AZ 204 Flashcards
1
Q
Event Grid: What is a topic?
A
Provides an endpoint where the source sends events
2
Q
Event Grid: HTTP webhooks event handler retry until what?
A
The handler returns a http 200 code
3
Q
Event Grid: Which data type are events sent as?
A
Events are sent in an array which can have several event objects. Each event object is limited to 1 MB. Larger messages result in a 413 payload too large
4
Q
Event Grid: How are operations charged?
A
In 64 kb increments. So for example 130kb is charged as 3 separate events (64+64+64)
5
Q
Event Grid: Which 4 properties are required?
A
Subject, EventType, EventTime, Id
5
Q
Event Grid: Which property in the schema can be used to route/filter?
A
There are three options for filtering: Event types, Subject begins with or ends with and advanced fields and operators
6
Q
Event Grid: Does Event Grid guarantee order for delivery?
A
No, subscribers may recieve them out of order.
7
Q
Event Grid: Which two retry configurations exist?
A
Maximum number of attempts (1-30) or Event time-to-live (1-1440 minutes)
8
Q
Event Grid: You want to allow a service to send events to Event Grid Topics. Which RBAC role do you assign?
1) Event Grid Subscription Reader
2) Event Grid Subscription Contributor
3) Event Grid Contributor
4) Event Grid Data Sender
A
4) Lets you send events to Event Grid topics.
9
Q
Event Grid: You want to allow a service to create and manage Event Grid resources. Which RBAC role do you assign?
1) Event Grid Subscription Reader
2) Event Grid Subscription Contributor
3) Event Grid Contributor
4) Event Grid Data Sender
A
3) Lets you create and manage Event Grid resources.
10
Q
Event Grid: What is the az cli command to create a new topic?
A
az eventgrid topic create –name $myTopicName \
–location $myLocation \
–resource-group az204-evgrid-rg
11
Q
Event Hub: What is Azure Event Hubs?
A
A big data streaming platform and event ingestion service. It can recieive and process millions of events per second
12
Q
Event Hub: What is the primary interfrace for developers interacting with Event Hubs?
A
Develops interact through an Event Hubs Client
13
Q
Event Hub: What is a an Event Hubs producer
A
A special type of client that serves a source of telemetry data. Examples can be mobile device applications, a website etc.
14
Q
Event Hub: What is a consumer group?
A
A consumer group enables multiple consuming applications to have their own view of the event stream and read data at their own pace. It is recommend to only have 1 consumer group per partition though, since multiple readers on the same partition will result in duplicate events.
15
Q
Event Hub: How does the architecture of Event Hub ensure that it never gets “too full”
A
First of all Event Hub uses a partitioned consumer model which is key to scaling. Secondly as the data ages off it is deleted by using the configurable retention period.
16
Q
Event Hub: Which unit of measure is used to control traffic?
A
Traffic is controlled though Throughput units. A single throughput unit allows 1MB per second OR 1000 events per second of ingress. For egress the amount is twice of that.
You can configure between 1-20 throughput unit but can raise a support ticket to increase further
17
Q
Event Hub: What happens if you use more throughput than our configured units?
A
Usage beyond the purchased throughput is throttled
18
Q
Event Hub: What does checkpointing mean?
A
Checkingpointing is a process by which an event processor marks or commits the position of the latest read. This makes the system more resilient since other processors can take over in case of failure
19
Q
Event Hub: Which mechanisms are supported to Authenticate and Authorize?
A
Supports both Azure AD and Shard Access Signatures (SAS)
20
Q
Event Hub: Which RBAC roles should be assigned to a service that needs to send data to the Event Hub?
A
Azure Event Hubs Data Sender gives the role send access to Event Hub resources.
The other 2 in-built roles are Data Owner and Data Reciever.
21
Q
Event Hub: Under which namespace do the .NET clients exist?
A
Azure.Messaging.EventHubs
22
Q
Event Hub: Which .NET/Java client is used to consume data?
A
EventHubConsumerClient
23
Q
Event Hub: What is a partition
A
An ordered sequence of events held in an Event Hub
24
Messaging: Which two types of queue mechansims do Azure support
Service Bus queues and Storage queues
25
Storage Queue: How large can storage queue messages be?
Up to 64kb in size
26
Messaging: Which queue solution should be selected if you must store over 80 gb of messages in a queue?
The Storage Queue. In the storage queue the limit of the queue is the same as the whole storage account
27
Messaging: You want service side logs of all transactions against your queue. Which solution do you choose?
The Storage Queue.
28
Messaging: You want to implement a checkpoint mechanism for your solution. Which solution do you choose?
The Storage Queue is ideal for logging progress
29
Messaging: Which solution supports deduplication of messages?
The service bus queue
30
Messaging: You want to provide a guaranteed FIFO delivery of your message. Which solution do you pick?
The service bus queue
31
Messaging: Your messages might be up to 256 kb in size. Which solution do your choose?
