Deploy and Manage Azure Compute Resources

Question 1

Name the 7 basic elements of an ARM template

Answer 1

$schema

contentVersion

parameters

variables

functions

resources

outputs

Question 2

What basic element of an ARM template provides source control to track changes made in the template ?

$schema
contentVersion
parameters
variables
functions
resources
outputs

Answer 2

contentVersion

Question 3

If you are using expressions a lot, which element of the ARM template allows you to define expressions and reuse them across the template ?

$schema
contentVersion
parameters
variables
functions
resources
outputs

Answer 3

functions

Question 4

Which element of the ARM template allows you to return values after a deployment ?

$schema
contentVersion
parameters
variables
functions
resources
outputs

Answer 4

outputs

Question 5

This ARM template element creates an array of multiple objects, each defining the service it’s going to be deploying

$schema
contentVersion
parameters
variables
functions
resources
outputs

Answer 5

resource

Question 6

Using ……………………. , users can define the various values that are passed at run time without changing the exact template file.

$schema
contentVersion
parameters
variables
functions
resources
outputs

Answer 6

parameters

Question 7

The ………………………. are key elements when dealing with nested templates to pass the values from parent template to the child templates.

$schema
contentVersion
parameters
variables
functions
resources
outputs

Answer 7

parameters

Question 8

…………….. define values which are used in your template to simplify template language.
Mostly, ……………….. are hard-coded values, but they also can be created dynamically using parameters or standard template functions.

$schema
contentVersion
parameters
variables
functions
resources
outputs

Answer 8

variables

Question 9

In an ARM template, what does the dependsON declaration do ?

Answer 9

It determines which resource must be deployed first before a specific resource

Question 10

What are the three building blocks for parametrizing your ARM templates ?

$schema
contentVersion
parameters
variables
functions
resources
outputs

Answer 10

parameters
variables
functions

Question 11

To obtain user input for your ARM template, you need to use…

$schema
contentVersion
parameters
variables
functions
resources
outputs

Answer 11

paremeters

Question 12

This section is used to keep a track of resources that are being deployed or updated.

$schema
contentVersion
parameters
variables
functions
resources
outputs

Answer 12

outputs

Question 13

In an ARM template, how can you make your variables dynamic ?

Answer 13

use parameters and functions within declaration of variables

Question 14

True or false : A VM must have a depandancy with the virtual network

Answer 14

False : A VM has a dependancy with a network interface. It doesn’t have to have a dependancy with a VNET, because the network interface already does

Question 15

True or false : A VM has a dependancy with a network interface.

Answer 15

True

Question 16

This element is where you set the size of the virtual machine.

In the resources section of the ARM template, which critical element is this ?

hardwareProfile
osProfile
storageProfile
networkProfile

Answer 16

hardwareProfile

Question 17

This element at a basic level is where you set the computerName and adminUsername properties. (The adminPassword property is required if you do not specify an SSH key. )

In the resources section of the ARM template, which critical element is this ?

hardwareProfile
osProfile
storageProfile
networkProfile

Answer 17

osProfile

Question 18

What are the three sub elements of the osProfile element of an ARM template, used for deploying VMs ?

Answer 18

windowsConfiguration
linuxConfiguration
secrets

Question 19

This element is where OS image is specified, and the OS and data disk configuration are set.

In the resources section of the ARM template, which critical element is this ?

hardwareProfile
osProfile
storageProfile
networkProfile

Answer 19

storageProfile

Question 20

This element is where the network interfaces for the virtual machine are specified.

In the resources section of the ARM template, which critical element is this ?

hardwareProfile
osProfile
storageProfile
networkProfile

Answer 20

networkProfile

Question 21

ARM supports 2 deployment modes : …………………………. and …………………………

Answer 21

complete

incremental

Question 22

In …………………………… mode, Azure Resource Manager deletes resources that exist in the resource group that are not in the template.

This is helpful if you need to remove a resource from Azure and you want to make sure your template matches the deployment.

Answer 22

complete

Question 23

In …………………………….. mode, Azure Resource Manager leaves unchanged resources that exist in the resource group but aren’t in the template. It will update the resources in the resource group if the settings in the template differ from what is deployed.

