Deploy and Manage Azure Compute Resources Flashcards
Name the 7 basic elements of an ARM template
$schema
contentVersion
parameters
variables
functions
resources
outputs
What basic element of an ARM template provides source control to track changes made in the template ?
$schema contentVersion parameters variables functions resources outputs
contentVersion
If you are using expressions a lot, which element of the ARM template allows you to define expressions and reuse them across the template ?
$schema contentVersion parameters variables functions resources outputs
functions
Which element of the ARM template allows you to return values after a deployment ?
$schema contentVersion parameters variables functions resources outputs
outputs
This ARM template element creates an array of multiple objects, each defining the service it’s going to be deploying
$schema contentVersion parameters variables functions resources outputs
resource
Using ……………………. , users can define the various values that are passed at run time without changing the exact template file.
$schema contentVersion parameters variables functions resources outputs
parameters
The ………………………. are key elements when dealing with nested templates to pass the values from parent template to the child templates.
$schema contentVersion parameters variables functions resources outputs
parameters
…………….. define values which are used in your template to simplify template language.
Mostly, ……………….. are hard-coded values, but they also can be created dynamically using parameters or standard template functions.
$schema contentVersion parameters variables functions resources outputs
variables
In an ARM template, what does the dependsON declaration do ?
It determines which resource must be deployed first before a specific resource
What are the three building blocks for parametrizing your ARM templates ?
$schema contentVersion parameters variables functions resources outputs
parameters
variables
functions
To obtain user input for your ARM template, you need to use…
$schema contentVersion parameters variables functions resources outputs
paremeters
This section is used to keep a track of resources that are being deployed or updated.
$schema contentVersion parameters variables functions resources outputs
outputs
In an ARM template, how can you make your variables dynamic ?
use parameters and functions within declaration of variables
True or false : A VM must have a depandancy with the virtual network
False : A VM has a dependancy with a network interface. It doesn’t have to have a dependancy with a VNET, because the network interface already does
True or false : A VM has a dependancy with a network interface.
True
This element is where you set the size of the virtual machine.
In the resources section of the ARM template, which critical element is this ?
hardwareProfile
osProfile
storageProfile
networkProfile
hardwareProfile
This element at a basic level is where you set the computerName and adminUsername properties. (The adminPassword property is required if you do not specify an SSH key. )
In the resources section of the ARM template, which critical element is this ?
hardwareProfile
osProfile
storageProfile
networkProfile
osProfile
What are the three sub elements of the osProfile element of an ARM template, used for deploying VMs ?
windowsConfiguration
linuxConfiguration
secrets
This element is where OS image is specified, and the OS and data disk configuration are set.
In the resources section of the ARM template, which critical element is this ?
hardwareProfile
osProfile
storageProfile
networkProfile
storageProfile
This element is where the network interfaces for the virtual machine are specified.
In the resources section of the ARM template, which critical element is this ?
hardwareProfile
osProfile
storageProfile
networkProfile
networkProfile
ARM supports 2 deployment modes : …………………………. and …………………………
complete
incremental
In …………………………… mode, Azure Resource Manager deletes resources that exist in the resource group that are not in the template.
This is helpful if you need to remove a resource from Azure and you want to make sure your template matches the deployment.
complete
In …………………………….. mode, Azure Resource Manager leaves unchanged resources that exist in the resource group but aren’t in the template. It will update the resources in the resource group if the settings in the template differ from what is deployed.
incremental
When you are deploying ARM templates through either the Azure Portal, CLI tools, or through visual studio, what is the default mode of deployment
incremental mode
How can you deploy ARM templates in the complete mode ?
Either by using rest APIs or
“- Mode Complete” in powershell
or “– mode Complete” in shell
What are two options for configuring a VHD template ?
- Reference an image from the Azure Market Place
2. Reference an image you have previously created
In the resources section of an ARM template, where can you configure the VHD disk ?
storageProfile
To generate an ARM template, you can use the ………………………………. for the resource group. It generates a template that represents the current state of the resource group.
Automation Script menu option
Clicking the …………………………………… option allows you to paste in template code directly.
This allows you to author and then deploy templates using the Azure portal for simple testing.