The service bus queue. Messages can exceed 64kb but likely wont approach the 256kb limit. In premium tier messages can be up to 100Mb.
The storage queue is limited to 64kb per message.
32
Messaging: Name some features that the Service Bus Queue supports which the Azure Storage Queue does not.
Pub/sub models, deduplication, FIFO delivery, larger messages and can deliver in parallel long-running streams.
33
Messaging: Which .NET namespace do you find client libraries in?
Azure.Messaging.ServiceBus
34
Messaging: In what way does a messaging architecture affect the required load levels of your applications (think avg load vs peak load)
A benefit of using queues and messages is that the application only has to deal with average load, because you have a buffer system
35
Service Bus: Explain the difference between "Receive and delete " or "Peek lock" receive modes
Receive and delete: Deletes the message on receive. This makes it less tolerant to failures as a crash may result in a message not being processed.
Peak lock: The process becomes two-stage. When the message is receives it is marked as locked and then returned. When the processing is finished it marks it as completed. The lock has an associated timeout which can "unlock" the message again if it hasn't been completed.
36
Messaging: What is the different between a queue and topics/subscriptions?
Topics/Subscription allow for a 1:N model where a topic can have many subscribers.
37
Service Bus: Which two sets of properties exist?
1) Broker defined properties:
Predefined by the system and default meta data.
2) User defined properties
Collection of key-value pairs that can be controlled by the application
38
Service Bus: Give some example of broker defined properties:
To, ReployTo, ReplyToSessionId, MessageId, CorrelationId, SessionId
39
Service Bus: Which advanced feature allows routing inside of a service bus namespace?
Routing can be realized using auto-forward chaining. If you want to use routing across namespaces you can use LogicApps.
40
Service Bus: Which advanced feature allows routing inside of a service bus namespace?
Routing can be realized using auto-forward chaining. If you want to use routing across namespaces you can use LogicApps.
41
Service Bus: Payload is always sent as a string. True / False?
False. Payload is binary data and information about how to deserialize it can be sent in the ContentType property.
42
Service Bus: How to create a queue throught the az cli?
First you have to create a namespace and then the queue
az servicebus namespace create --resource-group $RG --name $NAME --location $LOC
az servicebus queue create --resource-group $RG --namespace-name $NAME --name $MYQ
43
Storage Queue: How is access to a Storage Queue controlled?
All access goes thourgh the Storag Account
44
Storage Queue: How to make messages automatically expire?
You can configure a maximum time-to-live which can be any positive number or -1 indicating the message doesn't expire.
The default value is 7 days
45
Azure Service Bus: How to create a FIFO guarantee?
To create a first in- first out guarantee you have to use Sessions. Message sessions enable joint and ordered handling of unbounded sequences of related messages
46
VM: How long can custom script extensions run for?
90 minutes
47
VM: How many VMs can a scaleset handle?
A scaleset can handle up to 1000 VMs
48
VM: What is the default encryption mode for disks?
They are encrypted at rest by default with a managed key. It is possible to change to a customer managed key.
49
VM: What is an availability zone a combination of?
An AZ is a combination of a Fault Domain and an Update Domain
50
VM: Which two types of disks exists?
The regular disk is where the OS etc. is stored. These are recommended to be SSDs. Additional data can be stored on Data disks
51
VM: Explain what an availability set is
A logical grouping of VMs that help Azure understand how your application is built to provide for redundancy and availability
52
VM: Explain what a Fault Domain is
To help protect the application against hardware failures the VMs can be placed in different fault domains. It can be pictured as a rack in a data center. (although not 1:1 picture)
53
VM: Explain what an Update Domain is
Helps ensure that a particular VM can be updated. Logical grouping of the underlying hardware
54
VM: What is the different between Managed and Unmanaged disks
Umananaged disks reside in your storage account and hold the disks (VHD files). It cannot be guaranteed that availability sets are on different fault domains. Unmanaged disks always inherit the IOPS limits of the storage account.
Managed disks are not limited by storage accounts and managed by azure.
55
VM: Explain what a Scale Set is
A scale set is a group of load-balanced VMs. They can hold up to 1000 VMs.. Scalesets are ideal for unpredictable workloads. The VMs in the scaleset are identically configured.
56
VM: Explain when to use an availability set vs scale set
Availability sets are used for smaller setups with predictable load. Scale sets are used for unpredictable loads and can hold up to 1000 VMs
57
VM: A fixed sized disk is required to support encryption. True / False?
True
58
VM: Where can Custom Script Extensions be located and what are they?
Scripts for post-deployment configurations. Can be located anywhere as long as the VM can route to it .. (Github, Blob Storage etc)
59
VM: How to migrate an encrypted disk?
In order to migrate an encrypted disk we must first turn off encryption, migrate and then turn on encryption again
60
VM: How to encrypt a disk onpremise?
You can encrypt it on-premise with bitlocker and then upload the Virtual Hard Diive to Azure Storage Account
61
ARM: Are ARM templates imperative or declarative?