Answer 23

incremental

Question 24

When you are deploying ARM templates through either the Azure Portal, CLI tools, or through visual studio, what is the default mode of deployment

Answer 24

incremental mode

Question 25

How can you deploy ARM templates in the complete mode ?

Answer 25

Either by using rest APIs or
“- Mode Complete” in powershell
or “– mode Complete” in shell

Question 26

What are two options for configuring a VHD template ?

Answer 26

1. Reference an image from the Azure Market Place

2. Reference an image you have previously created

Question 27

In the resources section of an ARM template, where can you configure the VHD disk ?

Answer 27

storageProfile

Question 28

To generate an ARM template, you can use the ………………………………. for the resource group. It generates a template that represents the current state of the resource group.

Answer 28

Automation Script menu option

Question 29

Clicking the …………………………………… option allows you to paste in template code directly.

This allows you to author and then deploy templates using the Azure portal for simple testing.

Answer 29

Build Your Own Template In The Editor

Question 30

When editing a template with in the Azure Portal / Template editor, what is the big advantage presented by the “edit parameters” option ?

Answer 30

A parameters file can be downloaded and is used to provide different behaviors for the template at deployment time without modifying the entire template.

Question 31

What are three features of Azure that allow you to configure and build highly resilient and available systems ?

Answer 31

Availability zones
Availability sets
Load balancers

Question 32

In an enabled region, what is the minimum number of availability zones ?

Answer 32

3 availability zones

Question 33

………………….. are separate units - each with its own power, cooling, and network - which provide higher resiliency and protect applications and data from disruptions in the data centers

Answer 33

Availability Zones

Question 34

A(n) ……………………………. represents a group of servers, which share power, cooling, and networking. A(n) ……………….. represents a group of servers that can be rebooted at the same time.

Answer 34

fault domain

update domain

Question 35

When you create VMs in three availability zones, the VMs will automatically be distributed across how many fault domains ? How many update domains ?

Answer 35

3 fault domains

3 update domains

Question 36

If you are unable to set an availability zone while creating the VM, what is the most likely problem ?

Answer 36

Most likely, Availability Zones are not yet available in the selected region

Question 37

Each availability set can have up to ………….. update domains and …………… fault domains

Answer 37

20 update domains

3 fault domains

Question 38

How many VMs are required in a single availability set in order to be able to provide redundancy ?

Answer 38

at least 2 VMs

Question 39

What is a proximity placement group ?

Answer 39

A logical grouping of VMs to reduce latency by keeping them close together

Question 40

When you create a VM, after selecting the region, what are the three options under “availability options” ?

How many may you select ?

Answer 40

“No infrastructure redundancy required”

“Availability Set

“Availability Zone”

Only one

Question 41

What is an aligned availability set ?

Answer 41

When the VM uses managed disks and is placed in an availability set

Question 42

A(n) …………………. ensures that all managed disks attached to a VM are within the same managed disk fault domain

Answer 42

aligned availability set

Question 43

By default, a VMSS supports up to …………….. instances that are placed within a single …………….

Answer 43

100

placement group

Question 44

How can you create a VMSS that supports up to 1000 instances ?

Answer 44

You need to place instances into multiple placement groups

Question 45

Using multiple placement groups in a VMSS is commonly referred to as a(n) ………………………….

Answer 45

large scale set

Question 46

You create a VMSS that will only need to scale up to 300 instances. Which should you use ?

A) Azure Load Balancer, basic SKU
B) Azure Load Balancer, standard SKU
C) Azure Application Gateway

Answer 46

Azure Load Balanacer, Basic SKU
It supports a max of 300 instances

Azure Load Balancer standard SKU and Azure Application Gateway can support 1000

Question 47

True or false : All instances of a VMSS use the same OS disk image

Answer 47

True

Question 48

What is a zone redundant scale set ?

Answer 48

A VMSS deployed to multiple availability zones

Question 49

How can you create higher redundancy for a VMSS ?

Answer 49

Deploy the VMSS over multiple availability zones (zone redundant scale set)

Question 50

The VMSS resource property “Upgrade policy” can be set to either automatic, rolling, or manual. Which option may cause downtime ? Which uses multiple batches ?

Answer 50

Automatic may cause downtime

Rolling uses multiple batches and helps avoid downtime

Question 51

True or false : The Azure Portal creation process supports VM extensions for VMSS

Answer 51

False

They can be applied using CLI tools or an ARM template

Question 52

What are the two spreading algorithms applicable to a VMSS ?

