Az-104: Deploy and manage Azure compute resources
Why do you need to be cautious when resizing production VMs?
Resizing may require a restart that can cause a temporary outage or change configuration settings like the IP address.
What are the three elements that the DSC script consist of?
-configuration block -node block -one or more resource blocks
What are the three scenarios that can lead to your VM in Azure being impacted?
-unplanned hardware maintenance -unexpected downtime -planned maintenance
What is the node block in a DSC script?
One or more Node blocks. Node blocks define the computers or VMs that you are configuring. In the example, there is one Node block that targets a computer named "localhost".
What are the 4 main rules to follow when using resource groups?
Resources can only exist in one resource group. Resource Groups cannot be renamed. Resource Groups can have resources of many different types (services). Resource Groups can have resources from many different regions.
Custom script extensions time out after which of the following? a. 30 mins b. 90 mins c. 120 mins
b. 90 mins Custom script extensions will time out and that should be considered when deciding on the scope of the script.
What are the first 5 items you need to setup during the first stage of creating an App Service?
1. name - The name must be unique and will be used to locate your app. For example, webappces1.azurewebsites.net. You can map a custom domain name, if you prefer to use that instead. 2. Publish- The App service can host either Code or a Docker Container. 3. Runtime stack - The software stack to run the app, including the language and SDK versions. For Linux apps and custom container apps, you can also set an optional start-up command or file. Choices include: .NET Core, .NET Framework, Node.js, PHP, Python, and Ruby. Various versions of each are available. 4. Operating system - Choices are Linux and Windows. 5. Region - Your choice will affect app service plan availability.
When it comes to isolation what do containers offer?
A container typically provides lightweight isolation from the host and other containers, but a container doesn't provide as strong a security boundary as a virtual machine.
What is a Fault Domain (FD)?
A fault domain (FD) is a group of nodes that represent a physical unit of failure. A fault domain defines a group of virtual machines that share a common set of hardware, switches, that share a single point of failure.
When is Vertical scaling useful?
A service built on virtual machines is under-utilized (for example at weekends). Reducing the virtual machine size can reduce monthly costs. Increasing virtual machine size to cope with larger demand without creating additional virtual machines.
When it comes to isolation what do virtual machines offer?
A virtual machine provides complete isolation from the host operating system and other virtual machines. This separation is useful when a strong security boundary is critical, such as hosting apps from competing companies on the same server or cluster.
What are the Azure app service plans?
An App Service plan defines a set of compute resources for a web app to run. These compute resources are analogous to the server farm in conventional web hosting. One or more apps can be configured to run on the same computing resources (or in the same App Service plan).
What is an Availability Set?
An Availability Set is a logical feature used to ensure that a group of related VMs are deployed so that they aren't all subject to a single point of failure and not all upgraded at the same time during a host operating system upgrade in the datacenter.
What is an unplanned hardware maintenance?
An Unplanned Hardware Maintenance event occurs when the Azure platform predicts that the hardware or any platform component associated to a physical machine, is about to fail. When the platform predicts a failure, it will issue an unplanned hardware maintenance event. Azure uses Live Migration technology to migrate the Virtual Machines from the failing hardware to a healthy physical machine. Live Migration is a VM preserving operation that only pauses the Virtual Machine for a short time, but performance might be reduced before and/or after the event.
What is an Update Domain (UD) ?
An update domain (UD) is a group of nodes that are upgraded together during the process of a service upgrade (rollout).
What can an Azure virtual machine scale set do automatically in regards to VM instances?
Automatically increase or decrease the number of VM instances that run your application.
What are some considerations you need when selecting Availability Zones?
Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there's a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures. Zone-redundant services replicate your applications and data across Availability Zones to protect from single-points-of-failure. With Availability Zones, Azure offers industry best 99.99% VM uptime SLA.
What is an alternative to using JSON to develop your Azure Resource Manager templates (ARM templates)?
Azure Bicep The JSON syntax to create an ARM template can be verbose and require complicated expressions. Bicep syntax reduces that complexity and improves the development experience. Bicep is a transparent abstraction over ARM template JSON and doesn't lose any of the JSON template capabilities.
What is Azure Bicep?
Azure Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. It provides concise syntax, reliable type safety, and support for code reuse.
What is a virtual machine extension?
Azure virtual machine extensions are small applications that provide post-deployment configuration and automation tasks on Azure VMs. For example, if a virtual machine requires software installation, anti-virus protection, or a configuration script inside, a VM extension can be used. Extensions are all about managing your virtual machines.
What is BASH?
