Missed AZ 104 Questions

Ace your homework & exams now with Quizwiz!

Important port numbers to know:

- 53: DNS port - 3380: TCP port - 80: internet - 443: secure HTTP over TLS/SSL - 143: IMAP (mail) - 20: FTP data transfer - 21: FTP command control - 1443: UDP - 445: SMB

Can tags be inherited from Resource Groups to Resources within the group?

NO! Resources within a resource group do not inherit the RGs tags

Sub1 is a part of MG21. Can you add it to another MG?

NO! Subscriptions can only be members of one MG at a time. You could move it to another MG but not ADD it.

What does NFS stand for?

Network File System

How do you create new guests in AAD from PowerShell?

New -AzureADMSInvitation cmdlet

What are the AZ storage access tiers (blob data)?

- Hot: data that is accessed frequently ($$$) - Cool: data that is infrequently accessed and stored for at least 30 days -Archive: data that is rarely accessed and stored for at least 180 days with flexible latency requirements

What does AZ Network Watcher connection monitor do?

- Inspects traffic from specific ports

What are the two network models you can use to deploy an AKS cluster?

- Kubenet networking: the network resources are typically created and configured as the AKS cluster is DEPLOYED - Azure Container Networking Interface (CNI) networking: the AKS cluster is connected to existing virtual network resources and configs

All about Reverse DNS in vnets

- Reverse DNS is supported in all ARM based vnets. - You can issue reverse DNS queries (PTR queries) to map IP addresses of VMs to FQDN of vms. - All PTR queries for IP addresses of vms will return FQDNs of form "vmname.internal.cloudapp.net" - Forward lookup on FQDNs of form "vmname.internal.cloudapp.net" will resolve to UP address assigned to the vm

What are the types of performance for storage accounts?

- Standard: default for GPV2 - Premium: for scenarios requiring low latency. Available for block blobs, file shares, page blobs

What do the following SKUs mean?

- Standard_GRS: standard geo-redundant storage (repeats against region-wide unavailability) - Standard_LRS: standard locally redundant storage (data replicated within a single storage scale unit) - Standard_RAGRS: Read-access geo-redundant storage (works almost the same as 1st but is read only and more expensive) - Premium_LRS: locally redundant storage (see above)

You have 2 vms in a subscription that run Windows Server 2016. Vm1 gets ransomware and you need to restore the latest backup of Vm1. You can perform a file recovery of VM1 to......

- Vm 1 & 2 (for file recovery you can download and run a windows executable to map a network drive. It can only run when the OS meets the requirements. Since VM1 is running Server 2016 it can be recovered to machines with Server2016 or Windows 10 and file recovery can be done from any machine on the internet)

Things to remember about assigning VMs to load balancer backend pools:

- You can only attach a vm to an lb that is in the same location and vnet as the lb. - VMs must have a standard SKU Public IP or no public IP at all. - It doesn't matter what status the VMs are in when attaching to LB (can be off or on)

What are the types of redundancy and how do they sync?

- Zone Redundant Storage: replicates synchronously across 3 data centers in same region - Locally-Redundant Storage: replicates synchronously but will not remain available if a data center in the region fails - Read-Access Geo-Redundant Storage: Uses asynchronous replication and works across many different regions -Geo-Redundant Storage: same as above but not read only

To config AZ DNS to host a custom domain for your web apps you need which 3 things?

- a root "A" record (A= address) pointing to the custom domain - a root "TXT" record for verification - a "CNAME" record for the www name that points to the A record

What can AZ Network Watcher variable packet capture do?

- allow you to create packet capture sessions to track traffic to and from a vm - helps diagnose network anomalies both reactively and proactively - gathers network stats, gains info on network intrusions, to debug client-server communications, and much more

You are planning on deploying an Ubuntu Server VM to your AZ sub and are required to implement a custom deployment that includes a particular trusted root certificate authority (CA). How do you create this VM?

- az vm cmndlet Cloud-init is a common way to customize Linux VMs on first boot an this is available in the -az vm create command automatically

What VMs does Azure Backup support?

- vm running windows server 2008_ - vm running windows 10 -vm running Debian 7.9+ - vms that are shutdown or offline

What is the minimum size for an AzureBastionSubnet?

/26 or higher

You want users you create in AAD to have emails with the suffix being a custom domain name. What steps do you need to take?

1. Add custom name 2. Add a record to the public custom domain DNS zone 3. Verify the domain

You have a storage account named Storage1. You need this account to: - ensure you can upload disk files to Storage1 - ensure you can attach disks to vm - Prevent all other access to Storage1. What 2 things do you need to do?

