Azure Compute solutions

Question 1

What’s an Azure Container Registry (ACR)

Answer 1

is a managed, private Docker registry service based on the open-source Docker Registry 2.0.

Question 2

What are the Azure Container Registry service tiers?

Answer 2

Basic, Standard and Premium

Question 3

Explain the Basic tier of ACR service

Answer 3

A cost-optimized entry point for developers learning about Azure Container Registry. Basic registries have the same programmatic capabilities as Standard and Premium (such as Azure Active Directory authentication integration, image deletion, and webhooks). However, the included storage and image throughput are most appropriate for lower usage scenarios.

Question 4

Explain the Standard tier of ACR service?

Answer 4

Standard registries offer the same capabilities as Basic, with increased included storage and image throughput. Standard registries should satisfy the needs of most production scenarios.

Question 5

Explain the Premium tier of ACR service?

Answer 5

provide the highest amount of included storage and concurrent operations, enabling high-volume scenarios.
higher image throughput
Premium adds features such as geo-replication for managing a single registry across multiple regions, content trust for image tag signing, and private link with private endpoints to restrict access to the registry.

Question 6

What are the different Azure storage features?

Answer 6

Encryption-at-rest, Regional storage, zone redudnancy, scalable storage.

Question 7

Explain encryption-at-rest feature in Azure storage.

Answer 7

All container images in your registry are encrypted at rest. Azure automatically encrypts an image before storing it, and decrypts it on-the-fly when you or your applications and services pull the image.

Question 8

Explain regional storage feature in Azure Storage

Answer 8

Azure Container Registry stores data in the region where the registry is created, to help customers meet data residency and compliance requirements. In all regions except Brazil South and Southeast Asia, Azure may also store registry data in a paired region in the same geography. In the Brazil South and Southeast Asia regions, registry data is always confined to the region, to accommodate data residency requirements for those regions.

Question 9

Explain zone redundancy feature in Azure Storage

Answer 9

A feature of the Premium service tier, zone redundancy uses Azure availability zones to replicate your registry to a minimum of three separate zones in each enabled region.

Question 10

Explain scalable storage feature in Azure Storage

Answer 10

allow you to create as many repos, images, layers, or tags as you need, up to the registry storage limit

Question 11

What are the different scenarious for ACR Tasks?

Answer 11

Quick task, Automatically triggered tasks, multi-step task

Question 12

What’s Quick task?

Answer 12

Build and push a single container image to a container registry on-demand, in Azure, without needing a local Docker Engine installation. It provides an integrated development experience by offloading your container image builds to Azure.

Benefit; you can verify your automated build definitions and catch potential problems prior to committing your code.

Question 13

What’s multi-step task?

Answer 13

it’s defined in a YAML file specifying individual build/ push operations for container images or other artifacts. Also define execution of one or more containers.

Question 14

What’s a Dockerfile?

Answer 14

a script that contains a series of instructions that are used to build a Docker image

Question 15

What does a dockerfile include?

Answer 15

The base or parent image we use to create the new image. Commands to update the base OS and install other software. Build artifacts to include, such as a developed application.Services to expose, such a storage and network configuration. Command to run when the container is launched.

Question 16

What can you use ACR Task for?

Answer 16

Create an Azure Container Registry. Build and push image from a Dockerfile. Run the image in the ACR.

Question 17

What is ACR Tasks?

Answer 17

a set of features within ACR

Question 18

What is Azure Container Instances (CI)?

Answer 18

a service that let developer easily to deploy container on Azure cloud platform

Question 19

What’s container group in CI?

Answer 19

collection of containers that get scheduled on the same host machine

Question 20

What does container in a container group?

Answer 20

container in a container group share lifecycle, local network and storage volume (similar to pods in Kubernetes)

Question 21

What are the two ways of deploying container group?

Answer 21

Resource Manager template and YAML file

Question 22

When to use Resource Manager template to deploy container group?

Answer 22

when deploy additional Azure service resources (eg. Azure Files share) when u deploy CI

Question 23

When to use YAML file to deploy container group?

