AZ 104 Flashcards
(296 cards)
1
Q
Cost Mgmt - Budget
A
Setup alerts and does not instantly update. Takes a few hours to trigger the budget alert that goes out.
2
Q
Budget Automation,
this manages what happens when budget threshold is hit
A
When trigger reached. Action groups can be used to automate what happens.
3
Q
VM abstractions
A
AZ Batch, AKS, VMSS, Server Fabric
Az Batch: cloud job scheduling
4
Q
App Service
A
PaaS, web \ container apps. You don’t control the OS.
ONE REGION ONLY
5
Q
Data Services
A
Az SQL, MI, SQL on a VM,
Synapse Analytics (SQL Data Warehouse) - PB of data and queried. Takes in all SQL type data and makes it avail anywhere.
6
Q
Microservices
A
Service Fabric, Az Funct, Az Logic Apps, API Mgmt, AKS
Service Fabric: manages and helps dev these micro services
7
Q
Az Cloud CLI languages
A
Bash or a PS with bash support
8
Q
CLI az vm verb
what are the verb options
A
list
create
remove
9
Q
CLI az network (subnet) vnet
What are the 3 verbs that come after this
A
list, create, del
10
Q
Get-AzVM
Get-AzKeyVault
Get-AzVirtualNetworkSubnetConfig
A
Get, New, Remove
Get-AzKey.. key vaults in a subscription
11
Q
upgrade ps cli cmd
A
winget upgrade –id powershell
12
Q
Az Cloud Shell req
A
Asks for storage but you don’t need to do anything else.
13
Q
Set-AzContext
A
Changes to another subscription
14
Q
Account / User / Managed ID
A
Can be a person or program. Inside an app is a managed id.
15
Q
Use of Managed ID
A
Need unique id in apps in case user leaves. You don’t want to break the app with changed paswd or lifecycle
16
Q
B2C
A
Business to Consumer. Auth like LinkedIn
17
Q
B2C changed to…
A
External ID B2B collaboration and B2B direct connect
18
Q
Custom Domain Name in App Services, requires these records
A
MX record to register domain name to your tenant.
19
Q
Dynamic group
A
uses a query to trigger group membership. ie, name, status, ect
Can’t manually add users as an admin
20
Q
Privileged roles
A
Delegate management of directory resources to other users, modify credentials, authentication or authorization policies, or access restricted data
21
Q
Does location effect licenseing?
A
Yes. Location needs to be set to assign a license
22
Q
AU admin unit
A
Create AU -> Assign admin users -> assign members to be in that AU.
Select what roles can be applied to what members. Sales couldn’t adjust passwords for IT with this setup.
23
Q
Managed Device settings
A
Can set minimum standards to restrict application access
managing device identities, and ensuring registered devices adhere to organizational policies
24
Q
Bulk Operations
A
Get CSV template to upload user data. This can also be used with a diff template to assign to groups.
25
RBAC
groups up roles so users are uniform and don't sneak into individually assigned permissions
26
CBAC
Claim Based Access Control. like a Access key
27
Storage Accounts access
Use access keys which are CBAC. Anyone with Access key will have full admin.
28
Storage Roles
Owner, Contributor, Reader
Add Role Assignment, lets you assign these roles to users, grps, service principal
29
Service Principle
Used to allow access to resources for applications or users.
a security identity that applications, services, and automation tools use to authenticate and access Azure resources
30
Deny Assignments
Azure Bicep -> Blueprint with Deny -> applies to resources on deployment
Artifacts on blueprints (basically just access role) that can't be deleted because it's on the blueprint
Similar to a role assignment, a deny assignment attaches a set of deny actions to a user, group, or service principal
Deny assignments are created and managed by Azure to protect resources. You can't directly create your own deny assignments. However, you can specify deny settings when creating a deployment stack
31
Change Directory for subs
Moves Sub to another tenant
32
Resource Lock
Stops either mod or del. Accumulative.
Sub, Reg Group, Res
will pop up lock and scope for the lock if you try to del
33
Policy
Adds things like group policies. Adjusting settings which RBAC does not get to.
JSON defined
Sends message to violating user
34
Policy come into effect when?
Newly created resources
35
Marketplace
Tends to have more and things that are new to you compared to Services
36
Resource moving regions
Can move vnet, VMs, ect. Can't move services and app services
37
Az Cli for Policy
New-AzPolicyAssignment - uses id from pre defined policies to assign to scope
38
Mgmt Group
Subs can nest under these.