1. From firewalls and virtual networks blade on Storage1: select Selected Networks 2. From firewalls and virtual networks blade on Storage1: add IP to address range

What are the two features of webapp VNet integration?

1. Regional virtual network integration: when you connect to vnets in the same region yo must have a dedicated subnet in the vnet you're integrating with. 2. Gateway-required virtual network integration: when you connect directly to a vnet in other regions or to a classic vnet in the same region you need an AZ vnet gateway created in the target network

How do you use Az Automation State Config to manage ongoing consistency of VM configs?

1. Upload config to AZ ASC. Import the config into the Automation acct. 2. Compile a config into a node config 3. Assign node config 4. Check for compliance status of node

You need to ensure that VM1 can be created in an Availability Zone. What two settings should you modify?

1. Use managed disks - need to use managed disks if you want to move them to an Availability Zone by using Site Recovery 2. Availability Options - when you create a VM for an Availability Zone, under settings > high availability, select one of the numbered zones from the Availability zone dropdown.

You have a sub with an AZ Availability Set. The variable "platformUpdateDomainCount" - 10. You deploy 14 vms to the availability set. What is the max number of vms that could be down at a time if MS is updating the region the AS is in?

2 Since we have 14 vms and 10 domain controllers we need to always have at least 1 vm per DC. That means 4 of the 10 DCs will have 2 vms and the remaining 6 have 1 each.

How many copies (replications) of a storage account are the minimum for LRS?

3

If a server rack for your availability set goes down and your "faultDomain" = 2 with 14 VMs, what s the max number of vms unavailable?

7 We have 2 fault domains with 14 vms which means each fault domain has 7 vms associated with it

What is a driveset file?

A CSV that contains the lists of disks to which the drive letters are mapped so the tool can correctly pick the list of disks to be prepared when copying disks using AZ Import/Export

What is a virtual hub?

A ms-managed virtual network that has various service endpoints to enable connectivity. From on-prem (vpnsite) you can connect to a VPN gateway, connect Express Route circuts, or even connect mobile users to P2S within hub.

What do you call a group of AKS containers?

A pod (remember this when you are looking at questions that ask what IP address or subnet AKS clusters would be assigned to)

Registration Virtual Network

A private DNS zone can have multiple registration virtual networks. However, every virtual network can only have one registration zone associated with it.

DNS record things:

A record is used to map a DNS/domain name to an IP TXT records in a lot of cases get used to prove ownership of a domain, it has other purposes too. PTR: A Reverse DNS lookup is used by remote hosts to determine who 'owns' an IP address. CNAME records get used to redirect a DNS name or subdomain name to another DNS name or domain name or subdomain name.

What is a Recovery Services vault?

A storage entity that houses data. Data is typically copies of data, or config for vms, workloads, servers, or workstations. Can also hold backup data for IaaS vms (Linux or Windows) and AZ SQL dbs

What is an encryption scope?

A tool that lets you manage encryption with a key that is scoped to a container or individual blob. You can use encryption scopes to create secure boundaries between data that resides in the same storage account but belongs to different customers.

What does Azure Tables do?

Act as structured NoSQL

What does an IPsec tunnel do?

Acts as a go-between for two dedicated routers, with each router acting as one end of a virtual "tunnel" through a public network

Before a VM on Vnet1 can receive an IP address from 10.2.1.0/24 you must first....

Add a new subnet! The current subnet has IPs from 10.2.0.0 to 10.2.0.255 and need to add a new subnet to reserve IP addresses from 10.2.1.0 to 10.2.1.255

You have an AZ sub that has a vnet called Vnet1. You need to route all inbound traffic from the VPN gateway to Vnet1 through VM 1. Fill in the following blanks:

Address prefix: 10.0.0.0/16 (destination IP addresses of VNet1) Next hop type: virtual appliance Assigned to: GatewaySubnet

You need to QUICKLY figure out if there are underutilized VMS that you can drop down to a less expensive tier. How?

Advisor blade (tells you how to reduce AZ spend by identifying idle and underutilized resources)

What does the AzCopy cmdlet do?

Allows you to copy data to, from, or between storage accts

What does a service tag do?

Allows you to set network isolation and protect Azure resources from general internet while accessing AZ services with public endpoints.

What does the Add-AzVhd cmdlet do?

Allows you to upload an on-prem Vhd to a blob storage acct. as a fixed Vhd allowing it to be used when creating new VMs

You need to connect an on-prem SMB account (Share1) to AZ webApp1. What do you need to deploy first?

