1

What is the effect of the default network security settings for a new virtual machine?
- Outbound request are allowed. Inbound traffic is only allowed from within the virtual network

- Outbound requests are considered low risk, so they are allowed by default. Inbound traffic from within the virtual network is allowed. By placing a VM in a virtual network, the VM owner is implicitly opting-in to communication among the resources in the virtual network.

2

Suppose you have several Linux virtual machines hosted in Azure. You will administer these VMs remotely over SSH from three dedicated machines in your corporate headquarters. Which authentication methods would typically be considered best-practice for this situation?
- Private key access with a passphrase is the most secure option. Even if an attacker acquires your private key, they will be unable to use it without the passphrase.

3

When creating a Windows virtual machine in Azure, which port would you open using the INBOUND PORT RULES in order to allow remote-desktop access?
- The Remote Desktop Protocol (RDP) uses port 3389 by default so this port is the standard port you would open if you wanted to use an RDP client to administer your Windows virtual machines.

4

Suppose you have an application running on a Windows virtual machine in Azure. What is the best-practice guidance on where the app should store data files?
- Dedicated data disks are generally considered the best place to store application data files. They can be larger than OS disks and you can optimize them for the cost and performance characteristics appropriate for your data.

5

What is the final rule that is applied in every Network Security Group?
- Deny all. It will block all traffic that you don't specifically allow.

6

Suppose you're an administrator of several Azure virtual machines. You get a text message indicating some problems with your VMs. You are at a friend’s house and only have your tablet with you. True or false: you'll still be able to access the Azure CLI using the tablet, even though you can't install the CLI on it.
- True: The Azure Cloud Shell is available in the browser and runs with the full Azure CLI. If you prefer Powershell, the Azure Cloud Shell has that as well.

7

Suppose you have a script that creates several VMs with different images. When the script issues the command to create the first VM you do not want to block the script while the VM is created, instead you want the script to immediately move on to the next command. What is the best way to do this?
- Adding '--no-wait' will cause 'azure VM create' to return immediately without waiting for the VM to actually be created.

8

Most Azure commands return JSON by default. Sometimes this data set can be very large which makes it difficult to read and tricky to use the result of one command as input to another command. What can you use with Azure CLI to filter the results to get only the data that you need?
- All Azure commands support the '--query' argument which lets you select the useful data in any Azure command response.

9

Which workload option should be selected to run a network appliance on a virtual machine?
- Compute optimized virtual machines are designed to have a high CPU-to-memory ratio. Suitable for medium traffic web servers, network appliances, batch processes, and application servers.

10

An organization has a security policy that prohibits exposing SSH ports to the outside world. What is the best way to connect to the Azure Linux virtual machines and install software?
- The Azure Bastion service is a new fully platform-managed PaaS service provisioned inside a virtual network. Bastion provides secure and seamless RDP and SSH connectivity to virtual machines. The access uses the Azure portal and SSL.

11

What is the effect of the default network security settings for a new virtual machine?
- Outbound requests are considered low risk, so they are allowed by default. Inbound traffic from within the virtual network is allowed. By placing a VM in a virtual network, the VM owner is implicitly opting-in to communication among the resources in the virtual network.

12

Virtual machine scale sets deploy and manage which of the following?
- This approach lets administrators easily manage hundreds of VMs without additional configuration tasks or network management.

13

Which service in Azure is used to manage resources in Azure?
Azure Resource Manager is used to “manage” infrastructures which involve a no. of azure services. It can be used to deploy, manage and delete all the resources together using a simple JSON script.

14

What are Roles in Azure and why do we use them?
Roles are nothing servers in layman terms. These servers are managed, load balanced, Platform as a Service virtual machines that work together to achieve a common goal. There are 3 types of roles in Microsoft Azure: - Web Role: A web role is basically used to deploy a website, using languages supported by the IIS platform like, PHP, .NET etc. It is configured and customized to run web applications.

- Worker Role: – A worker role is more like an help to the Web role, it used to execute background processes unlike the Web Role which is used to deploy the website.

- VM Role: – The VM role is used by a user to schedule tasks and other windows services. This role can be used to customize the machines on which the web and worker role is running.

15

What is Azure as PaaS?
PaaS is a computing platform that includes an operating system, programming language execution environment, database, or web services. Developers and application providers use this type of Azure services.

16

What are Break-fix issues in Microsoft Azure?
In Microsoft Azure, all the technical problem is called break-fix issues. This term uses when "work involved in support a technology when it fails in the normal course of its function.

17

Explain Diagnostics in Windows Azure
Windows Azure Diagnostic offers the facility to store diagnostic data. In Azure, some diagnostics data is stored in the table, while some are stored in a blob. The diagnostic monitor runs in Windows Azure as well as in the computer's emulator for collecting data for a role instance.

