π Master Cheatsheet
All 9 modules Β· Print or save as PDF Β· β Back to Cheatsheets
π‘ How to save as PDF: Click the button above β browser print dialog opens β change Destination to "Save as PDF" β set Layout to Landscape β Save. No branding appears in the PDF.
AI-200 Master Cheatsheet
All 9 Modules Β· Developing AI Cloud Solutions on Azure (Course AI-200T00-A) Β· Print date:
9 MODULES
Module 1 Β· Domain 1 Β· 20β25%
Azure Container Registry (ACR)
20β25%
π Key Concepts
- SKUs: Basic β Standard β Premium (geo-rep, private endpoints)
- Auth: Always Managed Identity in prod. Admin user = NEVER
- ACR Tasks: Cloud builds, multi-step pipelines, trigger on git/base image
- Geo-replication: Premium only. Pushes to one, pulls from nearest
- Content Trust: Notary v2 image signing. Premium only
β‘ Memory Trick
ACR MAP: Managed Identity Β· ACR Tasks Β· Premium for geo-rep
π» CLI Commands
az acr create --name myacr --sku Premium az acr build --registry myacr --image app:v1 . az acr login --name myacr az acr task create --name build-on-push \ --registry myacr --image app:latest \ --context https://github.com/org/repo \ --branch main --git-access-token $TOKEN
β οΈ Gotcha
Admin user is disabled by default. Never enable it β use Managed Identity.
Module 2 Β· Domain 1 Β· 20β25%
Azure Container Apps
20β25%
π Key Concepts
- Scaling: KEDA-based. minReplicas: 0 = scale-to-zero
- Revisions: Immutable snapshots. Traffic splitting for canary
- Dapr: Sidecar for service discovery, pub/sub, state, secrets
- Ingress: External (public) or Internal (VNet only)
- vs AKS: No K8s management. vs App Service: supports event-driven scale
β‘ Memory Trick
CREDS: Containerized serverless Β· Revisions Β· Event-driven (KEDA) Β· Dapr Β· Scale-to-zero
π» CLI Commands
az containerapp env create -n myenv -g rg \ --location eastus az containerapp create -n myapp -g rg \ --environment myenv \ --image myacr.azurecr.io/app:v1 \ --target-port 8080 --ingress external \ --min-replicas 0 --max-replicas 10
β οΈ Gotcha
Traffic splitting requires multiple active revisions. Set revision mode to "multiple" first.
Module 3 Β· Domain 1 Β· 20β25%
Azure Kubernetes Service (AKS)
20β25%
π Key Concepts
- Control plane: Managed by Microsoft, FREE
- Node pools: System (CoreDNS) + User (your apps)
- Networking: Kubenet (NAT) vs Azure CNI (real pod IPs)
- Helm: K8s package manager β charts, values, releases
- HPA: CPU/memory autoscaler. KEDA for event-driven scaling
β‘ Memory Trick
CHUNK: Control plane free Β· Helm Β· User+System pools Β· Networking CNI Β· Kubectl
π» CLI Commands
az aks create -n myaks -g rg \ --node-count 3 --network-plugin azure \ --attach-acr myacr az aks get-credentials -n myaks -g rg kubectl get pods -A helm install myapp ./chart -f values.yaml kubectl apply -f deployment.yaml
β οΈ Gotcha
Azure CNI requires pre-allocating VNet IPs. Plan subnet sizing carefully or you'll run out.
Module 4 Β· Domain 2 Β· 25β30%
Azure Cosmos DB for NoSQL
25β30%
π Key Concepts
- RUs: 1KB read = 1 RU Β· 1KB write = 5β6 RU
- Partition key: IMMUTABLE after creation. Choose wisely
- Consistency: StrongβBoundedβSession(default)βPrefixβEventual
- Change Feed: Captures inserts + updates. NOT deletes
- Vector: DiskANN index Β· VectorDistance() function
β‘ Memory Trick
PREVIEW: Partition key Β· RUs Β· Embeddings Β· VectorDistance Β· Indexing Β· Event(Change Feed) Β· Writes=5β6x
π» CLI / SDK
az cosmosdb create -n mydb -g rg az cosmosdb sql container create \ -a mydb -d mydb -n items -g rg \ --partition-key-path /userId # SDK vector query: SELECT c.id, VectorDistance( c.embedding, @queryVector) AS score FROM c ORDER BY score OFFSET 0 LIMIT 10
β οΈ Gotcha
Change Feed does NOT capture deletes. Use soft-delete pattern (deleted: true field).
