AZ 204 Flashcards
Event Grid: What is a topic?
Provides an endpoint where the source sends events
Event Grid: HTTP webhooks event handler retry until what?
The handler returns a http 200 code
Event Grid: Which data type are events sent as?
Events are sent in an array which can have several event objects. Each event object is limited to 1 MB. Larger messages result in a 413 payload too large
Event Grid: How are operations charged?
In 64 kb increments. So for example 130kb is charged as 3 separate events (64+64+64)
Event Grid: Which 4 properties are required?
Subject, EventType, EventTime, Id
Event Grid: Which property in the schema can be used to route/filter?
There are three options for filtering: Event types, Subject begins with or ends with and advanced fields and operators
Event Grid: Does Event Grid guarantee order for delivery?
No, subscribers may recieve them out of order.
Event Grid: Which two retry configurations exist?
Maximum number of attempts (1-30) or Event time-to-live (1-1440 minutes)
Event Grid: You want to allow a service to send events to Event Grid Topics. Which RBAC role do you assign?
1) Event Grid Subscription Reader
2) Event Grid Subscription Contributor
3) Event Grid Contributor
4) Event Grid Data Sender
4) Lets you send events to Event Grid topics.
Event Grid: You want to allow a service to create and manage Event Grid resources. Which RBAC role do you assign?
1) Event Grid Subscription Reader
2) Event Grid Subscription Contributor
3) Event Grid Contributor
4) Event Grid Data Sender
3) Lets you create and manage Event Grid resources.
Event Grid: What is the az cli command to create a new topic?
az eventgrid topic create –name $myTopicName \
–location $myLocation \
–resource-group az204-evgrid-rg
Event Hub: What is Azure Event Hubs?
A big data streaming platform and event ingestion service. It can recieive and process millions of events per second
Event Hub: What is the primary interfrace for developers interacting with Event Hubs?
Develops interact through an Event Hubs Client
Event Hub: What is a an Event Hubs producer
A special type of client that serves a source of telemetry data. Examples can be mobile device applications, a website etc.
Event Hub: What is a consumer group?
A consumer group enables multiple consuming applications to have their own view of the event stream and read data at their own pace. It is recommend to only have 1 consumer group per partition though, since multiple readers on the same partition will result in duplicate events.
Event Hub: How does the architecture of Event Hub ensure that it never gets “too full”
First of all Event Hub uses a partitioned consumer model which is key to scaling. Secondly as the data ages off it is deleted by using the configurable retention period.
Event Hub: Which unit of measure is used to control traffic?
Traffic is controlled though Throughput units. A single throughput unit allows 1MB per second OR 1000 events per second of ingress. For egress the amount is twice of that.
You can configure between 1-20 throughput unit but can raise a support ticket to increase further
Event Hub: What happens if you use more throughput than our configured units?
Usage beyond the purchased throughput is throttled
Event Hub: What does checkpointing mean?
Checkingpointing is a process by which an event processor marks or commits the position of the latest read. This makes the system more resilient since other processors can take over in case of failure
Event Hub: Which mechanisms are supported to Authenticate and Authorize?
Supports both Azure AD and Shard Access Signatures (SAS)
Event Hub: Which RBAC roles should be assigned to a service that needs to send data to the Event Hub?
Azure Event Hubs Data Sender gives the role send access to Event Hub resources.
The other 2 in-built roles are Data Owner and Data Reciever.
Event Hub: Under which namespace do the .NET clients exist?
Azure.Messaging.EventHubs
Event Hub: Which .NET/Java client is used to consume data?
EventHubConsumerClient
Event Hub: What is a partition
An ordered sequence of events held in an Event Hub
Messaging: Which two types of queue mechansims do Azure support
Service Bus queues and Storage queues
Storage Queue: How large can storage queue messages be?
Up to 64kb in size
Messaging: Which queue solution should be selected if you must store over 80 gb of messages in a queue?