They are declarative. You declare what you want to have
62
ARM: Are templates idempotent? True/False
True
63
ARM: Which of the following are required?
Parameters
$schema
Variables
resources
User-defined functions
contentVersion
Resources
Outputs
$schema, resources and contentVersion
64
ARM: Which resource type is used for storing an ARM template for later use?
A template spec.
Supports versioniong
65
ARM: You deployed an ARM template with multiple references and lists. Your configuration threw a not found configuration even though you had a condition to ensure that it is only ran if the reference exists. How come?
"References" and "lists" are always evaluated even if the condition is false. To work around this they must be wrapped in an if-condition
66
ARM: Explain the difference between "complete" and "incremental" deployment modes
Complete will delete other resources in the RG so the template matches the RG exactly.
Incremental: Will leave existing resources be.
67
ARM: How to extend templates with logic?
ARM templates can use expressions that extend JSON. In-built Resource Manager Functions such as "contains", "lessOrEquals" etc can be used.
68
ARM: How to create an ARM template through the az cli?
az deployment group create
69
ACR: How is Azure Container Registry billed?
By the second
70
ACR: Which min. tier is recommended for production
Standard tier. Provides more storage and throughput
71
ACR: Which new features does the premium tier unlock?
Geo-replication, private endpoint, image tag signing etc
72
ACR: What is ACR tasks?
Enables automated image builds from source code changes or a container's base images.. Can be used in CI/CD pipelines by using the `az acr build` command for example
73
ACI: What is Azure Container Instances
A service that allows you to run containers in azure. The simplest and fastest way to run containers.
74
ACI: Can both run windows and linux containers? True/False
True
75
ACI: In what scenarios is AKS (Azure Kubernetes) recommended over ACI?
If you need full orchestration with features like service discovery, automatic scaling etc. AKS is recommended
76
ACI: How can other application communicate with a container instance in ACI?
Containers are giving a public IP and FQDN
77
ACI: What is a container group?
A way to group containers. These containers are scheduled on the same host machine. They share lifecycle, network, storage etc.
78
ACI: What are some ways to deploy an ACI?
ACI can be deployed with ARM templates or YML files
79
ACI: You notice in your logs that your container keeps restarting. How can that be?
You configured a "OnFailure" retry policy. Your container has a bug that makes it crash. Your retry policy makes the container retry again and again.
80
ACI: You want your container to run at most once. Which retry policy do you select?
"Never". The container is never restarted so containers run at most once
81
ACI: Which restart policies exist?
Always - always restarted
Never - Runs at most once
OnFailure - Restarts on non-zero exit codes. Runs at least once
82
ACI: Can ENV variables be exposed to containers? True/False
True
83
App Service: How many app services can exist in a free app service plan?
10
84
App Service: What is the ac cli command to package and deploy a web app?
az webapp up
85
App Service: Which unit is use to denote the performance of an app service plan across different metrics?
ACU (Azure Compute Unit)
An ACU of 200 is expected to be roughly double as powerful as 100 ACU
86
App Service: Which tier supports load balancing?
Standard plans and up
87
App Service: For which kind of service is the consumption tier available?
Azure Functions
88
App Service: You have strict organizational requirements around network and compute. Which plan do you select?
Isolated. The code will run on your own dedicated VMs and provide Network + Compute isolation
Another alternative is the Service Environment (ASE) to run it directly in your VNET
89
App Service: You need compute isolation for our services. Do you select the "dedicated plan" or the "isolated" plan?
Dedicated plan is sufficient as it provides compute isolation.
Isolated provides compute isolation + network isolation
90
App Service: Which plan is used to run app services directly in your VNET?
To run app services directly in a VNET you must use Service Environment (ASE)
91
App Service: How can inbound network be controlled?
App-assigned address, access restrictions, service endpoints or private endpoints
92
App Service: How can outbound network be controlled?
VNET Integration, hybrid connection or gateway
93
App Service: How to run an app service with a runtime that is not supported out of the box?
Your can deploy your code with a custom container that holds your runtime
94
App Service: How can green/blue deployment be achieved in app services?
You can use deployment slots to first deploy your production build to a staging environment and swap it over the production when you have confirmed that it works
95
App Service: Which settings are configured in the "general settings" tab?
Runtime, major version, platform settings, debugging etc
96
App Service: How to add custom storage for containerized apps?
You can add custom storage by mounting storage from an azure storage account
97
App Service: Web server logging is supported on both windows/linux?
No, only on windows.
Linux only have application logging and deployment logging.
98
App Service: You want to see the latest logs of a webapp thorugh the az cli. How do you do it?
az webapp log tail --name appname --resource-group myResourceGroup
99
App Service: What is one way to implement feature management?
You can use App Configuration which provides modern features like feature flags
100
App Service: What is the advantage to use app configuration over application settings?
Changing application settings require restarting the app service. App Configuration can be changed without service interruption
101
App Service: Which two parts make of a feature flag?
A name and a list of one or more filters to evaluate the feature's state
102
App Service: Is autoscaling horizontal or vertical?
