Certified Administrator

Question 1

What feature gives you command line access to an IaaS VM in the portal?

Answer 1

Serial console

Question 2

What is the earliest Windows Server supported in Azure?

Answer 2

2008 R2 SP1

Question 3

Public and private IP addresses are configured at what level?

Answer 3

vNIC

Question 4

To support WinRM, which TCP port needs an NSG allowance?

Answer 4

5985

Question 5

Availability zones represent high availability at what level?

Answer 5

Datacenter

Question 6

Availability sets represent high availability at what level?

Answer 6

Server

Question 7

What are the 2 kinds of locks that you can apply to a resource group?

Answer 7

DoNotDelete and ReadOnly

Question 8

What are the 3 Azure Storage disk types

Answer 8

OS, Data, Temporary

Question 9

What service needs to be enabled on a vm in order to access the Serial Console?

Answer 9

Boot diagnostics

Question 10

What does AAA stand for in the context of security?

Answer 10

Authentication, Authorization, Accounting

Question 11

What is the difference between a policy and RBAC rules in Azure?

Answer 11

A policy checks resource properties during deployment, RBAC checks user actions for different scopes

Question 12

To support RDP, which TCP port needs an NSG allowance?

Answer 12

3389

Question 13

To support SSH, which TCP port needs an NSG allowance?

Answer 13

22

Question 14

If network isolation is a MUST HAVE when using App Service, what tier must be used?

Answer 14

Isolation tier

Question 15

Which Windows server features can App Services not access?

Answer 15

Registry, Event Logs, Graphics systems

Question 16

What settings are automatically swapped between Deployment Slots in App Services?

Answer 16

General settings, Handler mappings, Monitoring and Diagnostic settings, WebJobs content, Application Settings, and Connection Strings (* can be set to not slot in the Portal)

Question 17

What settings are NOT automatically swapped between Deployment Slots in App Services?

Answer 17

Publishing endpoints, Custom Domains, SSL certs, Service Scale settings, and WebJob schedulers

Question 18

What 4 conditions must be met when uploading a 3rd Party SSL Cert to Azure?

Answer 18

Signed by Trusted Certificate Authority, Password protected .pfx file, Private Key length of at least 2048 bits, Must contain all intermediate Certificates

Question 19

What is the only replication method for Premium disk storage?

Answer 19

Locally Redundant Storage (LRS)

Question 20

What is Azure Site Recovery (ASR)?

Answer 20

A DRaaS (Disaster Recovery as a Service) providing easy failover management for cloud and hybrid-cloud resources

Question 21

What does Storage Service Encryption provide?

Answer 21

Encrypted data at rest, 128 bit AES encryption, and key management by Azure (or self managed in Azure Key Valut)

Question 22

What does Azure Disk Encryption provide?

Answer 22

Bitlocker (Windows) or DM-crypt (Linux) encryption for all OS and DATA disks

Question 23

What is Azure Security Center?

Answer 23

A service provided by Azure with centralized policy management, continuous assessment and actionable recommendations

Question 24

What is JIM VM Access?

Answer 24

Just-in-time VM access: locks down Admin port access (WinRM, RDP, SSH) until requested, then provided time-restricted access to a set of specific IP addresses

Question 25

What tier of Azure Security Center must be used in order to utilize JIM VM Access?

Answer 25

Standard Tier

Question 26

What are the ways a Function App can be triggered?

Answer 26

HTTP request, Timer, Storage Account event, CosmosDB event, Event Grids/Hubs, or Webhooks

Question 27

Should load testing of Service Apps be done in the same Service App Plan as your Production app, but on a different deployment slot?

Answer 27

No - any load tests should be conducted in their own Service App Plan. All deployment slots in a SAP rely on the same infrastructure as the Production slot - any load tests could severely impact the performance of Production, even if done on a different deployment slot

Question 28

tcping simulate ping by using which protocol?

Answer 28

TCP

Question 29

How is an Azure VM on-boarding into the Log Analytics workspace and Network Performance Monitor?

Answer 29

Microsoft Monitoring Agent