Answer 52

Max spreading

Fixed spreading

Question 53

When doing advanced configurations for a VMSS, the …………………………………… decides how scale set instances will be placed in a fault domain

Answer 53

Spreading Algorithm

Question 54

A VMSS with “Max spreading” distributes instances in …………

Answer 54

the maximum amount of fault domains possible for each availability zone used

Question 55

A VMSS with a(n) ………………………….. restricts instances to exactly 5 fault domains

Answer 55

fixed spreading algorithm

Question 56

For deploying a VMSS with multiple availability zones, which type of spreading algorithm is recommended ?

Answer 56

Max spreading algorithm

Question 57

A VMSS is using a fixed spreading algorithm, and there are less than five fault domains available. What will happen ?

Answer 57

The deployment will fail

Question 58

Why is the “health” tab important when creating a VMSS ?

Answer 58

Because you can enable health monitoring for the VMSS, which is necessary for automatic OS upgrades as well as other managed infrastructure features

Question 59

What are the two most common virtual machine extensions ?

Answer 59

Windows PowerShell Desired State Configuration (DSC)

Custom Script Extension

Question 60

The Windows PowerShell DSC extension defines the state of a VM using what language ?

Answer 60

It uses the PowerShell Desired State Configuration language

Question 61

The Windows PowerShell DSC can perform continuous updates when integrated with the ………………………… service.

Answer 61

Azure Automation DSC service

Question 62

The ………………………. extension can be used to execute an arbitrary command such as a bash file, regular PowerShell script, or a bash script

Answer 62

custom script

Question 63

What kind of extension is ideal for bootstrapping a VM to an initial configuration ?

Answer 63

a custom script extension

Question 64

True or false : A custom script extension can be executed anytime the VM is running

Answer 64

True

Question 65

In the event your custom script extension fails to execute what is the first place to check to troubleshoot ?

Answer 65

The Windows or Linux log files

Question 66

What parameters does a custom script extension need in order execute ?

1) ………………………………….
2) ………………………………….
3) Any other parameters to pass the script

Answer 66

The URI where the script is accessed

The command to execute

Question 67

While ………………………………. are used to protect applications from hardware failures within an Azure data center, ……………………………………. , protect applications from complete Azure data center failures.

Answer 67

availability sets

availability zones

Question 68

What are the 4 essential parameters for configuring a VMSS ?

Answer 68

Minimum instances

Maximum instances

Metrics

Time

Question 69

What are the 6 different VM sizes ?

Answer 69

General purpose
Compute optimized
Memory optimized
Storage optimized
GPU optimized
HPC

Question 70

Azure virtual machines make it relatively easy to change the size of a virtual machine, even after it has been deployed.

However what two things should you consider with this approach ?

Answer 70

The first consideration is to ensure that the region your VM is deployed to supports the instance size that you want to change the VM to.

The second consideration is whether the new size is supported in the current hardware clus- ter in which your VM is deployed.

Question 71

A VM whose size you want to change is part of an availability set.

The desired size is not available on this hardware cluster.

What must one do for the resizing operation ?

Answer 71

Make sure all VMs in the availability set are stopped before restarting with the target size

Question 72

True or false : VMs in the same availability set all use the same hardware cluster

Answer 72

True

Question 73

What are the three source types from which you can create a new Managed Disk ?

Answer 73

Snapshot
Storage blob
None

Question 74

When you create a virtual machine, you need to configure its network<

What are the 7 fields of the VM to configure and/or specify ?

Answer 74

The VNET
The SUBNET
The Public IP
The NIC network security group
Public Inbound ports
Accelerated networking enabled
Add to existing load balancing pool

Question 75

This feature improves performance by bypassing the virtual switch between the host VM and the physical switch.

Answer 75

Accelerated networking

Question 76

True or false : A VM can only have one network interface

Answer 76

False, it can have multiple network interfaces

Question 77

After configuring the “networking” tab while creating a VM, what are two more things to add or create before deploying your VM ?

Answer 77

1. Authentication options (username and password)

2. Add one or multiple network interfaces for a VM

Question 78

What protocol do you use to connect remotely to a Windows VM ?