Autoscaling is horizontal and means we scale in/out
103
App Service: When should autoscaling be enabled?
When your application can't easily predict the worklaod in advance
104
App Service: Scaling can be based on two different options. Which?
Scale based on a metric or according to a schedule
105
App Service: Explain what an autoscale cooldown period is
A cooldown period is an interval where new scaling actions wont be triggered. This is to allow the system to stabilized between autoscale events. The minimum cooldown periods is five minutes.
106
App Service: You have multiple scale out configurations configured. Only one of them evaluates to true. Does your service trigger scale?
Yes, only one condition needs to be met on scale-out
107
App Service: You have multiple scale in configurations configured. Only one of them evaluates to true. Does your service trigger scale?
No, all scale-in rules must be met in order to scale-in
108
App Service: Explain what "flapping" situations mean in terms of autoscaling
When scale-in and scale-out conditions continually go back and forth you can end up triggering scale out and scale in again and again which is not ideal. To avoid this there should be a margin between scale-out and scale-in conditions. For example +1 on CPU >= 80% and -1 on <= 60% CPU
109
App Service: You want to figure out how your application has auto-scaled over the last couple of days. How can you see it?
The Activity Log logs autoscaling events or other conditions such as missing metrics available etc
110
App Service: You want to perform a slot swap but want to ensure that your new service is read to take traffic
You can specify a warm-up configuration in applicationInitialization.
This lets your run warm up code before the taget slot is swapped
111
App Service: What default % traffic are new slots given?
0%
112
App Service: You want some of your users to try out a new feature. How can this be done?
You can do this with app configuration's feature management or you can direct a % of your traffic to different app service slots
113
App Service: Are these settings swapped? App settings, WebJobs content, service endpoints, public certificates?
Yes. App settings however can be configured individually to be sticky to a specific slot
114
App Service: Are these settings swapped? Scale settings, IP restrictions, WebJob schedulers, Custom domain names
No
115
Cosmos: What is the SLA for read and write?
99,999%
116
Cosmos: How is Cosmos DB billed?
Billed by RU's (Request Units)
117
Cosmos: What is Cosmos DB?
Globally distributed database system that allows you to read and write data from local replicates and make it sync to other regions
118
Cosmos: Which unit is at the top of the resource hierachy?
The Azure Cosmos DB Account.
Contains a unique DNS
119
Cosmos: Which unit is the unit of scale in a Cosmos DB resource hirarchy?
The Azure Cosmos DB Container. You can virtually have unlimited provisioned throughput RUs and storage on a container
120
Cosmos: A container can be realized in a number of ways. Explain what this means
Cosmos DB supports multiple APIs such as a graph, table, nosql etc.. containers can thus be realized as a collection, table, graph etc.
121
Cosmos: An item can be realized in a number of ways. Explain what this means
If your container is a graph API then your items will be nodes and edges .. If it's a relational DB then your items will be rows
122
Cosmos: Which resource is anagolous to a namespace?
A database is also called a namespace in Cosmos
123
Cosmos: Which resource is the unit of management for a set of containers?
Database manages a set of containers
124
Cosmos: Explain the resource hirearcy
Database Account -> Database -> Containers -> Items
125
Cosmos: On which resource is throughput and storage provisioned?
On the container level
126
Cosmos: Which two throughput modes exist?
Dedicated throughput: Exclusively reserved for that container.
Shared throughput: These contains share the throughput with other containers in the same database.
127
Cosmos: Name the 5 consistency levels
Strong, Bounded staleness, session, consistent prefix and eventual
(SBSCE) acronym
128
Cosmos: What are the tradeoffs of selecting a strong consistency level?
You ensure that all clients always read the latest write. You will gain lower availability and lower throughput and higher latency
129
Cosmos: What are the tradeoffs of selecting eventual consistency?
Reads may not always be up to date but you will experience the highest availability, lowest latency and highest throughput
130
Cosmos: Explain what a lag-level is in terms of consistency
The time between a write and all clients will read the newest value. In strong consistency the lag-level is effectively 0
131
Cosmos: Bounded staleness can be configured in what two ways?
The number of versions (K) of the item
The time interval (T) reads might lag behind write
132
Cosmos: What is the cost to perform a read of 1KB item?
1RU
133
Cosmos. What is the cost to perform a read of a 6KB item?
6RU (1 per 1kb)
134
Cosmos: You have many containers in your database. You have been tasked to ensure that container 1 is always ensured to have adequate throughput. How can you do this?
You can select the dedicated provision mode. This means the provisioned RUs are dedicated to a single container
135
Cosmos: What is the serverless mode?
In this mode you don provision any throughputs. You pay for what you use at the end of your billing period
136
Cosmos: What is provisioned throughput mode?
You provision throughput on a per-second basis in increments of 100RUs per second.
137
Cosmos: At what granularity levels can provisioned throughput mode be configured?
Database or container level
138
Cosmos: What is Autoscale mode?
