AZ-104 Microsoft Azure Administrator

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Remove-AzResourceGroup -Name MyResourceGroupName

Remove-AzResourceGroup -Name MyResourceGroupName

Resource Groups can or cannot have resources from many different regions

Resource Groups can have resources from many different regions

Resource Groups can or cannot have resources of many different types (services).

Resource Groups can have resources of many different types (services).

Resource Groups can or cannot be renamed

Resource Groups cannot be renamed

With the Azure PowerShell module, you can work with the following features, and more:

Resource groups Storage VMs Azure AD Containers Machine learning

A new project has several resources that need to be administered together. Which of the following strategies would provide a good solution? Azure templates Azure resource groups Azure subscriptions

Resource groups make administering resources easy.

To create a site-to-site connection, you need to do the following:

- Provision a virtual network - Provision a VPN gateway - Provision a local network gateway - Provision a VPN connection - Verify the connection - Connect to a virtual machine

You need to connect your on-premises network to Azure by using a site-to-site VPN. Which four actions should you perform in sequence

1. Deploy a gateway subnet 2. Deploy a VPN gateway 3. Deploy a local network gateway 4. Deploy a VPN connection if you hadn't already deployed a virtual network, this would be your 1st step.

Which of the following is true about resource groups? Resources can be in only one resource group. Role-based access control can't be applied to a resource group Resource groups can be nested.

Resources can be in only one resource group.

Resources can or cannot only exist in one resource group.

Resources can only exist in one resource group.

Four rules for resource groups.

Resources can only exist in one resource group. Resource Groups cannot be renamed. Resource Groups can have resources of many different types (services). Resource Groups can have resources from many different regions.

Prompt for a username and password for the VM's admin account and capture the result in a variable:

$adminCredential = Get-Credential -Message "Enter a username and password for the VM administrator."

Using powershell, change your active subscription

$context = Get-AzSubscription -SubscriptionId {Your subscription ID} Set-AzContext $context

10 Characteristics of Azure Cloud Shell

1. Is temporary and requires a new or existing Azure Files share to be mounted. 2. Offers an integrated graphical text editor based on the open-source Monaco Editor. 3. Authenticates automatically for instant access to your resources. 4. Runs on a temporary host provided on a per-session, per-user basis. 5. Times out after 20 minutes without interactive activity. 6. Requires a resource group, storage account, and Azure File share. 7. Uses the same Azure file share for both Bash and PowerShell. 8. Is assigned to one machine per user account. 9. Persists $HOME using a 5-GB image held in your file share. 10. Permissions are set as a regular Linux user in Bash.

What is a dns zone file

A DNS zone file is a text file that contains details of every Domain Name System (DNS) record in the zone. It follows a standard format, making it suitable for transferring DNS records between DNS systems. Using a zone file is a quick, reliable, and convenient way to transfer a DNS zone into or out of Azure DNS. Take note that Azure DNS supports importing and exporting zone files by using the Azure command-line interface (CLI). Zone file import is NOT supported via Azure PowerShell, Azure Cloud Shell, and Azure portal.

Define Template

A JavaScript Object Notation (JSON) file that defines one or more resources to deploy to a resource group. It also defines the dependencies between the deployed resources. The template can be used to deploy the resources consistently and repeatedly.

What is an Azure Resource Manager template? A series of Azure CLI commands to deploy infrastructure to Azure. A JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for the deployment. A script used by the Azure Resource Manager to manage the Azure storage account.

A JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for the deployment. Correct. An Azure Resource Manager template is a JSON file that defines the infrastructure and configuration for the deployment. Templates declare what will be deployed without having to write the sequence of programming commands to create it.

Define resource group

A container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization.

Define resource

A manageable item that is available through Azure. Some common resources are a virtual machine, storage account, web app, database, and virtual network, but there are many more

Azure ARM template element: resources

A required section that defines the actual items you want to deploy or update in a resource group or a subscription.

Azure ARM template element: schema

A required section that defines the location of the JSON schema file that describes the structure of JSON data. The version number you use depends on the scope of the deployment and your JSON editor.

Azure ARM template element: contentVersion

A required section that defines the version of your template (such as 1.0.0.0). You can use this value to document significant changes in your template to ensure you're deploying the right template.

Define resource provider

A service that supplies the resources you can deploy and manage through Resource Manager. Each resource provider offers operations for working with the resources that are deployed. Some common resource providers are Microsoft.Compute, which supplies the virtual machine resource, Microsoft.Storage, which supplies the storage account resource, and Microsoft.Web, which supplies resources related to web apps.

Which of the following situations would be good example of when to use a resource lock? A ExpressRoute circuit with connectivity back to the on-premises network. A non-production virtual machine used to test occasional application builds. A storage account used to temporarily store images processed in a development environment.