Mgmt Grp Root -> Mgtmt Groups(optional) -> Subs
39
Storage Security
Https
public access container -> users can create, very unsecure
ad or keys to access
40
Storage Archive setting is what
Not a default option, set file by file
41
Storage Networking how to access and defs
Creates and manages a public endpoint. Accessible by keys by default.
Can default to only IP
Can cut off public, private link to another vnet. Direct path
42
Storage Routing options
Internet or MS Net Router for the public endpoint of your storage account
43
Storage, data protection options (non user access related)
Undelete: blobs, container(also a snapshot like feature\version), file share
block versions \ tracking ++data ++cost
log tracking \ immutable
44
Storage Encryption Options
MMK, MS kets, CMK, customer managed
Can toggle blobs or everything
also double encrypt option
45
Blob Storage also called
Containers, create containers for various items. No folders ect. Mainly for apps
Direct url and account key will allow access
46
FileShare features
Has hierarchy but mostly used by VMs to transfer files. Also can be mapped to windows computer.
47
Tables features
Semi Structured
Can add tables with different columns
48
Ques
Messages saved an another app can read
49
Storage Access Keys
Can't revoke access for one user
Granular, CRUD restrictions on certain keys
Rotation or time based
50
Storage Access Policy or SAS
Access \ Immutability
Can be timed
Still uses signature \ key
Overwrites previous perms
stored access policy serves to group shared access signatures and to provide additional restrictions for signatures that are bound by the policy.
51
Access tier
Just means the hot cool archive tiers for storage
52
Storage life cycle mgmt
Set days to keep files or move to colder storage
53
Deleting container with blob versions
Deletes most recent in container
54
NFS
Network File System. Allows old apps using NFS and SMB to connect to Blob, using name hierarchy.
55
Storage - Obj Replication
Creates a read only copy on another blob
56
Az File Sync
Using files on local network and syncing to Az
install file sync service
57
Prem storage
Page Blobs - file tables ques, good for random r/w rates
Block Blobs - high use
File Share - good scale and high performance
Can't be global redundant
58
VM type of launches
Trusted -
Confidential -
std
59
VM Size
D series - general use
B - Burst for short periods
E - high memory
F - gpu
DC - confidential general
60
VM Size Versions like Dv3 to Dv2
Lower versions for compatibility
61
VM OS Disk
Used for VM operating system but not used for saving permanent files
62
Ultra Disk
Faster than Premium. Throughput and latency
63
VM Data Disk
Used for just the one machine. Use Az File Share for shared file storage
64
Az-Orchestrator
Manages patches through Az, windows other option
hot-patch to do on the fly
65
Az Dedicate Host
No other VMs on the server
66
Capacity Reservation
When you need a VM in the future, can reserve space.
67
VMSS Avail Set
Duplicate machines with the same purpose, set in the VM creation. Separates VMs in different areas.
Can't move VMs into avail set after creation
Need custom load balancer.
Same Vnet and Region req
68
VMSS update Domains
planned maintenance servers. effects 1 VM in each Update domain. Only works with 1 VM per domain.
69
VM Avail Zones
Deploys VM to each zone chosen
Higher avail
70
Bastion
More secure VM connection, replaces RDP. Middle man auth. No open ports
71
Bastion SKUs
Dev lowest, basic, std, prem
std - linux, ssh win
prem - recording, private only
72
VMSS Orchestration Types
Flex - avail with clones or indv machines
Uniform - large scale stateless
73
VMSS spot
Can choose for all VMs and how they get evicted
74
VMSS Options
Auto or manual updates
Logs
100 machines DEFAULT when scaling up
1k max when using manual slider
Custom images \ startup scripts
75
VMSS Health
Monitor whole operations
Auto repairs
76
VMSS ip
Not public, may need load balancer
77
VMSS Auto Scaling, Predictive mode
Predictive mode, learns usage and sets auto
78
Az-VMRunCommand
Runs a command on the virtual machine. Can be a PS script or PS string.