18

State the difference between repetitive and minimal monitoring.
Verbose monitoring collects metrics based on performance. It allows a close analysis of data fed during the process of application.
On the other hand, minimal monitoring is a default configuration method. It makes the user of performance counters gathered from the operating system of the host.

19

Explain command task in Microsoft Azure?
Command task is an operational window which set off the flow of either single or multiple common whiles when the system is running.

20

What is the difference between Azure Service Bus Queues and Storage Queues?
Two types of queue mechanisms are supported by Azure: Storage queues and Service Bus queues. - Storage queues: These are the part of the Azure storage infrastructure, features a simple REST-based GET/PUT/PEEK interface. Provides persistent and reliable messaging within and between services.

- Service Bus queues: These are the part of a broader Azure messaging infrastructure that helps to queue as well as publish/subscribe, and more advanced integration patterns.

21

Is it possible to create a Virtual Machine using Azure Resource Manager in a Virtual Network that was created using classic deployment?
- This is not supported. You cannot use Azure Resource Manager to deploy a virtual machine into a virtual network that was created using classic deployment.

22

What are virtual machine scale sets in Azure?
- Virtual machine scale sets are Azure compute resource that you can use to deploy and manage a set of identical VMs. With all the VMs configured the same, scale sets are designed to support true autoscale, and no pre-provisioning of VMs is required. So it’s easier to build large-scale services that target big compute, big data, and containerized workloads.

23

Are data disks supported within scale sets?
Yes. A scale set can define an attached data disk configuration that applies to all VMs in the set. Other options for storing data include: - Azure files (SMB shared drives)

- OS drive

- Temp drive (local, not backed by Azure Storage)

- Azure data service (for example, Azure tables, Azure blobs)

- External data service (for example, remote database)

24

What is the difference between the Windows Azure Platform and Windows Azure?
- The former is Microsoft’s PaaS offering including Windows Azure, SQL Azure, and AppFabric; while the latter is part of the offering and Microsoft’s cloud OS.

25

What are the three main components of the Windows Azure Platform?
- Compute, Storage and AppFabric.

26

Can you move a resource from one group to another?
- Yes, you can. A resource can be moved among resource groups.

27

How many resource groups a subscription can have?
- A subscription can have up to 800 resource groups. Also, a resource group can have up to 800 resources of the same type and up to 15 tags.

28

Explain the fault domain.
- It is a logical working domain in which the underlying hardware is sharing a common power source and switch network. This means that when VMs is created the Azure distributes the VM across the fault domain that limits the potential impact of hardware failure, power interruption or outages of the network.

29

Which of the following tools can be used to manage Azure resources on a Google Chromebook?[Azure portal, PowerShell, Azure Cloud Shell, Azure CLI]
- You can run the Azure portal on all modern desktop, tablet devices, and browsers.

- Azure Cloud Shell is an interactive, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash experience, while Windows users can opt for PowerShell. - Reference: Azure Portal - Azure Cloud Shell

30

You have an on-premises application that sends email notifications automatically based on a rule. You plan to migrate the application to Azure. You need to recommend a computing solution for the application that should minimize costs by incurring charges only when it is executed. Which Azure solution is best for this type of application?
- Logic App

- Azure Logic Apps is a cloud service that helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions for app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) communication, whether in the cloud, on-premises, or both.

- For example, here are just a few workloads you can automate with logic apps:Process and route orders across on-premises systems and cloud services.

- Send email notifications with Office 365 when events happen in various systems, apps, and services.

- Move uploaded files from an SFTP or FTP server to Azure Storage.

- Monitor tweets for a specific subject, analyze the sentiment, and create alerts or tasks for items that need review.

- For new logic apps that run in the public or "global" Azure Logic Apps service, you pay only for what you use. These logic apps use a consumption-based plan and pricing model.

- Reference: Azure Logic Apps

1

Automate deployment of virtual machines (VMs) by using Azure Resource Manager templates
- modify an Azure Resource Manager template

- configure a virtual hard disk (VHD) template

- deploy from a template

- save a deployment as an Azure Resource Manager template

- deploy virtual machine extensions

2

Configure VMs
- configure Azure Disk Encryption

- move VMs from one resource group to another

- manage VM sizes

- add data disks

- configure networking

- redeploy VMs

- configure high availability

- deploy and configure scale sets

3

Create and configure containers
- configure sizing and scaling for Azure Container Instances

- configure container groups for Azure Container Instances

- configure storage for Azure Kubernetes Service (AKS)

- configure scaling for AKS

- configure network connections for AKS

- upgrade an AKS cluster

4

Create and configure Azure App Service
- create an App Service plan

- configure scaling settings in an App Service plan

- create an App Service

- secure an App Service

- configure custom domain names

- configure backup for an App Service

- configure networking settings

- configure deployment settings