Certified Administrator Flashcards
What feature gives you command line access to an IaaS VM in the portal?
Serial console
What is the earliest Windows Server supported in Azure?
2008 R2 SP1
Public and private IP addresses are configured at what level?
vNIC
To support WinRM, which TCP port needs an NSG allowance?
5985
Availability zones represent high availability at what level?
Datacenter
Availability sets represent high availability at what level?
Server
What are the 2 kinds of locks that you can apply to a resource group?
DoNotDelete and ReadOnly
What are the 3 Azure Storage disk types
OS, Data, Temporary
What service needs to be enabled on a vm in order to access the Serial Console?
Boot diagnostics
What does AAA stand for in the context of security?
Authentication, Authorization, Accounting
What is the difference between a policy and RBAC rules in Azure?
A policy checks resource properties during deployment, RBAC checks user actions for different scopes
To support RDP, which TCP port needs an NSG allowance?
3389
To support SSH, which TCP port needs an NSG allowance?
22
If network isolation is a MUST HAVE when using App Service, what tier must be used?
Isolation tier
Which Windows server features can App Services not access?
Registry, Event Logs, Graphics systems
What settings are automatically swapped between Deployment Slots in App Services?
General settings, Handler mappings, Monitoring and Diagnostic settings, WebJobs content, Application Settings, and Connection Strings (* can be set to not slot in the Portal)
What settings are NOT automatically swapped between Deployment Slots in App Services?
Publishing endpoints, Custom Domains, SSL certs, Service Scale settings, and WebJob schedulers
What 4 conditions must be met when uploading a 3rd Party SSL Cert to Azure?
Signed by Trusted Certificate Authority, Password protected .pfx file, Private Key length of at least 2048 bits, Must contain all intermediate Certificates
What is the only replication method for Premium disk storage?
Locally Redundant Storage (LRS)
What is Azure Site Recovery (ASR)?
A DRaaS (Disaster Recovery as a Service) providing easy failover management for cloud and hybrid-cloud resources
What does Storage Service Encryption provide?
Encrypted data at rest, 128 bit AES encryption, and key management by Azure (or self managed in Azure Key Valut)
What does Azure Disk Encryption provide?
Bitlocker (Windows) or DM-crypt (Linux) encryption for all OS and DATA disks
What is Azure Security Center?
A service provided by Azure with centralized policy management, continuous assessment and actionable recommendations
What is JIM VM Access?
Just-in-time VM access: locks down Admin port access (WinRM, RDP, SSH) until requested, then provided time-restricted access to a set of specific IP addresses
What tier of Azure Security Center must be used in order to utilize JIM VM Access?
Standard Tier
What are the ways a Function App can be triggered?
HTTP request, Timer, Storage Account event, CosmosDB event, Event Grids/Hubs, or Webhooks
Should load testing of Service Apps be done in the same Service App Plan as your Production app, but on a different deployment slot?
No - any load tests should be conducted in their own Service App Plan. All deployment slots in a SAP rely on the same infrastructure as the Production slot - any load tests could severely impact the performance of Production, even if done on a different deployment slot
tcping simulate ping by using which protocol?
TCP
How is an Azure VM on-boarding into the Log Analytics workspace and Network Performance Monitor?
Microsoft Monitoring Agent