Bash is the AZ CLI version of command prompt
By default, how many non-user-configurable Update Domains (UD) are there? How many extra domains can you configure?
By default, there are five (non-user-configurable) update domains, but you configure up to 20 update domains.
How can you prevent the accidental deletion of resources?
By using the Azure Resource Manager
What are 4 advantages containers offer over physical and virtual machines?
Consider flexibility and speed. Gain increased flexibility and speed when developing and sharing your containerized application code. Consider testing. Choose containers for your configuration to allow for simplified testing of your apps. Consider app deployment. Implement containers to gain streamlined and accelerated deployment of your apps. Consider workload density. Support higher workload density and improve your resource utilization by working with containers.
_______________ represent the next stage in the virtualization of computing resources.
Containers - represent the next stage in the virtualization of computing resources.
When it comes to Operating System, what do containers offer?
Containers run the user mode portion of an operating system and can be tailored to contain just the needed services for your app. This approach helps you use fewer system resources.
When it comes to persistent storage what do containers offer?
Containers use Azure Disks for local storage for a single node, or Azure Files (SMB shares) for storage shared by multiple nodes or servers.
What is the purpose of Update Domains and Fault domains?
Helps Azure maintain high availability and fault tolerance when deploying and upgrading applications.
What type of service are VMs a part of?
IaaS
When it comes to fault tolerance what do containers offer?
If a cluster node fails, any containers running on the node are rapidly recreated by the orchestrator on another cluster node.
Where can you create Availability Sets through the Azure portal?
In the disaster recovery section. Also, you can build Availability Sets using Resource Manager templates. scripting, or API tools.
What is an Availability Zone in an Azure region composed of?
It is a combination of a fault domain and an update domain. For example, if you create three or more VMs across three zones in an Azure region, your VMs are effectively distributed across three fault domains and three update domains. The Azure platform recognizes this distribution across update domains to make sure that VMs in different zones are not updated at the same time. Build high-availability into your application architecture by colocating your compute, storage, networking, and data resources within a zone and replicating in other zones.
What is the Desired State Configuration (DSC)?
It is a management platform in Windows Powershell. DSC enables deploying and managing configuration data for software services and managing the environment in which these services run
What does Azure Bastion provide in terms of protection from VMs?
It protects VMs from exposing RDP/SSH ports to the outside world while still providing secure access using RDP/SSH.
What is the Application Insights?
It's a feature of Azure Monitor, it monitors your live applications. It will auto detect performance anomalies and includes analytic tools to help diagnose issues and to understand what users actually do with your app.
What programming language are Azure Resource Manager templates written in?
JSON, which allows you to express data stored as an object (such as a virtual machine) in text. A JSON document is essentially a collection of key-value pairs. Each key is a string, whose value can be: A string A number A Boolean expression A list of values An object (which is a collection of other key-value pairs)
What are some resources that can be used to manage Azure VM extensions?
Managed with Azure CLI, PowerShell, Azure Resource Manager templates, and the Azure portal.
What are reasons to use App Services?
Multiple languages and frameworks. App Service has first-class support for ASP.NET, Java, Ruby, Node.js, PHP, or Python. You can also run PowerShell and other scripts or executables as background services. DevOps optimization. Set up continuous integration and deployment with Azure DevOps, GitHub, BitBucket, Docker Hub, or Azure Container Registry. Promote updates through test and staging environments. Manage your apps in App Service by using Azure PowerShell or the cross-platform command-line interface (CLI). Global scale with high availability. Scale up or out manually or automatically. Host your apps anywhere in Microsoft's global datacenter infrastructure, and the App Service SLA promises high availability
Does placing your virtual machines into an availability set protect your application from OS or application-specific failures?
No. For that, you need to review other disaster recovery and backup techniques.
Does MS automatically update your VM;s OS or software?
No. You have complete control and responsibility for that. However, the underlying software host and hardware are periodically patched to ensure reliability and high performance.
What are resource blocks in a DSC script?
One or more resource blocks. Resource blocks configure the resource properties. In the example, there is one resource block that uses WindowsFeature. WindowsFeature indicates the name (Web-Server) of the role or feature that you want to ensure is added or removed. Ensure indicates if the role or feature is added. Your choices are Present and Absent.
What happens if a hardware or Azure software failure occurs?
Only a subset of your VMs are impacted. Your application stays up and continues to be available to your customers.
What roles are able to create or delete management locks?
Only the Owner and User Access Administrator roles can create or delete management locks.
How would you define Planned Maintenance?