Build Your Own Template In The Editor
When editing a template with in the Azure Portal / Template editor, what is the big advantage presented by the “edit parameters” option ?
A parameters file can be downloaded and is used to provide different behaviors for the template at deployment time without modifying the entire template.
What are three features of Azure that allow you to configure and build highly resilient and available systems ?
Availability zones
Availability sets
Load balancers
In an enabled region, what is the minimum number of availability zones ?
3 availability zones
………………….. are separate units - each with its own power, cooling, and network - which provide higher resiliency and protect applications and data from disruptions in the data centers
Availability Zones
A(n) ……………………………. represents a group of servers, which share power, cooling, and networking. A(n) ……………….. represents a group of servers that can be rebooted at the same time.
fault domain
update domain
When you create VMs in three availability zones, the VMs will automatically be distributed across how many fault domains ? How many update domains ?
3 fault domains
3 update domains
If you are unable to set an availability zone while creating the VM, what is the most likely problem ?
Most likely, Availability Zones are not yet available in the selected region
Each availability set can have up to ………….. update domains and …………… fault domains
20 update domains
3 fault domains
How many VMs are required in a single availability set in order to be able to provide redundancy ?
at least 2 VMs
What is a proximity placement group ?
A logical grouping of VMs to reduce latency by keeping them close together
When you create a VM, after selecting the region, what are the three options under “availability options” ?
How many may you select ?
“No infrastructure redundancy required”
“Availability Set
“Availability Zone”
Only one
What is an aligned availability set ?
When the VM uses managed disks and is placed in an availability set
A(n) …………………. ensures that all managed disks attached to a VM are within the same managed disk fault domain
aligned availability set
By default, a VMSS supports up to …………….. instances that are placed within a single …………….
100
placement group
How can you create a VMSS that supports up to 1000 instances ?
You need to place instances into multiple placement groups
Using multiple placement groups in a VMSS is commonly referred to as a(n) ………………………….
large scale set
You create a VMSS that will only need to scale up to 300 instances. Which should you use ?
A) Azure Load Balancer, basic SKU
B) Azure Load Balancer, standard SKU
C) Azure Application Gateway
Azure Load Balanacer, Basic SKU
It supports a max of 300 instances
Azure Load Balancer standard SKU and Azure Application Gateway can support 1000
True or false : All instances of a VMSS use the same OS disk image
True
What is a zone redundant scale set ?
A VMSS deployed to multiple availability zones
How can you create higher redundancy for a VMSS ?
Deploy the VMSS over multiple availability zones (zone redundant scale set)
The VMSS resource property “Upgrade policy” can be set to either automatic, rolling, or manual. Which option may cause downtime ? Which uses multiple batches ?
Automatic may cause downtime
Rolling uses multiple batches and helps avoid downtime
True or false : The Azure Portal creation process supports VM extensions for VMSS
False
They can be applied using CLI tools or an ARM template
What are the two spreading algorithms applicable to a VMSS ?
Max spreading
Fixed spreading
When doing advanced configurations for a VMSS, the …………………………………… decides how scale set instances will be placed in a fault domain
Spreading Algorithm
A VMSS with “Max spreading” distributes instances in …………
the maximum amount of fault domains possible for each availability zone used
A VMSS with a(n) ………………………….. restricts instances to exactly 5 fault domains
fixed spreading algorithm
For deploying a VMSS with multiple availability zones, which type of spreading algorithm is recommended ?
Max spreading algorithm
A VMSS is using a fixed spreading algorithm, and there are less than five fault domains available. What will happen ?
The deployment will fail
Why is the “health” tab important when creating a VMSS ?
Because you can enable health monitoring for the VMSS, which is necessary for automatic OS upgrades as well as other managed infrastructure features
What are the two most common virtual machine extensions ?
Windows PowerShell Desired State Configuration (DSC)
Custom Script Extension
The Windows PowerShell DSC extension defines the state of a VM using what language ?
It uses the PowerShell Desired State Configuration language
The Windows PowerShell DSC can perform continuous updates when integrated with the ………………………… service.
Azure Automation DSC service
The ………………………. extension can be used to execute an arbitrary command such as a bash file, regular PowerShell script, or a bash script
custom script
What kind of extension is ideal for bootstrapping a VM to an initial configuration ?
a custom script extension
True or false : A custom script extension can be executed anytime the VM is running
True
In the event your custom script extension fails to execute what is the first place to check to troubleshoot ?
