AZ-204 Flashcards

1
Q

What are the different VM types and there use cases?

A

General Purpose - Balanced CPU-to-memory ratio. Ideal for testing and development, small to medium databases, and low to medium traffic web servers.

Compute Optimized - High CPU-to-memory ratio. Good for medium traffic web servers, network appliances, batch processes, and application servers

Memory Optimized - High memory-to-CPU ratio. Great for relational database servers, medium to large caches, and in-memory analytics.

Storage Optimized - High disk throughput and IO ideal for Big Data, SQL, NoSQL databases, data warehousing and large transactional databases.

GPU - Specialized virtual machines targeted for heavy graphic rendering and video editing, as well as model training and inferencing (ND) with deep learning. Available with single or multiple GPUs.

High Performance Compute - Fastest and most powerful CPU virtual machines with optional high-throughput network interfaces (RDMA).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the CLI command to create a resource group?

A

az group create –name rgname –location myLocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the CLI command to create a VM?

A

az vm create \
–resource-group az204-vm-rg \
–name az204vm \
–image UbuntuLTS \
–generate-ssh-keys \
–admin-username azureuser \
–public-ip-sku Standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the CLI command to open a VM port?

A

az vm open-port –port 80 \
–resource-group az204-vm-rg \
–name az204vm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the CLI command to start/stop/deallocate/restart/redeploy/delete a VM?

A

az vm start/stop/deallocate/restart/redeploy/delete –resource-group myResourceGroup –name myVM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the CLI commands for information about VMs?

A

List VMs: az vm list

Get information about a VM: az vm show –resource-group myResourceGroup –name myVM

Get usage of VM resources: az vm list-usage –location eastus

Get all available VM sizes: az vm list-sizes –location eastus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the CLI commands for VM disks and images?

A

Add a data disk to a VM: az vm disk attach –resource-group myResourceGroup –vm-name myVM –disk myDataDisk –size-gb 128 –new

Remove a data disk from a VM: az vm disk detach –resource-group myResourceGroup –vm-name myVM –disk myDataDisk

Resize a disk: az disk update –resource-group myResourceGroup –name myDataDisk –size-gb 256

Snapshot a disk: az snapshot create –resource-group myResourceGroup –name mySnapshot –source myDataDisk

Create image of a VM: az image create –resource-group myResourceGroup –source myVM –name myImage
Create VM from image: az vm create –resource-group myResourceGroup –name myNewVM –image myImage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the benefits of ARM templates?

A
  1. Declarative Syntax - Deployment of all resource types
  2. Repeatable Results - Consistent deployments
  3. Orchestration - orders actions and deploys resources in parallel when possible
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the use cases for Azure Container Registry?

A

Pull images to Scalable orchestration systems and other Azure services,
Push to a container registry as part of a container development workflow.
Configure ACR Tasks to automatically rebuild application images when their base images are updated, or automate image builds when your team commits code to a Git repository. Create multi-step tasks to automate building, testing, and patching multiple container images in parallel in the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the tiers of Azure Container Registry?

A

Basic: Same capabilities as standard/premium(such as Azure Active Directory authentication integration, image deletion, and webhooks) but lowest image and storage throughput.

Standard: Standard registries offer the same capabilities as Basic, with increased included storage and image throughput. Standard registries should satisfy the needs of most production scenarios.

Premium: Premium registries provide the highest amount of included storage and concurrent operations. Premium adds geo-replication for managing a single registry across multiple regions, content trust for image tag signing, and private link with private endpoints to restrict access to the registry.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the storage features of ACR?

A

Encryption at rest, geo replication, zone redundancy, scalable storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the task scenarios of ACR?

A

Quick: Build and push a single container image to a container registry on-demand, in Azure, without needing a local Docker Engine installation.

Automatically triggered tasks - Enable one or more triggers to build an image:
- Trigger on source code update
- Trigger on base image update
- Trigger on a schedule

Multi-step task - Multi-step, multi-container-based workflows.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a container group in ACI?

