Azure Fundamentals (AZ900) certification preparation – short notes-IV

Thanks for reading our first, second and third posts in this series. Let’s get into the 4th post of the series Azure Fundamentals (AZ900) certification preparation short notes.

The intention of this series is to help your preparation for the AZ900 certification, or for your revision before taking the exam.

[ Disclaimer : This is not a complete training material for the certification. This is just random (short) notes which we captured from course curricula, which will help the readers for their final revision/rewind before appearing for the exam. We do not offer any guarantee in passing the exam with this content ]

So, let’s get into the contents…

IoT Services
IoT Central – Connects your IoT devices to cloud
IoT Hub – Secure communication between the IoT apps and their managed devices
IoT Edge – allows processing and analysis of IoT devices data. A service built on Azure IoT Hub.
Windows 10 IoT Core Services – A cloud services subscription

——————- advertisements ——————-

———————————————————

Bigdata services

Azure Synapse analytics (SQL datawarehouse -formerly) : intended to run SQL queries against large DBs.
HDInsight : Run Open-sourced analytics software such as Hadoop,Kafka and Spark
Azure databricks : An apache Spark-based for Azure. Third-part databricks services within Azure.
DataLake analytics : Large storage for Raw data for bigdata. Analytics and reporting

AI/ML services
Azure Meachine learning service : Service for simplifying and running AI/ML related workflows in Azure. Python,R or Deep Learning workloads such as TensorFlow
Azure machine learning studio : Older service for AI/ML workloads
——————- advertisements ——————-

———————————————————

AI Services
Personalizer : personlized experience for every user.
Translator : real-time multi-language translator
Anomaly detector : detect anomalies in data and troubleshoot
Azure bot service : serverless bot service on-demand
Form recognizer : auto extraction of key/value, text, table etc.. from data
Computer vision : Content analysis from images
Language understanding : natural language understanding for apps,chat bots etc…
QnA maker : QnA bot. helps to create a question-answer structure over the data
Text analysis : helps in sentiment analysis. identifying names, phrases etc…
Content moderator : helps to detect potentially offensive content
Face : helps to identify the people and the emotions from images etc…
Ink recognizer : digital ink recognizer, such as handwriting, shapes etc…

Serverless services
Functions : serverless compute. No need to provision/manage any servers.
Azure blob storage : blob storage service
Logic apps : allows you to build serverless workflows composed of Azure functions, building a state machine for serverless compute
Event grid : Pub/sub type. Allowing to react to events and trigger other services like Functions

Visual studio code : code editor
——————- advertisements ——————-

———————————————————

Regulation and compliance
Azure trust center : Online portal where we can check the security and regulatory compliance info (example GDPR – General Data protection Regulation)
Azure security compliance programs (2:16:30) :
– CJIS (Criminal Justice Information Services) – has to be compliant to access FBI’s CJIS Database
– Cloud Security Alliance (Star Certification) – Third party
– GDPR – European law, against anyone (org) collects and analyzes data tied to EU residents
– EU Model clause – transfers of data outside of EU.
– HIPPA (Health insurance portability and accountability act) – patient protected health info.
– ISO 27018 – processing of personal info by cloud service providers

Azure Active Directory
AD comes in four flavors
free – MFA, SSO, and basic security settings
Office 365 Apps – company branding, two-sync between on-prem and cloud
Premium 1 – Hybrid architecture,
Premium 2 – identity protection and identity governance.

Azure security Center : Infrastructure security management system – A UI with lots of options.
Azure key vault : Stores and manages tokens/keys etc…
– Secret management – keys,tokens,certificates etc…
– Key management – Encryption key creation and management
– Certificate management – manages SSL certificates
– HSM – Keys and secrets managed by FIPS compliant Hardware-Security-Module (FIPS 140-2 compliance for multi-tenant and FIPS 140-3 for single tenant)

——————- advertisements ——————-

———————————————————

Protection
Azure DDoS Protection : basic protection is always on and is free. Advanced version is paid and has more features including reporting, Expert support, SLAs.
Azure firewall : Network protection. High availability built-in no load balancers required.
Azure information protection : in our outlook. Protects sensitive data by encryption,restricted access etc…
RBAC (role-based ac)
– Security principal : identities requesting access to an azure resource.
— User, group, Service principal (a security identity used to access azure resources),Managed identity (an identity in Azure AD managed by Azure)- Scope : Defines a scope of a role. Controls at Management,subscription or resource group level.
– Role definition : Set of roles. R/W/Delete etc..

Lock Resources : Locking to avoid unexpected deletion etc… CanNotDelete(Delete), Read-Only are types of locks.
Management groups : Adding subscriptions (accounts) to a management group will have all the permissions on it. Accounts under “Finance” group will have permissions required for that team/group/dept (example)
That’s it for part-4. You can find the next section in this series here. For the complete series click here .

Leave a comment :