Module 5 Β· Domain 2 Β· 25β30%
Azure Database for PostgreSQL + pgvector
25β30%
π Key Concepts
- pgvector: Extension for vector storage + similarity search
- HNSW: Higher accuracy, works on empty tables. Production choice
- IVFFlat: Lower memory, needs data before build
- Operators: <=> cosine Β· <-> L2 Β· <#> inner product
- RAG: Retrieve embeddings β inject as LLM context
β‘ Memory Trick
HIC: HNSW=accuracy(prod) Β· IVFFlat=memory(needs data) Β· Cosine <=> for text
π» SQL Commands
CREATE EXTENSION IF NOT EXISTS pgvector; CREATE TABLE docs ( id serial PRIMARY KEY, content text, embedding vector(1536) ); CREATE INDEX ON docs USING hnsw (embedding vector_cosine_ops); -- Search: SELECT content, embedding <=> $1 AS distance FROM docs ORDER BY distance LIMIT 5;
β οΈ Gotcha
IVFFlat index fails on empty tables. Insert data first, then create the index.
Module 6 Β· Domain 2 Β· 25β30%
Azure Managed Redis
25β30%
π Key Concepts
- Vector search: Enterprise tier only (RediSearch module)
- Cache-aside: App manages cache. Miss β read DB β write cache
- Semantic cache: Cache LLM responses by embedding similarity
- TTL: Auto-expire keys. Essential for cache invalidation
- Tiers: Basic(dev) β Standard(HA) β Premium β Enterprise(vector)
β‘ Memory Trick
SAVES: Semantic caching Β· All in-memory Β· Vector(Enterprise) Β· Event streams Β· Session+cache-aside
π» CLI / Commands
az redis create -n myredis -g rg \
--sku Premium --vm-size c1
# Redis CLI:
SET user:1 "alice-data" EX 3600
GET user:1
DEL user:1
EXPIRE user:1 1800
# Python (redis-py):
r.set("key", value, ex=3600)
r.get("key") β οΈ Gotcha
Vector search requires Enterprise tier. Basic/Standard/Premium = no RediSearch.
Module 7 Β· Domain 3 Β· 20β25%
Service Bus, Event Grid & Azure Functions
20β25%
π Key Concepts
- Service Bus Queue: Point-to-point, ordered, guaranteed delivery
- Service Bus Topic: Pub/sub, multiple subscriptions with filters
- PeekLock: Lock β process β complete. Prevents message loss
- DLQ: Dead-letter queue for poison/expired messages
- Event Grid: Reactive routing of Azure resource events
β‘ Memory Trick
Bank vs News: Service Bus = bank transfer (reliable) Β· Event Grid = news broadcast (reactive)
π» CLI / SDK
az servicebus namespace create -n myns -g rg az servicebus queue create -n myqueue \ --namespace myns -g rg az eventgrid topic create -n mytopic -g rg # Functions binding (function.json): "type": "serviceBusTrigger", "queueName": "myqueue", "connection": "ServiceBusConnection"
β οΈ Gotcha
ReceiveAndDelete removes message immediately β data loss if processing fails. Use PeekLock.
Module 8 Β· Domain 3 Β· 20β25%
Key Vault & App Configuration
20β25%
π Key Concepts
- Key Vault objects: Secrets Β· Keys Β· Certificates
- Auth: Managed Identity + RBAC. Never store credentials
- Soft-delete: 7β90 days recovery window
- Purge protection: Irreversible once enabled
- App Config: Non-secret settings + feature flags. KV references for secrets
β‘ Memory Trick
Safe vs Dashboard: Key Vault = secrets safe Β· App Config = settings dashboard
π» CLI Commands
az keyvault create -n myvault -g rg \ --enable-purge-protection true az keyvault secret set \ --vault-name myvault -n dbpass \ --value "mySecretPwd" az role assignment create \ --role "Key Vault Secrets User" \ --assignee $MANAGED_IDENTITY_ID \ --scope /subscriptions/.../vaults/myvault
β οΈ Gotcha
Purge protection is irreversible once enabled β cannot disable it later.
Module 9 Β· Domain 4 Β· 15β20%
OpenTelemetry & Azure Monitor
15β20%
π Key Concepts
- OTel pillars: Traces (spans + TraceId) Β· Metrics Β· Logs
- TraceId: Unique per request, shared across all services
- Connection String: Use instead of deprecated InstrumentationKey
- KQL WSP: Where (filter) β Summarize (group) β Project (select)
- Alerts: Metric/log alerts β Action Groups β notifications
β‘ Memory Trick
WSP: Where=filter Β· Summarize=GROUP BY Β· Project=SELECT
π» KQL + Code
// KQL - Find slow requests: requests | where timestamp > ago(1h) | where duration > 5000 | summarize avg(duration) by name | order by avg_duration desc | project name, avg_duration # Python OTel setup: from azure.monitor.opentelemetry import configure_azure_monitor configure_azure_monitor( connection_string="InstrumentationKey=..." )
β οΈ Gotcha
KQL pipe order is opposite to SQL: where β summarize β project (not SELECT β FROM β WHERE).