Create Azure App Service Web Apps Flashcards
1
Q
What are the types of App Service apps?
A
Web Apps, API Apps, and Mobile Apps
2
Q
What’s needed to run an App Service app?
A
An App Service Plan
3
Q
What does an App Service Plan define?
A
A set of compute resources
4
Q
Can you run more than one app using an App Service Plan?
A
Yes
5
Q
Apart from apps, what else can be run using an App Service Plan?
A
Functions
6
Q
What things does an App Service Plan define?
A
Region, Number of VM Instances, Size of VM Instances, Pricing Tier
7
Q
What App Service Plan pricing tiers used resource pools shared with other customers?
A
Free and Shared
8
Q
What App Service Plan pricing tiers use dedicated compute resources, but in non-dedicated virtual networks?
A
Basic, Standard, Premium, Premium V2, Premium V3
9
Q
For what activities should you use the Free and Shared App Service tiers?
A
Development and Testing
10
Q
What App Service tier would you use if you wanted to run apps on dedicated compute resource inside dedicated virtual networks?
A
Isolated
11
Q
What type of apps are supported in the App Service Consumption tier?
A
Function Apps
12
Q
How many VM instances are used in the Free and Shared App Service tiers?
A
One
13
Q
On which VM instances does an app run in a service plan?
A
All of the instances
14
Q
Can you have more than one app in a service plan?
A
Yes
15
Q
On which VM instances does an app in a deployment slot run?
A
All of the instances
16
Q
In an App Service Plan, where are diagnostic logging activities, backups and WebJobs run?
A
The same VM instances as the apps
17
Q
What is the “scale unit” of an App Service app?
A
The App Service plan
18
Q
If an App Service Plan is configured to run on five VM instances, on how many instances will each app in the plan run?
A
Each app will run on all five instances
19
Q
If an App Service Plan autoscales due to the demands place on a single app, how does this affect the other apps using the plan?
A
All of the apps are scaled out in the same way
20
Q
How could you improve the performance of a single App?
A
You could run the app in its own App Service Plan
21
Q
When should you isolate an app into its own App Service Plan?
A
When: the app is resource intensive, needs to be scaled differently to other apps, it needs resources located in a different geographical region
22
Q
What types of deployment models does App Service support?
A
Automated and Manual
23
Q
Does Azure support automated deployment directly from GitHub?
A
Yes
24
Q
What common repository offers, amongst others, can be used for automatic deployment?
A
Azure DevOps, GitHub, and BitBucket
25
What options are available for manually deploying Apps?
Git, CLI, ZIP deploy, and FTP/S
26
What CLI command could you use to manually deploy an app?
The `webapp up` feature of the `az` CLI. This feature packages an app and deploys it.
27
Can you use the `webapp up` feature to create a new App Service web app?
Yes. If one doesn't already exist.
28
What protocol is used when using ZIP deploy.
HTTP/S
29
How does using deployment slots eliminate downtime?
The swap operation warms up worker instances to match production scale.
30
What's the easiest way to add authentication to web apps, APIs, mobile back-ends, and functions?
By using the App Service built-in authentication and authorization support
31
Does Azure App Service allow you to integrate auth. capabilities without you implementing them yourself?
Yes
32
What third-party is used to manage user identities and the authentication flow?
App Service used third-party identity providers
33
What's the sign-in endpoint for Microsoft Identity Platform?
`/.auth/login/add`
34
Where does the built-in authentication and authorization module run?
In the same sandbox as your application code
35
What does the built-in auth. module handle?
- Authenticates users with the specified provider
- Validates, stores, and refreshes tokens
- Manages the authenticated session
- Injects identity information into request headers
36
How is the built-in auth. module configured?
Using app settings
37
What changes to your code are required to use the built-in auth. module?
None
38
For Linux and containers, where does the built-in auth. module run?
A separate container, isolated from your application code.
39
In what type of environment would you use Server-Directed Flow or Server Flow?