The Windows or Linux log files
What parameters does a custom script extension need in order execute ?
1) ………………………………….
2) ………………………………….
3) Any other parameters to pass the script
The URI where the script is accessed
The command to execute
While ………………………………. are used to protect applications from hardware failures within an Azure data center, ……………………………………. , protect applications from complete Azure data center failures.
availability sets
availability zones
What are the 4 essential parameters for configuring a VMSS ?
Minimum instances
Maximum instances
Metrics
Time
What are the 6 different VM sizes ?
General purpose Compute optimized Memory optimized Storage optimized GPU optimized HPC
Azure virtual machines make it relatively easy to change the size of a virtual machine, even after it has been deployed.
However what two things should you consider with this approach ?
The first consideration is to ensure that the region your VM is deployed to supports the instance size that you want to change the VM to.
The second consideration is whether the new size is supported in the current hardware clus- ter in which your VM is deployed.
A VM whose size you want to change is part of an availability set.
The desired size is not available on this hardware cluster.
What must one do for the resizing operation ?
Make sure all VMs in the availability set are stopped before restarting with the target size
True or false : VMs in the same availability set all use the same hardware cluster
True
What are the three source types from which you can create a new Managed Disk ?
Snapshot
Storage blob
None
When you create a virtual machine, you need to configure its network<
What are the 7 fields of the VM to configure and/or specify ?
The VNET The SUBNET The Public IP The NIC network security group Public Inbound ports Accelerated networking enabled Add to existing load balancing pool
This feature improves performance by bypassing the virtual switch between the host VM and the physical switch.
Accelerated networking
True or false : A VM can only have one network interface
False, it can have multiple network interfaces
After configuring the “networking” tab while creating a VM, what are two more things to add or create before deploying your VM ?
- Authentication options (username and password)
2. Add one or multiple network interfaces for a VM
What protocol do you use to connect remotely to a Windows VM ?
Remote Desktop Protocol
What protocol do you use to connect remotely to a Linux VM ?
SSH protocol
What service Azure allows you connect remotely to both Linux VMs and Windows VMs ?
Azure Bastion
When you enable disk encryption for a VM, what are the three options available to choose from under “Disks to encrypt” ?
None
OS Disk
OS Disks and Data disks
What are the five steps for encrypting disks with a platform managed key ?
- Choose the VM disks to encrypt [OS disk, OS and data disks]
- Spin up a new Key Vault and a new Key
- Activate “Azure Disk Encryption for Volume Encryption” in the key vault
- Associate the new key with the target VM
- Save and restart the VM
True or false : Storage accounts are always encrypted
True
Azure Disk Encryption makes sure that ……………… are individually encrypted at rest
VHD files
Where are the keys for encrypted VM disks stored ?
In the Azure Key Vault
What are the two types of Azure Disk Encryption ?
Which one is the default ?
- Encryption at rest with a platform managed key (default)
2. Encryption at rest with a customer managed key
What is a Disk Encryption Set ?
A resource for simplifying key management for managed disks.
It is automatically associated with a managed service identity in Azure AD
When you specify a ………………………………… , that key is used to protect and control access to the key that encrypts your data.
customer-managed key
For encryption at rest with a customer managed key, Azure Managed Disks uses ………………….., …………………., and ………………….
Disk Encryption Sets
Azure AD
Azure Key Vault
What are the 4 steps for activating encryption at rest with a customer managed key ?
- An admin user creates the Disk Encryption Set
- A VM user encrypts disks by associating them to a Disk Encryption Set resource
- The managed disk uses the Managed Service Identity of the DES to authenticate with Azure AD for access to Azure Key Vault
- Managed Disks can then set get, wrap, and unwrap key requests to Azure Key Vault for the Data Encryption Key Protection
Containers allow you to package an application and all its dependencies into a compressed package called a(n) ……………….
image
A(n) ………………………………………… is the top-level object in ACI, and it represents all the containers running on a particular computer.
container group
What deployment method allows you to deploy a container group to run multiple containers ?
using ARM templates
True or false : When multiple containers are in the same container group, they share the same URL
True
True or false : When multiple containers are in the same container group, each container has a different URL
False
When multiple containers are in a container group, they share the same URL, so you’ll need to specify a separate………………………. for each container.
port
Multi container groups are only currently supported on ……..