An AZ virtual network gateway (since this is basically a S2S connection you need a VPN device and a VPN gateway installed on the on-prem with externally facing public ip)

How do you collect performance traces for Azure App Service webapps?

Azure Application Insights Profiler: lets you capture and view performance traces for apps in dynamic situations, automatically at scale, without negatively affecting your end users. Can also see: median, fastest and slowest response times for each web request made by customers & helps you identify the "hot" code path spending the most time handling a particular web request

You need to make changes to a VM including the following: - Enabling Desired State Config Mngt - Adding more GB to managed disk - Changing vm size/tier - Adding a Puppet Agent extension Which of the above will cause downtime for the VM?

Changing tier/vm size as the vm has to be in a stopped state to do so

What does the DevTest Labs User Role let you do?

Connect, start, restart, and shutdown virtual machines in your AZ DevTest labs

You need to view the average round-trip time (RTT) of the packets from VM1 to VM2. Which AZ Network Watcher feature should you use?

Connection Monitor --> monitors communication at a regular interval and informs you of reachability, latency, and network topology changes between the VM and endpoint

What is ingress?

Crap coming into our system.

What is egress?

Crap going out of our system

You need to backup a webapp daily while excluding a specific folder. What should you do first?

Create an AZ Storage Acct. Az storage accts. and containers config by your app can back up the following: - application config - file content database connected to your app

You need to attach a data disk from one vm to another. What do you do first?

Detach the disk from the first vm. VMs don't need to be stopped to remove a disk but they must be running to attach a disk.

What does session persistence do?

Ensures that a client will remain connected to the same server throughout a session or period of time.

What types of storage accounts can have lifecycle management applied to them?

GPV2, Blob, premium block blob, and Data Lake Gen2 (Note: feature is available in all AZ regions for the above)

Which type of storage accounts supports ZRS (zone redundant storage)?

General Purpose V2, FileStoage, and BlockBlobStorage

How do you deploy a YAML file for an AKS cluster?

In Azure CLI run kubectl apply -f file_name.yaml

To create a Recovery Services Vault to protect vms the vault must be:

In the same region as the vms

What does the address prefix in networking refer to?

It refers to the destination IP address range

What can a Logic App Contributor do?

Manage logic apps but not change access to them

You need to ensure that records created in the contoso.com zone are resolvable from the internet. How?

Modify the NS records in the DNS domain registrar You can use AZ DNS to host your DNS domain and manage DNS records which lets you use the same credentials, APIs, tools, and billing as your other AZ services.

How do you update the attribute JobTitle for AD users?

Must use Windows Server Active Directory to update identity, contact info, or job info for users whose source of authority is WSAD (Location is managed by AAD and can be updated there)

What is NGINX?

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Used by github, netflix, pinterest, airbnb, wordpress, MaxCDN...

Your company has a MS SQL Server Always On availability group configured on their AZ VMs. You need to config an AZ internal load balancer as a listener for the availability group. "You create an HTTP health probe on port 1443". Does this work?

No! You need to configure a load-balancing rule to allow/route traffic to the SQL server instances.

Which types of groups support automatic deletion after 180 days?

O365 groups, regardless of membership type

You need to deploy a template that deploys 10 AZ webapps. What do you need to identify 1st before deploying the template?

One App Service Plan, since webapps are made in ASPs and, since we are using a template, we only need one ASP as all webapps will be indentical

How many public and private IP addreses can be assigned to a single network interface?

One of each

Resolution Virtual Network

One private DNS zone can have multiple resolution virtual networks and a virtual network can have multiple resolution zones associated to it.

How many cloud endpoints can a sync group have?

One. A cloud endpoint is a pointer to an AZ file share. All server endpoints will sync with a cloud endpoint, making the cloud endpoint the hub.

Where can you apply policies in AZ?

Policies can be applied to tenant root groups, management groups, subscriptions, and resource groups. Resources themselves can't have policies assigned to them. Exclusion can specify everything except ROOT MG.

You create a private AZ DNS zone named adatum.com. You configure the adatum.com zone to allow auto-registration from Vnet 1. Which A records will be added to the adatum.com zone for VM1?

Private IP address only: the vms are registered (added) to the private zone as A records pointing to their private IP address. Since both VM 1& 2 are in same Vnet and Vnet is linked under adatum.com domain (Private DNS Zone --> Setting --> virtual network links)

What does SAS do?