Typically in a browser app. The application delegates the sign-in to App Service.
The browser can the present the provider's login page to the user.
40
In what type of environment would you use Client-Directed Flow or Client Flow?
In a browser-less app, such as a mobile app, REST APIs, Azure Functions, and JavaScript browser apps.
The application signs into the provide manually and submits the authentication token to App Service for validation.
41
Does this table show the authentication steps for Server-Directed and Client-Directed flows?
Yes
42
What are the two behaviours supported for non-authenticated requests received by the built-in auth. module?
Allow Unauthenticated Requests - defers authorization to the application code. For authenticated requests, authentication information is included in the request headers.
Require Authentication - Rejects all unauthenticated traffic to your application.
43
What actions are available when rejecting unauthenticated requests using the built-in auth. module?
- Redirect to one of the configured identity providers
- Return a HTTP 401 Unauthorized response to native mobile apps
- Return a HTTP 401 Unauthorized or HTTP 403 Forbidden response for all requests
44
By default, are apps hosted in an App Service accessible over the Internet?
Yes
45
By default, can apps hosted in an App Service reach non-public endpoints in Azure?
No
46
What are the two main deployment types for an App Service?
Multi-tenant (public service hosts) and Single-Tenant - isolated in an App Service Environment (ASE)
47
Azure App Service is a distributed system. What are the roles handling incoming HTTP/S requests called?
Front Ends
48
In Azure App Service, what are the roles that handle the customer workload called?
Workers
49
In what type of network do the roles in an App Service deployment exist in?
Multi-tenant
50
Why can't you connect a multi-tenant App Service to your virtual network?
Because there are multiple tenants (Azure customers) in the same App Service scale unit
51
What features can be used to handle requests (inbound) to an app on a multi-tenant App Service?
- App Assigned Address
- Access Restrictions
- Service Endpoints
- Private Endpoints
52
What features can be used to make requests (outbound) from an app on a multi-tenant App Service?
- Hybrid Connections
- Gateway-Required Virtual Network Integration
- Virtual Network Integration
53
What feature would you use to support IP-based SSL access to your App Service app?
App-Assigned Address
54
What feature would you use to support an unshared dedicated inbound address to your App Service app?
App-Assigned Address
55
What feature would you use to restrict access to your App Service app to a set of well-defined addresses?
Access Restrictions
56
Are the _workers_ in the Free and Shared App Service Plans multi-tenant?
Yes
57
Are the _workers_ in the Basic and higher App Service Plans multi-tenant?
No, they are dedicated to only one App Service Plan
58
Do workers in the Free, Shared, Basic, Standard, and Premium tiers all use the same VM type?
Yes
59
Do workers in the Premium V2 tier and the Premium V3 tier use different VM types from each other and the other tiers?
Yes
60
Does your outbound IP address change if you change between (Free, Shared, Basic, Standard, Premium), Premium V2, and Premium V3 tiers?
Yes.
61
What app property in the Azure Portal shows the current outbound addresses your app might use in a scale unit?
`Outbound IP Addresses`
62
What is a scale unit?
A scale unit is a group of servers dedicated to a specific role, such as running App Services
63
What bash command could you use to list the possible outbound IP addresses of an App Service app?
```
az webapp show \
--resource-group \
--name \
--query possibleOutboundIpAddresses \
--output tsv
```
64
In App Service, what mechanism is used to pass app settings to the application code?
Environment Variables
65
In App Service Linux and Custom Container Apps, what flag is used to pass variables to the container?
`--env`
66
How are App settings protected when they are stored?
They are encrypted
67
Can you make an application setting dependent on its deployment slot (swappable) or fixed for all deployments?
Yes
68
What character sequence should replace `:` as a separator in setting names for default, or custom Linux container Apps?
`__` (double underscore)
69
For ASP.NET and ASP.NET Core apps, do the values set in the App Service override the ones in _Web.Config_?
Yes
70
For non ASP.NET/Core stacks, when would you use connection strings instead of app settings?
