General

Question 1

Export all resource in a RG as a template

Answer 1

Export-AzResourceGroup cmdlet

Question 2

Create a template from a deployment in the deployment history of a RG.

Answer 2

Save-AzResourceGroupDeploymentTemplate

Question 3

Deployment history of RG

Answer 3

Get-AzResourceGroupDeployment

Question 4

All operations performed during deployment

Answer 4

Get-AzResourceGroupDeploymentOperation

Question 5

Register this provider namespace for Azure Log Analytics workspace.

Answer 5

Microsoft.OperationalInsights

Question 6

Register this provider namespace for Azure Policy which is used for governance and guard rails within the Azure landing zone

Answer 6

Microsoft.PolicyInsights

Question 7

Register this provider namespace forAzure Autmoation that automates different tasks within the environment (ex: patching servers)

Answer 7

Microsoft.Automation

Question 8

Register this provider namespace for Azure Event Hubs, a big data streaming platform and event ingestion service that can be integrated with Azure native services.

Answer 8

Microsoft.NotificationHubs

Question 9

1. ArcPull
2. ArcPush
3. Owner

Answer 9

Authenticate with an ACR using Azure AD service principal.
What are the roles assigned to ACR to pull a non-quarantined image?

Question 10

Pull.
Docker pull a non-quarantined image or pull another supported artifact, such as Helm chart, from a registry.
Requires authentication with the registry using authorized identity.

Answer 10

ArcPull

Question 11

Pull and push
Docker push an image or push another supported artifact, such as Helm chart, to a registry.
Requires authentication with the registry using authorized identity.

Answer 11

ArcPush

Question 12

Pull, push, and assign roles to others
Access resource manager
Create/delete registry
Push/pull image
Delete image data
Change policies
No - assign images

Answer 12

ACR role - Owner

Question 13

Delete container images or other supported artifacts such as Helm chart, from a registry.

Answer 13

ArcDelete

Question 14

Sign images, usually assigned to an automated process, which would use a service principal

Answer 14

ArcImageSigner

Question 15

True/False
KEDA checks once every 30 seconds

Answer 15

True (KEDA polling interval)

Question 16

True/False
If queue is > 0, KEDA scales the app by adding one new instance

Answer 16

True (KEDA scale up step)
Rate new instances are added: 1, 4, 8, 16, 32, …, maxReplicas

Question 17

Scale up to 30 host instances
Enhanced compute capabilities
Web apps are hosted on dedicated VMs

Answer 17

Azure App Service plan: Premium V2

Question 18

Virtual instances are shared with other customers.
Multi-tenant infrastructure.
Designed for development and testing
No autoscale
1 instance

Answer 18

Azure App Service plan: Shared

Question 19

Expensive

Answer 19

Azure App Service plan: Isolated

Question 20

Scale up to 10 host instances
Storage 5 GB
Web apps are hosted on dedicated VMs

Answer 20

Azure App Service plan: Standard

Question 21

Deployment template file
Gets the resource group object that will be used to deploy the template.
resourceGroup().location = location parameter

Answer 21

resourceGroup()

Question 22

Deploy scripts as continuous WebJobs
Create as linked to a web project
Supported in Basic App Service plan

Answer 22

WebJobs

Question 23

3 instances
No autoscale

Answer 23

Azure App Service plan: Basic

Question 24

Can be hosted on Windows or Linux

Answer 24

.NET Core 3.0

Question 25

Can be hosted on Windows

Answer 25

ASP.NET 4.8

Question 26

Networking feature
Configure access to App Services
Provide service endpoints or private endpoints
Load balancing between regional instances

Answer 26

Azure Application Gateway

Question 27

Create scalable web applications with instances across multiple regions
Support for Web Application Firewall
Load balancing across multiple regions

Answer 27

Azure Front Door

Question 28

Efficiently deliver web content to globally distributed users.
High-bandwidth physical delivery nodes placed at strategic locations across the globe.