A

A container group is a collection of containers that get scheduled on the same host machine. The containers in a container group share a lifecycle, resources, local network, and storage volumes. It’s similar in concept to a pod in Kubernetes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the container restart policy settings?

A

Always: Restarted after the end of every execution
Never: Container is only ran once at most
Onfailure: If the container crashes it is restarted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How do you overcome statelessness in ACI?

A

mount volume from an external store.
- You can only mount Azure Files shares to Linux containers.
- Azure file share volume mount requires the Linux container run as root.
- Azure File share volume mounts are limited to CIFS support.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the different app service plan tiers?

A

Shared compute: Both Free and Shared share the resource pools of your apps with the apps of other customers. These tiers allocate CPU quotas to each app that runs on the shared resources, and the resources can’t scale out.

Dedicated compute: The Basic, Standard, Premium, PremiumV2, and PremiumV3 tiers run apps on dedicated Azure VMs. Only apps in the same App Service plan share the same compute resources. The higher the tier, the more VM instances are available to you for scale-out.

Isolated: This tier runs dedicated Azure VMs on dedicated Azure Virtual Networks. It provides network isolation on top of compute isolation to your apps. It provides the maximum scale-out capabilities.

Consumption: This tier is only available to function apps. It scales the functions dynamically depending on workload.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the format of an ARM template?

A

Schema: Location of the JSON schema file that describes the version of the template language.

apiProfile: Use this value to avoid having to specify API versions for each resource in the template.

ContentVersion: Use this value to document significant changes in your template. When deploying resources using the template, this value can be used to make sure that the right template is being used.

Parameters: These are values that are provided during resource deployment execution to customize the deployment. For example, the virtual machine name during a VM deployment. Parameters can have default values in case we chose not to provide a value during resource deployment.

Variables: They are used to express information that is likely to remain static across resource deployments such as an admin user name in case of VM deployments.
Resources: These define the resource types that are created or updated during the resource deployment. For example, VM network, disk or public IP addresses.

Functions: User-defined functions that are available within the template.

Resources: Resource types that are deployed or updated in a resource group or subscription.

Outputs: This section comprises values that are returned or presented as output upon successful completion of the ARM template deployment.

18
Q

How do you deploy an ARM template from the CLI?

A

az deployment group/tenant/mg/sub create \
–name ExampleDeployment \
–resource-group ExampleGroup \
–template-uri/file “https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.storage/storage-account-create/azuredeploy.json” \
–parameters storageAccountType=Standard_GRS

Powershell:
New-AzResourceGroup/Tenant/ManagementGroup/SubscriptionDeployment\
–name ExampleDeployment \
–resource-group ExampleGroup \
–template-uri/file “https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.storage/storage-account-create/azuredeploy.json” \
–parameters storageAccountType=Standard_GRS

19
Q

How to Configure App Service web app settings (SSL,API and connection strings)?

A

Common Settings:
az webapp config set –resource-group <group-name> --name <app-name> --use-32bit-worker-process [true|false] --web-sockets-enabled [true|false] --always-on [true|false]--http20-enabled --auto-heal-enabled [true|false] --remote-debugging-enabled [true|false] --number-of-workers</app-name></group-name>

App Settings:

az webapp config appsettings set –name <app-name> --resource-group <group-name> --settings <setting-name>="<value>"</value></setting-name></group-name></app-name>

SSL:
az webapp config ssl bind/unbind/create/import/delete

20
Q

How to Enable App Service diagnostic logging?

A

Windows Logging:
Select On for either Application Logging (Filesystem) or Application Logging (Blob), or both.

The Filesystem option is for temporary debugging purposes, and turns itself off in 12 hours. The Blob option is for long-term logging, and needs a blob storage container to write logs to.

Order is Disabled,Error,Warning,Critical,Verbose

Linux/Containers:
In Application logging, select File System.