You can automatically and instantly scale RUs of your database based on usage. Well-suited for unpredictable traffic patterns while requiring SLA
139
Cosmos: What are the differences between physical- and logical partitions?
Physical partitions are an internal implementation and not something you need to worry about. You can control the logical partiations by selecting good partitions keys
140
Cosmos: What is the total data storage limitation for each physical partition?
Up to 50GB
141
Cosmos: What is the total throughput limitation for each physical partition?
Up to 10K RUs/second
142
Cosmos: What is the scope of transactions?
A logical partition defines the scope of database transactions.
143
Cosmos: Do all items in a logical partition share partition key?
Yes
144
Cosmos: What is a "hot" partition?
Since traffic is distributed evenly among physical partitions you can end up with lots of traffic being routed to the same partitions if you havent selected a good partition key?
145
Cosmos: You noticed that you often meet rate-limiting and higher costs in your Cosmos DB container. Why can that be?
You didn't select a good partition key and have "hot" partitions
146
Cosmos: Which two components make up a partition key?
A partition key path and partition value
147
Cosmos: Which characteristics make up a good partition key?
Value does not change, high cardinality, spread data storage
148
Cosmos: Which trick can be used for better performance in read-heavy containers?
Partition keys that appear in your filter queries can be routed more efficiently to the relevant physical partition
149
Cosmos: What is a synthetic partition key?
You can add a random suffix or a pre-calculated suffix such as a composite key or a hash
150
Cosmos: Which namespaces are the .NET cosmos clients in?
Microsoft.Azure.Cosmos
151
Cosmos: When defining a stored procedure input parameters are always send as what type of the stored data?
String
152
Cosmos: Which trigger can be used to validate properties of an item?
Pre-trigger
153
Cosmos: How can you create a notification feed?
You can create an azure function that has a cosmos db trigger. Notice that it is not triggered on delete
154
Cosmos: Which has lower latency. Azure Storage Tables or Cosmos?
Cosmos
155
Cosmos: Which client object can be used to check if there are more items to process?
You can use a FeedIterator and check the HasMoreResults property
156
Storage: Which three access tiers exist and which is default?
Hot, Cool, Arhived.
Hot is default
157
Storage: How long must items in the cool access tier be kept?
At least 30 days
158
Storage: Explain the archived access tier
Content is stored offline. Can take several hours to retrieve and is stored for at least 180 days.
159
Storage: How can a blob be rehydrated from the archived access tier?
Copy to online tier or change access tier (can set x-ms-hydrate-priority header to prio. over others)
160
Storage: Max account size?
5PB
161
Storage: IO throughput limit?
20.000/s
162
Storage: What are the three blob types?
Block blob (max 4.7tb), append blob (max 190gb), page blob(max 8tb)
163
Storage: What can append blobs be used for?
Ideal for append operations such as logging data
164
Storage: What can page blobs be used for?
Store random access files up to 8TB such a a virtual hard drive
165
Storage: Which encryption method encrypts data at rest?
256-bit AES
166
Storage: Explain LRS
Locally redundant storage. Copies data synchronously three times within a physical location
167
Storage: Explain ZRS
Copies data across three azure availability zones in the primary region
168
Storage: Explain GRS
Copes data three times within a single physical location and then copies the data to a single physical location in the secondary region
169
Storage: Explain GZRS
Crazy availability requirements. Copies across three AZs and then copies to a secondary region where it copies it three times within that datacenter (LRS in second region, and ZRS in primary region)
170
Storage: What is a lifecycle management policy?
Collection of rules in JSON format that tell when to move content between access tiers
171
Storage: Can you copy an archived blob to an online destination in antother storage account?
No
172
Storage: What is a change feed?
A change feed is a transactional audit/log changes to blobs. The changes are recorded in a few minutes
173
Storage: What are some ways to react to blob storage changes?
Most commonly you use blob storage events propagated through azure event grids, but in some cases where you don't need to react immediately the change feed is also an option
174
Storage: What is a SAS token?
A URI that grants restricted access rights to azure storage resources
175
Storage: How can you delegate access to a client so they can access some resources?
Generate a SAS token for the client
176
Storage: Which service does a User delegation SAS provide access to?
User delegation SAS only works for blob storage
177
Storage: Explain what a Service SAS provides access to
A Service SAS provides access to a storage service such as blob storage, queue storage, table storage or azure files
178
Storage: Your users need to read/write their own data directly to blob. How can you enable users to only write their own da ta?
Generate a SAS token that provides restricted access to the user's data
179
Storage: Which SAS token type does Microsoft recommend for superior security?
The User delegation SAS which is secured with Azure AD and applies to Blob storage only
180
Storage: Explain what an Account SAS does
A SAS token secured with the storage account key. Can delegate access to resources in or more storage service. All features of Service/User delegation token are also available here
181
Storage: What does signed permissions (sp) tell in a SAS token?
Signed permissions tell if the token can read (r) or write (w)
182
Storage: What does signed resources (sr) tell in a SAS token?
