AZ-104: Deploy and manage Azure compute resources Flashcards

Question 1

Q

Introduction to Azure Virtual Machines

Answer

A

Azure Virtual Machines is an on-demand, scalable cloud-computing resource. They include processors, memory, storage, and networking resources. You can start and stop virtual machines at will and manage them from the Azure portal or with the Azure CLI. You can also use a remote Secure Shell (SSH) to connect directly to the running VM and execute commands as if you were on a local computer

Question 2

Q

Unmanaged

Answer

A

With unmanaged disks, you are responsible for the storage accounts that are used to hold the VHDs that correspond to your VM disks. You pay the storage account rates for the amount of space you use. A single storage account has a fixed rate limit of 20,000 I/O operations/sec. This means that a single storage account is capable of supporting 40 standard virtual hard disks at full throttle. If you need to scale out, then you need more than one storage account, which can get complicated

Question 3

Q

managed disks

Answer

A

Managed disks are the newer and recommended disk storage model. They elegantly solve this complexity by putting the burden of managing the storage accounts onto Azure. You specify the disk type (Premium or Standard) and the size of the disk, and Azure creates and manages both the disk and the storage it uses. You don’t have to worry about storage account limits, which makes them easier to scale out

Question 4

Q

managed disks BENEFITS

Answer

A

Increased reliability: Azure ensures that VHDs associated with high-reliability VMs will be placed in different parts of Azure Storage to provide similar levels of resilience.

Better security: Managed disks are real managed resources in the resource group. This means they can use role-based access control to restrict who can work with the VHD data.

Snapshot support: Snapshots can be used to create a read-only copy of a VHD. We recommend that you shut down the VM to clear out any processes that are in progress. Creating the snapshot only takes a few seconds. Once it’s done, you can power on the VM and use the snapshot to create a duplicate VM to troubleshoot a production issue or roll back the VM to the point in time that the snapshot was taken.

Backup support: Managed disks can be automatically backed up to different regions for disaster recovery with Azure Backup without affecting the service of the VM.

Question 5

Q

What is SSH?

Answer

A

Secure Shell (SSH) is an encrypted connection protocol that allows secure sign-ins over unsecured connections. SSH allows you to connect to a terminal shell from a remote location using a network connection

There are two approaches we can use to authenticate an SSH connection: username and password, or an SSH key pair

Question 6

Q

SSH key pair: a public key and a private key

Answer

A

The public key is placed on your Linux VM or any other service that you wish to use with public-key cryptography. This can be shared with anyone.

The private key is what you present to verify your identity to your Linux VM when you make an SSH connection. Consider this confidential information and protect this like you would a password or any other private data.

Question 7

Q

Connecting to the VM with SSH

Answer

A

To connect to the VM via SSH, you need:

the public IP address of the VM
the username of the local account on the VM
a public key configured in that account
access to the corresponding private key
port 22 open on the VM

Question 8

Q

Opening ports in Azure VMs

Answer

A

By default, new VMs are locked down.

Apps can make outgoing requests, but the only inbound traffic allowed is from the virtual network (e.g., other resources on the same local network) and from Azure Load Balancer (probe checks)

Question 9

Q

What is a network security group?

Answer

A

Virtual networks (VNets) are the foundation of the Azure networking model and provide isolation and protection. Network security groups (NSGs) are the primary tool you use to enforce and control network traffic rules at the networking level. NSGs are an optional security layer that provides a software firewall by filtering inbound and outbound traffic on the VNet

Security groups can be associated to a network interface (for per host rules), a subnet in the virtual network (to apply to multiple resources), or both levels

Question 10

Q

Security group rules

Answer

A

NSGs use rules to allow or deny traffic moving through the network. Each rule identifies the source and destination address (or range), protocol, port (or range), direction (inbound or outbound), a numeric priority, and whether to allow or deny the traffic that matches the rule.

Question 11

Q

How Azure uses network rules

Answer

A

For inbound traffic, Azure processes the security group associated to the subnet and then the security group applied to the network interface. Outbound traffic is handled in the opposite order (the network interface first, followed by the subnet)

Keep in mind that security groups are optional at both levels. If no security group is applied, then all traffic is allowed by Azure. If the VM has a public IP, this could be a serious risk, particularly if the OS doesn’t provide a built-in firewall.

Question 12

Q

Introduction to Windows virtual machines in Azure

Answer

A

Azure VMs are an on-demand scalable cloud computing resource.

