Random

Question 1

What minimum Azure Active Directory (AD) license is required to use conditional access?

Answer 1

Premium p1

Question 2

Number of policies in an initiative?

Number of parameters in an initiative?

Answer 2

1000 policies

300 parameters

Question 3

How many parameters in a policy? Maximum

Answer 3

Max 20

Question 4

What does wa import export tool do for encryption?

Answer 4

• It encrypts the data on the drive with Advanced Encryption Standard (AES) 256-bit BitLocker.

Question 5

Which Azure command-line interface (CLI) command would you use to create a policy definition?

Answer 5

Az create policy definition create

Question 6

How many Vnets can you have per subscription per region?

Answer 6

50

Question 7

Why would you use Static IP on your VNET

Answer 7

For DNS Name resolution
For linked TSL/SSL
For role-baed VMs such as domain controllers

Question 8

What does Azure DNS do?

Answer 8

Name resulution between vnets & to the internet (public zone)
Delegate domain from other domain
Create alias record for domain
It integrates with ARM

Question 9

What is a DNS Name server?

Answer 9

Server to which a rquiest is sent that links a url to an IP address

Note, domain registrar (like godaddy) can be idfferent from hosting provider/name server (like azure)

Question 10

To what can you apply a network security group?

Answer 10

Vnet and VM

Question 11

What is VNet Peering & what types are there?

Answer 11

Linking 2 vnets together (because by default a vnet is not connected, only routing within vnet is possible).

Vnet peering is possible local (within region) and global (across regions)

Question 12

Is Vnet peering network encrypted?

Answer 12

Nope, but that is because it is already private and sent via microsoft backbone

Question 13

What is the benefit of UDR ?

Answer 13

You can create transitive routing in a hub-spoke vnet setup.
To do so you don’t need a VPN gateway in peered network

Question 14

Why would you need a gateway subnet?

Answer 14

To communicate outside of peering network. Use a VPN or expressroute to do so

Question 15

Who can do DNS management stuff?

Answer 15

Only the global admin

Question 16

What is needed for custom DNS record verification?

Answer 16

MX or TXT file

Question 17

What does a NAT do?

Answer 17

Translates public to private IP

Question 18

What are network rules on a firewall, and what are they made up of?

Answer 18

They trafic all non-http/s traffic. Must have name, protocol, source and destination address, and dest port.

Question 19

What are firewall application rules?

Answer 19

They define FQDNs that can be accessed from a subnet. For example, specify the win update network traffic through the firewa.. Protocols are HTTP/HTTPS, and set target fqdn.

Question 20

Which commands are for Information about :

• DNS Zones
• DNS record set

Answer 20

Get-AzDnsZone -name FQDN -Resourcegroupname Name

Get-AzDnsRecordSet - ZoneName

Question 21

Which command is for reviewing NS (name server) records?

Answer 21

nslookup arecord

Question 22

Which steps are there in configuring a VPN gateway?

Answer 22

• Create vnets & subnets
• SPecify dns server (optional)
• Create gateway subnet
• Create VPN gateway
• Create Local Network Gateway
• Config vpn device (optional, on-prem)
• Create VPN connection

Question 23

What is a vpn gateway?

Answer 23

Specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network.

A virtual network gateway is composed of two or more VMs that are deployed to a specific subnet you create called the gateway subnet. Virtual network gateway VMs contain routing tables and run specific gateway services.

Question 24

How many VPN gateways can be linked to a Vnet

Answer 24

one

Question 25

What type of intersite connection options are there?

Answer 25

Site to Site
Point to site
Expressroute

Question 26

What is Azure Virtual WAN

Answer 26

Linkes azure cloud connectivity services liek site to site vpn, express route, point to site vpn, etc. into 1 interface

Question 27

What are the VWAN SKU differences?

Answer 27

Basic - Site to site vpn only

Standard - All configurations; p2s, s2s, interhub, vnet to vnet transiting

Question 28

Which are next hops in UDR routing

Answer 28

NOT load balancer!

Internet, Virtual network Gateway, Vnet, none

Question 29

Can you probe via HTTPS with a load balancer?

Answer 29

That depends on the SKU. You can with standard, but not with basic. With basic only HTTP and TCP.

Question 30

What is the SLA of a basic load balancer?

Answer 30

There is none! For standard, it is 99.99%

Question 31

How many backend pools can you have for a load balancer?

Answer 31

300 for basic, 1000 for standard.

Question 32

How secure are different load balancer SKUs?

Answer 32

Basic is open by default, NSG possible. Standard is closed unless allowed by a NSG. Internal traffic is allowed.

Question 33

When would you use Standard general purpose v2 storage

Answer 33

In most cases. Can work for blob, file, quele, table and data lake storage

Question 34

What are the four types of redundancy storage?

Answer 34

LRS –> local redundant : redundant in 1 center
ZRS –> zone redundant: 2 datacenters in 1 region
GRS/ RA-GRS –> geo redundant : multiple regions, 1 datacenter in each region
GZRS/ RA- GZRS –> geo zone redundant : multiple centers in multiple regions

Question 35

What storage account types for redundancy?

Answer 35

LRS –> GPv1, GPv2, Blob
ZRS –> , GPv2,
GRS/ RA-GRS –> GPv1, GPv2, Blob
GZRS/ RA- GZRS –> , GPv2

Question 36

What protocols do those intersite connections use best?
P2S
S2S
Expressroute

Answer 36

P2S –> active/passive
S2S –> active/passive or active/active
Expressroute –> active/active

Question 37

What is the SLA for GRS/ GZRS?

