WGU D338

¡Supera tus tareas y exámenes ahora con Quizwiz!

Virtual network (VNet)

Virtual machines are connected to virtual networks. This connection provides inbound and outbound connectivity to other virtual machines, to on-premises networks, and to the Internet

ARM template Validation

While creating the ARM template using the Azure portal editor, the template validation is performed by default. Parameters, variables, and resources will not populate if there are any template errors

The two most common extensions for configuration management

Windows PowerShell Desired State Configuration (DSC) Custom Script Extension

Basic vs Standard WAN

With Basic WAN, you can only create Basic Hubs. Basic Hubs are only capable of creating site-to-site connections. For any other connectivity, it is recommended to use Standard WAN.

Action Group Notifications Limits

You may have up to 1,000 email actions and 10 SMS/Voice actions in an Action Group.

Action Group (ITSM)

You may have up to 10 IT Service Manager (ITSM) actions with an ITSM connection. The following ITSM providers are currently supported: ServiceNow, System Center Service Manager, Provance, and Cherwell.

Backup reports

In order to configure the backup reports, you need to create or use an existing Log Analytics Workspace to store the backup reporting data. Also, you need a Recovery Services Vault, which records all the backup operations as diagnostic data.

Service Connectivity Monitor

Monitors outbound connectivity from nodes on your network to any external service with an open TCP port, such as web sites, applications, or databases.

Adds an Azure deployment to a resource group

New-AzResourceGroupDeployment

Steps to Create a VPN Gateway using the Azure portal

1. Add a Subnet 2. Assign an address space using a /27 CIDR

Network Watcher tools

1. IP Flow Verify 2. Next Hop 3. VPN Troubleshoot 4. Packet Capture 5. Connection Troubleshoot 6. Effective Security Rules

AKS Upgrade Process

1. Kubernetes upgrades one node at a time 2. It first stops any pods from being scheduled on the node it's about to upgrade, and any pods that are currently running on that node are scheduled for other nodes. 3. A new node is then created using the version of Kubernetes you've specific to upgrade to. 4. Once that's done, Kubernetes deletes the node running the older version and begins the upgrade process on the next node in the cluster. This continues until all nodes are upgraded.

Network Performance Monitor (NPM) Services

1. Performance Monitor 2. Service Connectivity Monitor 3. ExpressRoute

How routes are applied

1. User-defined routes 2. System routes for traffic in a virtual network, across a virtual network peering, or to a virtual network service endpoint 3. BGP routes 4. Other system routes

Virtual network IP ranges

10.0.0.0-10.255.255.255 (10.0.0.0/8) 172.16.0.0-172.31.255.255 (172.16.0.0/12) 192.168.0.0- 192.168.255.255 (192.168.0.0/16)

IP ranges reserved by the Azure platform

169.254.0.0/16 (Link-local) 168.63.129.16/32 (Azure-provided DNS)

Action Group (Function Apps)

A Function App is a set of code that runs "serverless" that can respond to alerts. This functionality requires Version 2 of Function Apps, and the value of the AzureWebJobsSecretStorageType app setting must be set to files.

Action Group (Logic Apps)

A Logic App provides a visual designer to model and automate your process as a series of steps known as a workflow. There are many connectors across the cloud and on-premises to quickly integrate across services and protocols. When an alert is triggered the Logic App can take the notification data and use it with any of the connectors to remediate the alert or start other services.

Connection Troubleshoot Tool

A Network Watcher feature designed to allow you to test the connectivity between an Azure VM or an App Gateway and another endpoint—either another Azure VM, or an arbitrary Internet or Intranet endpoint.

Action Group

A collection of actions that should occur in response to an alert being triggered.

Gateway subnets

A gateway subnet is a special type of subnet that can only be used for virtual network gateways. VPN gateways can only be deployed to a dedicated gateway subnet within the VNet

Fault Domain

A group of servers, which have shared power, cooling, and networking

Proximity Placement Group

A logical grouping of VMs to reduce the latency by keeping them closer to each other

Complete mode using PowerShell

New-AzResourceGroupDeployment ' -Mode Complete ' -Name simpleVMDeployment ' -ResourceGroupName ExamRefRG ' -TemplateFile C:\ARMTemplates\deploy.json

Alerts can have one of three states:

New. The alert is new and has not been reviewed Acknowledged. The issue that generated the alert is being actioned by an administrator Closed. The issue that generated the alert has been resolved, and the alert has been marked as closed

Create Application Insights

On the Basics blade, select the Subscription, Resource Group, Region, Resource Mode, and Log Analytics Workspace and specify the Name

VNET Peering

Once peered, traffic between VMs is routed through the Microsoft backbone infrastructure. Traffic does not pass over the public Internet, even when using global VNet peering to connect VNets in different Azure regions.

Public IP address prefixes

Only Standard Tier is supported

Floating IP (direct server return)

Only recommended when load-balancing traffic for a SQL Server Always On Availability Group listener

Performance Monitor

Performance Monitor enables you to monitor packet loss and latency between your endpoints, both in Azure and on-premises. A VM or server running the Log Analytics agent is required at both ends of each monitored connection.