Question 13

Q

Sizing your VM

Answer

A

There are quota limits on each subscription that can impact VM creation. By default, you cannot have more than 20 virtual cores across all VMs within a region. You can either split up VMs across regions or file an online request to increase your limit

Question 14

Q

Azure uses virtual hard disks (VHDs) to represent physical disks for the VM. VHDs replicate the logical format and data of a disk drive but are stored as page blobs in an Azure Storage account

Answer

A

Mapping storage to disks

Question 15

Q

Default DISK creation VM DISK

Answer

A

By default, two virtual hard disks (VHDs) will be created for your Windows VM:

The Operating System disk. This is your primary or C: drive and has a maximum capacity of 2048 GB.

A Temporary disk. This provides temporary storage for the OS or any apps. It is configured as the D: drive by default and is sized based on the VM size, making it an ideal location for the Windows paging file.

Question 16

Q

Temp Disk

Answer

A

The temporary disk is not persistent. You should only write data to this disk that you are willing to lose at any time.

Question 17

Q

What about data?

Answer

A

You can store data on the C: drive along with the OS, but a better approach is to create dedicated data disks. You can create and attach additional disks to the VM. Each data disk can hold up to 32,767 gibibytes (GiB) of data, with the maximum amount of storage determined by the VM size you select

Question 18

Q

RDP

Answer

A

When you connect, you’ll typically receive two warnings. These are:

Publisher warning - caused by the .rdp file not being publicly signed.
Certificate warning - caused by the machine certificate not being trusted.
In test environments, these warnings can be ignored. In production environments, the .rdp file can be signed using RDPSIGN.EXE and the machine certificate placed in the client’s Trusted Root Certification Authorities store

Question 19

Q

VMS

Answer

A

By default, new VMs are locked down
Apps can make outgoing requests, but the only inbound traffic allowed is from the virtual network (e.g. other resources on the same local network), and from Azure’s Load Balancer (probe checks

Question 20

Q

How Azure uses network rules 2

Answer

A

The rules are evaluated in priority-order, starting with the lowest priority rule. Deny rules always stop the evaluation. For example, if an outbound request is blocked by a network interface rule, any rules applied to the subnet will not be checked. In order for traffic to be allowed through the security group, it must pass through all applied groups.

The last rule is always a Deny All rule. This is a default rule added to every security group for both inbound and outbound traffic with a priority of 65500. That means to have traffic pass through the security group you must have an allow rule or it will be blocked by the default final rule

Question 21

Q

az vm create

Answer

A

This command is used to create a virtual machine in a resource group. There are several parameters you can pass to configure all the aspects of the new VM

Question 22

Q

verbose

Answer

A

lag to see progress while the VM is being created

Question 23

Q

VM Administrator specific

Answer

A

We are specifying the administrator account name through the –admin-username flag to be azureuser. If you omit this, the az vm create command will use your current user name. Since the rules for account names are different for each OS, it’s safer to specify a specific name

Question 24

Q

Public and Private IP

Answer

A

When you create a virtual machine, it gets assigned a public IP address that is reachable over the Internet, and a private IP address used within the Azure data center. You get both of those values in the returning JSON block from the create command

Question 25

Q

List of VMS

Answer

A

az vm image list –output table

This will output the most popular images that are part of an offline list built into the Azure CLI

Question 26

Q

Location-specific images

Answer

A

Some images are only available in certain locations. Try adding the –location [location] flag to the command to scope the results to ones available in the region where you want to create the virtual machine

Question 27

Q

VM sizing

Answer

A

Virtual machines must be sized appropriately for the expected work. A VM without the correct amount of memory or CPU will fail under load or run too slowly to be effective

Question 28

Q

viewing size by location

Answer

A

az vm list-sizes –location eastus –output table

Question 29

Q

Standard_DS1_v2

Answer

A

so Azure selected a default general-purpose size for us of Standard_DS1_v2

Question 30

Q

Number of vms per subscription

Answer

A

our subscription tier enforces limits on how many resources you can create, as well as the total size of those resources. For example, you are capped to 20 virtual CPUs with the pay-as-you-go subscription, and only 4 vCPUs for a free tier. The Azure CLI will let you know when you exceed this with a Quota Exceeded error. If you hit this error in your own paid subscription, you can request to raise the limits associated with your paid subscription (up to 10,000 vCPUs!) through a free online request

Question 31

Q

list available resize options

Answer

A

az vm list-vm-resize-options \

- -resource-group learn-0d648c7e-6889-4d0c-b5e6-35906e6bcbd0 \
- -name SampleVM \
- -output table