Signed ressources tell which resources the token has permissions for. For example b for blob and c for container
183
Storage: What are stored access policies?
An extra set of policies for controlling the parameters such as start time / expiry time when generating SAS tokens.
184
Redis: What is the command for storing a key/value with expiration time in Redis?
SETEX: SETEX mykey 1800 “somevalue”
185
Redis: What are some common use cases for using Redis?
Data cache, content cache, session store, job and message queue, distributed transactions
186
Redis: What is the SLA on the Basic OSS tier?
There is no SLA.
187
Redis: Which tier has non-volatile memory?
The Enterprise Flash tier.
Cost-effective large caches powered by Redis Enterprise. Non-volatile memory, which is cheaper than DRAM, on a vm. Reduces the overall per-GB memory cost.
188
Redis: What are the storage/connection limitations between standard/premimum?
Basic/Standard: 53gb mem / 20k connections
Premium: 530gb mem / 40k connections
189
Redis: Is the expire resolution in seconds or ms?
ms
information about expires are replicated and presisted on disc
190
Redis: Which parts do we need to configure a redis server?
Globally unique FQDN, Host address, Post number, Access key
191
Redis: What is the difference between shared caching and private caching?
In private caching content is kept private to application instances. This means faster access but also that all applications may not see the same data with private caching.
Shared caching has better availability as it allows us to cluster it
192
CDN: What are the default TTLs for:
Web delivery optimizations
Large file optimizations
Media streaming optimizations
Web delivery optimizations - 7 days
Large file optimizations - 1 day
Media streaming optimizations - 1 year
193
Redis: Which .NET class manages connections to Azure Redis Cache?
ConnectionMultiplexer
194
Functions: How many instances can the consumption and premium plan scale out to by default?
Consumption: 200
Premium: 100
195
Functions: Do functions support all languages?
Yes, you can provide custom runtimes through the 'Custom Handler' option. The Function.json handles this
196
Functions: Explain triggers and bindings
Triggers determine when the function should run
Bindings is a more convenient way to work with azure and allows us to not hardcode secrets and connectionstrings.
You can have multiple input/output bindings or none.
The direction of the trigger is always in
Some bindings can have a special direction like “inout”.
197
Functions: Where should you configure a custom handler?
the host.json file will point to the required runtime. The runtime itself does not need to be at root
198
Functions: What is the primary difference between normal functions and durable functions?
Durable functions let us write stateful functions
199
Functions: Explain the Function chaining pattern
In the chaining pattern we can run functions one after another
200
Functions: Explain the Fan-out/in pattern
In durable functions we can parallelize multiple functions and then aggregate the result for example
201
Functions: Explain the Async HTTP APIs pattern
In durable functions a function can wait for a long running job to finish before continuing
202
Functions: Explain the human interaction pattern
In durable functions a process can wait for a human to provide input
203
Functions: Explain the monitor pattern
In durable functions the monitor refers to a recurring process in a workflow. For example we can poll until specific conditions are met or another condition before the function proceeds
204
Functions: Why do orchestrator functions need to be deterministic and why?
Because durable functions use event sourcing and must be able to replay the steps until now. This means we can't use DateTime.Now or Math.Random etc because these would generate a new non-deterministic value.
These need to be pushed to activity functions
205
Functions: Explain the 4 function types; Orchestrator functions, activity functions, entity functions and client functions
Client function (entry) -> Calls orchestrator -> Defines a list of activity functions -> activity functions can update entity functiosn for a small piece of state
206
Functions: What is a Task Hub?
A logical container used to store things when running durable functions .. the function types can only interact if they are in the same task hub
207
Functions: What can happen if you have multiple task hubs in the same storage account?
If functions have not explicitly configured the taskhub in host.json then orchestrations may get stuck in PENDING/RUNNING state
208
LogicApps: Which tier must be used to put LogicApps in a VNET?
In the consumption tier you must use "The Integration Service Environment (ISE)"
In the standard tier you can communicate over private endpoints (inbound) and an outbound vnet integration
209
LogicApps: What are the default time outs?
Default time out is after 2 minutes (multi tenant), 3 minutes in single tenant and 4 minutes in ISE
210
Misc: In a CRON job what does each star refer to? (*, * ,* ,* ,*)
minute, hour, day(month), month, day(week)
211
Misc: Where is a client certificate availaable in .NET?
HttpRequest.ClientCertificate
212
Azure Batch: What is azure batch?
Run large scale parallel operations.
You use Batch SDK, APIs, command line tools etc to monitor and start your batches.
213
Logging: What is the difference between log-based and standard-based metrics?
Log-based metrics are simple logs calculate at query time while standard-metrics are stored as a pre-aggregated time series
214
Logging: Which API can applications use to send REST API request to azure monitor?
The Data Collector API. Requests are in JSON
215
Logging: What is Azure Service Health?
Azure Service Health will monitor the health of the entire Azure platform and let you create alerts if something is happening that can affect you.
