Create Azure App Service Web Apps

Question 1

What are the types of App Service apps?

Answer 1

Web Apps, API Apps, and Mobile Apps

Question 2

What’s needed to run an App Service app?

Answer 2

An App Service Plan

Question 3

What does an App Service Plan define?

Answer 3

A set of compute resources

Question 4

Can you run more than one app using an App Service Plan?

Answer 4

Yes

Question 5

Apart from apps, what else can be run using an App Service Plan?

Answer 5

Functions

Question 6

What things does an App Service Plan define?

Answer 6

Region, Number of VM Instances, Size of VM Instances, Pricing Tier

Question 7

What App Service Plan pricing tiers used resource pools shared with other customers?

Answer 7

Free and Shared

Question 8

What App Service Plan pricing tiers use dedicated compute resources, but in non-dedicated virtual networks?

Answer 8

Basic, Standard, Premium, Premium V2, Premium V3

Question 9

For what activities should you use the Free and Shared App Service tiers?

Answer 9

Development and Testing

Question 10

What App Service tier would you use if you wanted to run apps on dedicated compute resource inside dedicated virtual networks?

Answer 10

Isolated

Question 11

What type of apps are supported in the App Service Consumption tier?

Answer 11

Function Apps

Question 12

How many VM instances are used in the Free and Shared App Service tiers?

Answer 12

One

Question 13

On which VM instances does an app run in a service plan?

Answer 13

All of the instances

Question 14

Can you have more than one app in a service plan?

Answer 14

Yes

Question 15

On which VM instances does an app in a deployment slot run?

Answer 15

All of the instances

Question 16

In an App Service Plan, where are diagnostic logging activities, backups and WebJobs run?

Answer 16

The same VM instances as the apps

Question 17

What is the “scale unit” of an App Service app?

Answer 17

The App Service plan

Question 18

If an App Service Plan is configured to run on five VM instances, on how many instances will each app in the plan run?

Answer 18

Each app will run on all five instances

Question 19

If an App Service Plan autoscales due to the demands place on a single app, how does this affect the other apps using the plan?

Answer 19

All of the apps are scaled out in the same way

Question 20

How could you improve the performance of a single App?

Answer 20

You could run the app in its own App Service Plan

Question 21

When should you isolate an app into its own App Service Plan?

Answer 21

When: the app is resource intensive, needs to be scaled differently to other apps, it needs resources located in a different geographical region

Question 22

What types of deployment models does App Service support?

Answer 22

Automated and Manual

Question 23

Does Azure support automated deployment directly from GitHub?

Answer 23

Yes

Question 24

What common repository offers, amongst others, can be used for automatic deployment?

Answer 24

Azure DevOps, GitHub, and BitBucket

Question 25

What options are available for manually deploying Apps?

Answer 25

Git, CLI, ZIP deploy, and FTP/S

Question 26

What CLI command could you use to manually deploy an app?

Answer 26

The webapp up feature of the az CLI. This feature packages an app and deploys it.

Question 27

Can you use the webapp up feature to create a new App Service web app?

Answer 27

Yes. If one doesn’t already exist.

Question 28

What protocol is used when using ZIP deploy.

Answer 28

HTTP/S

Question 29

How does using deployment slots eliminate downtime?

Answer 29

The swap operation warms up worker instances to match production scale.

Question 30

What’s the easiest way to add authentication to web apps, APIs, mobile back-ends, and functions?

Answer 30

By using the App Service built-in authentication and authorization support

Question 31

Does Azure App Service allow you to integrate auth. capabilities without you implementing them yourself?

Answer 31

Yes

Question 32

What third-party is used to manage user identities and the authentication flow?

Answer 32

App Service used third-party identity providers

Question 33

What’s the sign-in endpoint for Microsoft Identity Platform?

Answer 33

/.auth/login/add

Question 34

Where does the built-in authentication and authorization module run?

Answer 34

In the same sandbox as your application code

Question 35

What does the built-in auth. module handle?

Answer 35

• Authenticates users with the specified provider
• Validates, stores, and refreshes tokens
• Manages the authenticated session
• Injects identity information into request headers

Question 36

How is the built-in auth. module configured?

Answer 36

Using app settings

Question 37

What changes to your code are required to use the built-in auth. module?

Answer 37

None

Question 38

For Linux and containers, where does the built-in auth. module run?

Answer 38

A separate container, isolated from your application code.

Question 39

In what type of environment would you use Server-Directed Flow or Server Flow?

Answer 39

Typically in a browser app. The application delegates the sign-in to App Service.

The browser can the present the provider’s login page to the user.