The Storage Queue. In the storage queue the limit of the queue is the same as the whole storage account
Messaging: You want service side logs of all transactions against your queue. Which solution do you choose?
The Storage Queue.
Messaging: You want to implement a checkpoint mechanism for your solution. Which solution do you choose?
The Storage Queue is ideal for logging progress
Messaging: Which solution supports deduplication of messages?
The service bus queue
Messaging: You want to provide a guaranteed FIFO delivery of your message. Which solution do you pick?
The service bus queue
Messaging: Your messages might be up to 256 kb in size. Which solution do your choose?
The service bus queue. Messages can exceed 64kb but likely wont approach the 256kb limit. In premium tier messages can be up to 100Mb.
The storage queue is limited to 64kb per message.
Messaging: Name some features that the Service Bus Queue supports which the Azure Storage Queue does not.
Pub/sub models, deduplication, FIFO delivery, larger messages and can deliver in parallel long-running streams.
Messaging: Which .NET namespace do you find client libraries in?
Azure.Messaging.ServiceBus
Messaging: In what way does a messaging architecture affect the required load levels of your applications (think avg load vs peak load)
A benefit of using queues and messages is that the application only has to deal with average load, because you have a buffer system
Service Bus: Explain the difference between “Receive and delete “ or “Peek lock” receive modes
Receive and delete: Deletes the message on receive. This makes it less tolerant to failures as a crash may result in a message not being processed.
Peak lock: The process becomes two-stage. When the message is receives it is marked as locked and then returned. When the processing is finished it marks it as completed. The lock has an associated timeout which can “unlock” the message again if it hasn’t been completed.
Messaging: What is the different between a queue and topics/subscriptions?
Topics/Subscription allow for a 1:N model where a topic can have many subscribers.
Service Bus: Which two sets of properties exist?
1) Broker defined properties:
Predefined by the system and default meta data.
2) User defined properties
Collection of key-value pairs that can be controlled by the application
Service Bus: Give some example of broker defined properties:
To, ReployTo, ReplyToSessionId, MessageId, CorrelationId, SessionId
Service Bus: Which advanced feature allows routing inside of a service bus namespace?
Routing can be realized using auto-forward chaining. If you want to use routing across namespaces you can use LogicApps.
Service Bus: Which advanced feature allows routing inside of a service bus namespace?
Routing can be realized using auto-forward chaining. If you want to use routing across namespaces you can use LogicApps.
Service Bus: Payload is always sent as a string. True / False?
False. Payload is binary data and information about how to deserialize it can be sent in the ContentType property.
Service Bus: How to create a queue throught the az cli?
First you have to create a namespace and then the queue
az servicebus namespace create –resource-group $RG –name $NAME –location $LOC
az servicebus queue create –resource-group $RG –namespace-name $NAME –name $MYQ
Storage Queue: How is access to a Storage Queue controlled?
All access goes thourgh the Storag Account
Storage Queue: How to make messages automatically expire?
You can configure a maximum time-to-live which can be any positive number or -1 indicating the message doesn’t expire.
The default value is 7 days
Azure Service Bus: How to create a FIFO guarantee?
To create a first in- first out guarantee you have to use Sessions. Message sessions enable joint and ordered handling of unbounded sequences of related messages
VM: How long can custom script extensions run for?
90 minutes
VM: How many VMs can a scaleset handle?
A scaleset can handle up to 1000 VMs
VM: What is the default encryption mode for disks?
They are encrypted at rest by default with a managed key. It is possible to change to a customer managed key.
VM: What is an availability zone a combination of?
An AZ is a combination of a Fault Domain and an Update Domain
VM: Which two types of disks exists?
