | Microsoft Azure Security Technologies

Certification Overview: The Microsoft Azure AZ-500 exam is for the people who want to demonstrate or check their knowledge in deploying, i...