Question 40

In what type of environment would you use Client-Directed Flow or Client Flow?

Answer 40

In a browser-less app, such as a mobile app, REST APIs, Azure Functions, and JavaScript browser apps.

The application signs into the provide manually and submits the authentication token to App Service for validation.

Question 41

Does this table show the authentication steps for Server-Directed and Client-Directed flows?

Answer 41

Yes

Question 42

What are the two behaviours supported for non-authenticated requests received by the built-in auth. module?

Answer 42

Allow Unauthenticated Requests - defers authorization to the application code. For authenticated requests, authentication information is included in the request headers.

Require Authentication - Rejects all unauthenticated traffic to your application.

Question 43

What actions are available when rejecting unauthenticated requests using the built-in auth. module?

Answer 43

• Redirect to one of the configured identity providers
• Return a HTTP 401 Unauthorized response to native mobile apps
• Return a HTTP 401 Unauthorized or HTTP 403 Forbidden response for all requests

Question 44

By default, are apps hosted in an App Service accessible over the Internet?

Answer 44

Yes

Question 45

By default, can apps hosted in an App Service reach non-public endpoints in Azure?

Answer 45

No

Question 46

What are the two main deployment types for an App Service?

Answer 46

Multi-tenant (public service hosts) and Single-Tenant - isolated in an App Service Environment (ASE)

Question 47

Azure App Service is a distributed system. What are the roles handling incoming HTTP/S requests called?

Answer 47

Front Ends

Question 48

In Azure App Service, what are the roles that handle the customer workload called?

Answer 48

Workers

Question 49

In what type of network do the roles in an App Service deployment exist in?

Answer 49

Multi-tenant

Question 50

Why can’t you connect a multi-tenant App Service to your virtual network?

Answer 50

Because there are multiple tenants (Azure customers) in the same App Service scale unit

Question 51

What features can be used to handle requests (inbound) to an app on a multi-tenant App Service?

Answer 51

• App Assigned Address
• Access Restrictions
• Service Endpoints
• Private Endpoints

Question 52

What features can be used to make requests (outbound) from an app on a multi-tenant App Service?

Answer 52

• Hybrid Connections
• Gateway-Required Virtual Network Integration
• Virtual Network Integration

Question 53

What feature would you use to support IP-based SSL access to your App Service app?

Answer 53

App-Assigned Address

Question 54

What feature would you use to support an unshared dedicated inbound address to your App Service app?

Answer 54

App-Assigned Address

Question 55

What feature would you use to restrict access to your App Service app to a set of well-defined addresses?

Answer 55

Access Restrictions

Question 56

Are the workers in the Free and Shared App Service Plans multi-tenant?

Answer 56

Yes

Question 57

Are the workers in the Basic and higher App Service Plans multi-tenant?

Answer 57

No, they are dedicated to only one App Service Plan

Question 58

Do workers in the Free, Shared, Basic, Standard, and Premium tiers all use the same VM type?

Answer 58

Yes

Question 59

Do workers in the Premium V2 tier and the Premium V3 tier use different VM types from each other and the other tiers?

Answer 59

Yes

Question 60

Does your outbound IP address change if you change between (Free, Shared, Basic, Standard, Premium), Premium V2, and Premium V3 tiers?

Answer 60

Yes.

Question 61

What app property in the Azure Portal shows the current outbound addresses your app might use in a scale unit?

Answer 61

Outbound IP Addresses

Question 62

What is a scale unit?

Answer 62

A scale unit is a group of servers dedicated to a specific role, such as running App Services

Question 63

What bash command could you use to list the possible outbound IP addresses of an App Service app?

Answer 63

az webapp show \
    --resource-group <group_name> \ 
    --name <app_name> \ 
    --query possibleOutboundIpAddresses \
    --output tsv

Question 64

In App Service, what mechanism is used to pass app settings to the application code?

Answer 64

Environment Variables

Question 65

In App Service Linux and Custom Container Apps, what flag is used to pass variables to the container?

Answer 65

--env

Question 66

How are App settings protected when they are stored?

Answer 66

They are encrypted

Question 67

Can you make an application setting dependent on its deployment slot (swappable) or fixed for all deployments?

Answer 67

Yes

Question 68

What character sequence should replace : as a separator in setting names for default, or custom Linux container Apps?

Answer 68

\_\_ (double underscore)

Question 69

For ASP.NET and ASP.NET Core apps, do the values set in the App Service override the ones in Web.Config?

Answer 69

Yes

Question 70

For non ASP.NET/Core stacks, when would you use connection strings instead of app settings?