Availability Zones

Physically separate locations within an Azure region. Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking. Offer high availability and low latency.

Extensions

Provide post-deployment configuration and automation

Azure Network Watcher

Provides a central hub for a wide range of network monitoring and diagnostic tools.

Network Topology

Provides a diagrammatic view of the resources in your virtual network. It is not a diagnostic or alerting tool. It is a quick and easy way to review your network resources and manually check for misconfiguration.

VPN Troubleshoot Tool

Provides automated diagnostics of Azure VPN gateways and connections. The results provide a detailed report on gateway health and connection health, providing accurate pointers regarding common issues that might occur when enabling informed remediations.

Microsoft Peering

Provides connectivity over the Internet address space into Microsoft services such as Office 365, Dynamics 365, and Internet-facing endpoints of Azure platform (PaaS) services.

Azure Private Peering

Provides connectivity over the Intranet address space into your Azure virtual network. This peering is considered a trusted extension of your core network into Azure.

Public IP address allocation

Public IP addresses support both dynamic and static IP allocation. For the Basic tier, both static and dynamic allocation are supported, the default being dynamic. For the Standard tier, only static allocation is supported.

Subnets

Subnets are used to divide the VNet IP space. Different subnets can have different network security and routing rules, enabling applications and application tiers to be isolated and network flows between them to be controlled. For example, consider a typical three-tier application architecture comprised of a web tier, an application tier, and a database tier

Update Domain

separates VMs forming 1 environment into different groups in order that not all are rebooted at the same time during maintenance

Azure VNets and on-premises networks

site-to-site VPN

Load-Balencer Front-end routing Rule

specify the Listener Name and select the Frontend IP, Protocol, Port, and Listener Type

Requirement to install Log Analytics Agent

the workspace IDs and keys needed to configure the agent

ARM Templates Structure

"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { }, "variables": { }, "functions": [ ], "resources": [ ], "outputs": { }

Variable JSON Example Network Interface

"VMNicName": "VMNic"

VNet Peering

Allows virtual machines in two separate virtual networks to communicate directly, using their private IP addresses.

Availability Sets

Availability sets are a way for you to ensure your application remains online if a high-impact maintenance event is required, or a hardware a failure occurs. Availability sets are made up of update domains and fault domains.

How to get to RDP without port scanning

Bastion Host

BGP (Border Gateway Protocol)

Border Gateway Protocol (BGP) is a standard used in the Internet to exchange routing information between networks. BGP can be optionally enabled on your VPN gateway, if the on-premises gateway also supports it. If used, it enables the VPN gateway and the on-premises gateway to exchange routing information automatically, avoiding the need to configure routes manually.

Where can you stream logs to?

Event Hub

service key (s-key)

ExpressRoute circuit identified by a GUID

ExpressRoute

A secure and reliable private connection between your on-premises network and the Microsoft cloud.

Action Group (Runbook)

A set of PowerShell code that runs in the Azure Automation Service.

Forced Tunneling

A special case is when routes are configured with the destination IP prefix 0.0.0.0/0. Given the precedence rules described above, this route controls traffic destined for any IP address is not covered by any other rules.

Action Group (Webhook)

A webhook allows you to route an Azure alert notification to other systems for post-processing or custom actions. For example, you can use a webhook on an alert to route it to services that send text messages, log bugs, notify a team via chat/messaging services, or do any number of other actions

View alerts in Azure Monitor

After an alert rule has been created, the alert rule and Action Group can be managed through Azure Monitor from the Alerts blade by selecting Manage Alert Rules

Windows PowerShell DSC Extension

Allows you to define the state of a virtual machine. perform continuous updates when integrated with the Azure Automation DSC service

ExpressRoute Monitor

Allows you to monitor end-to-end network connectivity and performance between on-premises and Azure endpoints over ExpressRoute connections. It can auto-detect ExpressRoute circuits and your network topology, and track bandwidth utilization, packet loss and network latency.

User-defined routes

Allows you to send traffic through a network virtual appliance, such as a third-party Load Balancer, firewall, or router deployed into your VNet from the Azure Marketplace.

Valid locations to send logs to

Archive To A Storage Account, Stream To An Event Hub, or Send To Log Analytics

Action Group (Actions Types)

Automation Runbook Azure Function ITSM Logic App Secure Webhook Webhook

ARM Templates

Azure Resource Manager templates (ARM templates), you can describe the resources you want to use in a declarative JSON format. Benefits: - *Verified* before the code is executed. - The template orchestrates the creation of *many resources in parallel*. - Creates *all dependencies* in the correct order.

Snapshot Streamed

Azure Storage associated with the Recovery Services Vault

System routes

Azure VMs that are in the same VNet can communicate automatically with each other and with the Internet without any explicit configuration changes, even when they are in different subnets.

Analyze alerts across subscriptions

Azure operators are not limited to viewing alerts from only a single subscription through Azure Monitor, which again, provides a single pane of glass for not only managing alert rules across multiple subscriptions, but also for managing the generated alerts.

IP forwarding

By default, a virtual machine in Azure will not accept a network packet addressed to a different IP address. For that traffic to be allowed to pass into that virtual appliance, you must enable IP forwarding on the network interface of the virtual machine.