An ExpressRoute Circuit is a critical resources Resource locks prevent other users in the organization from accidentally deleting or modifying critical resources.

Azure ARM template element: apiProfile

An optional section that defines a collection of API versions for resource types. You can use this value to avoid having to specify API versions for each resource in the template.

Azure ARM template element: functions

An optional section where you can define user-defined functions that are available within the template. User-defined functions can simplify your template when complicated expressions are used repeatedly in your template.

Azure ARM template element: parameters

An optional section where you define values that are provided during deployment. These values can be provided by a parameter file, by command-line parameters, or in the Azure portal.

Azure ARM template element: variables

An optional section where you define values that are used to simplify template language expressions.

Azure ARM template element: output

An optional section where you specify the values that will be returned at the end of the deployment.

Application Gateway Standard tier can/cannot protect your web tier from SQL Injection attacks.

Application Gateway Standard tier cannot protect your web tier from SQL Injection attacks.

Application Gateway Standard tier cannot 1. You have to use 2

Application Gateway Standard tier cannot protect your web tier from SQL Injection attacks. You have to use the Application Gateway WAF tier instead.

Azure Bicep is ?

Azure Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. It provides concise syntax, reliable type safety, and support for code reuse. You can use Bicep instead of JSON to develop your Azure Resource Manager templates (ARM templates).

? is the formal name for the Azure PowerShell module containing cmdlets to work with Azure features

Az . It contains hundreds of cmdlets that let you control nearly every aspect of every Azure resource.

Azure Application Gateway is a ?

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications

? is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources.

Azure Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. It provides concise syntax, reliable type safety, and support for code reuse. You can use Bicep instead of JSON to develop your Azure Resource Manager templates (ARM templates).

which tools are not supported by Azure DNS for importing a DNS zone file. which one is?

Azure PowerShell, Azure Portal, and Azure CloudShell are not supported by Azure DNS for importing a DNS zone file. Only Azure CLI is supported.

? Azure Resource Manager templates provided by the Azure community.

Azure Quickstart Templates are Azure Resource Manager templates provided by the Azure community.

Azure Quickstart Templates are

Azure Quickstart Templates are Azure Resource Manager templates provided by the Azure community.

What happens if the same template is run a second time? Azure Resource Manager will deploy new resources as copies of the previously deployed resources. Azure Resource Manager won't make any changes to the deployed resources. Azure Resource Manager will delete the previously deployed resources and redeploy them.

Azure Resource Manager won't make any changes to the deployed resources. Correct. If the resource already exists and no change is detected in the properties, no action is taken. If the resource already exists and a property has changed, the resource is updated. If the resource doesn't exist, it's created.

Suppose you're building a video-editing application that will offer online storage for user-generated video content. You'll store the videos in Azure Blobs, so you need to create an Azure storage account to contain the blobs. Once the storage account is in place, it's unlikely you would remove and recreate it because all the user videos would be deleted. Which tool is likely to offer the quickest and easiest way to create the storage account? Azure portal Azure CLI Azure PowerShell

Azure portal The portal is a good choice for one-off operations like creating a long-lived storage account. The portal gives you a GUI containing all the storage-account properties and provides tool tips to help you select the right options for your needs.

Azure resource locks are/are not inherited by child resources

Azure resource locks are inherited by child resources

Commands in the CLI are structured in 1 & 2. Each 1 represents a service provided by Azure, and the 2s divide commands for these services into logical 1ings. For example, the storage 1 contains 2s including account, blob, share, and queue.

Commands in the CLI are structured in groups and subgroups. Each group represents a service provided by Azure, and the subgroups divide commands for these services into logical groupings. For example, the storage group contains subgroups including account, blob, share, and queue.

Commands in the CLI are structured in groups and subgroups. Each group represents a 1, and the subgroups 2.

Commands in the CLI are structured in groups and subgroups. Each group represents a service provided by Azure, and the subgroups divide commands for these services into logical groupings. For example, the storage group contains subgroups including account, blob, share, and queue.

Deleting a resource group does/does not delete all the resources contained within it.

Deleting a resource group deletes all the resources contained within it. That resource group might contain resources that resources in other resource groups depend on.

You can deploy an ARM template to Azure in one of the following ways:

Deploy a local template. Deploy a linked template. Deploy in a continuous deployment pipeline.

Create a loop that executes three times. In the loop body, create a name for each VM and store it in a variable, and output it to the console:

For ($i = 1; $i -le 3; $i++) { $vmName = "ConferenceDemo" + $i Write-Host "Creating VM: " $vmName }

write a for loop that sets $i = to 1 and then advances and prints that for each integer less than 20

For ($i = 1; $i -lt 20; $i++) { $i }

see what virtual machine resources you have in your microsoft compute resource group

Get-AzResource -ResourceType Microsoft.Compute/virtualMachines

obtain your subscription(s) and their ID using powershell

Get-AzSubscription

Internal load balancers 1 while public load balancers 2

Internal load balancers distribute traffic within a VNET while public load balancers balance traffic to and from an internet-connected endpoint.