Answer 23

when your deployment includes only container instances

Question 24

Give a scenario to use multi-container groups

Answer 24

useful where u want to divide a single functional task into a few container images

Question 25

What does it mean that Azure CI is stateless?

Answer 25

if container crash/stops, all of its state is lost

Question 26

What are the limitations of mounting Azure file share in Azure CI?

Answer 26

1. only mount Azure Files shares to Linux containers
2. Azure file share volume mount requires the Linux container run as root
3. Azure File share volume mounts are limits to CIFS support

Question 27

What are the restarts policies for running containerized tasks?

Answer 27

Always = default setting when no restart policy
Never
OnFailure

Question 28

What’s Azure Container Apps (CA)?

Answer 28

a fully managed environment that enables you to run containerized applications and microservices on a serverless platform

Question 29

What is Azure CA common used for?

Answer 29

1. Deploy API endpoints
2. Host background processing applications
3. Handle event-driven processing
4. Run microservices

Question 30

What are the limitations of Azure CA?

Answer 30

1. can’t run priviliged container. can’t process root access.
2. Linux-based (linux/amd64) container images are required

Question 31

What can Azure CA handle for you with its built-in authentication and authorization features?

Answer 31

1. Authenticates users/clients
2. manages the authenticated session
3. inject identity info into HTTP request headers

Question 32

What happens when Authen/author feature is enabled in Azure CA?

Answer 32

when the middleware is enabled, every incoming HTTP request passes through the security layer before being handled by your app.

Question 33

What is revision in Azure CA?

Answer 33

Revision is an unchangeable/immutable snapshot of a container app version.

Question 34

How are secrets updated/ deleted in Azure CA?

Answer 34

Updated or deleted secrets doesn’t automatically affect existing revisions in your app. To do it you can:
1. Deploy a new revision
2. Restart an existing revision

Question 35

What’s Azure App Service?

Answer 35

an HTTP-based service (PaaS) for hosting web apps, REST APIs, mobile back ends.
Develop in any languages/framework

Question 36

Benefit with Azure App Service?

Answer 36

1. Built-in auto scale support
2. Continuous integration/deployment support
3. Deployment slots

Question 37

What are the limitations of Azure App Service?

Answer 37

1. App service on Linux are NOT supported on Shared pricing tier
2. The Azure portal shows only features that currently work for Linux apps.
3. Disk latency is higher and variable than latency of the container filesystem.

Question 38

What does the plans in Azure App Service define?

Answer 38

defines a set of compute resources for a web app to run
1. Operating system (Windows, Linux)
2. Region (West US)
3. Number of VM instances
4. Size of VM instances (small, medium, large)
5. Pricing tier

Question 39

What are the different pricing tiers on Azure App Service?

Answer 39

1. Shared compute:
Free, Shared
2. Dedicated compute:
Basic, Standard, Premium, PremiumV2, PremiumV3
3. Isolated:
   Isolated, IsolatedV2

Question 40

What’s the shared compute pricing tier?

Answer 40

Base tier. Runs app on same Azure VM as other App Service apps. Intended to use for dev and testing purposes
Fixed CPU to each app that runs on the shared resources.
Resources can’t scale out

Question 41

What’s the dedicated compute pricing tier?

Answer 41

Run apps on dedicated Azure VMs.
Only apps in same App Service plan share same compute resource.
The higher tier, the more VM instances available for scale-out.

Question 42

What’s the isolated pricing tier?

Answer 42

Run dedicated Azure VMs on dedicated Azure Virtual Networks.
Provides network isolation and compute isolation to your app.
Provides max scale-out capabilities

Question 43

What are the different ways to automatically deploy an App Service?

Answer 43

1. Azure DevOps Services
2. Bitbucket
3. GitHub

Question 44

What are the manual ways to deploy Azure App Service?

Answer 44

1. Git
2. CLI
3. Zip deploy
4. FTP/S

Question 45

What are the inbound features of multi-tenant App Service networking feature?

Answer 45

1. App-assigned address
2. Access restrictions
3. Service endpoints
4. Private endpoints

Question 46

What are the outbound features of multi-tenant App Service networking feature?

Answer 46

1. Hybrid Connections
2. Gateway-required virtual network integration
3. Virtual network integration

Question 47

Which plans host customer workloads on multitenant workers in Azure App Service?