The regular disk is where the OS etc. is stored. These are recommended to be SSDs. Additional data can be stored on Data disks
VM: Explain what an availability set is
A logical grouping of VMs that help Azure understand how your application is built to provide for redundancy and availability
VM: Explain what a Fault Domain is
To help protect the application against hardware failures the VMs can be placed in different fault domains. It can be pictured as a rack in a data center. (although not 1:1 picture)
VM: Explain what an Update Domain is
Helps ensure that a particular VM can be updated. Logical grouping of the underlying hardware
VM: What is the different between Managed and Unmanaged disks
Umananaged disks reside in your storage account and hold the disks (VHD files). It cannot be guaranteed that availability sets are on different fault domains. Unmanaged disks always inherit the IOPS limits of the storage account.
Managed disks are not limited by storage accounts and managed by azure.
VM: Explain what a Scale Set is
A scale set is a group of load-balanced VMs. They can hold up to 1000 VMs.. Scalesets are ideal for unpredictable workloads. The VMs in the scaleset are identically configured.
VM: Explain when to use an availability set vs scale set
Availability sets are used for smaller setups with predictable load. Scale sets are used for unpredictable loads and can hold up to 1000 VMs
VM: A fixed sized disk is required to support encryption. True / False?
True
VM: Where can Custom Script Extensions be located and what are they?
Scripts for post-deployment configurations. Can be located anywhere as long as the VM can route to it .. (Github, Blob Storage etc)
VM: How to migrate an encrypted disk?
In order to migrate an encrypted disk we must first turn off encryption, migrate and then turn on encryption again
VM: How to encrypt a disk onpremise?
You can encrypt it on-premise with bitlocker and then upload the Virtual Hard Diive to Azure Storage Account
ARM: Are ARM templates imperative or declarative?
They are declarative. You declare what you want to have
ARM: Are templates idempotent? True/False
True
ARM: Which of the following are required?
Parameters
$schema
Variables
resources
User-defined functions
contentVersion
Resources
Outputs
$schema, resources and contentVersion
ARM: Which resource type is used for storing an ARM template for later use?
A template spec.
Supports versioniong
ARM: You deployed an ARM template with multiple references and lists. Your configuration threw a not found configuration even though you had a condition to ensure that it is only ran if the reference exists. How come?
“References” and “lists” are always evaluated even if the condition is false. To work around this they must be wrapped in an if-condition
ARM: Explain the difference between “complete” and “incremental” deployment modes
Complete will delete other resources in the RG so the template matches the RG exactly.
Incremental: Will leave existing resources be.
ARM: How to extend templates with logic?
ARM templates can use expressions that extend JSON. In-built Resource Manager Functions such as “contains”, “lessOrEquals” etc can be used.
ARM: How to create an ARM template through the az cli?
az deployment group create
ACR: How is Azure Container Registry billed?
By the second
ACR: Which min. tier is recommended for production
Standard tier. Provides more storage and throughput
ACR: Which new features does the premium tier unlock?
Geo-replication, private endpoint, image tag signing etc
ACR: What is ACR tasks?
Enables automated image builds from source code changes or a container’s base images.. Can be used in CI/CD pipelines by using the az acr build command for example
ACI: What is Azure Container Instances
A service that allows you to run containers in azure. The simplest and fastest way to run containers.
ACI: Can both run windows and linux containers? True/False
True
ACI: In what scenarios is AKS (Azure Kubernetes) recommended over ACI?
If you need full orchestration with features like service discovery, automatic scaling etc. AKS is recommended
ACI: How can other application communicate with a container instance in ACI?
Containers are giving a public IP and FQDN
ACI: What is a container group?
A way to group containers. These containers are scheduled on the same host machine. They share lifecycle, network, storage etc.
ACI: What are some ways to deploy an ACI?
ACI can be deployed with ARM templates or YML files
ACI: You notice in your logs that your container keeps restarting. How can that be?
You configured a “OnFailure” retry policy. Your container has a bug that makes it crash. Your retry policy makes the container retry again and again.
ACI: You want your container to run at most once. Which retry policy do you select?
“Never”. The container is never restarted so containers run at most once
ACI: Which restart policies exist?
