AZ 104 Study Set 1
Web server logging
- Raw HTTP request data in the W3C extended log file format. Each log message includes data such as the HTTP method, resource URI, client IP, client port, user agent, response code, and so on. EX: experience HTTP 500 errors
From Azure Monitor, create a Workbook
- are for creating visual reports.
From Azure Monitor, create a Service Health alert
- these are to get up to date information and alerts on Azure issues like service outages and planned maintenance's.
Create a Site-to-site VPN to Azure
1. Create a Gateway subnet 2. Create a VPN Gateway 3. Create a local Gateway 4. Create a VPN Connection
Azure Load Balancer
supports two distribution modes for distributing traffic to your applications: Hash-based Source IP affinity
Exceeding the Maximum of 20,000 IO(input/out) operations per second
2 PB is quite a large amount of storage, and very few uses are going to fill that up. Assuming that you will not fill it up, what would be the most likely reason you need to create more than one unmanaged storage account?
NO
A company has setup an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be launched in their Azure account. They decide to implement Role Based access control. Does this fulfil the requirement?
locally redundant storage (LRS)
A company needs to setup a storage account named Software-Architect in Azure. Below are the key requirements for the storage account: - Be able to store virtual disk files for Azure virtual machines - Costs of accessing the files needs to be minimized - Replication costs should be minimized. Which of the following would you choose as the replication strategy?
Azure resource groups.
A new project has several resources that need to be administered together. Which of the following services would be a good solution? Azure templates. Azure resource groups. Azure subscriptions.
Grant access
Administrators can choose to enforce one or more controls when granting access. These controls include the following options: Require multi-factor authentication (Azure AD Multi-Factor Authentication) Require device to be marked as compliant (Microsoft Intune) Require hybrid Azure AD joined device Require approved client app Require app protection policy Require password change
Cause it to be restarted.
After you create a virtual machine (VM), you can scale the VM up or down by changing the VM size. In some cases, you must deallocate the VM first. This can happen if the new size is not available on the hardware cluster that is currently hosting the VM. If the virtual machine is currently running, changing its size will ????
Network Security Group (NSG)
Allows you to filter network traffic to and from Azure resources in a VN. Can contain multiple inbound and outbound security rles that enable you to filter traffic to and from resource and destination IP address, port, and protocol. As many rules as permitted by subscription. Can override default rules but cannot delete them.
Connect-AzAccount
Another Administrator is managing Azure locally using PowerShell. They have launched PowerShell as an Administrator. Which of the following commands should be executed first?
Sticky Sessions
Enables the load balancer to Lock a user down to a specific web server (EC2 instance). This ensures that all requests from the user during the session are always sent to the same server
The user account can be restored, but only if it was deleted within the last 30 days.
If you delete a user account by mistake, can it be restored?
Sync Active Directory (AD) to Azure AD
On a server with Azure AD Connect installed, navigate to the Start menu and select AD Connect, then Synchronization Service. 1. Go to CONNECTORS tab. 2. Select RUN on the ACTIONS pane.
False - Tags are not inherited. Tags need to be applied to every supported resource that you want tagged.
Tags applied at a resource group level are propagated to resources within the resource group.
False - Not all resources supports tags
Tags can be applied to any type of resource on Azure
Both Linux and Windows
The Azure CLI can be installed on which of the following?
Blob Storage
Unstructured: like a file system. Used for images, documents, video, audio. Perform big data analytics. Used when you want your application to support streaming and random access scenarios. You want to be able to access application data form anywhere. You want to build enterprise data lake on Azure and perform big data analytics.
companyname.onmicrosoft.com
What is the default domain name before a custom domain is created?
A Guest user account for each member of the external team.
What kind of account would you create to allow an external organization easy access?
A guest user account for each member of the external team.
What kind of account would you create to allow an external organization easy access?
Create for them a Shared Access Signature (SAS)
What option do you have to grant someone access to a single container in your Azure storage account without having to give them your storage account keys?
TXT Record
When adding custom domain names, which of the following record needs to be added to your custom domain registrar?
A user is considered registered for SSPR when they've registered at least the number of methods that you've required to reset a password.
When is a user considered registered for SSPR?
Azure Backup
When you create an Azure Backup for virtual machines, you need to either create a Recovery services vault or select an existing Recovery services vault.
Users can reset their passwords when they can't sign in.
When you enable SSPR(Self-Service Password Reset) for your Azure AD organization...
All of the above are good ways to use tags
Which of the following approaches might be a good usage of tags? Using tags to associate a cost center with resources for internal chargeback Using tags in conjunction with Azure Automation to schedule maintenance windows Using tags to store environment and department association All of the above are good ways to use tags
Create a policy with your naming requirements and assign it to the scope of your subscription
Which of the following approaches would be the most efficient way to ensure a naming convention was followed across your subscription? Send out an email with the details of your naming conventions and hope it is followed Create a policy with your naming requirements and assign it to the scope of your subscription Give all other users except for yourself read-only access to the subscription. Have all requests to create resources sent to you so you can review the names being assigned to resources, and then create them.
Resource groups can be nested.
Which of the following features does not apply to resource groups? Resources can be in only one resource group. Resources can be moved from one resource group to another resource group. Resource groups can be nested. Role-based access control can be applied to the resource group
Resource groups can be nested.
Which of the following features does not apply to resource groups? Resources can be in only one resource group. Role-based access control can be applied to a resource group. Resource groups can be nested.