Planned Maintenance events are periodic updates made by Microsoft to the underlying Azure platform to improve overall reliability, performance, and security of the platform infrastructure that your virtual machines run on. Most of these updates are performed without any impact upon your Virtual Machines or Cloud Services.
How do you connect to a windows based VM hosted on Azure?
RDP
What are the two types of resource locks?
Read-Only locks, which prevent any changes to the resource. Delete locks, which prevent deletion.
How do you connect to a Linux-based VM hosted in Azure?
SSH SSH is an encrypted connection protocol that allows secure sign-ins over unsecured connections. Depending on your organization's security policies, you can reuse a single public-private key pair to access multiple Azure VMs and services. You don't need a separate pair of keys for each VM or service you wish to access.
What kind of planning does Provisioning VMs to Azure require? (hint: 7 steps)
Start with the network Name the VM Decide the location for the VM Determine the size of the VM Understanding the pricing model Storage for the VM Select an operating system
What is the Azure Bastion service?
The Azure Bastion service is a fully platform-managed PaaS service. Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly over SSL. When you connect via Azure Bastion, your virtual machines don't need a public IP address.
What are 3 tools Azure offers for administration of Azure resources?
The Azure portal The Azure CLI Azure PowerShell They all offer approximately the same amount of control; any task that you can do with one of the tools, you can likely do with the other two. All three are cross-platform, running on Windows, macOS, and Linux. They differ in syntax, setup requirements, automation support.
What is the configuration block in a DSC script?
The Configuration block. This is the outermost script block. You define it by using the Configuration keyword and providing a name. In the example, the name of the configuration is IISInstall.
What should a virtual machine name include?
The VM name should define a manageable Azure resource. The name should be meaningful and consistent so you can identify what the VM does.
What are some considerations for the location of a VM?
The location can limit your available options. Each region has different hardware available and some configurations aren't available in all regions. There are price differences between locations. If your workload isn't bound to a specific location, it can be very cost effective to check your required configuration in multiple regions to find the lowest price.
If the VMs and services are part of the same network, will they be able to access one another? True or False?
True
Data on the temporary disk may be lost during a maintenance event or when you redeploy a VM. True or False?
True. During a standard reboot of the VM, the data on the temporary drive should persist. However, there are cases where the data may not persist, such as moving to a new host. Therefore, any data on the temp drive shouldn't be data that is critical to the system.
With, Azure Bastion, can you connect to the VM directly from the Azure portal. True or False?
True. You don't need a client, agent, or another piece of software.
How does unexpected downtime happen?
Unexpected Downtime is when the hardware or the physical infrastructure for the virtual machine fails unexpectedly. Unexpected downtime can include local network failures, local disk failures, or other rack level failures. When detected, the Azure platform automatically migrates (heals) your virtual machine to a healthy physical machine in the same datacenter. During the healing procedure, virtual machines experience downtime (reboot) and in some cases loss of the temporary drive.
What is the biggest benefit of using an Azure Resource Manager template?
Using Resource Manager templates will make your deployments faster and more repeatable. For example, you no longer have to create a VM in the portal, wait for it to finish, and then create the next VM. Resource Manager template takes care of the entire deployment for you.
What are some considerations to think about when it comes to Vertical scaling and Horizontal scaling?
Vertical scaling generally has more limitations. Vertical scaling dependent on the availability of larger hardware, which quickly hits an upper limit and can vary by region. Vertical scaling also usually requires a virtual machine to stop and restart. Horizontal scaling is more flexible in a cloud situation as it allows you to run potentially thousands of virtual machines to handle load. Reprovisioning means removing an existing virtual machine and replacing it with a new one. Do you need to retain your data?
When it comes to fault tolerance what do virtual machines offer?
Virtual machines can fail over to another server in a cluster, where the virtual machine's operating system restarts on the new server.
When it comes to Operating System, what do Virtual machines offer?
Virtual machines run a complete operating system including the kernel, which requires more system resources (CPU, memory, and storage).
When it comes to persistent storage what do virtual machines offer?
Virtual machines use a virtual hard disk (VHD) for local storage for a single machine, or an SMB file share for storage shared by multiple servers.
How does Azure Bicep work?
When you deploy a resource or series of resources to Azure, you submit the Bicep template to Resource Manager, which still requires JSON templates. The tooling that's built into Bicep converts your Bicep template into a JSON template. This process is known as transpilation. Transpilation is the process of converting source code written in one language into another language.
What is the guaranteed VM connectivity with at least 99.99%?
When you have Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region
What do virtual machine extensions allow you to automate?
