Exam Cram Sheet820 words
AZ-900 Exam Cram: Azure Compute & Networking Services
Describe Azure compute and networking services
AZ-900 Exam Cram: Azure Compute & Networking Services
This guide focuses on the core services that power Azure's infrastructure. In the AZ-900 exam, these topics test your ability to match business requirements with the correct architectural solution.
Topic Weighting
| Domain Section | Exam Percentage (Approx) |
|---|---|
| Describe Azure architecture and services | 35% – 40% |
| Compute & Networking Sub-topics | ~15% – 20% |
[!IMPORTANT] This section is the "meat" of the exam. If you understand the difference between IaaS, PaaS, and how they connect via VNet, you are 50% of the way to passing.
Key Concepts Summary
1. Azure Compute Services
- Virtual Machines (VMs): IaaS (Infrastructure as a Service). You have total control over the OS and software.
- VM Scale Sets (VMSS): Automatically create and manage a group of identical, load-balanced VMs. Ideal for auto-scaling.
- Azure App Service: PaaS (Platform as a Service) for hosting web apps and APIs. Focus on code, not the server.
- Azure Container Instances (ACI): Simplest way to run a container without managing servers. No orchestration.
- Azure Kubernetes Service (AKS): Managed orchestration for large-scale container deployments.
- Azure Functions: Serverless computing. Run code based on events (triggers) without worrying about underlying infrastructure.
2. Azure Networking Services
- Virtual Network (VNet): Logical isolation of the Azure cloud. Resources in a VNet can communicate with each other securely.
- VNet Peering: Connects two separate VNets together using the Microsoft backbone network.
- VPN Gateway: Sends encrypted traffic between an Azure VNet and an on-premises location over the public Internet.
- ExpressRoute: A private, dedicated connection from your on-premises data center to Azure. It does not go over the public Internet.
Loading Diagram...
Common Pitfalls
- VPN vs. ExpressRoute: Remember that VPN uses the internet (encrypted), while ExpressRoute is a private circuit (faster, more secure, more expensive).
- Scale Sets vs. Availability Sets: Scale Sets are for scaling out (adding more identical VMs). Availability Sets are for protecting against hardware failure (keeping existing VMs running).
- Public vs. Private Endpoints: A Public Endpoint allows access via the internet. A Private Endpoint uses a private IP from your VNet to access an Azure service (keeping traffic off the internet).
- Resource Groups: You cannot create a resource without a Resource Group, but resources can belong to only one group at a time.
Mnemonics / Memory Triggers
- VMSS = "Very Many Same Servers": Reminds you that Scale Sets are for identical VMs that scale together.
- Functions = "Fire and Forget": Reminds you that they are event-driven and serverless; you just run the code when triggered.
- Peering = "Pairing": Connecting two VNets as if they were one.
- ExpressRoute = "Express Train": It follows its own private track (not the public highway/internet).
Formula / Equation Sheet
| Service Feature | Virtual Machine (IaaS) | App Service (PaaS) | Functions (Serverless) |
|---|---|---|---|
| Management | User manages OS | Azure manages OS | Azure manages everything |
| Scaling | Manual/Scale Sets | Automated Scaling | Highly Elastic/Per-event |
| Cost Model | Pay for Provisioned Time | Pay for Plan/Tier | Pay for Executions/Time |
| Best For | Legacy Apps, OS Tuning | Web Apps, REST APIs | Microservices, Tasks |
Visual Network Architecture
\begin{tikzpicture}[node distance=2cm, every node/.style={font=\small}] \draw[thick, blue, dashed] (0,0) rectangle (6,4) node[pos=0, anchor=south west, color=blue] {Azure Virtual Network (VNet)}; \draw[fill=gray!10] (0.5,0.5) rectangle (2.5,3) node[pos=0.5, align=center] {Subnet A \ (Web Servers)}; \draw[fill=gray!10] (3.5,0.5) rectangle (5.5,3) node[pos=0.5, align=center] {Subnet B \ (Database)}; \draw[<->, thick] (2.5,1.75) -- (3.5,1.75) node[midway, above] {Internal IP}; \draw[<-] (0.5,2) -- (-1,2) node[left] {NSG / Firewall}; \end{tikzpicture}
Practice Set
- Which Azure service allows you to deploy a web application without managing the underlying operating system?
- Answer: Azure App Service.
- You need to connect an on-premises network to Azure with the highest possible security and consistent bandwidth. Which service should you choose?
- Answer: Azure ExpressRoute.
- A company wants to ensure that a group of identical VMs automatically increases or decreases based on demand. What should they use?
- Answer: Virtual Machine Scale Sets (VMSS).
- True or False: A resource group can contain resources from different Azure regions.
- Answer: True. The Resource Group is a logical container; its resources can be located anywhere.
- What is the primary difference between Azure Container Instances (ACI) and Azure Kubernetes Service (AKS)?
- Answer: ACI is for simple, single-container tasks. AKS is for managing and orchestrating complex, multi-container clusters.