When the you want the Azure database to be backed up with the app. If the connection string is not set, the database is not automatically backed-up with the app.
71
Where would set the language and SDK versions used by an App Service app?
In *Configuration - General - Stack Settings*. For Linux apps and container apps, you can optionally set a start-up command or file.
72
What App Service app protocol would you enable to support ASP.NET SignalR or socket.io?
WebSocket protocol
73
When would enable the Always On setting for an App Service app?
When you want the app to be immediately available, or when a WebJob is continuously required or is triggered using a CRON expression
74
What's the default value for the App Service app setting *Always On*?
Disabled
75
For App Service apps, when would you set the Managed Pipeline Version to Classic?
When you have a legacy app that requires an older version of IIS
76
For App Service apps, what setting would you change to enable HTTPS/2?
The HTTP Version. You would set its value to `2.0`
77
In App Service apps, what does the ARR affinity setting do?
For multi-instance deployments, it ensures that the client is routed to the same instance for the lifetime of the session. If the application is stateless, it's advisable to set the setting to `Off`
78
In App Service apps, what type of apps can be remotely debugged?
ASP.NET, ASP.NET Core and Node.js apps. Remote debugging is automatically turned off after 48 hours
79
How can you make sure a client is authenticated using the App Service app settings?
By requiring incoming client certificates
80
By what does the configuration for Path Mappings changes in an App Service app?
Operation System type
81
How would add custom script processors for App Service Windows apps?
You would add a new handler, specifying the file extension, the absolute path of the script processor, and optional command-line arguments.
82
Can you add custom storage for App Service containerized apps?
Yes. This includes all Linux apps, and custom Windows and Linux containers.
You can add storage mounts. You can mount Azure Blobs and Azure Files. Windows container apps support only Azure Files. You can choose the path where to mount the custom storage.
83
What platforms support Application Logging?
Windows and Linux
84
Where can application logs be written to?
App Service file systems and Azure Storage blobs
85
What are the six levels an application log message can have?
Critical, Error, Warning, Info, Debug, and Trace
86
What platform supports Web server logging?
Windows
87
Where can web server logs be written?
App Service file system and Azure Storage Blobs
88
Describe the format of a web server log message
These logs contain raw HTTP request data in W3C extended log file format.
Each message includes data like the HTTP method, resource URI, client IP, client port, user agent, response code, etc.
89
What platform supports Detailed Error Logging?
Windows
90
Where are Detail Error logs written?
App Service file system
91
Describe the format of Detailed Error logs.
They are copies of the .html error pages that would have been sent to the client. For security reasons, you would not send such copies to clients in production.
92
What platform supports Failed Request Tracing?
Windows
93
Where are Failed Request traces sent to?
App Service File System
94
Describe the content of Failed Request traces.
A trace includes the IIS components used to process the request and the time taken in each component. A folder is generated for each request which contains the XML log file and the XSL stylesheet to view it.
95
What platforms support Deployment Logging?
Windows and Linux
96
Where are Deployment logs written?
App Service file system
97
How do you configure deployment logging?
You can't. It happens automatically and there are no configurable settings
98
Where can application logs in Windows be written?
To the local filesystem or a Blob
99
Where can application logs in Linux and Container apps be written?
To the local file system
100
How long does local filesystem application logging stay enabled for Windows applications?
12 hours
101
How can you configure application logging for Linux and Container apps?
You can configure the disk quota (in MB) and the retention period (in days).
102
What levels of details can be configured for application logging in Window apps?
- Disabled
- Error (Error, Critical)
- Warning (Warning, Error, Critical)
- Information (Info, Warning, Error, Critical)
- Verbose (Trace, Debug, Info, Warning, Error, Critical)
103
How can you configure Web Server logging?
You can configure whether logs are written to the local filesystem or Blob storage. You can set the retention period (in days).
104
The content of which files are streamed in real-time?
