Deploy and Manage Azure Compute Resources Flashcards
1
Q
Name the 7 basic elements of an ARM template
A
$schema
contentVersion
parameters
variables
functions
resources
outputs
2
Q
What basic element of an ARM template provides source control to track changes made in the template ?
$schema contentVersion parameters variables functions resources outputs
A
contentVersion
3
Q
If you are using expressions a lot, which element of the ARM template allows you to define expressions and reuse them across the template ?
$schema contentVersion parameters variables functions resources outputs
A
functions
4
Q
Which element of the ARM template allows you to return values after a deployment ?
$schema contentVersion parameters variables functions resources outputs
A
outputs
5
Q
This ARM template element creates an array of multiple objects, each defining the service it’s going to be deploying
$schema contentVersion parameters variables functions resources outputs
A
resource
6
Q
Using ……………………. , users can define the various values that are passed at run time without changing the exact template file.
$schema contentVersion parameters variables functions resources outputs
A
parameters
7
Q
The ………………………. are key elements when dealing with nested templates to pass the values from parent template to the child templates.
$schema contentVersion parameters variables functions resources outputs
A
parameters
8
Q
…………….. define values which are used in your template to simplify template language.
Mostly, ……………….. are hard-coded values, but they also can be created dynamically using parameters or standard template functions.
$schema contentVersion parameters variables functions resources outputs
A
variables
9
Q
In an ARM template, what does the dependsON declaration do ?
A
It determines which resource must be deployed first before a specific resource
10
Q
What are the three building blocks for parametrizing your ARM templates ?
$schema contentVersion parameters variables functions resources outputs
A
parameters
variables
functions
11
Q
To obtain user input for your ARM template, you need to use…
$schema contentVersion parameters variables functions resources outputs
A
paremeters
12
Q
This section is used to keep a track of resources that are being deployed or updated.
$schema contentVersion parameters variables functions resources outputs
A
outputs
13
Q
In an ARM template, how can you make your variables dynamic ?
A
use parameters and functions within declaration of variables
14
Q
True or false : A VM must have a depandancy with the virtual network
A
False : A VM has a dependancy with a network interface. It doesn’t have to have a dependancy with a VNET, because the network interface already does
15
Q
True or false : A VM has a dependancy with a network interface.
A
True
16
Q
This element is where you set the size of the virtual machine.
In the resources section of the ARM template, which critical element is this ?
hardwareProfile
osProfile
storageProfile
networkProfile
A
hardwareProfile
17
Q
This element at a basic level is where you set the computerName and adminUsername properties. (The adminPassword property is required if you do not specify an SSH key. )
In the resources section of the ARM template, which critical element is this ?
hardwareProfile
osProfile
storageProfile
networkProfile
A
osProfile
18
Q
What are the three sub elements of the osProfile element of an ARM template, used for deploying VMs ?
A
windowsConfiguration
linuxConfiguration
secrets
19
Q
This element is where OS image is specified, and the OS and data disk configuration are set.
In the resources section of the ARM template, which critical element is this ?
hardwareProfile
osProfile
storageProfile
networkProfile
A
storageProfile
20
Q
This element is where the network interfaces for the virtual machine are specified.
In the resources section of the ARM template, which critical element is this ?
hardwareProfile
osProfile
storageProfile
networkProfile
A
networkProfile
21
Q
ARM supports 2 deployment modes : …………………………. and …………………………
A
complete
incremental
22
Q
In …………………………… mode, Azure Resource Manager deletes resources that exist in the resource group that are not in the template.
This is helpful if you need to remove a resource from Azure and you want to make sure your template matches the deployment.
A
complete
23
Q
In …………………………….. mode, Azure Resource Manager leaves unchanged resources that exist in the resource group but aren’t in the template. It will update the resources in the resource group if the settings in the template differ from what is deployed.
A
incremental
24
Q
When you are deploying ARM templates through either the Azure Portal, CLI tools, or through visual studio, what is the default mode of deployment
A
incremental mode
25
How can you deploy ARM templates in the complete mode ?
Either by using rest APIs or
"- Mode Complete" in powershell
or "-- mode Complete" in shell
26
What are two options for configuring a VHD template ?
1. Reference an image from the Azure Market Place
| 2. Reference an image you have previously created
27
In the resources section of an ARM template, where can you configure the VHD disk ?
storageProfile
28
To generate an ARM template, you can use the ..................................... for the resource group. It generates a template that represents the current state of the resource group.