Answer 70

When the you want the Azure database to be backed up with the app. If the connection string is not set, the database is not automatically backed-up with the app.

Question 71

Where would set the language and SDK versions used by an App Service app?

Answer 71

In Configuration - General - Stack Settings. For Linux apps and container apps, you can optionally set a start-up command or file.

Question 72

What App Service app protocol would you enable to support ASP.NET SignalR or socket.io?

Answer 72

WebSocket protocol

Question 73

When would enable the Always On setting for an App Service app?

Answer 73

When you want the app to be immediately available, or when a WebJob is continuously required or is triggered using a CRON expression

Question 74

What’s the default value for the App Service app setting Always On?

Answer 74

Disabled

Question 75

For App Service apps, when would you set the Managed Pipeline Version to Classic?

Answer 75

When you have a legacy app that requires an older version of IIS

Question 76

For App Service apps, what setting would you change to enable HTTPS/2?

Answer 76

The HTTP Version. You would set its value to 2.0

Question 77

In App Service apps, what does the ARR affinity setting do?

Answer 77

For multi-instance deployments, it ensures that the client is routed to the same instance for the lifetime of the session. If the application is stateless, it’s advisable to set the setting to Off

Question 78

In App Service apps, what type of apps can be remotely debugged?

Answer 78

ASP.NET, ASP.NET Core and Node.js apps. Remote debugging is automatically turned off after 48 hours

Question 79

How can you make sure a client is authenticated using the App Service app settings?

Answer 79

By requiring incoming client certificates

Question 80

By what does the configuration for Path Mappings changes in an App Service app?

Answer 80

Operation System type

Question 81

How would add custom script processors for App Service Windows apps?

Answer 81

You would add a new handler, specifying the file extension, the absolute path of the script processor, and optional command-line arguments.

Question 82

Can you add custom storage for App Service containerized apps?

Answer 82

Yes. This includes all Linux apps, and custom Windows and Linux containers.

You can add storage mounts. You can mount Azure Blobs and Azure Files. Windows container apps support only Azure Files. You can choose the path where to mount the custom storage.

Question 83

What platforms support Application Logging?

Answer 83

Windows and Linux

Question 84

Where can application logs be written to?

Answer 84

App Service file systems and Azure Storage blobs

Question 85

What are the six levels an application log message can have?

Answer 85

Critical, Error, Warning, Info, Debug, and Trace

Question 86

What platform supports Web server logging?

Answer 86

Windows

Question 87

Where can web server logs be written?

Answer 87

App Service file system and Azure Storage Blobs

Question 88

Describe the format of a web server log message

Answer 88

These logs contain raw HTTP request data in W3C extended log file format.

Each message includes data like the HTTP method, resource URI, client IP, client port, user agent, response code, etc.

Question 89

What platform supports Detailed Error Logging?

Answer 89

Windows

Question 90

Where are Detail Error logs written?

Answer 90

App Service file system

Question 91

Describe the format of Detailed Error logs.

Answer 91

They are copies of the .html error pages that would have been sent to the client. For security reasons, you would not send such copies to clients in production.

Question 92

What platform supports Failed Request Tracing?

Answer 92

Windows

Question 93

Where are Failed Request traces sent to?

Answer 93

App Service File System

Question 94

Describe the content of Failed Request traces.

Answer 94

A trace includes the IIS components used to process the request and the time taken in each component. A folder is generated for each request which contains the XML log file and the XSL stylesheet to view it.

Question 95

What platforms support Deployment Logging?

Answer 95

Windows and Linux

Question 96

Where are Deployment logs written?

Answer 96

App Service file system

Question 97

How do you configure deployment logging?

Answer 97

You can’t. It happens automatically and there are no configurable settings

Question 98

Where can application logs in Windows be written?

Answer 98

To the local filesystem or a Blob

Question 99

Where can application logs in Linux and Container apps be written?

Answer 99

To the local file system

Question 100

How long does local filesystem application logging stay enabled for Windows applications?

Answer 100

12 hours

Question 101

How can you configure application logging for Linux and Container apps?

Answer 101

You can configure the disk quota (in MB) and the retention period (in days).

Question 102

What levels of details can be configured for application logging in Window apps?

Answer 102

• Disabled
• Error (Error, Critical)
• Warning (Warning, Error, Critical)
• Information (Info, Warning, Error, Critical)
• Verbose (Trace, Debug, Info, Warning, Error, Critical)

Question 103

How can you configure Web Server logging?

Answer 103

You can configure whether logs are written to the local filesystem or Blob storage. You can set the retention period (in days).

Question 104

The content of which files are streamed in real-time?