Question 32

Q

az vm list

Answer

A

This command will return all virtual machines defined in this subscription. The output can be filtered to a specific resource group through the –resource-group parameter

Question 33

Q

az vm list-ip-addresses -n SampleVM -o table

Answer

A

Another useful command is vm list-ip-addresses, which will list the public and private IP addresses for a VM. If they change, or you didn’t capture them during creation, you can retrieve them at any time

Question 34

Q

Getting VM details

Answer

A

az vm show –resource-group learn-0d648c7e-6889-4d0c-b5e6-35906e6bcbd0 –name SampleVM

Question 35

Q

Adding filters to queries with JMESPath

Answer

A

JMESPath is an industry-standard query language built around JSON objects. The simplest query is to specify an identifier that selects a key in the JSON object.

Question 36

Q

Stopping a VM

Answer

A

az vm stop \

- -name SampleVM \
- -resource-group learn-0d648c7e-6889-4d0c-b5e6-35906e6bcbd0

Question 37

Q

Confirm it’s stoped

Answer

A

az vm get-instance-view \

- -name SampleVM \
- -resource-group learn-0d648c7e-6889-4d0c-b5e6-35906e6bcbd0 \
- -query "instanceView.statuses[?starts_with(code, 'PowerState/')].displayStatus" -o tsv

Question 38

Q

az vm start

Answer

A

Starting a VM

Question 39

Q

Retrieve our default page

Answer

A

In Azure Cloud Shell, use curl to read the default page from your Linux web server using the following command, replacing with the public IP you found previously. Alternatively, you can open a new browser tab and try to browse to the public IP address

curl -m 10

Question 40

Q

opening a port

Answer

A

az vm open-port \

- -port 80 \
- -resource-group learn-0d648c7e-6889-4d0c-b5e6-35906e6bcbd0 \
- -name SampleVM

Question 41

Q

How disks are used by VMs

Operating system storage

Answer

A

Operating system storage. Every VM includes one disk that stores the operating system. This drive is registered as a SATA drive and labeled as the C: drive in Windows and mounted at “/” in Unix-like operating systems. It has a maximum capacity of 4,095 gibibytes (GiB), and its content is taken from the VM image you used to create the VM

Question 42

Q

Temporary storage

Answer

A

Temporary storage. Every VM includes a temporary VHD that is used for page and swap files. Data on this drive may be lost during a maintenance event or redeployment. The drive is labeled as D: on a Windows VM by default. Do not use this drive to store important data that you do not want to lose

Question 43

Q

Data storage

Answer

A

A data disk is any other disk attached to a VM. You use data disks to store files, databases, and any other data that you need to persist across reboots. Some VM images include data disks by default. You can also add additional data disks up to the maximum number specified by the size of the VM. Each data disk is registered as a SCSI drive and has a max capacity of 32,767 GiB. You can choose drive letters or mount points for your data drives

Question 44

Q

Storing VHD files

Answer

A

In Azure, VHDs are stored in an Azure storage account as page blobs

Question 45

Q

Storage account type

General-purpose standard

Answer

A

Services supported
Azure Blob storage, Azure Files, Azure Queue storage
Types of blobs supported
Block blobs, page blobs, and append blobs

Question 46

Q

General-purpose premium

Answer

A

Services supported
Blob storage
Types of blobs supported
Page blobs

Question 47

Q

Blob storage, hot and cool access tiers

Answer

A

Services supported
Blob storage
Types of blobs supported
Block blobs and append blobs

Question 48

Q

general and premium storage

Answer

A

Both general-purpose standard and premium storage support page blobs. Choose a standard storage account if cost is your primary concern. Premium storage will cost more, but will also deliver much higher I/O operations per second, or IOPS. If data performance is a requirement for your VM, consider using premium storage

Question 49

Q

Attach data disks to VMs

Answer

A

The VHD can’t be deleted from storage while it’s attached

Add-AzVhd

Question 50

Q

VHDS are created as ?