When your company has created numerous scripts and processes to ensure virtual machines are updated and these scripts also run various config tasks. Virtual machine extensions will allow you to avoid configuration drift
By default, services outside the VNet can't connect to services within the virtual network. Is this something you can configure?
Yes, you can configure the network to allow access to the external service, including your on-prem servers.
Are you able to create a VM and an Availability Set at the same time?
Yes. A VM can only be added to an Availability Set when it is created. To change the Availability Set, you need to delete and then recreate the virtual machine.
What does the Azure Resource Manager locks apply to?
You can associate the lock with a subscription, resource group, or resource.
When it comes to deployment what do containers offer?
You can deploy individual containers by using Docker via the command line. You can deploy multiple containers by using an orchestrator such as Azure Kubernetes Service.
When it comes to deployment what do virtual machines offer?
You can deploy individual virtual machines by using Windows Admin Center or Hyper-V Manager. You can deploy multiple virtual machines by using PowerShell or System Center Virtual Machine Manager.
What is the character limit on Azure Windows VM and Linux VMs?
You can specify a name of up to 15 characters on a Windows VM and 64 characters on a Linux VM.
How can you change the Availability Set?
You need to delete and then recreate the virtual machine.
What is one requirement when creating a resource group?
You need to provide a location. You may be wondering, "Why does a resource group need a location? And, if the resources can have different locations than the resource group, why does the resource group location matter at all?" The resource group stores metadata about the resources. Therefore, when you specify a location for the resource group, you're specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.
What two items do you need to specify before creating an App Service?
You'll need to specify a resource group and service plan. Then there are a few other configuration choices. You may need to ask your developer for assistance in completing this information.
How many parameters are you limited to in a JSON template?
You're limited to 256 parameters in a template. You can reduce the number of parameters by using objects that contain multiple properties.
What are two categories from Azure services that support Availability Zones?
Zonal services. Pins the resource to a specific zone (for example, virtual machines, managed disks, Standard IP addresses). Zone-redundant services. Platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).
How many update domains and fault domains is a VM in an availability set placed in? a. 1 update domain / 1 fault domain a. 2 update domain / 1 fault domain a. 3 update domain / 2 fault domain a. 1 update domain / 2 fault domain
a. 1 update domain / 1 fault domain
Which of the following situations would be good example of when to use a resource lock? a. An ExpressRoute circuit with connectivity back to the on-premises network. b. a non-production virtual machine used to test occasional application builds c. a storage account used to temporarily store images processed in a development environment
a. An ExpressRoute circuit with connectivity back to the on-premises network. An ExpressRoute Circuit is a critical resources Resource locks prevent other users in the organization from accidentally deleting or modifying critical resources.
Which of the following is true about resource groups? a. Resources can be in only one resource group b. role-based access control can't be applied to a resource group c. resource groups can be nested
a. Resources can be in only one resource group True. Resources can be in only one resource group.
An organization has a security policy that prohibits exposing SSH ports to the outside world. What is the best way to connect to the Azure Linux virtual machines and install software? a. configure the bastion service b. configure a Guest configuration on the virtual machine c. create a custom script extension
a. The Azure Bastion service is a new fully platform-managed PaaS service provisioned inside a virtual network. Bastion provides secure and seamless RDP and SSH connectivity to virtual machines. The access uses the Azure portal and SSL.
The marketing team wants to know which web pages are most popular, at what times of day, and where the users are located. Which option should be recommended? a. application insights b. continuous deployment c. application logging
a. application insights Application Insights meets all the requirements. The product can also determine which pages perform best.
Which workload option should be selected to run a network appliance on a virtual machine? a. compute optimized b. memory optimized c. storage optimized
a. compute optimized Compute optimized virtual machines are designed to have a high CPU-to-memory ratio. Suitable for medium traffic web servers, network appliances, batch processes, and application servers.
When cloning a configuration from another deployment slot, which configuration setting follows the content across the swap? a. connection strings b. custom domain names c. scale settings
a. connection strings Connections strings follow the content across the swap
The infrastructure team needs to install IIS on the localhost. They do not want to use a Custom Script Extension. Which of the following could be used instead? a. desired state configuration b. virtual machine extension c. windows update
a. desired state configuration DSC is a good choice for installing virtual machine features.
Another administrator creates an Azure Virtual Machine Scale Set with five virtual machines. Later, alerts show the VMs are all running at max capacity with the CPU being fully consumed. However, more VMs are not deploying in the scale set. What should be done to ensure that more VMs are deployed when the CPU is 75% consume a. enable the autoscale option b. manually increase the instance count c. change the CPU percentage to 50%
a. enable the autoscale option To meet the scenario requirements, enable the autoscale option so that more VMs are created when the CPU is 75% consumed.