Automation Script menu option
29
Clicking the .......................................... option allows you to paste in template code directly.
This allows you to author and then deploy templates using the Azure portal for simple testing.
Build Your Own Template In The Editor
30
When editing a template with in the Azure Portal / Template editor, what is the big advantage presented by the "edit parameters" option ?
A parameters file can be downloaded and is used to provide different behaviors for the template at deployment time without modifying the entire template.
31
What are three features of Azure that allow you to configure and build highly resilient and available systems ?
Availability zones
Availability sets
Load balancers
32
In an enabled region, what is the minimum number of availability zones ?
3 availability zones
33
....................... are separate units - each with its own power, cooling, and network - which provide higher resiliency and protect applications and data from disruptions in the data centers
Availability Zones
34
A(n) .................................. represents a group of servers, which share power, cooling, and networking. A(n) .................... represents a group of servers that can be rebooted at the same time.
fault domain
| update domain
35
When you create VMs in three availability zones, the VMs will automatically be distributed across how many fault domains ? How many update domains ?
3 fault domains
| 3 update domains
36
If you are unable to set an availability zone while creating the VM, what is the most likely problem ?
Most likely, Availability Zones are not yet available in the selected region
37
Each availability set can have up to .............. update domains and ............... fault domains
20 update domains
| 3 fault domains
38
How many VMs are required in a single availability set in order to be able to provide redundancy ?
at least 2 VMs
39
What is a proximity placement group ?
A logical grouping of VMs to reduce latency by keeping them close together
40
When you create a VM, after selecting the region, what are the three options under "availability options" ?
How many may you select ?
"No infrastructure redundancy required"
"Availability Set
"Availability Zone"
Only one
41
What is an aligned availability set ?
When the VM uses managed disks and is placed in an availability set
42
A(n) ...................... ensures that all managed disks attached to a VM are within the same managed disk fault domain
aligned availability set
43
By default, a VMSS supports up to ................. instances that are placed within a single ................
100
| placement group
44
How can you create a VMSS that supports up to 1000 instances ?
You need to place instances into multiple placement groups
45
Using multiple placement groups in a VMSS is commonly referred to as a(n) ...............................
large scale set
46
You create a VMSS that will only need to scale up to 300 instances. Which should you use ?
A) Azure Load Balancer, basic SKU
B) Azure Load Balancer, standard SKU
C) Azure Application Gateway
Azure Load Balanacer, Basic SKU
It supports a max of 300 instances
Azure Load Balancer standard SKU and Azure Application Gateway can support 1000
47
True or false : All instances of a VMSS use the same OS disk image
True
48
What is a zone redundant scale set ?
A VMSS deployed to multiple availability zones
49
How can you create higher redundancy for a VMSS ?
Deploy the VMSS over multiple availability zones (zone redundant scale set)
50
The VMSS resource property "Upgrade policy" can be set to either automatic, rolling, or manual. Which option may cause downtime ? Which uses multiple batches ?
Automatic may cause downtime
Rolling uses multiple batches and helps avoid downtime
51
True or false : The Azure Portal creation process supports VM extensions for VMSS
False
They can be applied using CLI tools or an ARM template
52
What are the two spreading algorithms applicable to a VMSS ?
Max spreading
| Fixed spreading
53
When doing advanced configurations for a VMSS, the .......................................... decides how scale set instances will be placed in a fault domain
Spreading Algorithm
54
A VMSS with "Max spreading" distributes instances in ............
the maximum amount of fault domains possible for each availability zone used
55
A VMSS with a(n) ................................ restricts instances to exactly 5 fault domains
fixed spreading algorithm
56
For deploying a VMSS with multiple availability zones, which type of spreading algorithm is recommended ?
Max spreading algorithm
57
A VMSS is using a fixed spreading algorithm, and there are less than five fault domains available. What will happen ?
The deployment will fail
58
Why is the "health" tab important when creating a VMSS ?
Because you can enable health monitoring for the VMSS, which is necessary for automatic OS upgrades as well as other managed infrastructure features
59
What are the two most common virtual machine extensions ?
Windows PowerShell Desired State Configuration (DSC)
Custom Script Extension
60
The Windows PowerShell DSC extension defines the state of a VM using what language ?
It uses the PowerShell Desired State Configuration language
61
The Windows PowerShell DSC can perform continuous updates when integrated with the .............................. service.
