Quiz Flashcards
- Subscription A:
- -RG 1 (North Europe)
- –Storage Account S1
- -RG 2 (North Europe)
- Subscription C:
- -RG 3 (Australia East)
- -RG 4 (Australia East)
Can you move the storage account S1:
RG1 -> RG2?
RG1 -> RG3?
RG1 -> RG4?
Yes, Yes, Yes.
You CAN MOVE a resource from subscription to another subscription, even if the location is different
- Subscription A:
- -RG 1 (North Europe)
- –App Service AS1
- -RG 2 (North Europe)
- Subscription C:
- -RG 3 (Australia East)
- -RG 4 (Australia East)
- –App Service AS2
Can you move the App Service AS1:
RG1 -> RG2?
RG1 -> RG3?
RG1 -> RG4?
Yes, Yes, No.
Usually you can move a resource across subscriptions, regardless of differences in region. However, in this specific case you can not have more than 1 app service in a resource group.
RG1
- VM
- VNet
- Internal Load Balancer
- Public Load Balancer
What permissions would a user need to configure a backend pool to the internal load balancer?
What permissions would a user need to configure a health probe to the public load balancer?
Network Contributor on RG1 for both!
Remember: Follow the principle of least privilege.
RG1
- VM1
- VM2
- VM3
- VNet
- Basic Load Balancer
- Standard Load Balancer
In order to balance requests across the 3 VMs using the basic load balancer, the VMs must be?
In order to balance requests across the 3 VMs using the standard load balancer, the VMs must be?
In the same VNet for the basic load balancer
In the same availability set or VM scale set for the standard load balancer.
RG1
- VNet1
- -VM1
- –NIC1
- NIC 2
All resources in Same location.
Can you attach NIC2 to VM1?
Yes! As long as the VM and the NIC are in the same region
RG1 (West Europe)
- VNet1 (West Europe)
- -VM1 (West US)
- -NIC1 (West US)
RG 2 (East Us) -NIC2 (West US)
Can you attach NIC2 to VM1?
Yes you can because the VM and NIC are in the same region.
RG1 (North Europe)
- Storage Account SA1 (North Europe)
- Recovery Services Vault RSV1 (West Europe)
RG2 (North Europe)
- Recovery Services Vault RSV2 (North Europe)
- VM1 (West Europe)
- DB1 (West US)
What resources can be backed up with RSV1?
What resources can be backed up with RSV2?
VM1 can be backed up to RSV1 because they are in the same region.
File share can be backed up to RSV1. SA1 is in the same location. Caution!! Blobs can not be backed up!
John has no role
Anne is a global admin
Sophie is Intune admin
Marc is cloud device admin.
John joins his computer to an Azure AD tenant.
What users are admins on this Computer?
John and Anne.
The person who joins the computer will be admin. Global admins will also be admins.
Azure
- Storage Account SA1
- -cat.txt
- Azure File Sync ASF1
- -Sync Group SG1
On Prem
- server1
- -D:\data1
- –cat.txt
- –dog.txt
- server2
- -D:\data2
- –mouse.txt
- –dog.txt
If we add the file shares to the sync group then add the servers as endpoints. Will files with naming conflicts be overwritten (i.e., cat.txt in SA1 and cat.txt on server1)
No they will not be overwritten.
cat.txt cat-server1.txt dog-server1.txt mouse.txt dog.txt
Subscription A
- RG 1
- -VNet1
- –Subnet1
- —VM1
- —DNS Server
- RG 2
- -VNet2
- –Subnet2
- —VM2
How to enable VM2 to resolve DNS names?
Configure virtual network peering between the VNet1 and VNet2
Application Gateway AG1
- Pool1 http://ILikeThisExam.com/networking
- Pool2 http://ILikeThisExam.com/AAD
Application Gateway AG2
- Pool1 http://azure-practiceTests.com
- Pool2 http://succeedTheExam.com
What do you need to configure AG1?
What do you need to configure AG2?
A URL path-based routing rule for AG1 (the URL paths are the same)
Multi-site listeners for AG2 (the URL paths are different)
Storage Account SA1
Vnet1
- VM1
- VM2
How to access SA1 from VM1 and VM2?
a. Generate access signature
b. Enable vnet peering
c. Enable service endpoints
c. Enable service endpoints (allow you to secure you azure resources to your vnets)
Web Application in North Europe.
How do we backup this app?
Create a Recovery Services Vault in the same region as the app.
Web Application app1
- SQL Database
- Web Front End
- Processing Middle Tier
How many subnets required for app1?
3, one for each layer.
Users
- John Cloud device Admin
- Sophie User Admin
VM1 - Azure AD Registered
VM2 - Azure AD Joined
Group1 - Assigned
-John Owner
Group2 - Dynamic Device
-Sophie Owner
Can John add VM2 to Group1?
Can Sophie add VM1 to Group1?
Can Sophie add VM1 to Group2?
Yes, John is a Cloud Device Admin (can enable, disable and delete devices in Azure AD) and he is the owner of Group1.
Yes, Sophie is a User Admin (can create and manage all groups)
No, group 2 is a dynamic device group.
Web Servers, Accessible from Internet, 5 VMs
Business Logic, Not Accessible from Internet, 50 VMs
SQL Database Servers, Not Accessible from Internet, 5 VMs
What resource is required to spread requests from web servers equally across the 50 VMs in the business logic layer?
- Application Gateway
- Application Gateway with WAF
- NSG
- Internal Load Balancer
- Public Load Balancer
- Internal Load Balancer.
Load Balancer is used to balance incoming traffic to a backend pool of VMs.
Internal because the load balancer is not accessible from the Internet.
VNet
- Subnet
- -VM 1
- -VM 2
How to inspect all traffic between the VMs?
run Packet Capture on Azure Network Watcher
Users (IT admins)
- John
- Sophie
- Marc
Subscription S1
- VM1
- VM2
How to limit IT admins to a parituclar SKU size for VMs?
- RBAC role
- AD role for the IT admin group
- Azure Policy assigned to the subscription
- Assign subscription policy to the IT admin group
- Azure Policy assigned to the subscription
Subscription A
-VM 1
NIC nic1
Attach nic1 to the existing VM1, what is the first step?
The existing VM1 must be stopped before attaching the NIC
VNet1
-VM1
VNet2
-VM2
VNets are peered, how to investigate traffic flow between the 2VMs?
- Application Insights?
- Azure Advisory
- Azure Security Center
- IP Flow Verify
- IP Flow Verify
IP flow verify checks if a packet is allowed or denied to/from a virtual machine
VNet1
- VM1
- -Public IP
- -Private IP
- VM2
- -Public IP
- -Private IP
- VM3
- -Public IP
- -Private IP
All VMs require the same inbound and outbound security rules.
What is the a) minimum number of network interfaces b) min number of NSGs?
3 NICs, one required for each VM to have Public and Private IP addresses.
1 NSG can cover all VMs because the inbound and outbound security rules are the same.
How to achieve an SLA of 99.95% for Two VMs?
a) Scale Set
b) Availability Set
c) Traffic Manager
VMs must be deployed in the same availability set.
Users
- Steve (Owner)
- John (Security Admin)
- Alice (Network Contributor)
VNet 1
Who can a) Add a subnet b) Add reader role access for a user
a) Steve and Alice
b) Steve
