Revision Flashcards
What is an availability set?
Availability sets are logical groupings of VMs that reduce the chance of correlated failures bringing down related VMs at the same time. Availability sets place VMs in different fault domains for better reliability, especially beneficial if a region doesn’t support availability zones. When using availability sets, create two or more VMs within an availability set. Using two or more VMs in an availability set helps highly available applications and meets the 99.95% Azure SLA. There’s no extra cost for using availability sets, you only pay for each VM instance you create.
Each virtual machine in your availability set can be configured with up to 3 fault domains and 20 update domains. Fault domains share power and network, update domains delimit staggered updates, one after the other.
https://learn.microsoft.com/en-us/azure/virtual-machines/availability-set-overview#how-do-availability-sets-work
You plan to deploy an Azure virtual machine.
You are evaluating whether to use an Azure Spot instance.
Which two factors can cause an Azure Spot instance to be evicted? Each correct answer presents a complete solution.
- the Azure capacity needs
- the current price of the instance
You have an Azure subscription that contains an Azure Storage account named vmstorageaccount1.
You create an Azure container instance named container1.
You need to configure persistent storage for container1.
What should you create in vmstorageaccount1?
An Azure container instance (Docker container) can mount Azure File Storage shares as directories and use them as persistent storage. An Azure container instance cannot mount and use as persistent storage blob containers, queues and tables.
what is the difference between Application Logging (Filesystem) and Application Logging (Blob) in azure app service diagnostic logging?
The Filesystem option is for temporary debugging purposes, and turns itself off in 12 hours. The Blob option is for long-term logging, and needs a blob storage container to write logs to. The Blob option also includes additional information in the log messages, such as the ID of the origin VM instance of the log message (InstanceId), thread ID (Tid), and a more granular timestamp (EventTickCount).
In DNS configuration, what’s the function of CNAME and A records?
An A record maps a domain name to an IP address.
A CNAME record maps a domain name to another domain name.
DNS uses the second name to look up the address. Users still see the first domain name in their browser. If the IP address changes, a CNAME entry is still valid, whereas an A record must be updated.
How to fix this when Get-AzRoleDefinition | Format-Table -Property Name, Id echos Name: Custom Role 1, ID: 111-222-333
$rg = "RG1"
$RoleName = "CustomRole1"
$Role = Get-AzRoleDefinition -Name $RoleName
New-AzRoleAssignment -SignInName user1@contoso.com `
-RoleDefinitionName $Role.Name `
-ResourceGroupName $rg
$RoleName = "111-222-333"
You should use the ID of the role in case the role name was changed to prevent such a change from breaking the script.
What query language is used in Log Analytics Workspaces?
KQL Kusto query language
What the basics of KQL syntax?
! Kusto Query Language (KQL) is designed for querying large datasets in Azure Data Explorer and other services that support KQL. It’s a read-only request to process data and return results.
There are several ways to reference the table:search in (table_name) "search_term"table_name | <operations>
Note that the select from syntax of SQL is not valid KQL!
Filtering: where operator filters rows based on a conditionStormEvents | where StartTime >= datetime(2020-04-01) and StartTime < datetime(2020-05-01)
Selection: project operator selects which columns to include, rename or introduce new ones.StormEvents | project StartTime, EndTime, EventType
Aggregation: summarize operator aggregates data, often used with by for grouping.StormEvents | summarize Count() by EventType
Joining: Joins two tables on a specified condition.Table1 | join Table2 on Id
Sorting: sort by operator orders the results based on specified columns.StormEvents | sort by StartTime desc
Top N Rows: top operator returns the first N records sorted by specified columns.StormEvents | top 10 by StartTime
Comments: Use // for line comments and /* */ for multi-line comments
Advanced
- You can use the make-series operator to turn a dataset in to a time series:
~~~
PageViews
| make-series TotalViews=count() on Timestamp in range(datetime(2023-04-01), datetime(2023-05-01), 1d) by Category
~~~
- extend is used to create new columns in your data or to modify existing ones with calculated values. It’s like adding a custom field based on existing data:
~~~
PageViews
| sort by Timestamp asc
| extend PreviousViews=lag(Views, 1, null) over (Category order by Timestamp asc)
| extend PercentageChange = iif(isnull(PreviousViews) or PreviousViews == 0, double(null), (Views - PreviousViews) / double(PreviousViews) * 100)
~~~
where Timestamp >= datetime(2023-04-01) and Timestamp < datetime(2023-05-01)
https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/
what is an Azure App Service plan?
To create an app service app you need to create an app service plan which configures the infrastructure it will run on. App service plans cannot change regions.
You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group, geographical region, and of the same OS type.
What would you create a custom RBAC role which does everything except admin of access permissions and is only applicatble to resourceGroups of a specific subscription?
You have 100 Azure virtual machines.
You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.
Which blade should you use?
A. Azure Monitor
B. Azure Advisor
C. Azure Metrics
D. Azure Customer insights
Answer : B
Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard.
Reference:
https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations
When defining a conditional access policy, what does the Cloud apps section refer to?
actions that trigger the policy. These cloud apps or actions are the scenarios that you decide require additional processing, such as prompting for multifactor authentication. For example, you could decide that access to a financial application or use of management tools require an additional prompt for authentication.
https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-azure-mfa
How to enable inviting non local AD users to join?
From the Users settings blade, modify the External collaboration settings.
How to setup a P2S vpn?
Point to site VPNs require downloading a VPN config file (also after every change in network topology) and install the included cert and config.
When might you need to restart a Netowrk gateway between two sites?