Next, create a VM using the $vmName variable:

New-AzVm -ResourceGroupName $resourceGroup -Name $vmName -Credential $adminCredential -Image Canonical:0001-com-ubuntu-server-focal:20_04-lts:latest

can you change the address space of a virtual network if there is an active peering connection?

No, you can not change the address space of a virtual network if there is an active peering connection. You need to delete the peer first to change the address space.

Which of the following parameters is an element in the template schema? Includes Scripts Outputs

Outputs Correct. Outputs are part of the template schema. Outputs are used to return values from the deployed resources.

Which two roles can create or delete management locks.

Owner and User Access Administrator roles can create or delete management locks.

Private (or Internal) Load balancer provides 1 by 2. Private load balancer distributes traffic to resources that are 3.

Private (or Internal) Load balancer provides a higher level of availability and scale by spreading incoming requests across virtual machines (VMs). Private load balancer distributes traffic to resources that are inside a virtual network.

two types of resource locks.

Read-Only locks, which prevent any changes to the resource. Delete locks, which prevent deletion.

Run the following command to let the default resource group be the resource group created for you in the sandbox environment.

Set-AzDefault -ResourceGroupName [sandbox resource group name]

Bicep improvements over JSON for template authoring, include

Simpler syntax, Modules and Automatic dependency management:

Define declarative syntax

Syntax that lets you state "Here is what I intend to create" without having to write the sequence of programming commands to create it. The Resource Manager template is an example of declarative syntax. In the file, you define the properties for the infrastructure to deploy to Azure.

Within the Azure Quickstart Template what do the README.md, azuredeploy.json and azuredeploy.parameters.json files do

The README.md file provides an overview of what the template does. The azuredeploy.json file defines the resources that will be deployed. The azuredeploy.parameters.json file provides the values the template needs.

2 components that make up Azure PowerShell.

The base PowerShell product This comes in two variants: Windows PowerShell and PowerShell 7.x, which can be installed on Windows, macOS, and Linux. The Azure Az PowerShell module This extra module must be installed to add the Azure-specific commands to PowerShell.

3. What needs to be installed on your machine to let you execute Azure PowerShell cmdlets locally? The Azure Cloud Shell The base PowerShell product and the Az PowerShell module The Azure CLI and Azure PowerShell

The base PowerShell product and the Az PowerShell module You need both the base PowerShell product and the Az PowerShell module. The base product gives you the shell itself, a few core commands, and programming constructs like loops, variables, etc. The Az PowerShell module adds the cmdlets you need to work with Azure resources.

Traditional load balancers operate at the ? where azure application gateway can ?

Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port. Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example, URI path or host headers.

Traffic Manager does/does not protect your application from SQL injection attacks. Traffic Manager is mainly used for ?

Traffic Manager is incorrect because Traffic Manager does not protect your application from SQL injection attacks. This service is mainly used for DNS-based traffic load balancing.

Transpilation is ?

Transpilation is the process of converting source code written in one language into another language.

Azure resource locks can/cannot be associated with a subscription, resource group, or resource

You can associate the lock with a subscription, resource group, or resource

VPN Gateways provide

a limited bandwidth connection and is useful in scenarios where encryption is needed, but bandwidth restrictions are tolerable. In these scenarios, customers are also not latency sensitive.

Transit gateway is

a peering property that lets one virtual network use the VPN gateway in the peered virtual network for cross-premises or VNet-to-VNet connectivity.

deploy code from a GitHub repository to a web app using the azure cli

az webapp deployment source config --name $AZURE_WEB_APP --resource-group $RESOURCE_GROUP --repo-url "https://github.com/Azure-Samples/php-docs-hello-world" --branch master --manual-integration

how do you obtain available location values from the CLI and from Powershell

az account list-locations (CLI) or Get-AzLocation (PowerShell)

Create an App Service plan to run your app using the azure cli

az appservice plan create --name $AZURE_APP_PLAN --resource-group $RESOURCE_GROUP --location $AZURE_REGION --sku FREE

start a template deployment at the resource group useing the Azure CLI and the Azure PowerShell command

az deployment group create, New-AzResourceGroupDeployment.

