추가정리

Examtopics의 덤프 문제를 풀면서 새로 알게된 정보들을 정리해 보았습니다.

https://www.examtopics.com/exams/microsoft/az-900

Ace Microsoft AZ-900 Certification with Actual Questions | ExamTopics

---

Web tier plans

	Basic	Standard
Storage (per instance)	10GB	50GB
Instances	Up to 3	Up to 10

 

Data redundancy

1) Locally-redundant storage: 3 copy on the basic region (default of Azure Storage Account)

2) Zone-redundant storage: 3 copy on the availability zones

3) Geo-redundant storage: LRS and secondary region

4) Geo-zone-redundant storage: ZRS and secondary region

5) Read-only geo-redundant storage, Read-only geo-zone-redundant storage: read-access to secondary region

 

Availability zones: 다른 AZ에 있을 때 SLA 99.99%, 같은 AZ에 있을 때 99.95%

 

VPN Gateway

1) Point-to-site: small scale (remote user)

2) Site-to-site: middle scale (dev/test)

3) ExpressRoute: big scale (enterprise-class)

 

Azure AD

-           Segmented division support

-           Sync w. on-premises active directory

-           Provide authentication services for resources hosted in Azure and MS365

-           Each user account can be assigned to multiple licences

-           Valid MFA: 1) password, 2) app, 3) SMS, 4) voice app

*           Azure AD Privileged Identity Management: manage the important resource in your organization

*           Azure AD Identity Protection: protect anonymous, illegal connection

 

ARM templates : provides a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment

Power BI -> linked w. Azure Data Lake, Azure SQL Data Warehouse

Azure CLI, PowerShell, Portal run on everywhere

 

Azure service health: status of Azure service

Azure monitor: status of your application

-           You can send Azure AD activity logs to Azure Monitor logs

-           Azure Monitor can consolidate log entries from multiple Azure resources, subscriptions, and tenants

-           You can create alerts in Azure Monitor.

Azure Advanced Threat Protection: Monitor threats by using sensors

Azure Sentinel

-          a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution.

-           stores collected events in an Azure Storage Account

-           can remediate incident automatically

-           collect Windows Defender Firewall logs from Azure virtual machines.

 

Azure Security Center

You can enable just-in-time (JIT) VM access

can monitor Azure resources and on-premises resources

You can view your company’s regulatory compliance report

 

Defence-in-depth layers

Physical Security

Identity & Access

Perimeter (DDoS protection)

Network

Compute

Application

Data

 

Network Address Translation (NAT) rules in Azure Firewall enables users on the internet to access a server on a virtual network.

 

General Data Protection Regulation(GDPR, 유럽연합 데이터 보호 규칙) defines data protection and privacy rules.

-           applies to companies that offer goods or services to individuals in the EU. (Y)

-           Azure can be used to build a GDPR-compliant infrastructure.

 

Azure Information Protection can encrypt documents and emails.