Files ending with .txt, .log, .htm stored in /LogFiles are streamed by App Service
105
Why do the contents of the log stream sometimes appear out of order?
Some types of loggers use a buffer when writing to the log file
106
What command can be used to stream log live to a shell?
`az webapp log tail --name appname --resource-group myResourceGroup`
107
What is the deployment unit bound to an App Service Plan's resource group and region combination called?
A webspace
108
Where are uploaded app certificates stored?
A webspace
109
What options are available for adding a certificate to an App Service app?
- Create a free App Service managed certificate
- Purchase an App Service certificate
- Import a certificate from Key Vault
- Upload a private certificate from a third-party
- Upload a public certificate
110
Can you use an uploaded public certificate to secure custom domains?
No, but they can be used by app code to access remote resources
111
What are the requirements for using a private certificate?
- The certificate must be exported using 3DES as a password-protected PFX file
- The private key must be at least 2048 bits
- The certificate contains all intermediate certificates
- Contain Server Authentication in the Extended Key Usage
- Signed by a trusted CA
112
In what service tiers can you create a free managed certificate?
Basic, Standard, Premium, or Isolated
113
Are free managed certificates renewed continuously?
Yes. In six-month increments, 45 days before expiration
114
What are the limitations on free managed certificates?
- No wildcard support
- Does not support use as a client certificate
- Is not exportable
- Is not supported in ASE
- Is not supported with root domains in Traffic Manager
- If the certificate is for a CNAME-mapped domain, the CNAME must map directly to: `appname.azurewebsites.net`
115
What tasks are managed for you if you purchase an App Service Certification from Azure?
- The purchase process from GoDaddy
- Domain verification of the certificate
- Maintenance of the certificate in Azure Key Vault
- Certificate renewal
- Synchronization with imported copies of the certificate in App Service apps
116
What does Feature Management do?
It decouples feature release from code deployment
117
What is a Feature Flag?
A binary option with an associated code block. The flag value determines if the code runs or not
118
What is a Feature Manager?
An application package that handles the lifecycle of all feature flags. It often provides caching and update functionality.
119
What is a feature management filter?
It is a rule for evaluating the state of a feature flag. The evaluation may change depending on the device, browser type, geographic location and time window, for example.
120
What are the two components required for effective feature management?
- An application that uses feature flags
- A repository that stores feature flags and their current states
121
What are the two parts of a Feature Flag declaration?
The name and list of filters used to determine if the flag is set.
122
What happens when a feature flag has multiple filters?
The filter list is traversed in order until one of the filters determine the flag is set.
123
What's an example configuration source (appsettings.json) that uses feature flags?
```
"FeatureManagement": {
"FeatureA": true, // Feature flag set to on
"FeatureB": false, // Feature flag set to off
"FeatureC": {
"EnabledFor": [
{
"Name": "Percentage",
"Parameters": {
"Value": 50
}
}
]
}
}
```
124
Can Azure App Configuration be used as a feature flag repository?
Yes. You can use App Configuration libraries for various language frameworks to access the flags from your application code.
125
Under what conditions can autoscaling be triggered?
According to a schedule or when resources requirements change (CPU utilization, memory occupancy, velocity of requests, length of disk queue)
126
What does Azure App Service monitor to determine whether additional resources are required?
The resource metrics of a web app it runs.
127
Does autoscaling using scaling up/down or scaling out/in?
Scaling out/in
128
How should you configure your autoscaling rules to manage a DDoS?
You shouldn't. You will be unable to scale sufficiently and it will be expensive to do so. It is advisable to use something to filter the requests of an attack beforehand.
129
When should you consider autoscaling?
When the workload is difficult to predict in advance.
130
What does autoscaling do for availability and fault tolerance?
It can improve them.
131
It is better to autoscale if your web app performs resource-intensive processing per request, or scale-up?
Scaling up would probably be a better approach. Particularly intensive requests could exhaust all processing and memory capacitance of an instance.
132
Is auto-scaling a good approach for handling long-term growth?