Four ways to configure a DNS label for an Azure public IP address

By specifying the DNS name label property of the public IP address resource By creating a DNS A record in Azure DNS or a third-party DNS service hosting a DNS domain By creating a DNS CNAME record in Azure DNS or a third-party DNS service hosting a DNS domain By creating an alias record in Azure DNS

What is the minimum size for a gateway subnet

CIDR /29

Hybrid networks

Commonly used for Intranet applications, which may be hosted in Azure but only accessed from the on-premises network. They are also used by Azure applications that require access to an on-premises resource, such as a database.

Create a template Azure Portal

Create Resource button and search for template deployment, select the template deployment name from the search results, and then click Create. Build your own or use Github

Azure Virtual WAN

Creates a unified wide area network (WAN) that connects local and remote sites.

(Automate Deployment) Pre-requisite of deploying a virtual machine

Creating a Virtual Network

Create Action Group

Define the Action Group Name, Display Name, Subscription, and Resource Group in which the Action Group will be created

Arm Template parameters

Define the various values that are passed at runtime without changing the exact template file. Key elements when dealing with nested templates to pass the values from parent template to the child templates

Arm Template variables

Defines values which are used in your template to simplify template language

How to view NSG Rules

Effective Security Rules

Action Group Notifications

Email/SMS Message/Push/Voice

Network Performance Monitor (NPM)

Is a network monitoring solution for hybrid networks that enables you to monitor network connectivity and performance between various points in your network, both in Azure and on premises. It can provide reports of network performance and raise alerts when network issues are detected.

What is a virtual network gateway

It allows you to create connections from your virtual network to other networks

Arm Template $schema

JSON schema file is the reference to the standard structure defined for an ARM template

Peering Limits

Limit of 500 peering connections per VNet

Azure Monitor Signal Types

Metrics Log search queries Activity Logs

Network virtual appliance (NVA)

Service chaining allows for the use of common services across VNet Peerings with the use of a NVA in the HUB Vnet

Service endpoints

Service endpoints are a mechanism to integrate Azure PaaS services into your virtual network and access them through a Microsoft Azure backbone network instead of over the Internet. Service endpoints prevent the exposure of data and services to Internet.

hub-and-spoke network topology

Shared resources (such as domain controllers, DNS servers, monitoring systems, and so on) are deployed into a dedicated hub VNet. These services are accessed from multiple applications, each deployed to their own separate spoke VNets.

Difference between ExpressRoute connections and Site-to-Site VPN

Site-to-Site VPN connections only provide connectivity to your Azure VNet, whereas ExpressRoute provides connectivity to all Microsoft cloud services

Health Prob Configuration

Specify the health probe name, together with the protocol, port, probe interval, and consecutive probe failures threshold.

Where to install an extension

The Advanced blade in the Azure portal

IP Flow Verify

The IP Flow Verify tool provides a quick and easy way to test whether a given network flow will be allowed into or out of an Azure virtual machine. It will report whether the requested traffic is allowed or blocked, and in the latter case, which NSG rule is blocking the flow. It is a useful tool for verifying that NSGs are correctly configured.

Next Hop

The Next Hop tool provides a useful way to understand how a VM's outbound traffic is being directed. For a given outbound flow, it shows the next hop IP address and type and the route table ID of any user-defined route in effect

Packet Captures

The Packet Capture tool allows you to capture network packets entering or leaving your virtual machines. It is a powerful tool for deep network diagnostics. Use WireShark or Microsoft Message Analyzer to read the file

Arm Template contentVersion

This provides source control to track the changes made in your template. You can provide any value for this element. When deploying resources using the template, this value can be used to make sure that the right template is being used.

DNS troubleshooting

Use Connection troubleshoot

To back up files and folders from on-premises VMs

Use Microsoft Azure Recovery Services (MARS) agent. The MARS agent is available for installation from the Recovery Services Vault.

Custom script extension

Used to execute an arbitrary command such as a batch file, regular PowerShell script, or a bash script.

Arm Template functions

Users can create functions that can be used within the template. The complex expressions that are being used multiple times in the template can be defined as a function once. You need to create your own namespace and create member functions as needed. You cannot access variables or any other user-defined functions within your function.

How to use Azure custom script extension

Your script must be accessible via a URI, such as an Azure storage account, and must either accessed anonymously or passed with a shared access signature (SAS URL)

ExpressRoute gateway

a virtual network gateway, created with the ExpressRoute option (rather than the VPN option, used to create VPN gateways). Just as with VPN gateways, the ExpressRoute gateway must be created in the gateway subnet of the virtual network.

Source Network Address Translation (SNAT)

changes the source address of outgoing packets. It works best for local client systems which initiate connections with outside servers, but don't usually receive incoming connections.


Conjuntos de estudio relacionados

Technology in Action: Ch. 12 assessment // quiz

View Set

Principles of Management Exam 2 Set, Chapters 6-10

View Set

practice question for fluid and electrolytes

View Set

Mastery Astronomy Assign 5-Chapter 7

View Set

Chapter 44 Pathophysiology NCLEX-Style Review Questions

View Set