Answer 104

Files ending with .txt, .log, .htm stored in /LogFiles are streamed by App Service

Question 105

Why do the contents of the log stream sometimes appear out of order?

Answer 105

Some types of loggers use a buffer when writing to the log file

Question 106

What command can be used to stream log live to a shell?

Answer 106

az webapp log tail --name appname --resource-group myResourceGroup

Question 107

What is the deployment unit bound to an App Service Plan’s resource group and region combination called?

Answer 107

A webspace

Question 108

Where are uploaded app certificates stored?

Answer 108

A webspace

Question 109

What options are available for adding a certificate to an App Service app?

Answer 109

• Create a free App Service managed certificate
• Purchase an App Service certificate
• Import a certificate from Key Vault
• Upload a private certificate from a third-party
• Upload a public certificate

Question 110

Can you use an uploaded public certificate to secure custom domains?

Answer 110

No, but they can be used by app code to access remote resources

Question 111

What are the requirements for using a private certificate?

Answer 111

• The certificate must be exported using 3DES as a password-protected PFX file
• The private key must be at least 2048 bits
• The certificate contains all intermediate certificates
• Contain Server Authentication in the Extended Key Usage
• Signed by a trusted CA

Question 112

In what service tiers can you create a free managed certificate?

Answer 112

Basic, Standard, Premium, or Isolated

Question 113

Are free managed certificates renewed continuously?

Answer 113

Yes. In six-month increments, 45 days before expiration

Question 114

What are the limitations on free managed certificates?

Answer 114

• No wildcard support
• Does not support use as a client certificate
• Is not exportable
• Is not supported in ASE
• Is not supported with root domains in Traffic Manager
• If the certificate is for a CNAME-mapped domain, the CNAME must map directly to: appname.azurewebsites.net

Question 115

What tasks are managed for you if you purchase an App Service Certification from Azure?

Answer 115

• The purchase process from GoDaddy
• Domain verification of the certificate
• Maintenance of the certificate in Azure Key Vault
• Certificate renewal
• Synchronization with imported copies of the certificate in App Service apps

Question 116

What does Feature Management do?

Answer 116

It decouples feature release from code deployment

Question 117

What is a Feature Flag?

Answer 117

A binary option with an associated code block. The flag value determines if the code runs or not

Question 118

What is a Feature Manager?

Answer 118

An application package that handles the lifecycle of all feature flags. It often provides caching and update functionality.

Question 119

What is a feature management filter?

Answer 119

It is a rule for evaluating the state of a feature flag. The evaluation may change depending on the device, browser type, geographic location and time window, for example.

Question 120

What are the two components required for effective feature management?

Answer 120

• An application that uses feature flags
• A repository that stores feature flags and their current states

Question 121

What are the two parts of a Feature Flag declaration?

Answer 121

The name and list of filters used to determine if the flag is set.

Question 122

What happens when a feature flag has multiple filters?

Answer 122

The filter list is traversed in order until one of the filters determine the flag is set.

Question 123

What’s an example configuration source (appsettings.json) that uses feature flags?

Answer 123

"FeatureManagement": {
    "FeatureA": true, // Feature flag set to on
    "FeatureB": false, // Feature flag set to off
    "FeatureC": {
        "EnabledFor": [
            {
                "Name": "Percentage",
                "Parameters": {
                    "Value": 50
                }
            }
        ]
    }
}

Question 124

Can Azure App Configuration be used as a feature flag repository?

Answer 124

Yes. You can use App Configuration libraries for various language frameworks to access the flags from your application code.

Question 125

Under what conditions can autoscaling be triggered?

Answer 125

According to a schedule or when resources requirements change (CPU utilization, memory occupancy, velocity of requests, length of disk queue)

Question 126

What does Azure App Service monitor to determine whether additional resources are required?

Answer 126

The resource metrics of a web app it runs.

Question 127

Does autoscaling using scaling up/down or scaling out/in?

Answer 127

Scaling out/in

Question 128

How should you configure your autoscaling rules to manage a DDoS?

Answer 128

You shouldn’t. You will be unable to scale sufficiently and it will be expensive to do so. It is advisable to use something to filter the requests of an attack beforehand.

Question 129

When should you consider autoscaling?

Answer 129

When the workload is difficult to predict in advance.

Question 130

What does autoscaling do for availability and fault tolerance?

Answer 130

It can improve them.

Question 131

It is better to autoscale if your web app performs resource-intensive processing per request, or scale-up?

Answer 131

Scaling up would probably be a better approach. Particularly intensive requests could exhaust all processing and memory capacitance of an instance.

Question 132

Is auto-scaling a good approach for handling long-term growth?