No. If you can anticipate the rate of growth, manually scaling over time may be more cost effective. Autoscaling has an overhead around monitory and determining when to trigger a scaling event.
133
What's the problem with only have a few instances of a service most of the time?
The service is susceptible to down-time. There may not be enough capacity while other instances spin-up.
134
New instances defined by what are started when a web app scales out?
The app's App Service Plan
135
How is runaway autoscaling prevented?
An App Service Plan has an instance limit.
136
What two options are provided for autoscaling?
- Scale based on a metric, such as the number of waiting HTTP requests
- Scale to a specific instance count according to a schedule
137
What metrics can be used in autoscale rules?
- CPU Percentage
- Memory Percentage
- Disk Queue Length
- HTTP Queue Length
- Data In
- Data Out
You can also use metrics from other services.
138
What is the first step in analyzing trends for autoscaling?
The values retrieved for a metric for all instances across a period of time (time grain) are aggregated.
139
What is the aggregated value of a metric called?
A time aggregation
140
What aggregation options are available for metrics?
Average, Minimum, Maximum, Total, Last, and Count
141
What is the second step in analyzing trends for autoscaling?
A further aggregation of the time aggegration values over a longer, user-specified period, know as a Duration.
142
Can an autoscale action only increment or decrement the number of instances?
No. An action can scale the number of instances to a specific value.
143
How are multiple autoscaling actions prevented while the system stabilizes?
Each autoscale action has a cool down period (minutes). During the period, the action will not be fired again. The default cool down period is 5 minutes.
144
Can an autoscale condition contain more than one rule?
Yes
145
How many autoscale rules need to be met before a scale-out action is performed?
Only one
146
How many autoscale rules need to be met before a scale-in action is performed?
All of them
147
Is it a good autoscaling practice to: ensure the maximum and minimum instance values are different and have an adequate margin?
Yes
148
Is it a good autoscaling practice to: choose the appropriate statistic for your diagnostic metric?
Yes.
149
Is it a good autoscaling practice to: carefully choose thresholds for all metric types?
Yes. For example, the same or similar threshold values for scaling in and out can lead to "flapping" where the auto-scaling is continuous and the system does not stablilize
150
Is it a good autoscaling practice to: always select a safe default instance count?
Yes. The default will be used if metrics aren't available.
151
Is it a good autoscaling practice to: configure autoscale notifications?
Yes. You can use the Activity Log alert to monitor the health of the autoscale engine.
152
Are Deployment Slots live apps with their own host name?
Yes
153
What plans support Deployment Slots?
Standard, Premium, and Isolated
154
What are the advantages of deploying your application to a non-production slot?
- You can validate changes before swapping deployment to the production slot
- You can ensure all the instances of the slot are warmed-up before swapping into production. Traffic redirection is seamless
- You call quickly roll-back by swapping the production and non-productions again
155
Is there an additional charge for using deployment slots?
No
156
What content is available when you create a new deployment slot?
None. Even if you clone the settings from another slot.
157
What App Service Plan supports only Manual Scaling?
Basic
158
What Azure Service actually handles Autoscaling?
Azure Monitor
159
What Azure CLI command would you use to deploy a web-app to a deployment slot using the content of a source-control repository?
`az webapp deployment source`
160
What settings do you need to set to enable auto-swap using Deployment Slots?
- Auto Swap Deployment Slot (typically Production)
- Auto Swap (typically on the Staging or equivalent slot)
161
What's the purpose of a custom warm-up?
It allows your app to before custom initialization before it's ready and verify it can service requests before swapping.
162
How do you configure Web App custom initialization (for swapping) on IIS only?
Set the `applicationInitialization` setting in the `web.config` file
163
How would you config Web App custom initialization (for swapping) regardless of the web server type?
Set `WEBSITE_SWAP_WARMUP_PING_PATH` (path to call) and `_PING_STATUSES` (valid statuses comma-sep) in Application Settings