An ExpressRoute circuit with connectivity back to your on-premises network
Which of the following items would be good use of a resource lock? An ExpressRoute circuit with connectivity back to your on-premises network A non-production virtual machine used to test occasional application builds A storage account used to temporarily store images processed in a development environment
A ExpressRoute circuit with connectivity back to the on-premises network.
Which of the following situations would be good example of when to use a Resource Lock? A ExpressRoute circuit with connectivity back to the on-premises network. A non-production virtual machine used to test occasional application builds. A storage account used to temporarily store images processed in a development environment.
Add Address range to Virtual Network's
You can't add address ranges to, or delete address ranges from a virtual network's address space once a virtual network is peered with another virtual network. To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering.
From Azure AD, add and verify a custom Domain name
You have configured Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network for your company. Users are reporting that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com. You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign-on (SSO) to access Azure resources. What should you do first?
User1 & User 3
Your company has an Azure account and an Azure subscription. They have created a Virtual Network named softwarearchitect-net. The following users have been setup: User1: Owner User2: Security admin User3: Network Contributor Which of the following users would be able to add a subnet to the Virtual Network?
YES
Your company has an Azure subscription and an Azure tenant called softwarearchitect. A group called softwarearchitect-dev has been created in the tenant. This group will consist of Azure AD users who will take on a developer role. You need to ensure that the group has the ability to manage Logic Apps in Azure. You decide to assign the Logic App Contributor role to the group. Would this solution fulfil the requirement?
Azure Portal
Your company is building a video-editing application that will offer online storage for user-generated video content. The videos will be stored in Azure Blobs. An Azure storage account will contain the blobs. It is unlikely the storage account would ever need to be removed and recreated because this would delete all the user videos. Which tool is likely to offer the quickest and easiest way to create the storage account?
Upgrade Azure Ad to Premium P1 licenses
Your company wants to implement Multi-factor authentication by using conditional access policies. Which of the following would they need to carry out to achieve this requirement?
Clients using Windows
can access directly peered VNets, but the VPN client must be downloaded again if any changes are made to VNet peering or the network topology. Non-Windows clients can access directly peered VNets. Access is not transitive and is limited to only directly peered VNets.
A Site-to-Site VPN gateway
connection can be used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel
Azure policy
enables you to establish conventions for resources in your subscription by describing when the policy is enforced and what effect to take. EX: You can create a custom policy to block port 8080
VNet Integration
feature enables your apps to access resources in or through a VNet. By: -Regional VNet intergration -Gateway-required VNet Integration.
To add or delete users
from your Azure Active Directory (Azure AD) organization, you must be a User administrator or Global Administrator.
Role-based access control (RBAC)
helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
Content Delivery Network (CDN)
is a distributed network of servers that can efficiently deliver web content to users. It's store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency. It offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world. It can also accelerate dynamic content, which cannot be cached, by leveraging various network optimizations using its POPs. For example, route optimization to bypass Border Gateway Protocol (BGP).
Azure Storage Explorer
is a free tool that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can use it to upload and download data from Azure blob storage
Recovery Services vault
is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use these to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases.
Log Analytics
is a tool in the Azure portal to edit and run log queries from data collected by Azure Monitor Logs and interactively analyze their results. You can use these queries to retrieve records that match particular criteria, identify trends, analyze patterns, and provide a variety of insights into your data.
Azure Application Gateway
is a web traffic load balancer that enables you to manage traffic to your web applications. It can make routing decisions based on additional attributes of an HTTP request, for example URI path or host headers -Route traffic by URL -OSI layer 7 / Application layer Routing
locally redundant storage (LRS)
is the lowest-cost redundancy option and offers the least durability compared to other options. It protects your data against server rack and drive failures.
Resource lock
is used to avoid accidental deletion of Azure resources
Port Forwarding
lets you connect to virtual machines (VMs) in an Azure virtual network by using an Azure Load Balancer public IP address and port number. To set up this up on an Azure Load Balancer, you must create inbound NAT port-forwarding rules. -inbound NAT Rule
Azure Load Balancer: Session Persistence
the following options are available: None (hash-based) - Specifies that successive requests from the same client may be handled by any virtual machine. Client IP (source IP affinity two-tuple) - Specifies that successive requests from the same client IP address will be handled by the same virtual machine. Client IP and protocol (source IP affinity three-tuple) - Specifies that successive requests from the same client IP address and protocol combination will be handled by the same virtual machine.
Moving a web app from one location to another
this does not have an impact on app service plan. The app service plan will remain in its source location or resource group. Since web app is moved to a different resource group, the policies in the target resource group will be applied.
Connection Monitor
this tool provides you RTT values on a per-minute granularity. This tool capability monitors communication at a regular interval and informs you of reachability, latency, and network topology changes between the VM and the endpoint.
Run the az acr build command
to build and push the container image
Use the az aks update command
to enable and configure the cluster autoscaler on the node pool for the existing cluster.
The location and subscription
where Log Analytics workspace can be created is independent of the location and subscription where your vaults exist.
Connect a Windows device
with Azure AD using an Azure AD join, Azure AD adds the following security principals to the local administrators group on the device: · The Azure AD global administrator role · The Azure AD device administrator role · The user performing the Azure AD join
To add or delete users from your Azure Active Directory (Azure AD) organization
you must be a User administrator or Global Administrator.
You can't delete a Recovery Services vault with any of the following dependencies:
· You can't delete a vault that contains protected data sources (for example, IaaS VMs, SQL databases, Azure file shares). · You can't delete a vault that contains backup data. Once backup data is deleted, it will go into the soft deleted state. · You can't delete a vault that contains backup data in the soft deleted state. · You can't delete a vault that has registered storage accounts.