Rather than deploy new instances as load increases on the application hosted in a Virtual Machine Scale Set, you want to increase the CPU capacity of each existing instance. Which of the following types of scaling would you perform a. vertical scaling b. horizontal scaling c. load balancing
a. vertical scaling Vertical scaling increases the capacity of instances within a Virtual Machine Scale Set.
What is Vertical Scaling?
also known as scale up and scale down, means increasing or decreasing virtual machine sizes in response to a workload. Vertical scaling makes the virtual machines more (scale up) or less (scale down) powerful.
What is Horizontal scaling?
also referred to as scale out and scale in, where the number of VMs is altered depending on the workload. In this case, there is an increase (scale out) or decrease (scale in) in the number of virtual machine instances.
What happens if the same template is run a second time? a. Azure Resource Manager will deploy new resources as copies of the previously deployed resources. b. Azure Resource Manager won't make any changes to the deployed resources. c. Azure Resource Manager will delete the previously deployed resources and redeploy them
b. Azure Resource Manager won't make any changes to the deployed resources. If the resource already exists and no change is detected in the properties, no action is taken. If the resource already exists and a property has changed, the resource is updated. If the resource doesn't exist, it's created.
A new project has several resources that need to be administered together. Which of the following strategies would provide a good solution? a. Azure templates b. Azure resource groups c. Azure subscriptions
b. Azure resource groups Resource groups make administering resources easy.
Which of the following is a valid automated deployment source? a. JavaScript code b. Github c. Sharepoint
b. Github Azure currently supports Azure DevOps, GitHub, Bitbucket, OneDrive, Dropbox, and external Git repositories.
What is the effect of the default network security settings for a new virtual machine? a. all outbound and inbound requests aren't allowed b. outbound requests are allowed. Inbound traffic is only allowed from within the virtual network c. There are no restrictions. All outbound and inbound requests are allowed.
b. Outbound requests are considered low risk, so they're allowed by default. Inbound traffic from within the virtual network is allowed.
The DevOps team for a large food delivery company is configuring a Virtual Machine Scale Set. Friday night is typically the busiest time. Conversely, 7 AM on Wednesday is generally the quietest time. Which of the following Virtual Machine Scale Set features should be configured to add more machines during that time? a. autoscale b. metric-based rules c. schedule-based rules
c. schedule-based rules With schedule-based rules, administrators proactively schedule the scale set to deploy one or any number of instances.
Which of the following is a small application that provides post-deployment configuration and automation tasks on Azure virtual machines? a. automation state configuration b. desired state configuration c. virtual machine extensions
c. virtual machine extensions Virtual machine extensions automate the tasks of creating, maintaining, and removing virtual machines
Availability Sets are an essential capability when you want to build reliable cloud solutions. Keep these general principles in mind. a. For redundancy, configure multiple virtual machines in an Availability Set. b. Configure each application tier into separate Availability Sets. c. Combine a Load Balancer with Availability Sets. d. Use managed disks with the virtual machines. e. All of the above
e. All of the above
When you create a scale set, what are some parameter you need to consider? a. Initial instance count. Number of virtual machines in the scale set (0 to 1000). b. Instance size. The size of each virtual machine in the scale set. c. Azure spot instance. Low-priority VMs are allocated from Microsoft Azure's excess compute capacity. Spot instances enable several types of workloads to run at a reduced cost. d. Enable scaling beyond 100 instances. If No, the scale set will be limited to one placement group with a max capacity of 100. If Yes, the scale set can span multiple placement groups. This allows for capacity to be up to 1,000 but changes the availability characteristics of the scale set. e. Spreading algorithm. We recommend deploying with max spreading for most workloads. This approach provides the best spreading. f. All of the above.
f. All of the above.
What is an Azure Resource Manager template?
it precisely defines all the resource manager resources in a deployment. You can deploy a resource manager template into a resource group as a single operation.
How many disks do All Azure VMS have?
minimum 2 -OS disk -temp disk All disks are stored as VHDs
What are virtual networks (VNets) used in Azure to provide?
private connectivity between Azure VMs and other Azure services
What do container-based virtualization allow you to do?
virtualize the OS NOTE: This approach lets you run multiple applications within the same instance of an operating system, while maintaining isolation between the applications. The containers within a virtual machine provide functionality similar to that of virtual machines within a physical server.