Also "Run Command" in the portal
Check learn for required params. Needs Rg + Name
79
VM Image tool
Use sysprep to create an image from a VM. Messes up the VM
80
Service Fabric
Manages micro services and dev
81
Az batch
Schedules cloud batches
82
ARM Model, how everythign hooks up
CLI\portal\rest\PS -> Arm for auth -> Arm sends to resources
83
Arm Template Categories
parameters,
var,
resources,
output
84
Arm Removing Items, will also need to remove
Dependencies and parameters using that removed item
85
ARM how handles duplicates
Skips anything already created
86
ARM custom script extension
Does extra work on the created VM
post-deployment configuration, software installation, or any other configuration or management task
87
Azure Encryption chain
Disk Encryption set -> Key Vault -> Key
88
Encryption at Host
VM and OS write the encryption
89
Key Mgmt for Encryption, vs Encryption @ host
VM \ OS don't know about the encryption with key mgmt encryption
90
static web apps
serverless web apps
static content hosting and dynamic scale for integrated serverless APIs.
files or web pages that get served up but not changes much
container
code - traditional, runtime for stacks
91
Deployment Slots, staging environments in Azure App Service
Staging, you can have production and test pages
Swapable when stages are rdy for prod
92
Application Settings in App services, store what?
Can put in sensitive variables like keys and the program can use them. Won't be saved to github
93
Scale up vs out
Increasing power of machine vs more machines
94
What tool to create Azure container groups
Has to be cli
Az deployment group create
95
Dapr api
Used to manage stateless serverless containers
96
Serverless container pro
Can scale unlike other containers
97
Container registry
Holds compiled containers images
98
Set-AzContext
Sets your signed in Az account scope to a subscription
99
Container login in PS
Connect-AzAccount -> Set-AzContext -> Connect-AzContainerRegistry
Needs admin user access on access key
100
Docker commands
push
pull
get
run
101
Tagging a namespace
Adds an alternate location, like a new FQDN to a container
docker imagename FQDN
102
Route Tables
Creating user defined network routes
103
Peering (Vnets)
Allowing virtual networks to talk to each other. Can't have overlapping IPs
Need 2 peering links for up / down
Can go across subscriptions
NSG can block this
104
Peering over region?
This is allowed
105
Connect without peering?
Virtual gateways going to a company vpn or another az vnet. can go express route or normal.
Both Networks need a gateway \ vpn
For Sub -> Sub vnet, you would need powershell
106
DNS auto registration
New machines get added to new DNS
107
DNS Recordsets
Can change custom DNS records on your public domain to use things like .com \ .org \ .biz for the same site.
108
5 tupple, NSG 5 things to meet to allow
Source + port
Dest + port
Protocol
109
NSG processing, when does it stop
Once a rule is met, going by priority
110
Application Security Group
enable you to configure network security as a natural extension of an application's structure, allowing you to group virtual machines and define network security policies based on those groups
111
Load Balancers, health probe
Monitor for dead servers and auto remove from pool
Need to check proper Path, Port, Protocol for balancer to work
112
SNAT, load balancers
Outbound source list. For internet access from clients this needs to be setup
113
Load balancers layers
Layer 4 - TCP \ UDP \ IPs
114
Application Gateway
Layer 7 LOAD BALANCER
Reqs new vnet
A Layer 7 (HTTP/HTTPS) load balancer designed for web applications. It includes advanced features like SSL termination, URL-based routing, and a Web Application Firewall (WAF).
Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example, URI path or host headers, and SSL
115
App Gateway, WAF
Web App Firewall, stops cross site attacks, injections, ect
116
Network Watcher
2 Tools, Monitoring Tools (topo, connection), Net Diagnostic Tools (NSGs, rules, packets)
network health for virtual machines, virtual networks, application gateways, and load balancers.
117
Network Watcher, Monitoring tools
Topology, your network map
Connection Mon, check if connection works btw 2 resources (ping?)
118
Net Watcher, Net Diagnostic tool
NSG diagnostic, issues with NSGs
Next Hop, tracert
Effective Security Groups, shows NSGs attached to nic
119
Azure Monitor KQL,
The language used to report monitor logs in Azure
120
Monitor Resource -> Diagnostic settings
Console logs
SW to install on VMs -> extracts Event Logs
send Azure platform metrics and logs to different destinations
121
Custom Domain Names, which records do you need?
Azure Side:
MX
Registrar
NS Records -> points to Azure DNS
122
UPN
User Principle Name, username in email format
123
Azure Federation Services
Shared Azure IDs with other 3rd parties. Must be outside networks.