When you lose cross site VPN connectivity.
What is the Enable transit gateway property for in Vnet to Vnet connectivity?
It is essentially a boolean that turns off and on the cross VPN network traffic when a VPN peering is set up. You can turn off the traffic one way or both ways temporarily without destroying the VPN peering resource.
What are some of the key features of Azure file sync?
- Azure File Sync to centralize your organization’s file shares in Azure Files
- Azure File Sync transforms Windows Server into a quick cache of your Azure file share
What are the steps to setup an on prem fileshare sync to Azure files?
- Prepare Windows Server to use with Azure File Sync
- Deploy the Storage Sync Service
- Deploy the Azure File Sync agent to the on-prem server
- Register on-prem server with Storage Sync Service
- Create a sync group and a cloud endpoint
- create a server endpoint
https://tutorialsdojo.com/azure-file-storage/
What is Traffic Manager?
It’s principally a DNS servcice.
What load balanching services offer web applciation firewalls and ssl/TLS termination?
Application Gateway Tier 2 WAF
Front Door
https://tutorialsdojo.com/azure-load-balancer-vs-app-gateway-vs-traffic-manager/
What is SSL/TLS Termination?
SSL/TLS termination refers to the process of terminating the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption within a network infrastructure before the traffic reaches its final destination. In the context of Azure or any other cloud service provider, SSL/TLS termination often occurs at a load balancer or a gateway device.
SSL/TLS termination offers several benefits:
Offloading Encryption: It offloads the resource-intensive task of SSL/TLS encryption and decryption from backend servers, improving their performance.
Centralized Management: It centralizes SSL/TLS certificate management, making it easier to update and maintain certificates.
Inspection and Security: It enables inspection of decrypted traffic for security purposes, such as threat detection and prevention.
How can you connect 2 vnets?
Using Vnet peerings (no ecryption but fast and never public internet) or network gateways (encrypted as passes trhough public internet but lower bandwidth).
Network gateways can communicate accross Tenants and Subscriptions.
What are the steps to setup a site to site VPN?
- You need a vnet
- The vneet needs a subnet called GatewaySubnet using a /27 or /28 CIDR clamp
- Deploy a local network gateway
- Deploy a VPN
What is the requirement to load balance across VMs?
They must be a backend pool and that means they must be part of an availability set or a scale set
https://tutorialsdojo.com/azure-load-balancer/
What storage acount types support which services?
https://tutorialsdojo.com/azure-storage-overview/
What are the conditions of the backup service¿
-you can only backup data sources or virtual machines that are in the same region as the Recovery Services vault
- You can back up virtual machines that have different resource groups or operating systems as long as they are in the same region as the vault
How to import external DNS record data in to Azuire DNS
Why might a vnet peering peer be disconnected and how to correct it?
if your VNet peering connection is in a Disconnected state, it means one of the links created was deleted. To re-establish a peering connection, you will need to delete the disconnected peer and recreate it.
What are the primary constraints of setting up file share syncing?
- You need a Storage sync service instance to create sync groups
- Each sync group can have a maximum of one cloud endpoint (azure fileshare)
- Each cloud endpoint can have many server endpoints but servers must be unique (no using the same server twice to sync 2 different filepath locations)
Which azure vm disks are not persistant?
D:\ and /dev/sdb
Can a backup happen if the VM is running?
Yeah. Or stopped or deallocated.
What is the primary purpose of Azure Event Hub?
Azure Event Hubs is mainly used for big data streaming platforms.
What is Azure Compliance Manager
This service allows you to assign, track, and record compliance and assessment-related activities
What is the Application Administrator role inEntra ID?
Users in this role can create and manage all aspects of enterprise applications, application registrations, and application proxy settings. This role also grants the ability to consent to delegated permissions, and application permissions excluding Microsoft Graph. Users assigned to this role are not added as owners when creating new application registrations or enterprise applications
What is the Cloud Application Administrator
Users in this role have the same permissions as the Application Administrator role, excluding the ability to manage application proxy. Users assigned to this role are not added as owners when creating new application registrations or enterprise applications.
What is
Azure Application Proxy?
Azure Application Proxy is a service provided by Microsoft Azure that allows organizations to securely publish internal web applications to external users, without requiring them to connect to a virtual private network (VPN)
What is Microsoft Graph?
Microsoft Graph is a unified API (Application Programming Interface) developed by Microsoft that allows developers to access data and intelligence from various Microsoft services, such as Office 365, Azure Active Directory, Windows 10, and more. It provides a single endpoint to interact with multiple Microsoft cloud services, enabling developers to build applications that integrate with and leverage data from these services.
What is ‘Configure label protection’ in Azure Information Protection?
Azure Information Protection. Label protection is used for protecting sensitive documents and emails by using the Rights Management service.
How to Import data using the shipping process?
- The first step to creating an import job is to determine which directories and files you are going to import (in dataset.csv). This determines the /dataset flag.
- Contains the list of disks to which the drive letters are mapped so that the tool can correctly pick the list of disks to be prepared (in driveset.csv). Determines the /InitialDriveSet or /AdditionalDriveSet flags
What is the structural summary of azure AD?
- Each directory is given a single top-level management group called the root management group. The root management group is built into the hierarchy to have all management groups and subscriptions fold up to it. This root management group allows for global policies and Azure role assignments to be applied at the directory level.
- Azure AD Global Administrators are the only users that can elevate themselves to gain access to the root management group
-If you are a Global Administrator in Azure AD, you can assign yourself access to all Azure subscriptions and management groups in your directory.
