AZ-104 Prereqs for Azure administrators

Creating a policy

1. Create a policy definition 2. Assign a definition to a scope of resources 3. View policy evaluation results

Which of the following sentences describe a container image the best?

A container image is a read-only portable package that contains software and may include an operating system.

What is the primary purpose of a hub?

A hub allows the connection of multiple Ethernet devices to make them act as a single network segment.

What does a router do?

A router is a network device that forwards data packets between computer networks.

What is a tenant in Azure AD?

A tenant represents an entire organization.

What is a thin client?

A thin client can only display processed data provided by a server.

Policy Effect: Append

Adds additional parameters/fields to the requested resource during creation or update. A common example is adding tags on resources such as Cost Center or specifying allowed IPs for a storage resource.

Which is likely the best way for Tailwind Traders to identify which billing department each Azure resource belongs to?

Apply a tag to each resource that includes the associated billing department. Tags provide extra information, or metadata, about your resources. The team might create a tag that's named BillingDept whose value would be the name of the billing department. You can use Azure Policy to ensure that the proper tags are assigned when resources are provisioned.

What role does authorization play during a sign-in event?

Authorization is the process of determining whether the authenticated user or client has access to specific resources.

What does Azure AD B2B provide?

Azure AD B2B allows you to invite external users to your tenant so that your staff can collaborate with them.

Which licensing plan supports Identity Protection?

Azure Active Directory Premium P2

Which Azure service allows you to create, assign, and, manage policies to enforce different rules and effects over your resources and stay compliant with your corporate standards and service-level agreements (SLAs)?

Azure Policy

Which of the following services provides up-to-date status information about the health of Azure services?

Azure Service Health

Suppose you are building a video-editing application that will offer online storage for user-generated video content. You will store the videos in Azure Blobs, so you need to create an Azure storage account to contain the blobs. Once the storage account is in place, it is unlikely you would remove and recreate it because this would delete all the user videos. Which tool is likely to offer the quickest and easiest way to create the storage account?

Azure portal The portal is a good choice for one-off operations like creating a long-lived storage account. The portal gives you a GUI containing all the storage-account properties and provides tool tips to help you select the right options for your needs.

Which storage option is the best choice that allows the host and container to share a file to manage name server resolution, for example the resolve.conf file on Linux?

Bind mount

Suppose you want to run a network appliance on a virtual machine. Which workload option should you choose?

Compute optimized

Which is the best way for Tailwind Traders to ensure that the team deploys only cost-effective virtual machine SKU sizes?

Create a policy in Azure Policy that specifies the allowed SKU sizes. After you enable this policy, that policy is applied when you create new virtual machines or resize existing ones. Azure Policy also evaluates any current virtual machines in your environment.

How can Tailwind Traders allow some users to control the virtual machines in each environment but prevent them from modifying networking and other resources in the same resource group or Azure subscription?

Create a role assignment through Azure role-based access control (Azure RBAC). Azure RBAC enables you to create roles that define access permissions. You might create one role that limits access only to virtual machines and a second role that provides administrators with access to everything.

Policy Effect: Audit, AuditIfNotExists

Creates a warning event in the activity log when evaluating a non-compliant resource, but it doesn't stop the request.

Which of the following best practices should you implement for your network security on Azure?

Disable SSH/RDP protocols.

Policy Effect: DeployIfNotExists

Executes a template deployment when a specific condition is met. For example, if SQL encryption is enabled on a database, then it can run a template after the DB is created to set it up a specific way.

True or false: The Azure portal, the Azure CLI, and Azure PowerShell offer significantly different services, so it is unlikely that all three will support the operation you need.

False

What would you use the Simple Network Management Protocol (SNMP) for?

For collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior.

What is the purpose of an application server?

Hosts all your web and non-web apps in one place, so they can be accessed across the network.

What is the principal difference between hub routing and switch routing?

Hub routing sends all packets to all connected devices. Switch routing sends packets to specific devices.

What is an identity security score?

It's a number between 1 and 223 that indicates how aligned your security is with Microsoft best practices.

What is TCP/IP?

It's a protocol used to interconnect network devices on the internet.

What is the structure of an IPv4 address?

It's made up of four numbers, in the range 0-255, each separated by a dot.

How would you access a private network from the internet?

