Whiz Labs Practice Test 1 Flashcards
B. No
Explanation:
Since rg-staging-2 has Read Only lock defined.
Read lock means that users can not make any chages/updates in the resource group
Read Lock is the same as applying reader role on the RG
Reader role allow only */Read operation, excluding move operation.
A. Yes
Explanation:
We can move resources from one resource group to another, and in this case the source resource group does not have any lock defined and receiving resource group has got delete lock, which stops from deleting resources
Delete lock on a resource group means that any resource which is contained by a resource group cannot be deleted
The idea behind delete lock is to avoid any resource deletion even by mistake.
A resource group can be deleted by a user by mistake, in case, there is no lock on the resource group
B. No
Explanation:
Moving a resource from one resource group results in metadata changes, and it does not have any effect on resources
Both rg-staging1 and rg-production-4 do not have any locks
But we still cannot move App Service resources from resource group rg-staging-1 to the target resource group ‘rg-production-4’ because it already contains web resources
The destination resource group must not have any existing App Service Resources. App Service resources include Web Apps, App Service plans etc
A company has an Azure subscription named whizlabstaging.
They also have a resource group named whizlabs-rg. The resource group has an internal load balancer named whizlab-internal and a public load balancer named whizlab-public
They want to give a user named whizlabusr permissions to configure both load balancers
The solution must follow the principle of least privilege
Which role would you assign the user to allow the addition of a backend pool to the load balancer “whizlab-internal”
A. Contributor Role on whizlab-internal
B. Network Contributor role on whizlab-internal
C. Network Contributor role on whizlabs-rg
D. Owner role on whizlab-internal
C. Network Contributor role on whizlabs-rg
Explanation:
To provide the ability to add the backend pool, whizlabusr must have the read access to the details of the virtual machine and network
For this reason, the user should be assigned a network contributor role within the resource group. In this role, whizlabusr will have the read access to the VM and full access to the groups network resources.
The other options are invalid since they would only provide access to the load balancer itself. They will not provide access to the other resources such as the virtual machines that needed to be added to the backend pool
no
A. Yes
Explanation:
Since whizlabuser1 user has the role of Cloud Device Admin and is a Group Owner, the user would be able to add registered or joined devices to the group
A. Yes
Explanation:
Since whizlabuser2 holds the role of User Administrator, they can update the membership of any assigned group, regardless of whether they are owner of the group or not because of the role associated with. They can add users, devices to any assigned group in Azure AD
B. No
Explanation:
Since the group is Dynamic in nature, you wont be able to add user or devices manually. Device whizlabvm2 shall be governed by Rules and automatically removed or added dynamically
A. Ensure the virtual machines are created in the different regions
B. Ensure the virtual machines are created in the same resource group
C. Ensure the virtual machines are created in the same virtual network
D. Ensure the virtual machines are created in the same availability set or virtual machine scale set
D. Ensure the virtual machines are created in the same availability set or virtual machine scale set
Explanation:
You look at the comparison between the Standard and Basic Load Balancer in the Microsoft documentation. It clearly mentions that the virtual machines need to be part of an availability set or virtual machine scale set
C. Ensure the virtual machines are created in the same virtual network
Explanation:
You look at the comparison between the Standard and Basic Load Balancer in the Microsoft documentation. It clearly mentions that that virtual machines need to be part of a single virtual network
A. An application gateway that uses the Standard tier
B. An application gateway that uses the WAF tier
C. A network security group
D. An internal load balancer
E. A public load balancer
D. An internal load balancer
Explanation:
3 tier architecture shown below will help us to answer question number 11 and number 12
IN Question 11, the Business Logic Tier has the requirement of NOT being accessible from the Internet. Hence, we should spin up an internal load balancer with private IP
Hence the correct answer is D and all other answers are wrong.
A. An application gateway that uses the standard tier
B. An application gateway with WAF
C. A network security group
D. Internal Load Balancer
E. Public Load Balancer
B. An application gateway with WAF
Explanation:
To protect web servers against SQL injection attacks, one can use the WAF feature
Application gateway has the option to provide a WAF.
A. Yes
Explanation:
In order to attach a network interface to a virtual machine, it must be created in the same region as the virtual machine. It also is a part of the same virtual network hosting the virtual machine.