In Quota (MB), specify the disk quota for the application logs. In Retention Period (Days), set the number of days the logs should be retained.

Log Messages in Code:
C# System.Diagnostics.Trace Class

21
Q

How to Enable App Service Autoscaling?

A

Use either Azure Monitor or an ARM template

22
Q

How to Deploy Code to an App Service Web app?

A

Local git:
az webapp create –resource-group <group-name> --plan <plan-name> --name <app-name> --runtime "<runtime-flag>" --deployment-local-git</runtime-flag></app-name></plan-name></group-name>

Zip:
az webapp deploy –resource-group <group-name> --name <app-name> --src-path <zip-package-path></zip-package-path></app-name></group-name>

Deployment slots:

az webapp deployment slot auto-swap/create/delete/list/swap

New-AzWebAppSlot -ResourceGroupName [resource group name] -Name [app name] -Slot [deployment slot name] -AppServicePlan [app service plan name]

23
Q

How do you create and deploy Azure functions?

A

Create:
az functionapp plan create –name <NEW_PREMIUM_PLAN_NAME> --resource-group <MY_RESOURCE_GROUP> --location <REGION> --sku EP1</REGION></MY_RESOURCE_GROUP></NEW_PREMIUM_PLAN_NAME>

Deploy:
Use authorize repo or CI/CD, ARM templates or Powershell/CLI commands

24
Q

What are triggers and bindings?

A

Triggers cause a function to run. A trigger defines how a function is invoked and a function must have exactly one trigger. Triggers have associated data, which is often provided as the payload of the function.

Binding to a function is a way of declaratively connecting another resource to the function; bindings may be connected as input bindings, output bindings, or both. Data from bindings is provided to the function as parameters.

25
Q

How do you create triggers/bindings in C#?

A

public static class SimpleExample
{
[FunctionName(“QueueTrigger”)]
public static void Run(
[QueueTrigger(“myqueue-items”)] string myQueueItem,
ILogger log)
{
log.LogInformation($”C# function processed: {myQueueItem}”);
}
}

  • FunctionName attribute(nameoffunction)
    -method doesn’t have to be called run
  • can add input/output binding parameter to Run
  • can add binding expression to get trigger metadata
  • values for bindings come from non-directly editable function.json
26
Q

How to implement azure durable functions?

A

Mix of orchestrator and activity functions

27
Q

What are Orchestration, entity, client, and activity functions?

A
  • Orchestration functions are used to maintain state for durable functions
  • Activity functions run inside orchestration functions
  • Client Function acts as an entry point. Client Function helps us to create an instance of a Durable Functions Orchestration. Client Function can be run as a response to any event from different sources like a new HTTP request arrives, a new message posted in a message query, etc.
    -Entity functions define operations for reading and updating small pieces of state, known as durable entities. Like orchestrator functions, entity functions are functions with a special trigger type, the entity trigger. Unlike orchestrator functions, entity functions manage the state of an entity explicitly, rather than implicitly representing state via control flow
28
Q

What is function chaining?

A

Use orchestration functions to chain together activity functions potentially by linking inputs to outputs.

29
Q

What is fan-in/fan-out?

A

Use orchestration functions to run activity functions together in parallel with multithreading and then aggregate results.

30
Q

What is monitoring?

A

Class to wait for results by polling at intervals for durable functions.

31
Q

What is the general format for a docker compose file?

A

Services - A Service is an abstract concept implemented on platforms by running the same container image (and configuration) one or more times.
Volumes - Services store and share persistent data into Volumes. The specification describes such a persistent data as a high-level filesystem mount with global options. Actual platform-specific implementation details are grouped into the Volumes definition and MAY be partially implemented on some platforms.
Configs - From a Service container point of view, Configs are comparable to Volumes, in that they are files mounted into the container. But the actual definition involves distinct platform resources and services, which are abstracted by this type.
Secrets - A Secret is a specific flavor of configuration data for sensitive data that SHOULD NOT be exposed without security considerations. Secrets are made available to services as files mounted into their containers, but the platform-specific resources to provide sensitive data are specific enough to deserve a distinct concept and definition within the Compose specification.
Networks - a Network is a platform capability abstraction to establish an IP route between containers within services connected together.