Always - always restarted
Never - Runs at most once
OnFailure - Restarts on non-zero exit codes. Runs at least once
ACI: Can ENV variables be exposed to containers? True/False
True
App Service: How many app services can exist in a free app service plan?
10
App Service: What is the ac cli command to package and deploy a web app?
az webapp up
App Service: Which unit is use to denote the performance of an app service plan across different metrics?
ACU (Azure Compute Unit)
An ACU of 200 is expected to be roughly double as powerful as 100 ACU
App Service: Which tier supports load balancing?
Standard plans and up
App Service: For which kind of service is the consumption tier available?
Azure Functions
App Service: You have strict organizational requirements around network and compute. Which plan do you select?
Isolated. The code will run on your own dedicated VMs and provide Network + Compute isolation
Another alternative is the Service Environment (ASE) to run it directly in your VNET
App Service: You need compute isolation for our services. Do you select the “dedicated plan” or the “isolated” plan?
Dedicated plan is sufficient as it provides compute isolation.
Isolated provides compute isolation + network isolation
App Service: Which plan is used to run app services directly in your VNET?
To run app services directly in a VNET you must use Service Environment (ASE)
App Service: How can inbound network be controlled?
App-assigned address, access restrictions, service endpoints or private endpoints
App Service: How can outbound network be controlled?
VNET Integration, hybrid connection or gateway
App Service: How to run an app service with a runtime that is not supported out of the box?
Your can deploy your code with a custom container that holds your runtime
App Service: How can green/blue deployment be achieved in app services?
You can use deployment slots to first deploy your production build to a staging environment and swap it over the production when you have confirmed that it works
App Service: Which settings are configured in the “general settings” tab?
Runtime, major version, platform settings, debugging etc
App Service: How to add custom storage for containerized apps?
You can add custom storage by mounting storage from an azure storage account
App Service: Web server logging is supported on both windows/linux?
No, only on windows.
Linux only have application logging and deployment logging.
App Service: You want to see the latest logs of a webapp thorugh the az cli. How do you do it?
az webapp log tail –name appname –resource-group myResourceGroup
App Service: What is one way to implement feature management?
You can use App Configuration which provides modern features like feature flags
App Service: What is the advantage to use app configuration over application settings?
Changing application settings require restarting the app service. App Configuration can be changed without service interruption
App Service: Which two parts make of a feature flag?
A name and a list of one or more filters to evaluate the feature’s state
App Service: Is autoscaling horizontal or vertical?
Autoscaling is horizontal and means we scale in/out
App Service: When should autoscaling be enabled?
When your application can’t easily predict the worklaod in advance
App Service: Scaling can be based on two different options. Which?
Scale based on a metric or according to a schedule
App Service: Explain what an autoscale cooldown period is
A cooldown period is an interval where new scaling actions wont be triggered. This is to allow the system to stabilized between autoscale events. The minimum cooldown periods is five minutes.
App Service: You have multiple scale out configurations configured. Only one of them evaluates to true. Does your service trigger scale?
Yes, only one condition needs to be met on scale-out
App Service: You have multiple scale in configurations configured. Only one of them evaluates to true. Does your service trigger scale?
No, all scale-in rules must be met in order to scale-in
App Service: Explain what “flapping” situations mean in terms of autoscaling
When scale-in and scale-out conditions continually go back and forth you can end up triggering scale out and scale in again and again which is not ideal. To avoid this there should be a margin between scale-out and scale-in conditions. For example +1 on CPU >= 80% and -1 on <= 60% CPU
App Service: You want to figure out how your application has auto-scaled over the last couple of days. How can you see it?
The Activity Log logs autoscaling events or other conditions such as missing metrics available etc
App Service: You want to perform a slot swap but want to ensure that your new service is read to take traffic
You can specify a warm-up configuration in applicationInitialization.
This lets your run warm up code before the taget slot is swapped
App Service: What default % traffic are new slots given?
0%