Azure Automation DSC service
62
The ............................ extension can be used to execute an arbitrary command such as a bash file, regular PowerShell script, or a bash script
custom script
63
What kind of extension is ideal for bootstrapping a VM to an initial configuration ?
a custom script extension
64
True or false : A custom script extension can be executed anytime the VM is running
True
65
In the event your custom script extension fails to execute what is the first place to check to troubleshoot ?
The Windows or Linux log files
66
What parameters does a custom script extension need in order execute ?
1) ........................................
2) ........................................
3) Any other parameters to pass the script
The URI where the script is accessed
The command to execute
67
While ..................................... are used to protect applications from hardware failures within an Azure data center, ........................................... , protect applications from complete Azure data center failures.
availability sets
availability zones
68
What are the 4 essential parameters for configuring a VMSS ?
Minimum instances
Maximum instances
Metrics
Time
69
What are the 6 different VM sizes ?
```
General purpose
Compute optimized
Memory optimized
Storage optimized
GPU optimized
HPC
```
70
Azure virtual machines make it relatively easy to change the size of a virtual machine, even after it has been deployed.
However what two things should you consider with this approach ?
The first consideration is to ensure that the region your VM is deployed to supports the instance size that you want to change the VM to.
The second consideration is whether the new size is supported in the current hardware clus- ter in which your VM is deployed.
71
A VM whose size you want to change is part of an availability set.
The desired size is not available on this hardware cluster.
What must one do for the resizing operation ?
Make sure all VMs in the availability set are stopped before restarting with the target size
72
True or false : VMs in the same availability set all use the same hardware cluster
True
73
What are the three source types from which you can create a new Managed Disk ?
Snapshot
Storage blob
None
74
When you create a virtual machine, you need to configure its network<
What are the 7 fields of the VM to configure and/or specify ?
```
The VNET
The SUBNET
The Public IP
The NIC network security group
Public Inbound ports
Accelerated networking enabled
Add to existing load balancing pool
```
75
This feature improves performance by bypassing the virtual switch between the host VM and the physical switch.
Accelerated networking
76
True or false : A VM can only have one network interface
False, it can have multiple network interfaces
77
After configuring the "networking" tab while creating a VM, what are two more things to add or create before deploying your VM ?
1. Authentication options (username and password)
| 2. Add one or multiple network interfaces for a VM
78
What protocol do you use to connect remotely to a Windows VM ?
Remote Desktop Protocol
79
What protocol do you use to connect remotely to a Linux VM ?
SSH protocol
80
What service Azure allows you connect remotely to both Linux VMs and Windows VMs ?
Azure Bastion
81
When you enable disk encryption for a VM, what are the three options available to choose from under "Disks to encrypt" ?
None
OS Disk
OS Disks and Data disks
82
What are the five steps for encrypting disks with a platform managed key ?
1. Choose the VM disks to encrypt [OS disk, OS and data disks]
2. Spin up a new Key Vault and a new Key
3. Activate "Azure Disk Encryption for Volume Encryption" in the key vault
4. Associate the new key with the target VM
5. Save and restart the VM
83
True or false : Storage accounts are always encrypted
True
84
Azure Disk Encryption makes sure that .................. are individually encrypted at rest
VHD files
85
Where are the keys for encrypted VM disks stored ?
In the Azure Key Vault
86
What are the two types of Azure Disk Encryption ?
Which one is the default ?
1. Encryption at rest with a platform managed key (default)
| 2. Encryption at rest with a customer managed key
87
What is a Disk Encryption Set ?
A resource for simplifying key management for managed disks.
It is automatically associated with a managed service identity in Azure AD
88
When you specify a ....................................... , that key is used to protect and control access to the key that encrypts your data.
customer-managed key
89
For encryption at rest with a customer managed key, Azure Managed Disks uses ......................., ......................, and ......................
Disk Encryption Sets
Azure AD
Azure Key Vault
90
What are the 4 steps for activating encryption at rest with a customer managed key ?
1. An admin user creates the Disk Encryption Set
2. A VM user encrypts disks by associating them to a Disk Encryption Set resource
3. The managed disk uses the Managed Service Identity of the DES to authenticate with Azure AD for access to Azure Key Vault
4. Managed Disks can then set get, wrap, and unwrap key requests to Azure Key Vault for the Data Encryption Key Protection
91
Containers allow you to package an application and all its dependencies into a compressed package called a(n) ...................
image
92
A(n) ................................................ is the top-level object in ACI, and it represents all the containers running on a particular computer.
container group
93
What deployment method allows you to deploy a container group to run multiple containers ?
using ARM templates
94
True or false : When multiple containers are in the same container group, they share the same URL
True
95
True or false : When multiple containers are in the same container group, each container has a different URL
False
96
When multiple containers are in a container group, they share the same URL, so you’ll need to specify a separate............................ for each container.
port
97
Multi container groups are only currently supported on ........