Answer 78

Remote Desktop Protocol

Question 79

What protocol do you use to connect remotely to a Linux VM ?

Answer 79

SSH protocol

Question 80

What service Azure allows you connect remotely to both Linux VMs and Windows VMs ?

Answer 80

Azure Bastion

Question 81

When you enable disk encryption for a VM, what are the three options available to choose from under “Disks to encrypt” ?

Answer 81

None

OS Disk

OS Disks and Data disks

Question 82

What are the five steps for encrypting disks with a platform managed key ?

Answer 82

1. Choose the VM disks to encrypt [OS disk, OS and data disks]
2. Spin up a new Key Vault and a new Key
3. Activate “Azure Disk Encryption for Volume Encryption” in the key vault
4. Associate the new key with the target VM
5. Save and restart the VM

Question 83

True or false : Storage accounts are always encrypted

Answer 83

True

Question 84

Azure Disk Encryption makes sure that ……………… are individually encrypted at rest

Answer 84

VHD files

Question 85

Where are the keys for encrypted VM disks stored ?

Answer 85

In the Azure Key Vault

Question 86

What are the two types of Azure Disk Encryption ?

Which one is the default ?

Answer 86

1. Encryption at rest with a platform managed key (default)

2. Encryption at rest with a customer managed key

Question 87

What is a Disk Encryption Set ?

Answer 87

A resource for simplifying key management for managed disks.

It is automatically associated with a managed service identity in Azure AD

Question 88

When you specify a ………………………………… , that key is used to protect and control access to the key that encrypts your data.

Answer 88

customer-managed key

Question 89

For encryption at rest with a customer managed key, Azure Managed Disks uses ………………….., …………………., and ………………….

Answer 89

Disk Encryption Sets

Azure AD

Azure Key Vault

Question 90

What are the 4 steps for activating encryption at rest with a customer managed key ?

Answer 90

1. An admin user creates the Disk Encryption Set
2. A VM user encrypts disks by associating them to a Disk Encryption Set resource
3. The managed disk uses the Managed Service Identity of the DES to authenticate with Azure AD for access to Azure Key Vault
4. Managed Disks can then set get, wrap, and unwrap key requests to Azure Key Vault for the Data Encryption Key Protection

Question 91

Containers allow you to package an application and all its dependencies into a compressed package called a(n) ……………….

Answer 91

image

Question 92

A(n) ………………………………………… is the top-level object in ACI, and it represents all the containers running on a particular computer.

Answer 92

container group

Question 93

What deployment method allows you to deploy a container group to run multiple containers ?

Answer 93

using ARM templates

Question 94

True or false : When multiple containers are in the same container group, they share the same URL

Answer 94

True

Question 95

True or false : When multiple containers are in the same container group, each container has a different URL

Answer 95

False

Question 96

When multiple containers are in a container group, they share the same URL, so you’ll need to specify a separate………………………. for each container.

Answer 96

port

Question 97

Multi container groups are only currently supported on ……..

A) Windows
B) Linux

Answer 97

B) Linux

Question 98

The containers in a ……………………………. share a lifecycle, resources, local network, and storage volumes.

Answer 98

container group

Question 99

What is the approximate equivalent to a container group in Kubernetes ?

Answer 99

a pod

Question 100

In Azure Container Instances, by default, how many CPU cores does a single container use ? What is the max number of CPU cores it can use ?

Answer 100

it uses 1 CPU core by default

it can use up to 4 CPU cores maximum

Question 101

If you want to change the number of cores or amount of memory of a single ACI container instance, what must one do ?

Answer 101

You have to delete the existing container and deploy a new one of the desired size.

Question 102

AKS deployments run in a cluster, and each computer in the cluster is referred to as a(n) …………………

Answer 102

node

Question 103

In AKS, there is a single node that’s responsible for the other nodes in the cluster, and that node is commonly referred to as the ………………………..

Answer 103

control plane

Question 104

With AKS, when multiple containers are running in a pod, they share ……………….. and …………………….

Answer 104

storage

a single IP address

Question 105

When creating Azure Disks for an AKS cluster, in which resource group should you deploy the disks ?

Answer 105

The same resource group that contains the AKS cluster

Question 106

True or false : Azure disks can be used by multiple pods in an AKS cluster

Answer 106

False

Azure Disks can only be used by a single pod

Question 107

What storage service should you use if you need persistent data for multiple pods in an AKS cluster ?