Answer 47

free and shared SKU (stock keeping unit)

Question 48

What are configured in Application settings in web app settings?

Answer 48

Variables passed as environment variables to the app code.
Always encrypted when stored (encrypted-at-rest).

Question 49

What are configured in General settings in web app settings?

Answer 49

1. Stack settings: language & SDK version
2. Platform settings: conf hosting platform (Bitness, WebSocket, Always On, Manage pipeline version, HTTP version)
3. Debugging
4. Incoming client certificates

Question 50

What are the different Application logging types in web apps?

Answer 50

1. Detailed error logging
2. Failed request logging
3. Web server logging
4. Application logging (supported on Linux platform)
5. Deployment logging (supported on Linux platform)

Question 51

Where are Application logging from web apps stored?

Answer 51

All logging types have location App Service file system.

Web server and application logging also has storage Azure Storage.

Question 52

Which application logging from web apps supports on Linux platform?

Answer 52

Application logging and deployment logging.
All logging types support Windows platform.

Question 53

What are the different log levels?

Answer 53

1. Disabled
2. Error - incl. error, critical
3. Warning - incl. warning, error, critical
4. Information - incl. info, warning, error, critical
5. Verbose - incl. trace, debug, info, warning, error, critical

Question 54

What are the different options to add security certificates in App Service?

Answer 54

1. Create a free App Service managed certificate (TLS/SSL server certificate)
2. Purchase an App Service certificate
3. Import from Key Vault
4. Upload a private certificate
5. Upload a public certificate

Question 55

Which plans allow you to create a free App Service managed certificate in App Service?

Answer 55

Azure Service plan Basic, Standard, Premium or Isolated tier.

Question 56

What are the limitations of creating a free Azure Service managed certificate?

Answer 56

1. Doesn’t support wildcard certificates
2. doesn’t support private DNS
3. isn’t exportable

Question 56

When you purchase an App Service certificate what does Azure App Service manage for you?

Answer 56

1. purchase process from certificate provider
2. maintain cert in Azure Key Vault
3. renewal

Question 57

When to isolate your app into a new Azure App service plan?

Answer 57

1. the app is resource intensive
2. you want to scale the app independently from the other apps in the existing plan
3. the app needs resource in a different geographical region

Question 58

When should you auto scale your app?

Answer 58

when there are predictable changes in app load

Question 59

When should you NOT auto scale your app?

Answer 59

1. When app perform resource-intensive processing as part of each req (best to manually scaling up)
2. handling long-term growth

Question 60

What does autoscaling rules describe?

Answer 60

1. specify a metric to monitor
2. how autoscaling should respond when the metrics crosses a threshold.

Question 61

What are the autocale options?

Answer 61

1. based on metrics
2. scale to a specific instance count according to schedule

Question 62

What are the metrics you can use to autoscale?

Answer 62

1. no. HTTP reqs awaiting processing
2. Data in/out
3. CPU Percentage
4. Memory Percentage
5. Disk Queue Length
6. HTTP Queue Length

Question 63

What are the best practices for auto scaling?

Answer 63

1. Max and Min value are different, and adequate margin between them
2. Choose appropriate statistic for your diagnostics metric (Average (common), Minimum, Maximum and Total as a metric to scale by)
3. Choose thresholds carefully for all metric types
4. multiple rules configured

Question 64

What do you have to remember when you have multiple rules configured for auto scaling (both scale out and scale in)?

Answer 64

Scale-out, autoscale runs if any rule is met.
Scale-in, autoscale require all rules to be met

Question 65

What are deployments slots?

Answer 65

live apps w/their own host names

Question 66

What are the benefit of deploying to non-production slot?

Answer 66

1. validate app changes in staging deployment slot before swapping it to prod slot.
2. warmed up all instances of the slot before swapping into production

Question 67

Which Azure App Service plan tier support deployment slots?

Answer 67

Standard (5 deployment slots), Premium (20) or Isolated (20) plans

Question 68

Which settings are swapped when doing slot swapping?