Consists of:
Azure Status (Azure service outages)
Service Health (Personalized view of the services and regions that you use)
Resource health (Individual azure resources such as your VM)
216
Logging: How can pageviews be tracked?
They are not tracked by default so you will need to add custom application insights code in javascript to send capture pageviews and send them as telemetry
217
Logging: Can sampling impact pre-aggregated events?
No, the collection endpoint pre-aggregates events before ingestion sampling so it will never impact the accuracy
218
Logging: Which availability test should be used for authentication tests?
Custom TrackAvailability.
Custom TrackAvailability test is the long term supported solution for multi request or authentication test scenarios.
219
APIM: Which components make up the API Management?
API Gateway, Azure Portal, Developer Portal
220
APIM: NAme some benefits of the API Gateway
We can configure cross-cutting concerns here such as backend routing, JWT validation, rate limits, quotas, transformations, caches etc
221
APIM: Explain the relation between subscriptions/products in APIM
A product is how APIs are surfaced to developers. They can be either Open or Protected.
For protected products a subscription is required
222
APIM: How can developers access a specific revision of your API?
Can be passed as a query string
223
APIM: Which OSI layer is the gateway routing performing?
This is Layer 7 routing as it is http based and happens in the application layer
224
APIM: What are API Management policies?
Collection of statements that are executed before or after an API call.
We can change API behavior through configuration
XML Based
225
APIM: Which 4 policy types exist?
inbound
backend
outbond
on-error
226
APIM: How can a subscription key be passed?
Through a http header or a query string.
Default http header: Ocp-Apim-Subscription-Key
Default query string: subscription-key
227
APIM: Does APIM have a consumption tier?
Yes and its a good fit with serverless technologies
228
SQL: What does the always encrypted option do?
Protect sensitive information like credit cards.
Always you to encrypt data inside client applications .. so the unencrypted data never reaches the SQL server. This separates who owns the data and who can read it.
Can be configured for data columns.
229
SQL: What are database pools?
Share resources between all databases in the pool.
Works best when the databases have different utilization patterns (if they all peak at the same time they compete for the same resources)
Elastic pools can help not overprovision databases based on peak uses.
An example use case is a SaaS application where each customer has their own DB.
230
Misc: What is the difference between a system assigned managed identity and user assigned managed identity
System-assigned managed identity is enabled directly on an azure service instance. Follows the life cycle of the service
User assigned: Stand alone azure resource with its own life cycle.
Both are service principals of a special type.
231
Misc: How to assign a managed identity on a new VM through the az cli?
az vm create --resource-group myResourceGroup \
--name myVM --image win2016datacenter \
--generate-ssh-keys \
--assign-identity \
--role contributor \
--scope mySubscription \
--admin-username azureuser \
--admin-password myPassword12
232
Misc: How to acquire a token through managed identities?
send a local request from the vm to the azure instance metadata service (IMDS)
GET 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/' HTTP/1.1 Metadata: true
233
Docker: What does the FROM command do?
Create a layer from another docker image
234
Docker: What does the COPY command do?
Adds files from your Docker client's current directory
235
Docker: What does the CMD command do?
Specifies what command to run within the container
236
Docker: What does the RUN command do?
builds your application with make
237
Auth: What is the open source Microsoft Auth libraries called?
MSAL
238
Auth: Explain how applications can integrate with Azure Active Directory
When you register an application with Azure Active Directory you create an identity configuration for your application
239
Auth: Explain the difference between single tenant and multi tenant
Single tenant: Only accessible in your tenant
Multi-tenant: Accessible in other tenants
240
Auth: How is an application defined in Azure AD?
Through it's application object. It resides in the tenant where the application was registered (home tenant)
241
Auth: Explain what an application object is
It represents an identity of an application. It is used as a blue print to create one or more service principals
242
Auth: Can an application object have one or many service principals?
An application object can have many service principals. Each tenant will have it's own service principal which is created from the application object (the blue print in the home tenant)
243
Auth: What three objects does an application object describe?
How the service can issue tokens in order to access the application
Resources the application might need to access
The actions that the applicatio ncan take
244
Auth: What is the difference between user principal and service principal?
Users have a user principal and applications have a service principal
245
Auth: Which three types of service principals exist?
Application, Managed identity, Legacy
246
Auth: What are permissions sets called In OAuth 2.0?
Scopes. A scope is represented as a string value. Can be done through the scope query parameter.
Read users calenders: https://graph.microsoft.com/Calendars.Read
247
Auth: Difference between delegated permissions and application permissions?
Delegated: Used by apps that have a signed-in user present. User or admin consents to the permissions that the app requests.
Application: Used by apps that run without a signed-in user such as background service or daemons. Only admins can consent to these
248
Auth: Which consent types exist?
Static user consent, incremental and dynamic user consent and admin consent
249
Auth: Explain static user consent and pros of cons
You specify all permissions (scopes) up front in the app's configuration. If the user has not consented the user will be prompted. Admins can consent on behalf of all users.