Answer 132

No. If you can anticipate the rate of growth, manually scaling over time may be more cost effective. Autoscaling has an overhead around monitory and determining when to trigger a scaling event.

Question 133

What’s the problem with only have a few instances of a service most of the time?

Answer 133

The service is susceptible to down-time. There may not be enough capacity while other instances spin-up.

Question 134

New instances defined by what are started when a web app scales out?

Answer 134

The app’s App Service Plan

Question 135

How is runaway autoscaling prevented?

Answer 135

An App Service Plan has an instance limit.

Question 136

What two options are provided for autoscaling?

Answer 136

• Scale based on a metric, such as the number of waiting HTTP requests
• Scale to a specific instance count according to a schedule

Question 137

What metrics can be used in autoscale rules?

Answer 137

• CPU Percentage
• Memory Percentage
• Disk Queue Length
• HTTP Queue Length
• Data In
• Data Out

You can also use metrics from other services.

Question 138

What is the first step in analyzing trends for autoscaling?

Answer 138

The values retrieved for a metric for all instances across a period of time (time grain) are aggregated.

Question 139

What is the aggregated value of a metric called?

Answer 139

A time aggregation

Question 140

What aggregation options are available for metrics?

Answer 140

Average, Minimum, Maximum, Total, Last, and Count

Question 141

What is the second step in analyzing trends for autoscaling?

Answer 141

A further aggregation of the time aggegration values over a longer, user-specified period, know as a Duration.

Question 142

Can an autoscale action only increment or decrement the number of instances?

Answer 142

No. An action can scale the number of instances to a specific value.

Question 143

How are multiple autoscaling actions prevented while the system stabilizes?

Answer 143

Each autoscale action has a cool down period (minutes). During the period, the action will not be fired again. The default cool down period is 5 minutes.

Question 144

Can an autoscale condition contain more than one rule?

Answer 144

Yes

Question 145

How many autoscale rules need to be met before a scale-out action is performed?

Answer 145

Only one

Question 146

How many autoscale rules need to be met before a scale-in action is performed?

Answer 146

All of them

Question 147

Is it a good autoscaling practice to: ensure the maximum and minimum instance values are different and have an adequate margin?

Answer 147

Yes

Question 148

Is it a good autoscaling practice to: choose the appropriate statistic for your diagnostic metric?

Answer 148

Yes.

Question 149

Is it a good autoscaling practice to: carefully choose thresholds for all metric types?

Answer 149

Yes. For example, the same or similar threshold values for scaling in and out can lead to “flapping” where the auto-scaling is continuous and the system does not stablilize

Question 150

Is it a good autoscaling practice to: always select a safe default instance count?

Answer 150

Yes. The default will be used if metrics aren’t available.

Question 151

Is it a good autoscaling practice to: configure autoscale notifications?

Answer 151

Yes. You can use the Activity Log alert to monitor the health of the autoscale engine.

Question 152

Are Deployment Slots live apps with their own host name?

Answer 152

Yes

Question 153

What plans support Deployment Slots?

Answer 153

Standard, Premium, and Isolated

Question 154

What are the advantages of deploying your application to a non-production slot?

Answer 154

• You can validate changes before swapping deployment to the production slot
• You can ensure all the instances of the slot are warmed-up before swapping into production. Traffic redirection is seamless
• You call quickly roll-back by swapping the production and non-productions again

Question 155

Is there an additional charge for using deployment slots?

Answer 155

No

Question 156

What content is available when you create a new deployment slot?

Answer 156

None. Even if you clone the settings from another slot.

Question 157

What App Service Plan supports only Manual Scaling?

Answer 157

Basic

Question 158

What Azure Service actually handles Autoscaling?

Answer 158

Azure Monitor

Question 159

What Azure CLI command would you use to deploy a web-app to a deployment slot using the content of a source-control repository?

Answer 159

az webapp deployment source

Question 160

What settings do you need to set to enable auto-swap using Deployment Slots?

Answer 160

• Auto Swap Deployment Slot (typically Production)
• Auto Swap (typically on the Staging or equivalent slot)

Question 161

What’s the purpose of a custom warm-up?

Answer 161

It allows your app to before custom initialization before it’s ready and verify it can service requests before swapping.

Question 162

How do you configure Web App custom initialization (for swapping) on IIS only?

Answer 162

Set the applicationInitialization setting in the web.config file

Question 163

How would you config Web App custom initialization (for swapping) regardless of the web server type?

Answer 163

Set WEBSITE_SWAP_WARMUP_PING_PATH (path to call) and _PING_STATUSES (valid statuses comma-sep) in Application Settings