124
Entra ID Portal, can do what for hundreds of users that CLI \ PS \ Graph \ Admin center can't?
Bulk user operations
124
Virtual Network vs Virtual Network Resource
Resource is the things on the vnet. not the network itself
125
Blobs soft delete, where is it in azure
Data Mgmt -> Data Protection
126
Shared Access Signature
Grants access like a key for a limited time frame.
127
Storage Accounts Types
Standard V2, everything
Prem for blob page \ block, or file
V1 doesn't archive
128
Azure Import/Export
Used to send in disks. needs 2 csv files
Export can't do Azure Files
129
Content Delivery Network (CDN)
Static things like images, videos, and PDFs used for the web
Global nodes to sync and deliver data
130
Azure File Share port
To map drives remotely to Azure file shares requires connecting to port 445 over SMB protocol
131
Sync Group
Used to go from something like on prem to Azure. A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other.
132
Recovery Service Vault
To Backup multiple VMs, Microsoft recommends creating a Recovery Services vault and adding backup policies from the Backup policies option.
Must be in same REGION
133
Backup Policies difference SQL vs Storage \ VMs
SQL is auto backed up but VM \ Storage need separate backup policies.
134
New Tenant, who has rights?
The creator has owner permissions and global admin
135
VM Availability sets
Provide redundancy in a single data center
136
Bastion requirement
Needs a new subnet
137
Azure address space
range of private ip addresses in the network
138
FD fault domain and UP update domain max? for VMSS
3 and 20
Fault Domain - makes sure the VMs don't share the same hardware, so for example if the switch dies, it won't take down your whole infrastructure but only a small part
Update Domain - Microsoft is constantly updating their datacenters with new hardware/software and datacenter is divided among update domains
139
ARM template requires what JSON
The main JSON and a parameters JSON if params used
140
ADE, Az disk ecryption
non basic tier
ADE uses BitLocker for Windows VM-controlled disks.
ADE is integrated with Azure Key Vault.
ADE uses DM-Crypt for Linux-based VMs.
141
VM NIC, how many IPs pub \ private?
unlimited to each nic
142
Virtual Network Peering
Used to connect networks in region. Global vnet peering for diff regions
143
Vnet Peering Overlep
Can't be on ip's that could theoretically overlap. Avoids IP conflicts by having IP blocks in different ranges
144
Service endpoint
allow services to connect to other devices with a private ip on Azure backbone network
145
Azure Gateway Subnet
the GatewaySubnet is a specific subnet within a virtual network that's required for deploying virtual network gateways like VPN gateways and ExpressRoute gateways. Takes a chunk of IPs and allows VPN connections to the vnet.
Site to Site
146
Azure DNS Function
Manage and host your registered domain and associated records.
Can only be interacted with through portal \ cli
ONLY ONE VNET CAN per Az DNS
147
DNS Port
53
148
Internet Default NSG?
Yes Outbound rules are default
149
Azure system tiers
Different pricing levels for various resources
150
How to move traffic going to a different port through a load balancer?
By creating an inbound NAT rule
151
Azure Firewall Rule Collection Groups
DNAT
Network
Application
152
east-west traffic
network traffic that occurs within an organization's internal network
153
Internal Load Balancer
Distribute network traffic across virtual machines within a virtual network.
connections are spread across all virtual machines
154
IP Flow Verify
check if a packet is allowed or denied to or from an Azure virtual machine
Azure Network Watcher that you can use to check if a packet is allowed or denied to or from an Azure virtual machine based on the configured security and admin rules
155
Connection Monitor
continuous network connectivity monitoring,
check RTT and where things get slowed down.
156
Az Monitor vs Event Hub
Azure Monitor monitoring service for Azure resources, providing metrics, logs, and insights to understand application and service performance.
Azure Event Hubs data ingestion service for streaming large volumes of events, often used for tasks like monitoring, clickstreams, and IoT solutions
157
Az Monitor, Az Diagnostics setup
storage account to save -> then isntall monitor on machines
Used for things like event logs on virtual machines
158
Geo-Replication
SQL replication over regions
159
Az S2S VPN
A secure connection between an on-premises network and Azure via a VPN gateway to extend the on-premises network to the cloud.
160
OAuth 2.0 authorization
Allows applications to gain access to APIs
161
ITSM IT Service Manager
It facilitates quicker incident resolution by integrating service desk and monitoring data.