Answer 107

Azure Files

Question 108

Persistent volumes can also use ……………………… or …………………………., and they can either be created by the AKS cluster administrator or by the Kubernetes API.

Answer 108

Azure Files

Azure Disks

Question 109

When you create storage with the pod in an AKS cluster, is the storage persistent ?

Answer 109

No, the storage will be deleted when the pod is deleted

Question 110

Where do persistant volumes exist within an AKS cluster ?

Answer 110

Within the cluster but outside of any individual pod

Question 111

Kubernetes connects the persistent volume to the pod using a ………………………..

Answer 111

persistent volume claim

Question 112

To manually scale your pods, you can use ……………….. , a command-line tool provided by Kubernetes.

Answer 112

Kubectl

Question 113

Kubernetes provides two autoscaler components to make it easy to configure auto-scaling; the ……………………………….. and the ………………………………

Answer 113

horizontal pod autoscaler (HPA)

cluster autoscaler

Question 114

What underlying technology or service does AKS use to do cluster autoscaling ?

Answer 114

VMSS

Question 115

When creating an AKS cluster, you have two options for networking:…………………………. and …………………….. .

Answer 115

kubenet

Azure Container Networking Interface (CNI)

Question 116

kubenet networking for an AKS cluster is also known as ……………………..

Answer 116

basic networking

Question 117

CNI networking for an AKS cluster is also known as ………………………….

Answer 117

Advanced networking

Question 118

What is the difference between CNI networking and kubenet networking ?

Answer 118

When you use kubenet networking, each node in the cluster gets an IP address from the VNet subnet where the cluster is deployed.
However, each pod within the cluster gets an internal IP address from an address space explicitly set aside for the pods

When you use CNI networking, both the nodes and the pods receive an IP address from the subnet.

Question 119

In an AKS cluster, which form of networking requires less IP addresses, but also Network Address Translation (NAT) to communicate with the pods ?

Answer 119

kubenet networking

Question 120

When upgrading an AKS cluster, Kubernetes updates

A) all nodes at once
B) one node at a time

Answer 120

B) one node at a time

Question 121

True or false : When upgrading an AKS cluster, you cannot skip minor versions. For example, you can’t upgrade from version 1.19.3 to version 1.21.1. You would first have to upgrade to a 1.20 build and then upgrade again to version 1.21.1.

Answer 121

True

Question 122

True or false : When upgrading an AKS cluster, you can skip minor versions. For example, you can upgrade from version 1.19.3 to version 1.21.1.

Answer 122

false

Question 123

The IP addresses for your pods in an AKS cluster are constantly changing. For that reason, Kubernetes implements the concept of a(n) …………………… that sits between incoming network traffic and one or more identical pods.

Answer 123

service

Question 124

When network traffic needs to reach a particular pod in an AKS cluster, the traffic is received by the service.
The service will then balance the traffic to the pods using a round robin algorithm.

What are the 4 types of services ?

Answer 124

■ Cluster IP - Provides an internal IP address that can only be used within the AKS cluster.
■ NodePort - Provides a port mapping on the node, allowing network traffic to reach the node using the specified port. (Note that a different port can then be used from the service to the actual pod.)
■ LoadBalancer - Provides an Azure Load Balancer and an external IP address to allow access to the node as per load balancing rules that are created. (Internal load balancers can be created to restrict access from the Internet.)
■ ExternalName - Provides a DNS entry for AKS nodes.

Question 125

Which type of networking service for AKS does this describe ?

• Provides a port mapping on the node, allowing network traffic to reach the node using the specified port.

■ Cluster IP
■ NodePort
■ LoadBalancer
■ ExternalName

Answer 125

■ NodePort

Question 126

Which type of networking service for AKS does this describe ?

• Provides a DNS entry for AKS nodes.

■ Cluster IP
■ NodePort
■ LoadBalancer
■ ExternalName

Answer 126

■ ExternalName

Question 127

Which type of networking service for AKS does this describe ?

• Provides an internal IP address that can only be used within the AKS cluster.

■ Cluster IP
■ NodePort
■ LoadBalancer
■ ExternalName

Answer 127

■ Cluster IP

Question 128

Which type of networking service for AKS does this describe ?