Answer

A

.vhd file as a page blob

Before you can use the new VHD to store data, you have to initialize, partition, and format the new disk. We’ll practice these steps in the next exercise

Question 51

Q

Azure Disks

Answer

A

Azure Disks are designed for 99.999% availability

Question 52

Q

Ultra disks

Answer

A

Azure ultra disks deliver high throughput, high IOPS, and consistent low latency disk storage for Azure IaaS VMs. Ultra disks include the ability to dynamically change the performance of the disk without the need to restart your virtual machines (VM). Ultra disks are suited for data-intensive workloads such as SAP HANA, top tier databases, and transaction-heavy workloads. Ultra disks can only be used as data disks. We recommend using premium SSDs as OS disks

Question 53

Q

Premium SSD disks

Answer

A

Premium SSD disks are backed by solid-state drives (SSDs), and deliver high-performance, low-latency disk support for VMs running I/O-intensive workloads. These drives tend to be more reliable because they have no moving parts. A read or write head doesn’t have to move to the correct location on a disk to find the data requested

You can use Premium SSD disks with VM sizes that include an “s” in the series name. For example, there is the Dv3-Series and the Dsv3-series, the Dsv3-series can be used with Premium SSD disks

Question 54

Q

Standard SSD

Answer

A

Standard SSDs are between standard HDDs and premium SSDs from a performance and cost perspective

What if you have a low-end VM, but you need SSD storage for I/O performance? That’s what Standard SSDs are for

Question 55

Q

Standard HDD storage

Answer

A

Standard HDD disks are backed by traditional hard disk drives (HDDs). Standard HDD disks are billed at a lower rate than the Premium disks. Standard HDD disks can be used with any VM size

Question 56

Q

Unmanaged

Answer

A

With unmanaged disks, you are responsible for the storage accounts that are used to hold the VHDs that correspond to your VM disks. You pay the storage account rates for the amount of space you use. A single storage account has a fixed rate limit of 20,000 I/O operations/sec. This means that a single storage account is capable of supporting 40 standard virtual hard disks at full throttle. If you need to scale out, then you need more than one storage account, which can get complicated

Question 57

Q

managed disks

Answer

A

Managed disks are the newer and recommended disk storage model. They elegantly solve this complexity by putting the burden of managing the storage accounts onto Azure. You specify the disk type, and the size of the disk and Azure creates and manages both the disk and the storage it uses. You don’t have to worry about storage account limits, which makes them easier to scale out. Here are some of the benefits you get over the older unmanaged disks

Question 58

Q

Benefits of Managed Disks

Answer

A

Increased reliability: Azure ensures that VHDs associated with high-reliability VMs will be placed in different parts of Azure storage to provide similar levels of resilience.
Better security: Managed disks are managed resources in the resource group. This means they can use role-based access control to restrict who can work with the VHD data.
Snapshot support: Snapshots can be used to create a read-only copy of a VHD. You have to shut down the owning VM but creating the snapshot only takes a few seconds. Once it’s done, you can power on the VM and use the snapshot to create a duplicate VM to troubleshoot a production issue or rollback the VM to the point in time that the snapshot was taken.
Backup support: Managed disks can be automatically backed up to different regions for disaster recovery with Azure Backup all without affecting the service of the VM.

Question 59

Q

Ultra Disk Comparison

Answer

A

Ultra disk = Disk Type = SSD / Purpose = IO-intensive workloads such as SAP HANA, top tier databases
Max Size = 65,536 gibibyte (GiB)

Question 60

Q

Premium SSD comparison

Answer

A

Disk Type = SDD / Purpose = Production and performance sensitive work loads / 32,767 GiB

Question 61

Q

Standard SSD comparison

Answer

A

web servers
32,767 GiB
disk type = ssd

Question 62

Q

HDD comparison

Answer

A

HDD
32,767 GiB
back ups

Question 63

Q

Locally redundant storage (LRS)

Answer

A

Azure replicates the data within the same Azure data center. The data remains available if a node fails. However, if an entire data center fails, data may be unavailable

Question 64

Q

Geo-redundant storage (GRS)

Answer

A

Azure replicates your data to a second region that is hundreds of miles away from the primary region. If your storage account has GRS enabled, then your data is durable even if there’s a complete regional outage or a disaster in which the primary region isn’t recoverable

Answer 65

A

Azure provides read-only access to the data in the secondary location, and geo-replication across two regions. If a data center fails, the data remains readable but can’t be modified

Answer 66

A

Azure replicates your data synchronously across three storage clusters in a single region. Each storage cluster is physically separated from the others and resides in its own availability zone (AZ). With this type of replication, you can still access and manage your data in the event that a zone becomes unavailable

Answer 67

A

Azure replicates your data synchronously across three availability zones in one region. Data is also replicated three times to another secondary region that’s paired with it.

Answer 68

A

Read-access geo-zone-redundant storage (RA-GZRS) - Azure provides read-only access to the data in the secondary location. Geo-replication is across three availability zones in two region. If a data center fails, the data remains readable but can’t be modified

Answer 69

A

Cannot be performed with the VM running. The first step is to stop and deallocate the VM with az vm deallocate, supplying the VM name and resource group name.