It's not possible to access a private network from the internet. A private network can access another private network by using network address translation.

Where can you obtain details about the personal data Microsoft processes, how Microsoft processes it, and for what purposes?

Microsoft Privacy Statement

Which type of transactional database system would work best for product data?

OLTP

Suppose the operations to update inventory and process payments are in the same transaction. A user is attempting to apply a $30 store credit for the full amount of an order, and submitted the exact same order using the store credit (for the full amount) using their phone and laptop at the same time - so two identical orders are received. The database behind the scenes is an ACID-compliant database, what would happen?

One order would be processed and use the in-store credit, and the other order would not be processed.

What do you need to install on your machine to let you execute Azure CLI commands locally?

Only the Azure CLI

Ex. Not allowed resources types

Prevents a list of resource types from being deployed.

You need to prevent users' devices from directly requesting web pages from the internet. Which tool would you use to do this?

Proxy server firewall.

Which Azure service allows you to configure fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs?

Role-based Access Control

Which of these standards and protocols is used predominantly for email?

SMTP

Which network security protocol provides a cryptographic network protocol?

SSH

A JSON file is an example of which type of data?

Semi-Structured

What does the term identity mean?

Something that can be authenticated. It can be a user, application, service, or anything that needs to be identified.

What is Syslog used for?

Syslog is used to let your device send event messages.

What is the DNS?

The DNS helps resolve domain names to IP addresses.

What needs to be installed on your machine to let you execute Azure PowerShell cmdlets locally?

The base PowerShell product and the Az module

Policy Effect: Disabled

The policy rule is ignored (disabled). Often used for testing.

Policy Effect: Deny

The resource creation/update fails due to policy.

Which of following happens in the handshake process of SSL/TLS protocol?

The server sends a "ServerHello" message back. This message includes a session ID, the server's digital certificate, and its public key.

Ex. Allowed Storage Account SKUs

This policy definition has a set of conditions/rules that determine whether a storage account that is being deployed is within a set of SKU sizes. Its effect is to deny all storage accounts that do not adhere to the set of defined SKU sizes.

Ex. Allowed Resource Type

This policy definition has a set of conditions/rules to specify the resource types that your organization can deploy. Its effect is to deny all resources that are not part of this defined list.

Ex. Allowed Locations

This policy enables you to restrict the locations that your organization can specify when deploying resources. Its effect is used to enforce your geographic compliance requirements.

Ex. Allowed Virtual Machine SKUs

This policy enables you to specify a set of VM SKUs that your organization can deploy.

What are network standards used for?

To ensure that hardware and software made by different vendors can work together seamlessly.

What is the Internet Control Message Protocol (ICMP) used for?

To send error messages and operational information that indicate success or failure when communicating with another IP address.

True or false: Resource Manager templates are JSON files?

True

True or false: The Azure CLI can be installed on Linux, macOS, and Windows, and the CLI commands you use are the same in all platforms.

True

True or false: You can download published audit reports and other compliance-related information related to Microsoft's cloud service from the Service Trust Portal

True

A video is an example of which type of data?

Unstructured

Docker Desktop is an app for building and sharing containerized apps and microservices available on which of the following operating systems?

Windows, macOS, and Windows Subsystem for Linux (WSL)

You need to query log data for applications across your network in Azure. Which tool do you use?

You use Log Analytics to query the data that has been collected.

What does Azure AD Application Proxy do?

You use it to add on-premises applications to your instance of Azure AD.

What is a subnet?

a logical subdivision of an IP network

Policy assignment

a policy definition that has been assigned to take place within a specific scope.

A container is launched using the --publish 80:8080 flag. Which of the following options is the most likely network configured used for the container?

bridge

Azure CLI commands: az login

brings you to login screen to authenticate account

Azure CLI commands: az group create (az group create --name <name> --location <location>)

creates a resource group *must specify name and location*

Which is correct Docker command to rebuild a container image?

docker build

Policy definition

expresses what to evaluate and what action to take. *represented as a JSON file*

Azure CLI commands: az find

find particular commands

Azure Policy

is an Azure service you use to create, assign, and manage policies.

Azure CLI commands: az group list az group list --output table

lists your Azure resource groups *more concise view -formats the output as a simple table*

Which parameter can you add to most CLI commands to get concise, formatted output?

table