Have to install something like System Center Service Manager on the computer to send alerts
162
Az Log Analytics
A tool in Azure Monitor that helps you edit and run log queries to analyze the collected data.
163
Az Activity Log
A platform log in Azure Monitor that provides data about the operations performed on resources in a subscription, such as resource creation, deletion, and configuration changes.
164
Az Backup Instant Restore
VM Snapshots
165
Az Connect Machine
This agent allows you to manage your Windows and Linux machines that are hosted outside of Azure, whether on your corporate network or with other cloud providers.
enables Arc
166
Az Data Factory
ETL data
167
Az Mgmt Groups
Analyze resources across subs
provide a governance scope above subscriptions
168
Az Private Link
enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and endpoints
169
AzCopy, which 2 file systems supported
which OS?
Blob \ File
Win \ lin \ mac
170
Az Load Balancer distr: Hash
Even dist using NSG 5 tupple
Source IP
Source port
Destination IP
Destination port
Protocol type
171
Az Load Balancer distr: Session persistence
Redirects certain people by ip
Client IP (2-tuple) - ip dest and source
Client IP and protocol (3-tuple) - ip dest \ source \ protocol
172
What do clients need in P2S configs when changers are made to the Vnet (not involving the VPN gateway)
Whenever there is a change in the topology of your network, you will always need to download and re-install the VPN configuration file.
173
Steps to deploy file sync
Setup storage sync service in Azure than
1. Deploy the Azure File Sync agent to TDFileServer1
2. Register TDFileServer1 with Storage Sync Service
3. Create a sync group and a cloud endpoint
4. Create a server endpoint
174
Az Traffic Manager (web apps)
DNS-based traffic load balancer. Public facing applications across the global Azure regions
Create Web App -> Traffic Manager Profile -> TM endpoint
175
BGP-enabled gateway
Used for talking to on prem VPN
176
Steps to deploy gateway
1. Deploy a gateway subnet
2. Deploy a BGP-enabled VPN gateway
3. Deploy a local network gateway
4. Deploy a VPN connection
177
Fix VNet peering connection is Disconnected
A links created was deleted. delete the disconnected peer and recreate it.
178
VM redeployment
Loses data on temp disks and moves to a new physical host.
Temp drives defaults:
/dev/sdb on linux
D: on Windows
179
Azure Backup Services
Makes a backup on the disk of on prem \ vm \ workload
VMs can be backed up while off
180
vCPU quotas tiers
The vCPU quotas for virtual machines and virtual machine scale sets are arranged in two tiers for each subscription in each region.
– Total Regional vCPUs
– VM size family cores
new VM, the vCPUs < vCPU quota for the VM family (like D) && the total regional vCPU.
181
Update Domain setup, where VMs go in them
All machines assigned to group 1 in the update domain would go down to update. Need more than one group to insure some machines stay up
182
App Service plans
allocate specific apps to a given set of resources
save money on your testing environment across multiple apps
F1 is free, no development slots
to change region, clone the app to move it
183
az backup policy set
Updates existing backup plans
This is important because the command needs to be broken down. az system -> backup -> cmdlet -> policy param -> set action
184
How to detect under utilized machines
Azure Advisor will track these
185
MS Entra ID Pswd Prot
detects and blocks known weak passwords
186
Pswd for VM through Arm template
Store in key vault with access policy
187
“The update domain count must be 1 when fault domain count is 1.”
Need multiple fault domains to have update domains
188
How to detect unused VM disks
Az Advisor and configure to only show certain resources
189
Az Policies, history vs mgmt
history in settings -> deployment Rs
mgmt -> policies tab on Rs
190
Az Front Door
CDN functionality, global load balancing, dynamic site acceleration, and security features (WAF, DDoS)
191
az deployment group create
what does this do
creates resource
192
VM failover, next steps
After failover, you reprotect the VM in the secondary region so that it replicates back to the primary region.
193
Public IP SKU, types \ must match
Describes basic or standard. Must match public ip sku to load balancer sku
194
DCE, data collection endpoint
manage and secure the flow of telemetry data from your resources to Azure Monitor
195
Azure Monitor Private Link Scope (AMPLS)
Used to secure network traffic, away from internet
196
Azure Site Recovery (ASR)
Moves workloads to another site during disaster
197
Configuring the Access Control (IAM), now entra id
assignment of roles and permissions
198
Register vs Joined
Register is for a user's personal device that needs corp applications. Can check for compromised devices.