Deallocating a VM, unlike just stopping a VM, releases the associated computing resources and allows Azure to make configuration changes to the virtualized hardware.

Answer 70

A

az vm deallocate \

-resource-group \
-name

Answer 71

A

az disk update \

-resource-group \
-name \
-size-gb 200

Answer 72

A

Storage Service Encryption is performed on the physical disks in the data center. If someone were to directly access the physical disk the data would be encrypted. When the data is accessed from the disk, it is decrypted and loaded into memory

Answer 73

A

Azure Disk Encryption encrypts the virtual machine’s virtual hard disks (VHDs). If VHD is protected with ADE, the disk image will only be accessible by the virtual machine that owns the disk

Answer 74

A

Azure Storage Service Encryption (SSE) is an encryption service built into Azure used to protect data at rest. The Azure storage platform automatically encrypts data before it’s stored to several storage services, including Azure Managed Disks. Encryption is enabled by default using 256-bit AES encryption, and is managed by the storage account administrator.

Answer 75

A

Azure Disk Encryption (ADE) is managed by the VM owner. It controls the encryption of Windows and Linux VM-controlled disks, using BitLocker on Windows VMs and DM-Crypt on Linux VMs. BitLocker Drive Encryption is a data protection feature that integrates with the operating system, and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. Similarly, DM-Crypt encrypts data at rest for Linux before writing to storage

and ADE is required for VMs backed up to the Recovery Vault

With ADE, VMs boot under customer-controlled keys and policies. ADE is integrated with Azure Key Vault for the management of these disk-encryption keys and secrets

Answer 76

A

(saved to a storage device)

Answer 77

A

Before you can encrypt your VM disks, you need to:

Create a key vault.
Set the key vault access policy to support disk encryption.
Use the key vault to store the encryption keys for ADE.

Answer 78

A

Azure Key Vault is a tool for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. This provides highly available and scalable secure storage, as defined in Federal Information Processing Standards (FIPS) 140-2 Level 2 validated Hardware Security Modules (HSMs). Using Key Vault, you keep full control of the keys used to encrypt your data, and you can manage and audit your key usage

Azure Disk Encryption requires that your key vault and your VMs are in the same Azure region; this ensures that encryption secrets do not cross regional boundaries

Answer 79

A

New-AzKeyVault -Location `

- ResourceGroupName  `
- VaultName "myKeyVault" `
- EnabledForDiskEncryption

az keyvault create \

- -name "myKeyVault" \
- -resource-group  \
- -location  \
- -enabled-for-disk-encryption True

Answer 80

A

There are three policies you can enable.

Disk encryption - Required for Azure Disk encryption.
Deployment - (Optional) Enables the Microsoft.Compute resource provider to retrieve secrets from this key vault when this key vault is referenced in resource creation, for example when creating a VM.
Template deployment - (Optional) Enables Azure Resource Manager to get secrets from this key vault when this key vault is referenced in a template deployment

Answer 81

A

Before you can turn on encryption, you must take a snapshot or a backup of managed disks. The following SkipVmBackup flag tells the tool that the backup is complete on managed disks. Without the backup, you will be unable to recover the VM if the encryption fails for some reason

Answer 82

A

Resource Manager templates are JSON files used to define a set of resources to deploy to Azure. You can write them from scratch, and for some Azure resources, including VMs, you can use the Azure portal to generate them. You’ll need to complete the required information for a manual VM deployment, but instead of deploying the VM to Azure, you save the template. You can then reuse the template to create that specific VM configuration

Answer 83

A

The Update Management solution allows you to manage and install operating system updates and patches for both Windows and Linux virtual machines that are deployed in Azure, on-premises, or even in other cloud providers. You can assess the status of available updates on computers and manage the process of installing required updates for servers

Answer 84

A

There are no agents or additional configuration within the virtual machine.
You can run updates without logging into the VM. You also don’t have to create passwords to install the update.
The Update Management solution lists missing updates and provides information about failed deployments in an easy-to-read format

Answer 85

A

The following configurations are used to perform assessment and update deployments:

Microsoft Monitoring Agent (MMA) for Windows or Linux.
PowerShell Desired State Configuration (DSC) for Linux.
Automation Hybrid Runbook Worker.
Microsoft Update or Windows Server Update Services (WSUS) for Windows computers

Answer 86

A

Windows computers that are directly connected to your Log Analytics workspace are automatically configured as a Hybrid Runbook Worker to support the runbooks that are included in this solution. Each Windows computer that’s managed by the solution shows up as a system hybrid worker group for the Automation account. The solutions use the naming convention Hostname FQDN_GUID

Answer 87

A

If your System Center Operations Manager management group is connected to a Log Analytics workspace, the following management packs are installed in Operations Manager. These management packs are also installed on directly connected Windows computers after you add the solution. You don’t need to configure or manage these management packs.