Hence, the requirements for ensuring the network interface can be attached to the virtual machine are met
A. Yes
First, we need to understand the difference between data and metadata. Metadata is not the actual data, but additional useful ifnormation about the data. A resource group contains metadata regarding Azure resources, not the actual resources
A resource group contains the list of resources and some additional useful info like the region in which resources exist, components of each resource, etc… In view of this, a resource group and actual resources contained by the resource group can be in a different region.
The basic constraint here is that a VM and all its components should be in the same network and in the same region
B. No
Explanation:
In order to attach a network interface to a virtual machine, it must be created in the same region as the virtual machine. It also must be part of the same virtual network hosting the virtual machine
Here the virtual machine is in the West US region and the network interface is being created in the Central US region
A. whizlabvm1 only
B. whizlabvm1 and whizlabfiledata only
C. whizlabvm1 and whizlabdbonly
D. whizlabvm1, whizlabstore1 and whizlabdb
E. whizlabvm1, whizlabdata, whizlabfiledata and whizlabdb
A. whizlabvm1 only
Explanation:
Here the recovery services vault (whizlabvault1) is located in the Central US region. This means that only resources in this region can be backed up in the recovery services vault. And for this, we have only the virtual machine location in this region
B. whizlabfiledata only
Explanation:
In Azure recovery service vault (RSV), we can backup only those resources, which are in the same region as of RSV.
In the current scenario the RSV( whizlabvault2) region is west us. Storage account whizlabstore1 is also in the same region.
Whizlabstore1 have two resources - a blob container named whizlabdata and a file share named whizlabfiledata
Azure blob data cannot be backed up in RSV as it requires a backup vault. In RSV, the Azure file share can be backed up. There are no other resources in the same region other than these two
D. whizlabuser1 and whizlabusr2
Explanation:
When a device is joined to Azure AD, the user who joins the computer to the domain is added as the local administrator.
Also, the Global Admin will be added as an administrator to the system
You need to increase the number of CPU cores and memory for running Azure Container INstance
What steps do you take to carry out this task?
A. Stop the ACI
B. Redeploy the ARM ACI deployment template
C. In the Azure portal, select the Scale Up for ACI container
D. Update Dockerfile
E. Delete the ACI
B. Redeploy the ARM ACI deployment template
E. Delete the ACI
Explanation:
Unfortunately, Azure does not allow you to scale Azure Container Instances. You need to delete the current ACI and create a new instance with the new resource requirements. The most convenient way is to reuse the ARM template from the previous ACI deployment. You can find the template under the Deployments section on the ACIs resource group blade. When you select the deployment template and click on the Redeploy button on the top bar, the Azure portal opens the Customer deployment screen.
Here you click on the Edit Parameters and can change the number of CPU cores, memory and restart policy.
If you have not deleted the previous ACI and keep the same name for the new instance, you will get a deployed failed error when you click on the Create button
You create an ACI multi container group.
Please select all correct statements about the ACI group
A. ACI group is similar to the AKS node
B. Containers in the ACI group share the same resources
C. You can add new containers to the already running ACI group
D. You can select different VM sizes for each container in a group
E. ACI group can include the init containers
F. You can create multi container ACI groups on Linux only
B. Containers in the ACI group share the same resources
E. ACI group can include the init containers
F. You can create multi container ACI groups on Linux only
Explanation:
You can create the groups of the ACI containers. These ACI groups are similar to AKS pods. The group is a collection of containers that runs or schedules on the same host machine. It shares the hosts resources, local network and storage volumes. You can deploy the multi container group only on Linux using ARM templates, YAML, or Docker Compose
Option B is correct because the containers in the ACI group share the same resources of the host machine. The containers share not only the same resources but also local network and storage volumes
Option E is correct because the ACI group can include the init containers. This container type prepares the run of your application. They set up accounts, databases or running scripts. Only after the init containers finish their jobs, the application containers start
Option F is correct because you can create multi container ACI groups on Linux only
Option A is incorrect because the ACI group is similar to the AKS pods but not to the AKS nodes
Option C is incorrect because you need to delete the old ACI group and create a new one with additional containers. Usually, you can deploy a multi container group using ARM templates or YAML scripts. The Docker Compose can also be used
Option D is incorrect because the ACI multi container group shares the same host machine and you cannot dedicate any VMs to a particular container
You create an AKS cluster and need to attach the data volume accessible from the multiple pods simultaneously.
