pluralsights Flashcards
When you create a role assignment in the Azure CLI, what 3 components do you need?
- the role definition
- the assignee
- the scope of the assignment. If you don’t provide a scope, it will default to the entire subscription.
In Azure CLI, what’s the command to assign the “reader” scope to the “developer” security group?
(Create Role Assignment in CLI)
assign the role and specify a resource group scope.
az role assignment create –role “Reader” –assignee $developers_security_group –scope /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx/resourceGroups/my-web-app
In Azure CLI, what’s the command to define your own role (eg “Custom Data”), and assign it to an app or group?
(Create Role Definitions in CLI)
az role definition create –role-definition ‘{
“Name”: “Custom Data”, […]
}
assign the new custom role to an app or group
az role assignment create –role “Custom Data” –assignee $developers_security_group
What’s Azure API Management?
Azure service to create consistent and modern API gateways for existing back-end services.
Provides secure, scalable API access for your app.
What are the 3 components in Azure API Management?
- API gateway; accepts API calls and routes them to your backends
- Azure portal; the admin interface where you set up your API program
- Developer portal; web user interface for developers where they can read API documentation.
What’s the capabilities of Azure Portal?
- Define/Import API schema
- Set up policies like quotas or transformations on the APIs
- Package APIs into products
- Manage users
What are the Access Restriction Policies in API Management?
- Limit call rate by key
- Validate JWT Tokens; enforces existence and validity of a JWT token in header or query parameter
- Set usage quota by key; Enforces a renewable or lifetime call volume and/or bandwidth quota.
- Check HTTP header presence; enforces existence and/or value of a HTTP header
- Limit call rate by subscription
What’s the policy name to secure an API by requiring a JWT Token?
<validate-jwt header-name=”Authorization” require-expiration-time=”false” require-scheme=”Bearer” output-token-variable-name=”jwt”>
Common use cases for Azure Cache for Redis?
- User session storage for distributed apps
- Database caching
- Content caching
- Distributed transactions
- Message broker (sometimes, queue based system/ or sub/pb model)
How to remove items from Azure Redis Cache?
- Schedule Deletion (TTL - time to live)
- Manual Deletion
- Eviction; you’re not in control of deleting the items. But you’re in control of the Eviction policies.
What are the Eviction policy options?
- Default value = volatile-lru (least recently used) by TTL
- allkeys-lru with and without TTL
- Noeviction
- Volatile-random: anything considered volatile, will be random removed
- allkeys-random; anything in the cache will select at random and removed.
- volatile-ttl; used the remaining ttl that are volatile and remove those based on the items with the shortest TTL remaining.
What are the best practices for Azure Cache for Redis configuration ?
- Set the maxmemory-reserved setting
- Reuse client connections whenever possible
- Utilise Redis pipelining
- Store smaller values
What’s the command to configure Web Server Logging to the Filesystem?
az webapp log config –name sampleWebApp –resource-group sampleResourceGroup –web-server-logging filesystem
What’s the command to configure App Logging to Azure Blob Storage? (windows only)
az webapp log config –name sampleWebApp –resource-group sampleResourceGroup –application-logging azureblobstorage
What’s the command to configure Container Logging to File System? (Linux only)
az webapp log config –name sampleWebApp –resource-group sampleResourceGroup –docker-container-logging filesystem