32
Q

What are the commands of a dockerfile?

A

ADD - The ADD command gets two arguments: a source and a destination. It basically copies the files from the source on the host into the container’s own filesystem at the set destination.
RUN - It should be considered as an initial, default command that gets executed (i.e. run) with the creation of containers based on the image.
ENTRYPOINT - ENTRYPOINT argument sets the concrete default application that is used every time a container is created using the image. For example, if you have installed a specific application inside an image and you will use this image to only run that application, you can state it with ENTRYPOINT and whenever a container is created from that image, your application will be the target.
ENV - The ENV command is used to set the environment variables (one or more). These variables consist of “key value” pairs which can be accessed within the container by scripts and applications alike. This functionality of Docker offers an enormous amount of flexibility for running programs.
EXPOSE - Expose port numbers
FROM - It defines the base image to use to start the build process.
RUN - It takes a command as its argument and runs it to form the image. Unlike CMD, it actually is used to build the image (forming another layer on top of the previous one which is committed).
VOLUME - The VOLUME command is used to enable access from your container to a directory on the host machine (i.e. mounting it).
WORKDIR - The WORKDIR directive is used to set where the command defined with CMD is to be executed.

33
Q

What are the useful ACR commands?

A

az acr repository list -n $acrName
az acr build -r $acrname -f .\multi-stage.Dockerfile -t samplewebapp:acr .
az acr create -g $resourceGroup -n $acrName –sku Basic –admin-enabled

34
Q

ACI command to deploy from Github actions?

A

az container app up [–acr]
[–branch-name]
[–do-not-wait]
[–port]
[–repository]

35
Q

How to deploy container to ACI from ACR?

A

az container create \
–name aci-demo \
–resource-group $RES_GROUP \
–image $ACR_LOGIN_SERVER/aci-helloworld:v1 \
–registry-login-server $ACR_LOGIN_SERVER \
–registry-username $(az keyvault secret show –vault-name $AKV_NAME -n $ACR_NAME-pull-usr –query value -o tsv) \
–registry-password $(az keyvault secret show –vault-name $AKV_NAME -n $ACR_NAME-pull-pwd –query value -o tsv) \
–dns-name-label aci-demo-$RANDOM \
–query ipAddress.fqdn

36
Q

How to push a container to ACR?

A

Login:
az acr login –name myRegistry

Tag image:
docker tag local-image:tagname <login-server>/new-repo:tagname</login-server>

Push image to ACR:
docker push <login-server>/new-repo:tag-name</login-server>

37
Q

What are the functions plans?

A

Consumption plan This is the default hosting plan. It scales automatically and you only pay for compute resources when your functions are running. Instances of the Functions host are dynamically added and removed based on the number of incoming events.

Premium plan Automatically scales based on demand using pre-warmed workers, which run applications with no delay after being idle, runs on more powerful instances, and connects to virtual networks.

Dedicated plan Run your functions within an App Service plan at regular App Service plan rates. Best for long-running scenarios where Durable Functions can’t be used.

38
Q

How do you avoid timeouts for HTTP triggers for function apps?

A

Whenever possible, refactor large functions into smaller function sets that work together and return responses fast since HTTP triggers timeout after 230 seconds

39
Q

How do you test environment changes that ARM templates could cause?

A

Powershell What-If

40
Q

How to determine if ARM templates are following best practices?

A

ARM test toolkit

41
Q

How to map custom DNS to app service?

A
  1. Enter DNS name from provider
  2. Map “A” and “TXT” value in DNS provider from Azure portal
42
Q

What is the goal of Azure App Config?

A

Share configuration settings (like environment variables) across app services/plans