What type of storage should you use?
A. Azure Standard Disks
B. Azure Table
C. Azure Files
D. Azure Premium Disks
E. Azure Blob
C. Azure Files
Explanation:
Azure provides two types of storage for AKS: Azure Disks and Azure Files. If you need to have persistent storage for a pod, you should use the Azure Disks. For accessibility to the data from the multiple pods simultaneously, you need to use shared Azure files
Both Azure Disks and Azure Files comes in premium and standard options. The premium option uses the high performance SSDs and the Standard -regular HDDs. You can provision both storage types as Static or Dynamic volumes
Data volumes using Azure Files are mount as SMB 3.0 shared drives
When you define an application deployment manifest (Deployment.yaml), you provide the storage type and additional info for storage access, like a storage account (Created based on Azure storage account and storage key), share name and type of access
B. No
Explanation:
For administrators, the password reset policy is different, where in they are not asked for security questions
B. No
Explanation:
A. Yes
Explanation:
Since SSPR has been enabled for all users, the user would need to answer the security related question to reset their password
B. No
Explanation:
In order to add the virtual machine to the virtual network, the virtual machine needs to be in the same region as the virtual network, which is not the case here.
The virtual machine is in the West US region and whizlabnetwork2 virtual network is in the East Asia region
A. Yes
Explanation:
You will have to delete the virtual machine and then create the virtual machine in the East Asia region
B. No
Explanation:
In order to add the virtual machine to the virtual network, the machine needs to be in the same region as the virtual network, which is not the case here
The virtual machine is in the West US region and the whizlabnetwork2 virtual network is in the East Asia region
D. Configure virtual network peering connections between all virtual networks
Explanations:
Since the networks are isoalted from each other, you still need to ensure that the machines can communicate across the virtual networks. And this can be accomplished with the help of the virtual network peering connections.
Options A and B are incorrect since service endpoints should be used when you want to connect virtual networks securely to other Azure Based services
Option C is incorrect since this should be used when you want to forward DNS requests to the Azure DNS servers
D. On the virtual machine whizlabvm2, install the Microsoft Azure Recovery Services Agent
Explanation:
You want to restore the folder on another virtual machine. You should install the Microsoft Azure Recovery Services Agent on the destination virtual machine
Options A and B are incorrect since we want to restore the files using the Microsoft Azure Recovery Services Agent. Option C is incorrect. We already have the MARS agent running on this machine to take the backup
Your company has an Azure virtual machine that runs Windows Server 2016. You have to create an alert in Azure whenever two error events are logged to the System log on the virtual machine an hour
You decide to create a Log Analytics workspace and configure the data settings. You then set up the virtual machine as a data source. You then create an alert in Azure Monitor and specify the Log Analytics as the source.
Would this fulfill the requirement?
A. Yes
B. No
A. Yes
Explanation:
You can actually create alerts in Azure Monitor based on the events recorded in the Log Analytics workspace.
B. Kubenet
Explanation:
When you create an AKS cluster, you have two choices of the network models for Azure virtual networking: Kubenet and Azure Container Networking Interface (CNI)
The main difference between the two models is in providing IP addresses to the pods.
The Kubenet is the basic networking model that receives the IP addresses for the nodes from the Azure VNet subnet, but the pods are served with logically different IP address space. Pod CIDR. The pods cannot communicate directly with each other. They have to use Network Address Translation (NAT) to reach any resources on the VNet, In the Azure CNI the pods directly receive IP addresses from the subnet pool. Therefore, there is no value for the Pod CIDR. For CNI, you need to plan your address space beforehand to avoid running out of the subnet addresses if you have many pods
You create an App Service plan B1 for your web app. You want Azure to be able to add up to 10 VM instances to run your app automatically during the highest traffic on your site.
What are two configuration options you should implement to achieve your goal in the most cost-effective way?
A. Scale up based on a schedule
B. Scale out the service plan to S1
C. Scale out based on a metric
D. Scale up the service plan to P1
E. Scale out based on a schedule
F. Scale up the service plan to S1
G. Scale up based on a metric
H. Scale out the service plan to P1
C. Scale out based on a metric
F. Scale up the service plan to S1
Explanation:
Suppose you want Azure to add resources for your web app automatically.