Provides secure delegated access to resources in your storage acct without compromising security of data. Also lets you control what resources client may access, what permissions they have, and how long the SAS is valid.

You need to delete a RG that has resources and a few locks. What do you do 1st?

Remove the lock from VNet1 and then delete all data on the vault (can't delete a vault that has backup data on it)

What do administrative units do?

Restrict the permissions in a role to any portion of your organization you define (ie: having local admins with user management access ONLY have access to their office's users)

If you've created a new user on AD and need to sync them to AAD immediately what do you do?

Run Start-ADSyncSyncCycle - PolicyType Delta : this updates only the most recent changes quickly. Without the "Delta" in the command it would take a looooonnnngg time

You have an App Service Plan and a webApp. You try to add a staging slot to your ASP but get told no. What should you do 1st?

Scale up your App Service Plan. Only Standard, Premium, and Isolated tiers can have multiple deployment slots.

What does SMB do?

Server Message Block Protocol- used for sharing access to files, printers, serial ports, and other resources on a network

You try to resize a VM which is a part of an availability set with 2 other vms and receive an allocation failure message. What do you do?

Stop all of the 3 vms before trying again

You have a prod and a testing slot for App1. You swap test for prod and discover App1 is having performance issues. You need to revert to previous app version asap. How?

Swap the slots (lets you go back to last stable and working production version since you are taking the newest test out)

What port is for RDP?

TCP port 3389

You want to move a webapp from one resource group (West Europe) to another RG (North Europe). What happens?

The App Service plan remains in West Europe and the policy of the new group applies to the app (not the policy of the old one). Policies can't be assigned to resources!

What is a network listener?

a system task that listens on a given network port for incoming client connections, and creates one database management system task for each client connection

What should you consider when deploying a VM that you want to add to a VMSS?

The region, zone, and resource group of the VMSS. You want to keep them the same if possible!

You need to deploy a new VM named VM1 and then add VM1 to VMSS1. Which resource group should you deploy VM1 to?

The same resource group that VMSS1 is in!

True or false: a basic load balancer supports virtual machines in a single availability set or a virtual machine scale set.

True! That is the entire job of a Basic Load Balancer

How do you exclude a specific folder while backing up a webapp to an AZ Storage Acct?

Use A_backup.filter file : lets you filter and specify which folders you do and do not want to backup

What type of storage is supported by ZRS?

V2, BlockBlob, and File Storage (doesn't support Blob or V1)

What is the only OS that a webapp with a ASP.NET stack can be hosted on?

Windows

A user used a solitary ARM template to deploy a virtual machine and an additional AZ storage acct. You want to review the ARM template that was used. You can access the resource group blade. Does that work?

Yes --> the new resource group has the template in it under deployment info

Does region matter when assigning NSGs?

Yes! NSGs can be assigned to the subnets of a vnet in the same region the NSG is in ONLY

Can you move storage accounts to another RG that is in another region?

Yes! Resources can be everywhere regardless of what resource group they belong to. If the RG is in a different region though the storage would have to be re-created for that region.

Can you delete a Recovery Storage Vault?

Yes, but only if there isn't backup data on it. If there is: - Stop the active back up - Delete the backup data - Delete the vault

You have a VM infected with data-encrypting ransomware and want to recover files from the VM. How?

You can only recover files to the infected vm: since there is an instant restore ability that allows you to overwrite data inside of the disk rather than make a copy at an alt. location you are able to overwrite the encrypted data incase of an attack.

Which UNC path should you include in a script that references files form the data file share?

\\contosostorage.file.core.windows.net\data

Which storage accounts can have hot, cool, or archive tiers?

blob storage and GPV2 storage (is cheaper option)

Azure Public IPs are region specific and....

can't be moved from one region to another. You can however use an ARM template to export the existing config of a public IP and then use the same template to create a new public IP in other region.

How do you install AKS on a computer that runs Windows 10?

cmdlet: az aks install-cli

In order to allow users to sign in to vms with a specific role what do you need to modify in the config?

dataActions: To ensure that users can sign in to virtual machines assigned with that specific role modify the dataActions section. Will need to provide either of the following DataActions: - Microsoft.Compute/virtualMachines/login/action - Microsoft.Compute/virtualMachines/loginAsAdmin/action


Related study sets

AP Psychology Abnormal Module 66

View Set

Public Health 10: Stress Management Lesson 13, UCI Public Health 10: Final Study Guide, Public Health 10

View Set

IFSTA Essentials 7: CH 6 Portable Fire Extinguishers

View Set

RT Micro Ch. 21 Parasite Infections

View Set