A) Windows
B) Linux
B) Linux
The containers in a ……………………………. share a lifecycle, resources, local network, and storage volumes.
container group
What is the approximate equivalent to a container group in Kubernetes ?
a pod
In Azure Container Instances, by default, how many CPU cores does a single container use ? What is the max number of CPU cores it can use ?
it uses 1 CPU core by default
it can use up to 4 CPU cores maximum
If you want to change the number of cores or amount of memory of a single ACI container instance, what must one do ?
You have to delete the existing container and deploy a new one of the desired size.
AKS deployments run in a cluster, and each computer in the cluster is referred to as a(n) …………………
node
In AKS, there is a single node that’s responsible for the other nodes in the cluster, and that node is commonly referred to as the ………………………..
control plane
With AKS, when multiple containers are running in a pod, they share ……………….. and …………………….
storage
a single IP address
When creating Azure Disks for an AKS cluster, in which resource group should you deploy the disks ?
The same resource group that contains the AKS cluster
True or false : Azure disks can be used by multiple pods in an AKS cluster
False
Azure Disks can only be used by a single pod
What storage service should you use if you need persistent data for multiple pods in an AKS cluster ?
Azure Files
Persistent volumes can also use ……………………… or …………………………., and they can either be created by the AKS cluster administrator or by the Kubernetes API.
Azure Files
Azure Disks
When you create storage with the pod in an AKS cluster, is the storage persistent ?
No, the storage will be deleted when the pod is deleted
Where do persistant volumes exist within an AKS cluster ?
Within the cluster but outside of any individual pod
Kubernetes connects the persistent volume to the pod using a ………………………..
persistent volume claim
To manually scale your pods, you can use ……………….. , a command-line tool provided by Kubernetes.
Kubectl
Kubernetes provides two autoscaler components to make it easy to configure auto-scaling; the ……………………………….. and the ………………………………
horizontal pod autoscaler (HPA)
cluster autoscaler
What underlying technology or service does AKS use to do cluster autoscaling ?
VMSS
When creating an AKS cluster, you have two options for networking:…………………………. and …………………….. .
kubenet
Azure Container Networking Interface (CNI)
kubenet networking for an AKS cluster is also known as ……………………..
basic networking
CNI networking for an AKS cluster is also known as ………………………….
Advanced networking
What is the difference between CNI networking and kubenet networking ?
When you use kubenet networking, each node in the cluster gets an IP address from the VNet subnet where the cluster is deployed.
However, each pod within the cluster gets an internal IP address from an address space explicitly set aside for the pods
When you use CNI networking, both the nodes and the pods receive an IP address from the subnet.
In an AKS cluster, which form of networking requires less IP addresses, but also Network Address Translation (NAT) to communicate with the pods ?
kubenet networking
When upgrading an AKS cluster, Kubernetes updates
A) all nodes at once
B) one node at a time
B) one node at a time
True or false : When upgrading an AKS cluster, you cannot skip minor versions. For example, you can’t upgrade from version 1.19.3 to version 1.21.1. You would first have to upgrade to a 1.20 build and then upgrade again to version 1.21.1.
True
True or false : When upgrading an AKS cluster, you can skip minor versions. For example, you can upgrade from version 1.19.3 to version 1.21.1.
false
The IP addresses for your pods in an AKS cluster are constantly changing. For that reason, Kubernetes implements the concept of a(n) …………………… that sits between incoming network traffic and one or more identical pods.
service
When network traffic needs to reach a particular pod in an AKS cluster, the traffic is received by the service.
The service will then balance the traffic to the pods using a round robin algorithm.
What are the 4 types of services ?
■ Cluster IP - Provides an internal IP address that can only be used within the AKS cluster.
■ NodePort - Provides a port mapping on the node, allowing network traffic to reach the node using the specified port. (Note that a different port can then be used from the service to the actual pod.)
■ LoadBalancer - Provides an Azure Load Balancer and an external IP address to allow access to the node as per load balancing rules that are created. (Internal load balancers can be created to restrict access from the Internet.)