Answer 37

99,99….9 (16 9’s)%

Question 38

What is the storage account url for the different services?

Answer 38

//mystorageaccount.xxx.core.windows.net 
--> xxx = blob/table/queue/file

Question 39

What is one of the main benefits of azure file share?

Answer 39

you can access the files from anywhere in the world using a URL that points to the file and includes a shared access signature (SAS) token.

Question 40

How can blobs be accessed?

Answer 40

Objects in Blob storage can be accessed from anywhere in the world via HTTP or HTTPS.

Users or client applications can access blobs via URLs, the Azure Storage REST API, Azure PowerShell, Azure CLI, or an Azure Storage client library.

Question 41

What type of blobs exist and how are they used?

Answer 41

File blob –> store text and binary data. Block blobs are made up of blocks of data that can be managed individually. Block blobs can store up to about 190.7 TiB.
Append blob –> log files
Page blob –> store random access files up to 8 TiB in size. Page blobs store virtual hard drive (VHD) files and serve as disks for Azure virtual machines

Question 42

What is a managed hard disk?

Answer 42

block-level storage volumes that are managed by Azure and used with Azure VMs.
Managed disks are like a physical disk in an on-premises server but, virtualized. With managed disks, all you have to do is specify the disk size, the disk type, and provision the disk.

Unmanaged disks are VHD files that are stored as page blobs in Azure storage accounts. The page blobs created by tenants are referred to as VM disks and are stored in containers in the storage accounts.
I think unmanaged disks are regular VHDs as page blobs in a storage account

Question 43

Can you have more than one app on a app service plan?

Answer 43

Yes, multiple apps possible

Question 44

What app service plan is needed to have staging slots?

Answer 44

Standard, premium, isolated.

NOT: Free, shared, basic

Question 45

Which services can be ‘endpoint service’?

Answer 45

Azure AD, cosmos db, cognitive services, eventhub, keyvault, service bus, sql, storage

Question 46

Name functions of AZ copy

Answer 46

You can copy an entire account to another account (blob)
Log files are created for every instance
Authentication is done via SAS or Azure AD

You can restart and resume failed jobs, and retries transfer automatically after failure

Question 47

What is the standard syntax for AZcopy

Answer 47

azcopy copy [source] [destination] -flags

Question 48

What is the naming convention of VMs?

Answer 48

A-N letters determining workload,
number describing typ and nr of vCPUs
generation
e.g. D2av2

Question 49

What are custom script extensions?

Answer 49

They can launch and execute virtual machine customization tasks post configuration.

install the CSE from the Azure portal by accessing the virtual machines Extensions blade. Once the CSE resource is created, you will provide a PowerShell script file. Your script file will include the PowerShell commands you want to execute on the virtual machine.

Question 50

Azure Cosmos DB is a fully managed IaaS/PaaS/SaaS?

Answer 50

platform-as-a-service (PaaS)”

Question 51

Azure backup is IaaS,Paas or SaaS?

Answer 51

Azure Backup is architected from the ground-up as a first-class PaaS service in Azure

Question 52

Azure SQL database is a fully managed IaaS/PaaS/SaaS?

Answer 52

PaaS

Question 53

Microsoft SQL server on a VM is..IaaS/PaaS/SaaS?

Answer 53

IaaS

Question 54

Azure App Services is ..IaaS/PaaS/SaaS?

Answer 54

PaaS

Question 55

Azure Storage is.. IaaS,Paas or SaaS?

Answer 55

PaaS

Question 56

What are the stages in the Microsoft Cloud Adoption Framework for Azure?

Answer 56

Define strategy - plan - adopt - govern - manage

Question 57

When you delegate permissions to several VMS, you must deploy them..

Answer 57

to the same resource group –> scope access control for administrative actions

Question 58

Can you access resources outside of your resource group?

Answer 58

Yes! A resource can interact with resources in other resource groups.

SO:
Azure resources can only access other resources in the same group: nope

Question 59

You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft Power BI.
You need to recommend a storage solution for the data.
Which two solutions should you recommend?

Answer 59

Denk: Big data. Dus:

Azure Synapse Analytics (formerly Azure SQL Data Warehouse) and Azure Data Lake

Question 60

What is the difference between local and virtual network gateway?

Answer 60

A Local Network Gateway is an object in Azure that represents your on-premise VPN device. A Virtual Network Gateway is the VPN object at the Azure end of the
VPN. A Site-to-Site VPN connection is what connects the Local Network Gateway and the Virtual Network Gateway to bring up the VPN.

Question 61

Can you change the tenant to which a subscription is associated?

Answer 61

Yes

Question 62

Can you link a subscription to multiple tenants?

Answer 62

No but the other way around is possible ofc, multiple subs within one tenant

Question 63

Your company plans to migrate to Azure. The company has several departments. All the Azure resources used by each department will be managed by a department administrator.
What are two possible techniques to segment Azure for the departments?

Answer 63

Multiple subscriptions & multiple resource groups

Question 64

What do you need to link on-prem devices to vms in azure?

Answer 64

Local network gateway
Virtual network gateway
gateway subnet –> virtual network gateway needs to be located in a dedicated subnet in the Azure virtual network. This dedicated subnet is known as a gateway subnet and must be named”GatewaySubnet”

Question 65

How many admins can a subscription have?

Answer 65

You can have 1 Account Administrator and 1 Service Administrator, but you can have 200 Co-Administrators per subscription

Question 66

What is an unmanaged disk?

Answer 66

Unmanaged disks are VHD files that are stored as page blobs in Azure storage accounts. The page blobs created by tenants are referred to as VM disks and are stored in containers in the storage accounts.