A) Windows
B) Linux
B) Linux
98
The containers in a .................................. share a lifecycle, resources, local network, and storage volumes.
container group
99
What is the approximate equivalent to a container group in Kubernetes ?
a pod
100
In Azure Container Instances, by default, how many CPU cores does a single container use ? What is the max number of CPU cores it can use ?
it uses 1 CPU core by default
| it can use up to 4 CPU cores maximum
101
If you want to change the number of cores or amount of memory of a single ACI container instance, what must one do ?
You have to delete the existing container and deploy a new one of the desired size.
102
AKS deployments run in a cluster, and each computer in the cluster is referred to as a(n) .....................
node
103
In AKS, there is a single node that’s responsible for the other nodes in the cluster, and that node is commonly referred to as the .............................
control plane
104
With AKS, when multiple containers are running in a pod, they share .................... and .........................
storage
| a single IP address
105
When creating Azure Disks for an AKS cluster, in which resource group should you deploy the disks ?
The same resource group that contains the AKS cluster
106
True or false : Azure disks can be used by multiple pods in an AKS cluster
False
| Azure Disks can only be used by a single pod
107
What storage service should you use if you need persistent data for multiple pods in an AKS cluster ?
Azure Files
108
Persistent volumes can also use ........................... or ..............................., and they can either be created by the AKS cluster administrator or by the Kubernetes API.
Azure Files
Azure Disks
109
When you create storage with the pod in an AKS cluster, is the storage persistent ?
No, the storage will be deleted when the pod is deleted
110
Where do persistant volumes exist within an AKS cluster ?
Within the cluster but outside of any individual pod
111
Kubernetes connects the persistent volume to the pod using a .............................
persistent volume claim
112
To manually scale your pods, you can use .................... , a command-line tool provided by Kubernetes.
Kubectl
113
Kubernetes provides two autoscaler components to make it easy to configure auto-scaling; the ...................................... and the ....................................
horizontal pod autoscaler (HPA)
cluster autoscaler
114
What underlying technology or service does AKS use to do cluster autoscaling ?
VMSS
115
When creating an AKS cluster, you have two options for networking:............................... and .......................... .
kubenet
| Azure Container Networking Interface (CNI)
116
kubenet networking for an AKS cluster is also known as ..........................
basic networking
117
CNI networking for an AKS cluster is also known as ...............................
Advanced networking
118
What is the difference between CNI networking and kubenet networking ?
When you use kubenet networking, each node in the cluster gets an IP address from the VNet subnet where the cluster is deployed.
However, each pod within the cluster gets an internal IP address from an address space explicitly set aside for the pods
When you use CNI networking, both the nodes and the pods receive an IP address from the subnet.
119
In an AKS cluster, which form of networking requires less IP addresses, but also Network Address Translation (NAT) to communicate with the pods ?
kubenet networking
120
When upgrading an AKS cluster, Kubernetes updates
A) all nodes at once
B) one node at a time
B) one node at a time
121
True or false : When upgrading an AKS cluster, you cannot skip minor versions. For example, you can’t upgrade from version 1.19.3 to version 1.21.1. You would first have to upgrade to a 1.20 build and then upgrade again to version 1.21.1.
True
122
True or false : When upgrading an AKS cluster, you can skip minor versions. For example, you can upgrade from version 1.19.3 to version 1.21.1.
false
123
The IP addresses for your pods in an AKS cluster are constantly changing. For that reason, Kubernetes implements the concept of a(n) ........................ that sits between incoming network traffic and one or more identical pods.
service
124
When network traffic needs to reach a particular pod in an AKS cluster, the traffic is received by the service.
The service will then balance the traffic to the pods using a round robin algorithm.
What are the 4 types of services ?
■ Cluster IP - Provides an internal IP address that can only be used within the AKS cluster.
■ NodePort - Provides a port mapping on the node, allowing network traffic to reach the node using the specified port. (Note that a different port can then be used from the service to the actual pod.)
■ LoadBalancer - Provides an Azure Load Balancer and an external IP address to allow access to the node as per load balancing rules that are created. (Internal load balancers can be created to restrict access from the Internet.)