■ ExternalName - Provides a DNS entry for AKS nodes.
Which type of networking service for AKS does this describe ?
- Provides a port mapping on the node, allowing network traffic to reach the node using the specified port.
■ Cluster IP
■ NodePort
■ LoadBalancer
■ ExternalName
■ NodePort
Which type of networking service for AKS does this describe ?
- Provides a DNS entry for AKS nodes.
■ Cluster IP
■ NodePort
■ LoadBalancer
■ ExternalName
■ ExternalName
Which type of networking service for AKS does this describe ?
- Provides an internal IP address that can only be used within the AKS cluster.
■ Cluster IP
■ NodePort
■ LoadBalancer
■ ExternalName
■ Cluster IP
Which type of networking service for AKS does this describe ?
- Provides an Azure Load Balancer and an external IP address to allow access to the node as per load balancing rules that are created. (Internal load balancers can be created to restrict access from the Internet.)
■ Cluster IP
■ NodePort
■ LoadBalancer
■ ExternalName
■ LoadBalancer
Where does one configure and create their Azure App Service Plan ?
In the Azure Marketplace
True or false : When App Service scales your app to a new tier (scaling up), there is some downtime due to spinning up the new VM
False
True or false : When App Service scales your app to a new tier (scaling up), it will take steps to ensure your application remains available during the scaling process.
True
What is the biggest benefit of the Azure App Service ?
The flexibility to scale both vertically and horizontally
When an App Service plan runs on more than one instance, the front-end …………………………. will use a …………………………………….. to load balance between all instances.
load balancer
round robin algorithm
Azure App Service is a ……………………………… offering that makes it easy to host a web app in the cloud.
SaaS
PaaS
IaaS
PaaS
When you configure an autoscale rule to scale OUT for a specific metric, what should you create as a second rule ?
A rule that scales IN when your metric drops below your desired threshold
When configuring scale out options in your Azure App Service plan, and you choose a custom auto scale, what condition applies when no other scale conditions are met ?
The Default scale condition
Where does one create a new App Service ?
From the Azure Market Place
App Service uses …………………….. authentication when configuring a third-party identity provider.
Secrets that you provide to configure the provider are securely stored in …………………………….
OAUTH
Azure Key Vault
While creating a Web App from the Azure Market Place, you don’t see your desired Azure App Service Plan.
What two things should you check ?
The OS - it needs to be the same OS as your App Service Plan
The Region - It needs to be in the same region as your App Service Plan
What is the easiest way to configure a custom domain name in Azure ?
Buy an App Service Domain
What does the App Service Domain use to manage your custom domain ?
Azure DNS
GoDaddy (registrar)
When you configure a 3rd party custom domain name for your Azure App Service, why does it sometimes takes 48 or even 72 hours to be able to validate ?
Because your 3rd party domain registrar needs time to update their DNS records
………………… are instructions that live in DNS servers and provide information about a domain including what IP address is associated with what domain, and how to handle requests for that
DNS records
What are the two configurable cadences for App Service Backup ?
Manually
On a schedule
True or false : App Service Backups are not incremental
True
Where do App Service Backups get backed up to ?
To a container within the storage account
What is the max size of an App back up ? (app content + any DB)
10 Gigabytes per backup
True or false : Azure App Service backups can be retained for an indefinite amount of time
True
In order to use App Service Backup, what tier must the App Service Plan belong to ?
Either Standard or Premium Tier
If the Azure Storage Account and the container for backup destination is in a different Azure subscription than the App service App, will the back up operation work ?
Why or why not ?
No, it will fail.
The storage account and its container must be in the same subscription as the application targeted for backup
What are the three most common ways to allow a web app in your Azure App Service to communicate with other resources in your network ?
- Private endpoints
- VNET integration
- Hybrid Connection
Hybrid connection creates a wormhole on ……………… protocol and on port ………….
TCP
443
Which of the following App service plans allow for deployment slots ?
Isolated Premium Standard Free Shared Basic
Isolated, Premium and Standard
A(n) ………………………. is a file that contains information and settings that Visual Studio uses to deploy applications and services to Azure
publish profile
True or false : Each deployment slot in an App Service Plan has its own hostname
True
