Random Flashcards
What minimum Azure Active Directory (AD) license is required to use conditional access?
Premium p1
Number of policies in an initiative?
Number of parameters in an initiative?
1000 policies
300 parameters
How many parameters in a policy? Maximum
Max 20
What does wa import export tool do for encryption?
- It encrypts the data on the drive with Advanced Encryption Standard (AES) 256-bit BitLocker.
Which Azure command-line interface (CLI) command would you use to create a policy definition?
Az create policy definition create
How many Vnets can you have per subscription per region?
50
Why would you use Static IP on your VNET
For DNS Name resolution
For linked TSL/SSL
For role-baed VMs such as domain controllers
What does Azure DNS do?
Name resulution between vnets & to the internet (public zone)
Delegate domain from other domain
Create alias record for domain
It integrates with ARM
What is a DNS Name server?
Server to which a rquiest is sent that links a url to an IP address
Note, domain registrar (like godaddy) can be idfferent from hosting provider/name server (like azure)
To what can you apply a network security group?
Vnet and VM
What is VNet Peering & what types are there?
Linking 2 vnets together (because by default a vnet is not connected, only routing within vnet is possible).
Vnet peering is possible local (within region) and global (across regions)
Is Vnet peering network encrypted?
Nope, but that is because it is already private and sent via microsoft backbone
What is the benefit of UDR ?
You can create transitive routing in a hub-spoke vnet setup.
To do so you don’t need a VPN gateway in peered network
Why would you need a gateway subnet?
To communicate outside of peering network. Use a VPN or expressroute to do so
Who can do DNS management stuff?
Only the global admin
What is needed for custom DNS record verification?
MX or TXT file
What does a NAT do?
Translates public to private IP
What are network rules on a firewall, and what are they made up of?
They trafic all non-http/s traffic. Must have name, protocol, source and destination address, and dest port.
What are firewall application rules?
They define FQDNs that can be accessed from a subnet. For example, specify the win update network traffic through the firewa.. Protocols are HTTP/HTTPS, and set target fqdn.
Which commands are for Information about :
- DNS Zones
- DNS record set
Get-AzDnsZone -name FQDN -Resourcegroupname Name
Get-AzDnsRecordSet - ZoneName
Which command is for reviewing NS (name server) records?
nslookup arecord
Which steps are there in configuring a VPN gateway?
- Create vnets & subnets
- SPecify dns server (optional)
- Create gateway subnet
- Create VPN gateway
- Create Local Network Gateway
- Config vpn device (optional, on-prem)
- Create VPN connection
What is a vpn gateway?
Specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network.
A virtual network gateway is composed of two or more VMs that are deployed to a specific subnet you create called the gateway subnet. Virtual network gateway VMs contain routing tables and run specific gateway services.
How many VPN gateways can be linked to a Vnet
one
What type of intersite connection options are there?
Site to Site
Point to site
Expressroute
What is Azure Virtual WAN
Linkes azure cloud connectivity services liek site to site vpn, express route, point to site vpn, etc. into 1 interface
What are the VWAN SKU differences?
Basic - Site to site vpn only
Standard - All configurations; p2s, s2s, interhub, vnet to vnet transiting
Which are next hops in UDR routing
NOT load balancer!
Internet, Virtual network Gateway, Vnet, none
Can you probe via HTTPS with a load balancer?
That depends on the SKU. You can with standard, but not with basic. With basic only HTTP and TCP.
What is the SLA of a basic load balancer?
There is none! For standard, it is 99.99%
How many backend pools can you have for a load balancer?
300 for basic, 1000 for standard.
How secure are different load balancer SKUs?
Basic is open by default, NSG possible. Standard is closed unless allowed by a NSG. Internal traffic is allowed.
When would you use Standard general purpose v2 storage
In most cases. Can work for blob, file, quele, table and data lake storage
What are the four types of redundancy storage?
LRS –> local redundant : redundant in 1 center
ZRS –> zone redundant: 2 datacenters in 1 region
GRS/ RA-GRS –> geo redundant : multiple regions, 1 datacenter in each region
GZRS/ RA- GZRS –> geo zone redundant : multiple centers in multiple regions
What storage account types for redundancy?
LRS –> GPv1, GPv2, Blob
ZRS –> , GPv2,
GRS/ RA-GRS –> GPv1, GPv2, Blob
GZRS/ RA- GZRS –> , GPv2
What protocols do those intersite connections use best?
P2S
S2S
Expressroute
P2S –> active/passive
S2S –> active/passive or active/active
Expressroute –> active/active
What is the SLA for GRS/ GZRS?
99,99….9 (16 9’s)%
What is the storage account url for the different services?