■ ExternalName - Provides a DNS entry for AKS nodes.
125
Which type of networking service for AKS does this describe ?
- Provides a port mapping on the node, allowing network traffic to reach the node using the specified port.
■ Cluster IP
■ NodePort
■ LoadBalancer
■ ExternalName
■ NodePort
126
Which type of networking service for AKS does this describe ?
- Provides a DNS entry for AKS nodes.
■ Cluster IP
■ NodePort
■ LoadBalancer
■ ExternalName
■ ExternalName
127
Which type of networking service for AKS does this describe ?
- Provides an internal IP address that can only be used within the AKS cluster.
■ Cluster IP
■ NodePort
■ LoadBalancer
■ ExternalName
■ Cluster IP
128
Which type of networking service for AKS does this describe ?
- Provides an Azure Load Balancer and an external IP address to allow access to the node as per load balancing rules that are created. (Internal load balancers can be created to restrict access from the Internet.)
■ Cluster IP
■ NodePort
■ LoadBalancer
■ ExternalName
■ LoadBalancer
129
Where does one configure and create their Azure App Service Plan ?
In the Azure Marketplace
130
True or false : When App Service scales your app to a new tier (scaling up), there is some downtime due to spinning up the new VM
False
131
True or false : When App Service scales your app to a new tier (scaling up), it will take steps to ensure your application remains available during the scaling process.
True
132
What is the biggest benefit of the Azure App Service ?
The flexibility to scale both vertically and horizontally
133
When an App Service plan runs on more than one instance, the front-end ............................... will use a ............................................ to load balance between all instances.
load balancer
round robin algorithm
134
Azure App Service is a .................................... offering that makes it easy to host a web app in the cloud.
SaaS
PaaS
IaaS
PaaS
135
When you configure an autoscale rule to scale OUT for a specific metric, what should you create as a second rule ?
A rule that scales IN when your metric drops below your desired threshold
136
When configuring scale out options in your Azure App Service plan, and you choose a custom auto scale, what condition applies when no other scale conditions are met ?
The Default scale condition
137
Where does one create a new App Service ?
From the Azure Market Place
138
App Service uses .......................... authentication when configuring a third-party identity provider.
Secrets that you provide to configure the provider are securely stored in ..................................
OAUTH
Azure Key Vault
139
While creating a Web App from the Azure Market Place, you don't see your desired Azure App Service Plan.
What two things should you check ?
The OS - it needs to be the same OS as your App Service Plan
The Region - It needs to be in the same region as your App Service Plan
140
What is the easiest way to configure a custom domain name in Azure ?
Buy an App Service Domain
141
What does the App Service Domain use to manage your custom domain ?
Azure DNS
| GoDaddy (registrar)
142
When you configure a 3rd party custom domain name for your Azure App Service, why does it sometimes takes 48 or even 72 hours to be able to validate ?
Because your 3rd party domain registrar needs time to update their DNS records
143
..................... are instructions that live in DNS servers and provide information about a domain including what IP address is associated with what domain, and how to handle requests for that
DNS records
144
What are the two configurable cadences for App Service Backup ?
Manually
| On a schedule
145
True or false : App Service Backups are not incremental
True
146
Where do App Service Backups get backed up to ?
To a container within the storage account
147
What is the max size of an App back up ? (app content + any DB)
10 Gigabytes per backup
148
True or false : Azure App Service backups can be retained for an indefinite amount of time
True
149
In order to use App Service Backup, what tier must the App Service Plan belong to ?
Either Standard or Premium Tier
150
If the Azure Storage Account and the container for backup destination is in a different Azure subscription than the App service App, will the back up operation work ?
Why or why not ?
No, it will fail.
The storage account and its container must be in the same subscription as the application targeted for backup
151
What are the three most common ways to allow a web app in your Azure App Service to communicate with other resources in your network ?
1. Private endpoints
2. VNET integration
3. Hybrid Connection
152
Hybrid connection creates a wormhole on .................. protocol and on port .............
TCP
| 443
153
Which of the following App service plans allow for deployment slots ?
```
Isolated
Premium
Standard
Free
Shared
Basic
```
Isolated, Premium and Standard
154
A(n) ............................ is a file that contains information and settings that Visual Studio uses to deploy applications and services to Azure
publish profile
155
True or false : Each deployment slot in an App Service Plan has its own hostname
True