First, you need to evaluate your App Service plan and then configure the conditions for the app scaling. The automatic process of adding the VM resources is scaled autoscaling
The App Service plan provides the VM configuration, custom domains, certificates, autoscaling, etc.
You can change the plan tier if you need more memory or CPU or a number of additional VM instances to run your app. Changing the App Service plan and scaling the resources mentioned above is called Scale Up
When you need to add more VM instances to run your app based on the metric or schedule, this is called Scale Out
The shared compute tier (free and Basic tiers) of the App Service plan does not provide the autoscaling functionality.
You can scale your app resources manually up to 3 VM instances, if they are available only in the Basic (B1, B2 and B3) tier.
The free tier does not have this ability. Starting from the Standard tier (S1, S2, S3) and up, the App Service plans provide the autoscaling functionality with up to 30 VM instances in the Premium tier. The scale up to S1 tier provides the autoscale functionality with up to 10 VM instances
After changing the plan from B1 to S1 tier, you will see the autoscale option in the Scale out section. You select the Scale mode based on a metric and add a rule. The portal opens the new section to the right - Scale rule. You can use this screen to create your scaling rule based on the metric like CPU percentage, define the trigger threshold, like CPU load above 70% for minutes 10, and the Action, like add a new VM instance if the above conditions are met
You need to create a scheduled backup for your App service app using Azure CLI.
Please select three commands you need to run to achieve your goal.
A. az storage container create
B. az webapp config backup update
C. az appservice plan create
D. az storage container add
E. az webapp config backup create
F. az storage account create
A. az storage container create
B. az webapp config backup update
F. az storage account create
Explanation:
You have to setup a computer named whizlabclient1 that has a point to site VPN connection to an Azure virtual network named whizlabnetwork. The point to site connection makes use of a self signed certificate. You now have to establish a point to site VPN connection to the same virtual network from another computer named whizlabclient2. The VPN client configuration package is downloaded and isntalled on the whizlabclient2 computer
You decide to export the client certificate from whizlabclient1 and then install the cert on whizlabclient2
Would this fulfill the requirement?
A. Yes
B. No
A. Yes
Explanation:
The right approach is to install the client certificate on every computer that needs to establish a Point to Site VPN connection to the Azure virtual network
A. az network private-dns zone
B. az network vnet
D. az network private dns link vnet
E. az group create
B. az network vnet
Explanation:
A. az network private dns zone
B. az network vnet create
C. az dns-zone link
D. az network private dns link vnet
E. az network dns record set
A. az network private dns zone
Explanation:
A. az network private dns zone
B. az network vnet create
C. az dns zone link
D. az network private dns link
E. az network dns record set
D. az network private dns link
Explanation:
A. Ensure to register the Microsoft.Insights resource provider
B. Ensure to add the Network Watcher connection monitor
C. Enable the Azure Network Watcher service in the West US Region
D. Create a storage account
E. Enable the Azure Network Watcher flow logs
A. Ensure to register the Microsoft.Insights resource provider
D. Create a storage account
E. Enable the Azure Network Watcher flow logs
Explanation:
A. Enabling auto scaling in the scale set
B. Min number of VM = 4 and max number of VM is 16
D. You configure proper scaling out and scaling in rule
Explanation:
Option A is correct because the Azure scale set can be used for auto scaling
B. Option B is correct because we configure the min and max number of VM for auto scaling
Option D D is correct as we need to define the auto scaling rule, both for scaling out and scaling in
Option C is incorrect because pay using the pay as you go option is not the correct purchase option for a VM which is going to run 24x7x365.
The best option for this type of VM is the reservation option, which can provide nearlyn70% savings in the cost
You have to create the Azure Kubernetes cluster. You need to complete the following Azure CLI scripts for this requirements.
Which of the following would go into Slot 2?
A. –enable-addons
B. az group
C. az aks
D. –create
C. az aks
Explanation:
The next step is to go ahead and create the Kubernetes cluster.
You have to create the Azure Kubernetes cluster. You need to complete the following Azure CLI script for this requirement
Which of the following would go into Slot 3?
A. –enable-addons
B. az group
C. az aks
D. –create
A. –enable-addons
Explanation:
We have to ensure that montioring is enabled for the cluser. We have to use the –enable-addons switch.