Pros: Keeps code nice and simple
Cons: You need a long list of permissions upfront
250
Auth: Explain incremental and dynamic user consent
You ask for permissions (scopes) to the user incrementally as you need it.
You add the scope parameter when requesting and access token.
251
Auth: Can incremental and dynamic user consent be used for delegated permissions, application permissions or both?
Only delegated permissions.
252
Auth: Explain admin consent
When your app needs access to high-privilege permissions.
Still requires static permissions registered for the app.
253
Auth: Explain how incremental and dynamic user consent can be challenging for admin consent
Since admin consents need to registered as static permissions, the incremental process might request something not there. Therefor you must register all of the admin permissions in the azure portal.
254
Auth: What are some ways that conditional access can help protect service?
Multifactor, only enrolled devices and restricting user locations and IP ranges
255
Auth: Explain an "if" -> "then" scenario for Conditional Access
IF I am an user who wants to access Office 365 THEN i must provide MFA
256
Auth: Which app scenario require code to handle Conditional Access challenges?
1) Device-code flow
2) On-behalf-of-flow
3) Integrated Windows authentication flow
2)
257
Auth: Oauth 2.0: Explain auth code grant
Enables client ap pto obtain authorized access to resource. Requires a user-agent that supports redirection from the Microsoft Identity Platform (Auth server)
1) User request authorization code
2) Code is used to with client_id etc to retrieve tokens
258
Auth: Oauth 2.0 Explain client credentials grant
Access resources by using the identity of an appllication. Common for server-to-server interactions without immediate interaction with a user.
Here you must provide client_Id and client_secret
259
Auth: Oauth 2.0 You want to set up server to server communication. Which token grant flow do you use?
Client Credentials Grant
260
Auth Oauth 2.0: Explain the device code flow
Allows users to sign in to input-constraied devices such as Smart TVs, printers etc.
The device has the user visit a webpage in a browser on another device to sign in.
261
Auth: You want to authorize a Smart TV. Which token grant flow do you use?
Device code flow
262
Auth: You want to set up authorization for a SPA. Which token grant flow do you use?
Auth Code Grant
263
Auth Oauth 2.0: Explain the On-behalf-of flow
A Web API using an identity other than its own to call another web API. (delegation in OAuth)
You pass a user's identity and permissions through a request chain.
You first get a Token A with Code Grant for example. You then send Token A, client ID and secret to request access to Web API B and return a Token B
264
Auth Oauth 2.0: Explain implicit grant flow
Can be used by SPAs etc but is less safe that Code Grant. The process is not to-stepped as in gode grant but instead everything happens in one request. The browser returns the token directly in the url instead of securely over the backchannel.
265
Auth: What is the Microsoft Graph?
A gateway to data and intelligence in Microsoft 365
266
Auth: What are Microsoft Graph connectors?
Used to send external data into the Microsoft graph services .. The incoming directions
267
Auth: What are Microsoft Graph Data connect?
Set of tools to streamline secure and scalable delivery of Microsoft Graph data to popular Azure data stores
The outgoing diretion.
268
Which RBAC role gives access to pull/push images in ACR?
AcrPush
269
VM: What is the command to apply a managed identity for a VM?
$vm = Get-AzVM -ResourceGroupName myResourceGroup -Name myVM
Update-AzVM -ResourceGroupName myResourceGroup -VM $vm -IdentityType SystemAssigned
270
WebApp: What can you do with a .deployment file and where should it be placed+
Place at root of your repo. Can be used to call scripts and deploy a website.
For example can be used to generate static content
271
What is a PreBuild target?
An option in csproj files to execute commands
272
Functions: How can you limit the number of parallel executions?
Set the batchSize propery in hosts.json
273
Blob: Which tool can be used to copy blobs?
AzCopy.
Storage Explorer uses this internally.
Ensures data movement process is recoverable
274
Cosmos: Which RBAC role can provision Cosmos accounts, dsatabases etc?
Cosmos DB Operator
275
Insights: What is a multi-step web test?
A recording of a sequence of web requests, which can be played back to test more complex scenarios. Multi-step web tests are created in Visual Studio Enterprise and uploaded to the portal for execution.
276
EventGrid: Which two ways of validating a subscription for webhooks exists?
ValidationCode Handshake (programmatic) and ValidationURL handshake (Manual)
ValidationUrl is recommended if you control the source code.
277
EventGrid: Explain how a cmdlet can be used with a topic
You can react to a new message in a topic by automatically running a cmdlet
278
Is filesystem storage designed for short-term or long term logging?
Short-term. Turns itself off after 12 hours. Blob storage is designed for long-term storage of logging
279
Storage: Explain metadata and properties
properties are referred to as system properties.
to update meta data you must use the format x-ms-meta
280
Logging: When you want to monitor CPU usage of a webapp do you need to look at the webapp instance or the app service plan?
To monior things like CPU percentage, Memory Percentage and Disk Queue length you need to use the AppService Plan.
281
ARM: How do you export a resource group?
az group export --name $myRg