Joined for company property, full control
199
Az Data Lake
Big blob data that allows hierarchy, low cost, tiered, data recovery
200
Desired State Configuration (DSC)
Less technical way to manage VM state and pre config
201
Export Template, VM blade option
Allows you to export VM settings or deploy a single duplicate instance of that VM
202
Deploy multiple copies of VM
Export Template -> arm temp
Create params and edit Json file
reload through something like Az cli
203
private zone Az DNS
Allows DNS services between peers (DNS is not default with Az registered things). Can be registered to multiple vnets.
Need to link and can auto register new machines. Public doesn't allow this
204
ARM LoB deployment, incremental vs complete
incremental will update resources
complete will only use the resources in the latest deployment
205
User Admin vs User Access Admin
User admin is the entra side
UAA is resource based
206
Update-AzVM
updates VMs to things like data disks being attached or assigned
207
AzCopy Sync
Will sync files between 2 sources
--delete-destination flag will remove temp files
208
ssh port
22
209
Web App, Std plan
Your company only, 10 instances, adv compute power
210
NSG rules, what is the scope in subnets
incoming traffic and traffic within the subnet has the NSG rules applied
211
what options do you have to go from lfs to zrs. Types of Migrations
manual or live migration (restrictions apply to live)
212
Switch-AzWebAppSlot
Changes production stages from things like test.google.com to production.google.com
213
SecretName in keyVault
Secrets can be passwords. Use this variable for sending new VM passwords
214
Application Logging Blob vs File
Retention time
Blob is long term, File turned off in 12 hours
215
Basic to auto scaling apps
Up price tier to STD
Create Rules
Enable AutoScaling
216
Log Analytics Workspace
data store of log data from all of your Azure and non-Azure resources.
Can be used by Az Backup Reports
217
VM backup and restore point days to restore
14 restore
30 days backup vm restore
218
Container Group creation vs VM subnets
Can't be on the same subnet as other resources, besides other container groups
219
VM Access Ext
Adjust logins and users and ssh keys for Linux machines
220
NAT use in load balancer setup
an inbound NAT rule is used to forward traffic from a load balancer frontend to a backend pool.
Int -> LB -> NAT -> Services
221
Test-NetConnection
Ping
222
Azure-provided name resolution
limits to customization and networks
does not support user-defined domain names
only supports a single virtual network
223
SOA record
Admin record for DNS zone
224
Azure DNS Private Resolver
is used to proxy DNS queries between on-premises environments and Azure DNS.
225
virtual network link
assign azure private dns to virtual network
226
New-AzResourceGroupDeployment is used to deploy what
Used to deploy VM by template and other resources
227
Az Spot Instance, what is it for VMs?
Extra cap VM service
228
Azure Service Bus is a
fully managed enterprise message broker with message queues and publish-subscribe topics.
229
When moving web apps, delete what file?
Delete SSL cert and move everything else
230
CNAME vs A record, what do they map to?
A Domain name -> IP
CName Domain name -> Domain Name
231
Failure Committed
Shows failed VM completed it's failover and is rdy for a reprotect
232
Network Watcher min amount
1 per region
233
SMS alert spam time in minuutes
5 minute per text on alerts
234
Find Underutilized VMs with what tools
Az Advisor -> Cost blade
235
External collab settings vs Cross-tenant access
External Collab: Settings for the Sub
CTA: settings are used to configure collaboration with a specific Microsoft Entra organization
236
Managed Group Policy inheritance
Applying policies and configuring role-based access control at the management group level ensures that these settings are inherited by all subscriptions
237
Blob storage req
versioning
238
Deleting Recovery Service Vault Reqs
– You can’t delete a vault that contains protected data sources.
– You can’t delete a vault that contains backup data. Once backup data is deleted, it will go into the soft-deleted state.
– You can’t delete a vault that contains backup data in the soft-deleted state.
– You can’t delete a vault that has registered storage accounts.
239
System Center Service Manager
240
Search logs with KQL
search in (TableName) "value"
241
Can you recover files to diff OS?
No
242
Az Policy Initive
Initiatives enable you to group several related policy definitions to simplify assignments and management.
243
local network gateway
It essentially acts as a placeholder in Azure that provides information about your local network
244
Az Vnet resizing happens with or without downtime?