Answer 28

Azure Content Delivery Network (CDN) endpoints

Question 29

Centralize an organization’s file shares
Cache Azure file shares to on-premises Windows file servers

Answer 29

Azure File Sync

Question 30

Can be hosted on Linux

Answer 30

PHP 7.3

Question 31

Can be hosted on Linux

Answer 31

Ruby 2.6

Question 32

Adds additional fieds during the creation/update of a resource
If field exists and values are different from policy, policy acts as a deny

Answer 32

Subscription Policy - Append effect

Question 33

Create a warning event in the activity log for non-compliant resources

Answer 33

Subscription Policy - Audit effect

Question 34

Evaluated if the request executed by Resource Provider resturns a success status code.
Triggered if the resource does NOT exist or the resource defined by ExistenceCondition is evaluated as false

Answer 34

Subscription Policy - DeployIfNotExists effect

Question 35

Disabled
Append
Deny
Audit

Answer 35

Subscription Policy - order of effect evaluation

Question 36

create new resource tag

Answer 36

New-AzTag

Question 37

1. Create Azure AD group; add users to group
2. Enable SSPR with Selected option
3. Select Azure AD group for which you want to allow SSPR
4. Register authentication method for SSPR

Answer 37

Steps to configure SSPR

Question 38

User Azure CLI
Ensures that the subscription logged into works with Azure Policies
Microsoft.PolicyInsights
Contributor & Owner roles

Answer 38

Azure Policy Insights

Question 39

Create/configure policies
Create support tickets
Read resources

Answer 39

Resource Policy Contributor

Question 40

Prevents deletion of resources in RG.
Allows changes to resources in RG.

Answer 40

CanNotDelete lock

Question 41

Prevent addition of resources to RG

Answer 41

ReadOnly lock

Question 42

Cost savings by leveraging existing on-premises licenses.

Answer 42

Azure Hybird Benefit

Question 43

Quickly deploy/manage identical load balanced VMs

Answer 43

VM scale set

Question 44

User Principal Names
Add UPN as guest users in Azure AD tenant.
This sends an invitation to users to access services.

Answer 44

UPN

Question 45

Need to enable
Allow hybrid users to use SSPR

Answer 45

Password writeback

Question 46

Specify requirements for users to access Azure AD protected apps

Answer 46

Conditional access policy

Question 47

Prevents configuration drift on newly deployed or existing Azure or on-premises nodes

Answer 47

Azure Automation Desired State Configuration (DSC)

Question 48

Allows customers to define own rules for using Azure.
JSON statements

Answer 48

Custom Azure Policy template

Question 49

Remove subscription from current management group

Answer 49

Remove-AzManagementGroupSubscription

Question 50

Add subscription to a management group

Answer 50

New-AzManagementGroupSubscription

Question 51

Delete management group

Answer 51

Remove-AzManagementGroup

Question 52

Update supported parameters, such as display name or change the management group parent

Answer 52

Update-AzManagementGroup

Question 53

An App Service cannot be moved with an SSL certificate configured

Answer 53

SSL (Secure Sockets Layer)

Question 54

Do NOT move within same subscription.

Answer 54

Load Balancer

Question 55

Disable before moving VNet.

Answer 55

peer VNet

Question 56

Can be moved within same subscription.
Move all dependent resources with it (Redis cache)

Answer 56

VNet

Question 57

Azure AD entitlement management with Microsoft Graph PowerShell.
Retrieve catalog identifier

Answer 57

Microsoft Entra ID Governance

Question 58

Required for SSPR

Answer 58

Azure AD Premim P1

Question 59

Required for SSPR.
Secure way to send password updates back from Azure AD to onpremises AD DS

Answer 59

Azure AD Connect

Question 60

Create/manage users, groups
Manage support tickets
Monitor service health

Answer 60

User Access Administrator

Question 61

Manage user access to Azure resources but grants full access to all resources
User Access Administrator Role + Contributor Role

Answer 61

Owner role

Question 62

Create/manage all types of resources
NO - manage users’ access to resources in subscription

Answer 62

Contributor Role

Question 63

No - Azure resources
Grants permissions to manage users/groups in Azure AD tenant associated with subscription

Answer 63

User Administrator role

Question 64

Roles assigned to resources does NOT move - orphanced
The roles need to be re-created

Answer 64

Migration between subscriptions

Question 65

One of the products specified in the group contains a service plan that conflics with another service plan already assigned to the user via a different product.

Answer 65

MutuallyExclusiveViolation

Question 66

LRS to ZRS
Azure Files NFSv4.1

Answer 66

Manual migration of file storage

Question 67

LRS to GRS and RA-GRS

Answer 67

Azure portal migration of file storage

Question 68

LRS to GRS and RA-GRS

Answer 68

PowerShell migration of file storage

Question 69

LRS to ZRS
NOT Azure Files NFSv4.1

Answer 69

Live migration of file storage

Question 70

1. Open Azure Storage Explorer
2. Connecto to “
3. Create blob container
4. Upload blob to blob container
5. Get SAS for blob and specify start/expiry time and permissions
6. Use HTTPS to provide access of the URL to user

Answer 70

Steps to give SAS access using Azure Storage Explorer

Question 71

Use to migrate resources into Blob Storage , Queue, and Table resources using AzCopy.
User Azure AD credentials