//mystorageaccount.xxx.core.windows.net --> xxx = blob/table/queue/file
What is one of the main benefits of azure file share?
you can access the files from anywhere in the world using a URL that points to the file and includes a shared access signature (SAS) token.
How can blobs be accessed?
Objects in Blob storage can be accessed from anywhere in the world via HTTP or HTTPS.
Users or client applications can access blobs via URLs, the Azure Storage REST API, Azure PowerShell, Azure CLI, or an Azure Storage client library.
What type of blobs exist and how are they used?
File blob –> store text and binary data. Block blobs are made up of blocks of data that can be managed individually. Block blobs can store up to about 190.7 TiB.
Append blob –> log files
Page blob –> store random access files up to 8 TiB in size. Page blobs store virtual hard drive (VHD) files and serve as disks for Azure virtual machines
What is a managed hard disk?
block-level storage volumes that are managed by Azure and used with Azure VMs.
Managed disks are like a physical disk in an on-premises server but, virtualized. With managed disks, all you have to do is specify the disk size, the disk type, and provision the disk.
Unmanaged disks are VHD files that are stored as page blobs in Azure storage accounts. The page blobs created by tenants are referred to as VM disks and are stored in containers in the storage accounts.
I think unmanaged disks are regular VHDs as page blobs in a storage account
Can you have more than one app on a app service plan?
Yes, multiple apps possible
What app service plan is needed to have staging slots?
Standard, premium, isolated.
NOT: Free, shared, basic
Which services can be ‘endpoint service’?
Azure AD, cosmos db, cognitive services, eventhub, keyvault, service bus, sql, storage
Name functions of AZ copy
You can copy an entire account to another account (blob)
Log files are created for every instance
Authentication is done via SAS or Azure AD
You can restart and resume failed jobs, and retries transfer automatically after failure
What is the standard syntax for AZcopy
azcopy copy [source] [destination] -flags
What is the naming convention of VMs?
A-N letters determining workload,
number describing typ and nr of vCPUs
generation
e.g. D2av2
What are custom script extensions?
They can launch and execute virtual machine customization tasks post configuration.
install the CSE from the Azure portal by accessing the virtual machines Extensions blade. Once the CSE resource is created, you will provide a PowerShell script file. Your script file will include the PowerShell commands you want to execute on the virtual machine.
Azure Cosmos DB is a fully managed IaaS/PaaS/SaaS?
platform-as-a-service (PaaS)”
Azure backup is IaaS,Paas or SaaS?
Azure Backup is architected from the ground-up as a first-class PaaS service in Azure
Azure SQL database is a fully managed IaaS/PaaS/SaaS?
PaaS
Microsoft SQL server on a VM is..IaaS/PaaS/SaaS?
IaaS
Azure App Services is ..IaaS/PaaS/SaaS?
PaaS
Azure Storage is.. IaaS,Paas or SaaS?
PaaS
What are the stages in the Microsoft Cloud Adoption Framework for Azure?
Define strategy - plan - adopt - govern - manage
When you delegate permissions to several VMS, you must deploy them..
to the same resource group –> scope access control for administrative actions
Can you access resources outside of your resource group?
Yes! A resource can interact with resources in other resource groups.
SO:
Azure resources can only access other resources in the same group: nope
You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft Power BI.
You need to recommend a storage solution for the data.
Which two solutions should you recommend?
Denk: Big data. Dus:
Azure Synapse Analytics (formerly Azure SQL Data Warehouse) and Azure Data Lake
What is the difference between local and virtual network gateway?
A Local Network Gateway is an object in Azure that represents your on-premise VPN device. A Virtual Network Gateway is the VPN object at the Azure end of the
VPN. A Site-to-Site VPN connection is what connects the Local Network Gateway and the Virtual Network Gateway to bring up the VPN.
Can you change the tenant to which a subscription is associated?
Yes
Can you link a subscription to multiple tenants?
No but the other way around is possible ofc, multiple subs within one tenant
Your company plans to migrate to Azure. The company has several departments. All the Azure resources used by each department will be managed by a department administrator.
What are two possible techniques to segment Azure for the departments?
Multiple subscriptions & multiple resource groups
What do you need to link on-prem devices to vms in azure?
Local network gateway
Virtual network gateway
gateway subnet –> virtual network gateway needs to be located in a dedicated subnet in the Azure virtual network. This dedicated subnet is known as a gateway subnet and must be named”GatewaySubnet”
How many admins can a subscription have?
You can have 1 Account Administrator and 1 Service Administrator, but you can have 200 Co-Administrators per subscription
What is an unmanaged disk?
Unmanaged disks are VHD files that are stored as page blobs in Azure storage accounts. The page blobs created by tenants are referred to as VM disks and are stored in containers in the storage accounts.