Answer 68

1. General settings (framework version, 32/64-bit, web sockets)
2. App settings (can conf to stick to a slot)
3. Connection strings (can conf to stick to slot)
4. Handler mappings
5. Public certificates
6. WebJobs content
7. Hybrid connections
8. Azure Content Delivery Network
9. Service endpoints
10. Path mappings

Question 69

Which settings are NOT swapped when doing slot swapping?

Answer 69

1. Publishing endpoint
2. Custom domain names
3. Non-public certificates and TLS/SSL settings
4. Scale settings
5. WebJobs schedulers
6. IP restrictions
7. Always On
8. Diagnostic log settings
9. Cross-origin resource sharing
10. Virtual network integration
11. Managed identities
12. Settings that end with the suffix _EXTENSION_VERSION

Question 70

What are the different ways to route traffic?

Answer 70

1. Route production traffic automatically
2. Route production traffic manually
3. Route a portion of traffic to another slot. Useful when u need feedback for a new update, but not ready to release it to prod

Question 71

What’s Azure Functions?

Answer 71

Serverless solution allowing u to write less code, maintain less infrastructure, and save on costs.

Question 72

What are bindings?

Answer 72

ways to simplify coding for input and output data

Question 73

What’s input binding?

Answer 73

The function can READ data from these input sources.
Connect to a data source

Question 74

What’s output binding?

Answer 74

The function can WRITE data to these output destinations.
Connect to a data destination

Question 75

What are the binding properties?

Answer 75

1. Name (refer to in the code)
2. Type
   (the type of data/service interacting with)
3. Direction
   (in/out binding)
4. Connection: Provides the name of an app setting key that contains the connection string. Bindings use connection strings stored in app settings to keep secrets out of the function code.

Question 76

What are the different Azure Functions plans?

Answer 76

1. Consumption: Default hosting plan. scales automatically, pay for compute resource on running functions
2. Premium: Automatically scales based on demand using pre-warmed workers, which run applications with no delay after being idle, runs on more powerful instances, and connects to virtual networks.
3. Dedicated: best for predictive scaling and costs

Question 77

What are the different trigger types in Azure Functions?

Answer 77

1. Timer: execute a func at a set interval
2. HTTP
3. Blob: exc when a file is uploaded/updated in Azure Blob storage
4. Queue: exc when message added to an Azure Storage queue
5. Azure Cosmos DB: exc when a doc changes in a collection
6. Azure SQL: exc when a row changes in a table
7. Event Hub: exc when an event hub receives a new event
8. Event Grid. exc based on Event Grid subscriptions

Question 78

What’s Logic Apps?

Answer 78

Design-first technologies. Code, by creating/editing a workflow in JSON. For people w/ development skills.
Good at integration cause over 200 connectors included (interface to external service)

automate, orchestrate, and integrate disparate components of a distributed application

Question 79

What’s Microsoft Power Automate?

Answer 79

Design-first technologies.
No need of development/ IT Pro experience.
Built on Logic Apps. Intended scenarious: self-service workflow creation. GUI only.
Include testing and production environment.

Question 80

What’s WebJobs?

Answer 80

a feature of Azure App Service that enables you to run a program or script in the same instance as a web app, API app, or mobile app

Question 81

When do you choose WebJobs over Azure Functions?

Answer 81

if you have …
1. existing Azure App Service app and want to model the workflow in the app.
2. specific customizations that u want to make to the JobHost that aren’t supported by Azure Functions
3. want to control your app’s retry policies
4. WebJobs only support C# on Microsoft Windows

Question 82

What does scale up means?

Answer 82

Increase CPU, memory, disk space, extra features.

etc. moving to a higher tier to get access to more features (memory, resources)

Question 83

What’s Deployment center setting?

Answer 83

used to configure continuous deployment and manual deployment

Question 84

Which platform setting should u use when routing a client app to the same instance for the life of the session, when u manage a multi-instance deployment of an Azure App Service Web?

Answer 84

In a multi-instance deployment, the ARR Affinity setting ensures a client application is routed to the same instance for the life of the session

Question 85

What are key prefixes and labels?

Answer 85

Key prefixes are the beginning parts of keys. A set of keys can be grouped by using the same prefix in names. Labels are an attribute on keys. Labels are used to create variants of a key. For example, labels can be assigned to multiple versions of a key.