Seemless vnet resizing and only needs to be synced again
Sync button on peering resource
245
Custom sub domains need what record?
Need NS record
246
Allow gateway transit, in Vnet peers, what does it allow
Allows peered networks to use another's gateway
247
Az won't let you run web apps with PHP or Python on what OS
Windows
248
Azure Container Apps ingress
Makes container apps avail to public or vnets
249
ARM templates don't contain
250
Load software in VMSS
Custom Script Extension - use extensionProfile in the JSON and Custom Script Ext to load software.
251
proximity placement group
VMs as close as possible, achieving the lowest possible latency
252
AzCopy Make URI
creating a new something in azure
253
dynamic membership type, why use this for Res
vs assigned " "
allows you to assign rules to added users \ groups to resource
assigned, allows adding individuals to the resources
254
Logic App Operator role only
read / enabled /dis
255
VMs can create what with managed IDs
Resources
256
Rules and Action groups per signal \ users
one alert rule per signal type.
one action group per unique user.
so stupid, you can only make one rule for 1 user
257
Microsoft Azure Backup Server (MABS)
Backup on prem devices to resource vaults in az
258
NSG, region specific?
yes
259
Can you attach a NSG and ASG to one VM nic?
Yes
260
What disks can't be backed up on VMs?
Unmanaged
261
Conditional Access policy types, does these 2 things when approved ID
Grant – enforces grant or block access to resources.
Session – enable limited experiences within specific cloud applications
* no MFA or joined devices for sessions
262
Sessions allow but don't require what
Allow access to cloud apps
no MFA or joined devices for sessions
263
Hyper V sites
Site Recovery deployment, you gather Hyper-V hosts and clusters into Hyper-V sites
264
On Prem to
– Hyper-V site
– Azure Recovery Services Vault
– Replication Policy
265
Can't tag this or set locks
Mgmt Group
266
Application Insights Agent
Application Insights is a feature of Azure Monitor that provides extensible application performance management (APM) and monitoring for live web apps
267
App Services backup plan
default backup or recovery service vault
268
Public ip can be applied to static or dynamic?
static
269
Do RGs allow exporting ARM templates?
Yes
270
load balancing rule effect one or all instances?
all, can't be used like NAT inbound rules to target one VM
271
Connection Troubleshoot
Connection troubleshoot reduces the Mean Time To Resolution performing all checks to issues pertaining to network security groups, user-defined routes, and blocked ports.
272
Microsoft Identity Manager (MIM) vs Entra ID
MIM has data sync and certs. Better for on prem integration
273
Hybrid Connection Manager
connects App services to on prem things
274
UNC path for file shares, Az Files
\\ + ".file.core.windows.net"
\
275
Microsoft Entra Kerberos authentication for Azure Files
Kerebos auths things like hybrid sign ins
276
Internal vs Public load balancers
Internal load balancers distribute traffic within a VNET while public load balancers balance traffic to and from an internet-connected endpoint
So web apps would still need an internal load balancer
277
Availability sets and load balancers, same or any
You can only load balance in the same set
278
Az storage account type that can use ques
Gen-purpose v2
279
how many cloud \ server endpoints per file share?
1
280
Azure Disk (Services) is only used for what?
Mostly VMs and some Azure res
281
Backup policy requires what for VMs
Recovery Service Vault
282
Web app free and shared tier time limit
1hour / 4 hours CPU per day
283
Azure RSV time to restore
retention time
14 days
284
entitlement management
azure large scale governance. use with catalogue \ catalogue id's to assign groups
285
disable peering before moving
vnet
286
Std public ips allow internet connections by default?
no
287
What is MMA, Microsoft Monitor Agent
Installed on windows to send reports out, probably to log analytics
288
Can you apply a NSG to a Vnet?
No
289
MS Entra Connect
Hybrid auth service that lets you WRITEBACK changes from things like pswd reset to your dc
290
Az VM backup agent \ extension
Needs to be installed when on prem images are used.
291
ASGs, application sec groups
Can only be assigned to nics in the same vnet
292
Service endpoint to PaaS
Subnet has a Serv End that points to something like a private endpoint on a PaaS
293
Private endpoint
Not a service endpoint,
not public
needs an az dns
294
Private link service
Creates private endpoints to another network
Can connect without peering
295