Answer 71

Azure AD authorization

Question 72

Use for Azure files, an identity-based authorization over SMB
Hosted in Azure

Answer 72

Azure AD DS authorization

Question 73

Use for Azure files, an identity-based authorization over SMB
Hosted on-prem

Answer 73

AD DS authorization

Question 74

1. Create storage account (New-AzStrorageAccount)
2. Get access key (Get-AzStorageAccountKeys)
   3&4. Create file share
   
   • New-AzStorageContext
   • New-AzStorageShare
3. CMDKEY on Windows Servers - to store access
4. New-PSDrive on Windows Servers - map drive

Answer 74

Steps to mount file share in a new storage account

Question 75

Requirement for mounting Azure file sahre as on-premises SMB file share on on-premises network

Answer 75

TCP port 445 open in on-premises internet firewall

Question 76

Private connection between on-premises network and Microsoft cloud.
No need to configure on-premises firewall

Answer 76

ExpressRoute circuit

Question 77

Set Share ACL operation with SMB protocol
Additional level of control over SAS

Answer 77

Stored Access Policy for file shares

Question 78

Physical device
Import/export data from Azure
Terabytes of data

Answer 78

Azure Data Box

Question 79

Enables service endpoint (Microsoft.Storage) on the subnet for a storage account
Allows connections from storage account to subnet.

Answer 79

Set-AzVirtualNetworkSubnetConfig

Question 80

Makes the changes persistent

Answer 80

Set-AzVirtualNetwork

Question 81

Add firewall exception on the NetworkRule property in the storage account.
Allows communication from subnet to storage account

Answer 81

Add-AzStorageAccountNetworkRule

Question 82

Updates NetworkRule property to allow other Azure services, like Backup or Event Hubs, to have access to storage account

Answer 82

Update-AzStorageAccountNetworkRuleSet

Question 83

Allow connections from other Azure services

Answer 83

Update-AzStorageAccountNetworkRuleSet -Bypass AzureServices

Question 84

Modify storage account
Set a tag, update customer domain, update type of account

Answer 84

Set-AzStorageAccount

Question 85

Remove NetworkRule property from storage account

Answer 85

Remove-AzStorageAccountNetworkRuleSet

Question 86

-Bypass
-None (remove access to all Azure services)
-Metrics
-Logging

Answer 86

Parameters for Update-AzStorageAccountNetworkRuleSet

Question 87

Shared Access Signature
URL
Define time-limited read-only or read-write access to storage account resource
Configure a stored access policy
Validate data written using a SAS
Revoke SAS by deleting a stored access policy

Answer 87

SAS

Question 88

Azure AD, SAS

Answer 88

Blob storage authentication methods

Question 89

SAS

Answer 89

File storage authentication methods

Question 90

Port 445
Users SMB protocol on port 445
Error 67 - blocked port
- Can use domain services, either on-premises or in Azure, to support identity-based access to Azure file shares over SMB protocol

Answer 90

Azure file shares

Question 91

Port 2049

Answer 91

Network File Share (NFS) protocol

Question 92

Error 53
Suuport Azure file shares

Answer 92

New Technology LAN Manager version 1 (NTLMv2)

Question 93

2 options:
1. ad-hoc SAS
2. stored access policy

Answer 93

SAS options

Question 94

Specify start & expiration time, permissions to URI

Answer 94

ad-hoc SAS

Question 96

1. Put Blob
2. Put Block List
3. Copy Blob
4. Set Blob Metadata

Answer 96

Blob versioning

Question 97

Create new block, page, or append blob
Update existing block blob (overwrite metadata)

Answer 97

Blob versioning - Put Blob

Question 98

Writes a blob by specifying the list of block IDs that make up the blobl.
Update a blob by uploading only those blocks that have changed and committing the new/existing blocks together

Answer 98

Blob versioning - Put Block List

Question 99

Copies a blob to a destination within the storage account

Answer 99

Blob versioning - Copy Blob

Question 100

Sets user-defined metadata for the specified blob as one or more name-value pairs

Answer 100

Blob versioning - Set Blob Metadata

Question 101

Zone-redundant storage
Copies data synchronously across 3 AZs in the primary region to provide high availability
Protects against failure at physical location bud does not protect against region-wide failures.

Answer 101

ZRS

Question 102

Locally Redundant Storage
Copie data synchronously 3x within a single physical location

Answer 102

LRS

Question 103

GRS - protect against reginal outages
GZRS - maximize availability and durability of

Answer 103

GRS, GZRS