Use the Azure CLI to show me the most popular parameters and subcommands for an Azure CLI command such as the create subcommand for azure VMs.

az find "az vm create"

Use the Azure CLI to show me the most popular commands for an Azure CLI command group, such as az vm.

az find "az vm"

Use the Azure CLI to find the most popular commands related to the word blob.

az find blob

Create a new resource group using the Azure CLI

az group create --name <name> --location <location>

define your resource group using either Azure CLI or PowerShell

az group create \ --name {name of your resource group} \ --location "{location}" or New-AzResourceGroup ` -Name {name of your resource group} ` -Location "{location}"

lists your Azure resource groups using the Azure CLI and format the output as a simple table

az group list --output table

Authenticate to Azure using the Azure CLI

az login

sign in to Azure by using the Azure CLI or Azure PowerShell

az login or Connect-AzAccount

Use the Azure CLI to get a list of the subgroups and commands for managing blob storage:

az storage blob --help

create a web app using the azure cli

az webapp create --name $AZURE_WEB_APP --resource-group $RESOURCE_GROUP --plan $AZURE_APP_PLAN

list all your webapps in a table using the azure cli

az webapp list --output table

Switch to your home folder in Cloud Shell.

cd $HOME\clouddrive

Open the integrated editor called 'code', and select the ConferenceDailyReset.ps1 file in the current directory.

code "./ConferenceDailyReset.ps1"

SSL termination refers to the process of

decrypting encrypted traffic before passing it along to a web server. TLS is just an updated, more secure, version of SSL. An SSL connection sends encrypted data between a user and a web server by using a certificate for authentication. SSL termination helps speed the decryption process and reduces the processing burden on the servers.

Whenever there is a change in the topology of your network, you will always need to

download and re-install the VPN configuration file

if your VNet peering connection is in a Disconnected state, it means that ?. To re-establish a peering connection, you will need to ?

if your VNet peering connection is in a Disconnected state, it means one of the links created was deleted. To re-establish a peering connection, you will need to delete the disconnected peer and recreate it.

Azure resource manager template benefits

improves consistency, helps express complex deployments, reduce manual, error-prone tasks, promote reuse, are linkable, are code, simplify orchestration

Azure PowerShell is also available two ways:

inside a browser via the Azure Cloud Shell, or with a local installation on Linux, macOS, or the Windows operating system.

Public Load Balancer is used this if you want to 1. Load Balancer also does/does not support WAF protection for your web tier.

load balance Internet traffic to your virtual machines. Public Load Balancer also does not support WAF protection for your web tier.

VNet Peering provides 1 useful in 2

low latency, high bandwidth connection useful in scenarios such as cross-region data replication and database failover scenarios. Since traffic is completely private and remains on the Microsoft backbone, customers with strict data policies prefer to use VNet Peering as public Internet is not involved. Since there is no gateway in the path, there are no extra hops, ensuring low latency connections.

only virtual machines within a single availability set or virtual machine scale set can be used as backend pool endpoints for load balancers that ?

only virtual machines within a single availability set or virtual machine scale set can be used as backend pool endpoints for load balancers that use Basic as its SKU.

How do you find the particular commands you need in the Azure CLI? One way is to use ?. For example, if you want to find commands that might help you manage a storage blob, you can use the command: ?

ow do you find the particular commands you need in the Azure CLI? One way is to use az find. For example, if you want to find commands that might help you manage a storage blob, you can use the find command: az find blob

create a string parameter out of the $resourcegroup variable

param([string]$resourceGroup)

Create a new text file using the touch command, named ConferenceDailyReset.ps1, in the current directory.

touch "./ConferenceDailyReset.ps1"

Application Gateway web application firewall (WAF) protects

web applications from common vulnerabilities and exploits. This is done through rules that are defined based on the OWASP core rule sets 3.1, 3.0, or 2.2.9. These rules can be disabled on a rule-by-rule basis. The WAF protects against the following web vulnerabilities: - SQL injection attacks - Cross-site scripting attacks - Other common attacks, such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion - HTTP protocol violations - HTTP protocol anomalies, such as missing host user-agent and accept headers - Bots, crawlers, and scanners - Common application misconfigurations (for example, Apache and IIS)

Azure Application Gateway is a

web traffic load balancer that enables you to manage traffic to your web applications. For example, you can route traffic based on the incoming URL. So if /images are in the incoming URL, you can route traffic to a specific set of servers (known as a pool) configured for images. If /video is in the URL, that traffic is routed to another pool that's optimized for videos.

Azure PowerShell has two modes from which to choose:

you can use it in interactive mode in which you manually issue one command at a time, or in scripting mode where you execute a script that consists of multiple commands.

restarting the VPN gateway is only done when

you lose cross-premises VPN connectivity on one or more Site-to-Site VPN tunnels (not sure if this is true for point to site connections)


Set pelajaran terkait

Chapter 4 - Downers, uppers downers, all arounders

View Set

Philosophy 1102 (Logic) - Ch. 12: Moral Arguments

View Set

Developmental Psychology Lifespan

View Set