Microsoft System Center Advisor Update Assessment Intelligence Pack
Microsoft.IntelligencePack.UpdateAssessment.Configuration
Update Deployment MP

Answer 88

A

Update Management will perform a scan for update compliance. A compliance scan is by default, performed every 12 hours on a Windows computer and every 3 hours on a Linux computer. In addition to the scan schedule, a compliance scan is initiated within 15 minutes if the MMA is restarted, before update installation, and after update installation. After a computer performs a scan for update compliance, the agent forwards the information in bulk to Azure Log Analytics.

It can take between 30 minutes and 6 hours for the dashboard to display updated data from managed computers

Answer 89

A

Azure Resource Manager is the interface for managing and organizing cloud resources. Think of Resource Manager as a way to deploy cloud resources

If you’re familiar with Azure resource groups, you know that they enable you to treat sets of related resources as a single unit. Resource Manager is what organizes the resource groups that let you deploy, manage, and delete all of the resources together in a single action

Answer 90

A

A Resource Manager template precisely defines all the Resource Manager resources in a deployment. You can deploy a Resource Manager template into a resource group as a single operation

A Resource Manager template is a JSON file, making it a form of declarative automation. Declarative automation means that you define what resources you need but not how to create them. Put another way, you define what you need and it is Resource Manager’s responsibility to ensure that resources are deployed correctly

Answer 91

A

Resource Manager templates

Answer 92

A

Templates improve consistency
Templates help express complex deployments
Templates reduce manual, error-prone tasks
Templates are code
Templates promote reuse
Templates are linkable

Answer 93

A

{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "",
    "parameters": {  },
    "variables": {  },
    "functions": [  ],
    "resources": [  ],
    "outputs": {  }
}

Answer 94

A

Azure Quickstart templates are Resource Manager templates that are provided by the Azure community. Quickstart templates are available on GitHub

Answer 95

A

linter, a tool that verifies that the JSON syntax of your template is correct. You can find JSON linting tools that run on the command line, in a browser, or in your favorite code editor

Answer 96

A

az deployment group validate

Answer 97

A

The Custom Script Extension is an easy way to download and run scripts on your Azure VMs. It’s just one of the many ways you can configure a VM once it’s up and running.

You can store your scripts in Azure storage or in a public location such as GitHub. You can run scripts manually or as part of a more automated deployment

Answer 98

A

One way to extend your template is to create multiple templates, each defining one piece of the system. You then link or nest them together to build a more complete system. As you create your own templates, you can build a library of smaller, more granular templates and combine them how you need.

Another way is to modify an existing template to suit your needs. You’ll do that in this module because that’s often the fastest way to get started writing your own templates.

Answer 99

A

You can’t run the Custom Script Extension until the VM is available. All template resources provide a dependsOn property. This property helps Resource Manager determine the correct order to apply resources.

Here’s what your template resource might look like after you add the dependsOn property

Answer 100

A

open json file editor

Answer 101

A

High availability: Managed disks are designed for 99.999% availability. Managed disks achieve this by providing you with three replicas of your data, allowing for high durability. If one or even two replicas experience issues, the remaining replicas help ensure persistence of your data and high tolerance against failures

Answer 102

A

You must reset these items back to a default state before you use the image to create more virtual machines. Otherwise, you might end up with multiple virtual machines that have the same identities. The process of resetting this data is called generalization, and the result is a generalized image

Answer 103

A

After the virtual machine has been shut down, you must deallocate it while it’s in this clean state. If you’re using PowerShell, run the following command

Stop-AzVM -ResourceGroupName `

- Name  `
- Force

Answer 104

A

Set-AzVM -ResourceGroupName `

- Name  `
- Generalize

az vm generalize \
–name

Answer 105

A

A snapshot is a read-only copy of a VHD. You can use a snapshot to restore a VHD to the state it was in when the snapshot was taken

Answer 106

A

Virtual machine scale sets in Azure are designed to allow you to deploy and manage many load-balanced, identical VMs. These machines run with the same configurations. Virtual machine scale sets are intelligent enough to automatically scale up or down the number of VM instances. A scale set can also change the size of VM instances