• Provides an Azure Load Balancer and an external IP address to allow access to the node as per load balancing rules that are created. (Internal load balancers can be created to restrict access from the Internet.)

■ Cluster IP
■ NodePort
■ LoadBalancer
■ ExternalName

Answer 128

■ LoadBalancer

Question 129

Where does one configure and create their Azure App Service Plan ?

Answer 129

In the Azure Marketplace

Question 130

True or false : When App Service scales your app to a new tier (scaling up), there is some downtime due to spinning up the new VM

Answer 130

False

Question 131

True or false : When App Service scales your app to a new tier (scaling up), it will take steps to ensure your application remains available during the scaling process.

Answer 131

True

Question 132

What is the biggest benefit of the Azure App Service ?

Answer 132

The flexibility to scale both vertically and horizontally

Question 133

When an App Service plan runs on more than one instance, the front-end …………………………. will use a …………………………………….. to load balance between all instances.

Answer 133

load balancer

round robin algorithm

Question 134

Azure App Service is a ……………………………… offering that makes it easy to host a web app in the cloud.

SaaS
PaaS
IaaS

Answer 134

PaaS

Question 135

When you configure an autoscale rule to scale OUT for a specific metric, what should you create as a second rule ?

Answer 135

A rule that scales IN when your metric drops below your desired threshold

Question 136

When configuring scale out options in your Azure App Service plan, and you choose a custom auto scale, what condition applies when no other scale conditions are met ?

Answer 136

The Default scale condition

Question 137

Where does one create a new App Service ?

Answer 137

From the Azure Market Place

Question 138

App Service uses …………………….. authentication when configuring a third-party identity provider.

Secrets that you provide to configure the provider are securely stored in …………………………….

Answer 138

OAUTH

Azure Key Vault

Question 139

While creating a Web App from the Azure Market Place, you don’t see your desired Azure App Service Plan.

What two things should you check ?

Answer 139

The OS - it needs to be the same OS as your App Service Plan

The Region - It needs to be in the same region as your App Service Plan

Question 140

What is the easiest way to configure a custom domain name in Azure ?

Answer 140

Buy an App Service Domain

Question 141

What does the App Service Domain use to manage your custom domain ?

Answer 141

Azure DNS

GoDaddy (registrar)

Question 142

When you configure a 3rd party custom domain name for your Azure App Service, why does it sometimes takes 48 or even 72 hours to be able to validate ?

Answer 142

Because your 3rd party domain registrar needs time to update their DNS records

Question 143

………………… are instructions that live in DNS servers and provide information about a domain including what IP address is associated with what domain, and how to handle requests for that

Answer 143

DNS records

Question 144

What are the two configurable cadences for App Service Backup ?

Answer 144

Manually

On a schedule

Question 145

True or false : App Service Backups are not incremental

Answer 145

True

Question 146

Where do App Service Backups get backed up to ?

Answer 146

To a container within the storage account

Question 147

What is the max size of an App back up ? (app content + any DB)

Answer 147

10 Gigabytes per backup

Question 148

True or false : Azure App Service backups can be retained for an indefinite amount of time

Answer 148

True

Question 149

In order to use App Service Backup, what tier must the App Service Plan belong to ?

Answer 149

Either Standard or Premium Tier

Question 150

If the Azure Storage Account and the container for backup destination is in a different Azure subscription than the App service App, will the back up operation work ?

Why or why not ?

Answer 150

No, it will fail.

The storage account and its container must be in the same subscription as the application targeted for backup

Question 151

What are the three most common ways to allow a web app in your Azure App Service to communicate with other resources in your network ?

Answer 151

1. Private endpoints
2. VNET integration
3. Hybrid Connection

Question 152

Hybrid connection creates a wormhole on ……………… protocol and on port ………….

Answer 152

TCP

443

Question 153

Which of the following App service plans allow for deployment slots ?

Isolated
Premium
Standard
Free
Shared
Basic

Answer 153

Isolated, Premium and Standard

Question 154

A(n) ………………………. is a file that contains information and settings that Visual Studio uses to deploy applications and services to Azure

Answer 154

publish profile

Question 155

True or false : Each deployment slot in an App Service Plan has its own hostname

Answer 155

True