Question 86

What do you need to do to mount an Azure file share as a volume in a container?

Answer 86

Specify the share and volume mount point when you create the container.

az container create –resource-group learn-deploy-aci-rg –name aci-demo-files –image mcr.microsoft.com/azuredocs/aci-hellofiles –location eastus –ports 80 –ip-address Public –azure-file-volume-account-name $STORAGE_ACCOUNT_NAME –azure-file-volume-account-key $STORAGE_KEY –azure-file-volume-share-name aci-share-demo –azure-file-volume-mount-path /aci/logs/

Question 87

What command to use to display files contained in your file share?

Answer 87

az storage file list

eg. az storage file list -s aci-share-demo -o table

Question 88

What Azure Service app plan do you need to create custom TLS/SSL bindings or enable client certificates for ur App Service app?

Answer 88

Basic, Standard, Premium or Isolated tier.

Question 89

What’s a container registry?

Answer 89

a service that stores and distributes container images and related artifacts. eg, Docker Hub

Question 90

What’s a repository?

Answer 90

a collection of container images/other artifacts in a registry that have the same name but different tags.

For example, the following three images are in the acr-helloworld repository:

acr-helloworld:latest
acr-helloworld:v1
acr-helloworld:v2

tag is like version tag at work when deploy.

Question 91

What’s namespace in repository?

Answer 91

Repository names can include namespaces. Namespace allow u to identify related repositories/artifact ownership in ur organisation by using forward slash-delimited names

Eg
marketing/campaign10-18/web:v2
marketing/campaign10-18/api:v3

Question 92

What are layer in container images?

Answer 92

Container images/artifacts are made up of one or more layers.

For example, in a Docker container image, each layer corresponds to a line in the Dockerfile that defines the image.

NB To provide secure isolation and protection from potential layer manipulation, layers are not shared across registries.

Question 93

What’s a manifest?

Answer 93

Each container image or artifact pushed to a container registry is associated with a manifest. The manifest, generated by the registry when the content is pushed, uniquely identifies the artifacts and specifies the layers. JSON file/format

Question 94

In Azure CLI, which command to list the manifests for a repository?

Answer 94

az acr manifest list-metadata

eg.
az acr manifest list-metadata –name <repositoryName> --registry <acrName></acrName></repositoryName>

Question 95

How many instances can functions of Consumption and Premium plan scale out?

Answer 95

Consumption scale out to 200 instances.

Premium scale out to 100 instances

Setting functionAppScaleLimit to 0 or null means unrestricted

Question 96

What components are required to enable the customer-managed key capability for Azure App Configuration?

Answer 96

1. Standard tier Azure App Configuration instance
2. Azure Key Vault with soft-delete and purge-protection features enabled
3. an RSA or RSA-HSM key within the Key Vault (Key Vault Premium tier)

Question 97

What’s Durable Functions?

Answer 97

an extension of Azure Functions that lets you write stateful functions in a serverless compute environment.

Define stateful workflows by writing orchestrator functions.
Define stateful entities by writing entity functions using the Azure Functions programming model.

Question 98

What’s the primary use case for Durable Functions?

Answer 98

simplifying complex, stateful coordination requirements in serverless applications.

Question 99

What are the typical application patterns that can benefit from Durable Functions?

Answer 99

1. Function chaining
2. Fan-out/fan-in
3. Async HTTP APIs
4. Monitoring
5. Human interaction
6. Aggregator (stateful entities)

Question 100

What’s Function chaining?

Answer 100

an application pattern where a sequence of functions executes in a specific order.

Question 101

What’s fan out/fan in pattern?

Answer 101

The fan-out/fan-in pattern enables multiple functions to be executed in parallel, waiting for all functions to finish. Often, some aggregation work is done on the results that are returned from the functions.

Question 102

What’s the Async HTTP APIs pattern?

Answer 102

This application pattern addresses the problem of coordinating the state of long-running operations with external clients.

Common way to implement this pattern; having an HTTP endpoint trigger the long-running action. Then redirect the client to a status endpoint that the client pulls to learn when the operation is finished.