Answer 107

A

health probe pings the root of the website through port 80

Answer 108

A

Autoscaling is based on a set of scale conditions, rules, and limits. A scale condition combines time and a set of scale rules. If the current time falls within the period defined in the scale condition, the condition’s scale rules are evaluated

Answer 109

A

A scale-out action increases the number of instances. A scale-in action reduces the instance count

Answer 110

A

An Azure custom script extension downloads and runs a script on an Azure VM. It can automate the same tasks on all the VMs in a scale set

Answer 111

A

Azure Automation State Configuration is an Azure service built on PowerShell. It allows you to consistently deploy, reliably monitor, and automatically update the desired state of all your resources. Azure Automation provides tools to define configurations and apply them to real and virtual machines

Answer 112

A

PowerShell DSC is a declarative management platform that Azure Automation State Configuration uses to configure, deploy, and control systems. A declarative programming language separates intent (what you want to do) from execution (how do you want to do it). You specify the desired state and let DSC do the work to get there. You don’t have to know how to implement or deploy a feature when a DSC resource is available. Instead, you focus on the structure of your deploymen

Answer 113

A

The local configuration manager (LCM) is a component of the Windows Management Framework (WMF) that’s on a Windows operating system. The LCM is responsible for updating the state of a node, like a VM, to match the desired state. Every time the LCM runs, it completes the following steps:

Get: Get the current state of the node.
Test: Compare the current state of a node against the desired state by using a compiled DSC script (.mof file).
Set: Update the node to match the desired state described in the .mof file.

Answer 114

A

Push mode: An administrator manually sends, or pushes, the configurations toward one or more nodes. The LCM makes sure that the state on each node matches what the configuration specifies.

Answer 115

A

A pull server holds the configuration information. The LCM on each node polls the pull server at regular intervals, by default every 15 minutes, to get the latest configuration details. These requests are denoted as step 1 in the following diagram. In step 2, the pull server sends the details about any configuration changes back to each node.

Answer 116

A

Container Registry is an Azure service that you can use to create your own private Docker registries. Like Docker Hub, Container Registry is organized around repositories that contain one or more images. Container Registry also lets you automate tasks such as redeploying an app when an image is rebuilt.

Answer 117

A

You have much more control over who can see and use your images.
You can sign images to increase trust and reduce the chances of an image becoming accidentally (or intentionally) corrupted or otherwise infected.
All images stored in a container registry are encrypted at rest

Answer 118

A

Azure App Service supports continuous deployment using webhooks. A webhook is a service offered by Azure Container Registry. Services and applications can subscribe to the webhook to receive notifications about updates to images in the registry. A web app that uses App Service can subscribe to an Azure Container Registry webhook to receive notifications about updates to the image that contains the web app. When the image is updated, and App Service receives a notification, your app automatically restarts the site and pulls the latest version of the image

Answer 119

A

You use the tasks feature of Container Registry to rebuild your image whenever its source code changes automatically. You configure a Container Registry task to monitor the GitHub repository that contains your code and trigger a build each time it changes. If the build finishes successfully, Container Registry can store the image in the repository. If your web app is set up for continuous integration in App Service, it receives a notification via the webhook and updates the app.

Answer 120

A

The Container settings page of an App Service resource in the Azure portal automates the setup of continuous integration. If you turn on Continuous Deployment, App Service configures a webhook in your container registry to notify an App Service endpoint. Notifications from the registry that reach this endpoint cause your app to restart and pull the latest version of the container image

Answer 121

A

az acr task create –registry –name buildwebapp –image webimage –context https://github.com/MicrosoftDocs/mslearn-deploy-run-container-app-service.git –branch master –file Dockerfile –git-access-token

Answer 122

A

The Free tier provides 1 GB of disk space and support for up to 10 apps, but only a single shared instance and no SLA for availability. Each app has a compute quota of 60 minutes per day. The Free service plan is mainly suitable for app development and testing rather than production deployments.
The Shared tier provides support for more apps (up to 100) also running on a single shared instance. Apps have a compute quota of 240 minutes per day. There is no availability SLA.
The Basic tier supports an unlimited number of apps and provides more disk space. Apps can be scaled out to three dedicated instances. This tier provides an SLA of 99.95% availability. There are three levels in this tier that offer varying amounts of computing power, memory, and disk storage.
The Standard tier also supports an unlimited number of apps. This tier can scale to 10 dedicated instances and has an availability SLA of 99.95%. Like the Basic tier, this tier has three levels that offer an increasingly powerful set of computing, memory, and disk options.
The Premium tier gives you up to 20 dedicated instances, an availability SLA of 99.95%, and multiple levels of hardware.
The Isolated tier runs in a dedicated Azure virtual network, which gives you a network and computes isolation. This tier can scale out to 100 instances and has an availability SLA of 99.95%.

Answer 123

A

Container Registry runs in Azure. The registry can be replicated to store images near where they’re likely to be deployed.
Container Registry is highly scalable, providing enhanced throughput for Docker pulls that can span many nodes concurrently. The Premium SKU of Container Registry includes 500 GiB of storage.

Answer 124

A

When you create a web app from a Docker image, you configure the following properties:

The registry that contains the image. The registry can be Docker Hub, Azure Container Registry, or some other private registry.
The image. This item is the name of the repository.
The tag. This item indicates which version of the image to use from the repository. By convention, the most recent version is given the tag latest when it’s built.
Startup File. This item is the name of an executable file or a command to be run when the image is loaded. It’s equivalent to the command that you can supply to Docker when running an image from the command line by using docker run. If you’re deploying a ready-to-run, containerized app that already has the ENTRYPOINT and/or COMMAND values configured, you don’t need to fill this in

Answer 125

A

Azure Container Instances is useful for scenarios that can operate in isolated containers, including simple applications, task automation, and build jobs. Here are some of the benefits:

Fast startup: Launch containers in seconds.
Per second billing: Incur costs only while the container is running.
Hypervisor-level security: Isolate your application as completely as it would be in a VM.
Custom sizes: Specify exact values for CPU cores and memory.
Persistent storage: Mount Azure Files shares directly to a container to retrieve and persist state.
Linux and Windows: Schedule both Windows and Linux containers using the same API

Answer 126

A

Always Containers in the container group are always restarted. This policy makes sense for long-running tasks such as a web server. This is the default setting applied when no restart policy is specified at container creation.

Never Containers in the container group are never restarted. The containers run one time only.
OnFailure Containers in the container group are restarted only when the process executed in the container fails (when it terminates with a nonzero exit code). The containers are run at least once. This policy works well for con

Answer 127

A

A container is an atomic unit of software that packages up code, dependencies, and configuration for a specific application. Containers allow us to split up monolithic applications into individual services that make up the solution. This rearchitecting of our application will enable us to deploy these separate services via containers.

Answer 128

A

A container is immutable - the unchanging nature of a container allows it to be deployed and run reliably with the same behavior from one compute environment to another. A container image tested in a QA environment is the same container image deployed to production.

A container is lightweight - you can think of a container as a VM image, but smaller. A VM image is normally installed on a physical host. The image contains both the OS and the application you want to run. In contrast, a container doesn’t need an OS, only the application. The container always relies on the host installed OS for Kernel-specific services. Containers are less resource-intensive, and multiple containers can be installed on the same compute environment.

Container startup is fast - containers can start up in few seconds instead of minutes, like a VM.

Answer 129

A

Kubernetes is a portable, extensible open-source platform for automating deployment, scaling, and the management of containerized workloads. Kubernetes abstracts away complex container management and provides us with declarative configuration to orchestrate containers in different compute environments. This orchestration platform gives us the same ease of use and flexibility as with Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) offerings

Answer 130

A

Azure Kubernetes Service (AKS) manages your hosted Kubernetes environment and makes it simple to deploy and manage containerized applications in Azure. Your AKS environment is enabled with features such as automated updates, self-healing, and easy scaling. The Kubernetes cluster master is managed by Azure and is free. You manage the agent nodes in the cluster and only pay for the VMs on which your nodes run

Answer 131

A

The traffic uses only private IP addresses. It doesn’t rely on internet connectivity, gateways, or encrypted connections. The traffic is always private, and it takes advantage of the high bandwidth and low latency of the Azure backbone network

Answer 132

A

Virtual network peering connects virtual networks in the same Azure region, such as two virtual networks in North Europe.

Global virtual network peering connects virtual networks that are in different Azure regions, such as a virtual network in North Europe and a virtual network in West Europe

Answer 133

A

When you create a virtual network peering connection in only one virtual network to connect to a peer in another network, you’re not connecting the networks together. To connect the networks by using virtual network peering, you have to create connections in each virtual network

Answer 134

A

You can use virtual network peering even when both virtual networks are in different subscriptions. This might be necessary for mergers and acquisitions or to connect virtual networks in subscriptions that different departments manage

Brainscape's Knowledge GenomeTM

AZ-104: Deploy and manage Azure compute resources Flashcards

Brainscape's Knowledge Genome^TM