CBT Nuggets Flashcards

The Azure support team will approve up to how many storage accounts?

250

If you have __**1000 unique users**__ in Active Directory,

600 users in one dynamic group,

and 800 users in another dynamic group,

what is the __**minimum number**__ of Azure AD Premium P1 licenses required?

1000

Which object is a __**pointer to an Azure file share**__

and represents an Azure fileshare

and one or more server endpoints?

A cloud endpoint

\
https://learn.microsoft.com/en-us/azure/storage/file-sync/file-sync-deployment-guide?tabs=azure-portal%2Cproactive-portal

What type of group contains a list of __**security rules**__

that allow or deny __**network traffic**__

__**to resources**__ connected to Azure Virtual Networks (Vnet)?

Network Security Group (NSG)

If you accidentally delete or make changes to a file,

what can you use to __**restore individual files**__?

@@Recovery Point@@

\
https://learn.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm

Which object __**defines**__ the __**sync topology**__

for a __**set of files**__

in an @@Azure File Sync@@?

%%Sync Group%%

Which cmdlet

__**adds a network interface configuration**__

to the VM Scale Set configuration?

Add-AzRmVmssNetworkInterfaceConfiguration

\
https://learn.microsoft.com/en-us/powershell/module/az.compute/add-azvmssnetworkinterfaceconfiguration?view=azps-10.0.0

Horizontal Scaling

when you add more VMs

Vertical Scaling

when you increase the size (resources) on the VM

Which cmdlet uploads a VHD to a container

in your storage account?

Add-@@AzVhd@@

\
https://learn.microsoft.com/en-us/azure/devtest-labs/devtest-lab-upload-vhd-using-storage-explorer

Before deploying a __**web app**__,

you must create a ____________ in your ***resource group***

to support the deployment of the web app.

App Service plan.

\
https://learn.microsoft.com/en-us/azure/app-service/app-service-plan-manage

What type of license is required

to enable **dynamic group** membership

for users in Azure Active Directory?

Azure AD @@Premium P1@@ license.

Which admin **role** can **create** and **manage** all aspects of:

* enterprise applications,
* application registrations,
* application proxy settings?

%%Application%% Administrator

Can you move Azure resources

%%linked to an HDInsight cluster%%

across subscriptions?

(such as the virtual network, NIC, or load balancer)

No.

\
As of March 2021, you cannot. However, you can move HDInsight to a new subscription or resource group.

Why is there __no impact__ on production workloads

__during__ the __backup__ of an Azure VM?

As part of the backup process, a __**snapshot**__ is taken, and the __**data is transferred**__ to the @@*Recovery Services Vault*@@ with no impact on production workloads.

Which CLI command

will create an __app__ __service__ plan

to host your web app?

Az %%**appservice plan**%% create

Which CLI command is used

to create a new custom role?

az %%role definition%%

Which Azure CLI command

encryptes a running VM?

az %%vm encryption enable%%

Which ***tool*** enables you to

__**query role assignments**__ at a specific resource,

which includes role assignments for all resources?

Azure AD __**Privileged Identity Management**__

What authentication types are available

when creating a __**virtual network gateway**__

* Azure ==Certificate==
* RADIUS authentication

What tools can you use besides

Azure Portal and PowerShell

to move a DNS zone to another subscription?

* Azure CLI
* REST API

What feature allows you to __**share**__ resources

such as __**images**__ and __**applications**__ with everyone

or limit sharing to different users, service principals,

or AD groups within your organization?

Azure @@Compute Gallery@@

\
An Azure Compute Gallery (formerly known as Shared Image Gallery) simplifies sharing resources, like __**images**__ and __**application packages,**__ across your organization.

The Azure Compute Gallery lets you __**share**__ custom VM images and application packages with others in __**your organization**__, __**within or across regions**__, within a __**tenant**__.

Which Azure service manages

your hosted Kubernetes environment,

making it quick and easy to deploy, and

manages containerized applications

without container orchestration expertise?

Azure Kubernetes Service (AKS)

Which __**service**__ allows you to __**load balance services**__ on multiple ports, multiple IP addresses, or both?

Azure ==Load Balancer==

What are three different options

to distribute network traffic using Microsoft Azure?

* Azure Load Balancer,
* Application Gateway,
* Traffic Manager

Which Azure service

in the ==Operations Management Suite== (OMS)

__monitors__ your __on-premises__ environment and __cloud__ environment for ***availability*** and ***performance***?

Azure %%Log Analytics%%

Which **template** consists of __*JSON*__ and __*expressions*__ that you can use to __*construct values*__ for your Azure **deployment**?

Azure Resource Manager (***ARM***) template

What happens when you ==redeploy== a VM?

Azure will __**shut down**__ the VM, __**move**__ the VM __**to**__ a __**new node**__ within the Azure infrastructure,

and then power it back on, __*retaining*__ all your __*configuration*__ options and __*associated*__ __*resources*__.

Which built-in role for Azure resources allows you to **manage** __backup services,__ **except for:**

* the removal of backups,
* vault creation,
* giving access to others?

Backup Operator

Which RBAC (Role-Based Access Control) role has

permissions to everything a **Backup Contributor** does

except for removing backup and managing backup policies

Backup Operator

\
The __**Backup Contributor**__ can:

* Remove backups
* Manage backup policies

Which role can view backup services

but __*cannot*__ make changes?

Backup Reader

Which type of alerts

notify recipients when cost __*exceeds*__

a **predefined** or **forecasted** amount?

Budget alerts

Which user role has the same permissions as the Application Administrator role,

except for the ability to manage __*application*__ __*proxy*__ __*settings*__.

==Cloud Application== Administrator

\
cannot manage Application Proxy settings.

Users with which role have management permissions

within the ==Office 365 Security & Compliance Center==

and ^^Exchange Admin Center^^?

%%Compliance%% Administrator

What service in Azure is a __**global**__ solution

for __**delivering high-bandwidth content**__

that is __**hosted**__ in the local Azure region or any other location?

Content Delivery Network (CDN)

What type of connection in Azure uses a ==private==,

@@dedicated connection@@ through a ***third-party*** connectivity provider?

ExpressRoute

Which Azure service lets you create %%__**private connections**__%%

__**between**__ Microsoft __**datacenters**__ and infrastructure

that is __**on**__-__**premises**__ or in a colocation facility?

%%ExpressRoute%%

How many __**name-servers**__ does

Azure DNS __assign__ for __each zone__?

==Four==

Which element in the ARM template do you use to configure ==user-defined functions==?

Functions

Which role can manage

Azure Active Directory %%**B2B** **guest**%% user %%**invitations**%%

when the Members can invite user setting is set to No?

%%***Guest Inviter***%% admin role

What kind of Azure ==**VPN gateway**==

should you use to connect **25 on-premises sites**

to **one** Azure %%**site-to-site**%% **VPN gateway**?

==High-performance== %%VPN gateway%%

Which admin __Role__ can __monitor__

@@__notifications__@@ and %%__advisory health updates__ %%

in Office 365 Message Center

for their organization on

* Exchange,
* Intune,
* Microsoft Teams,
* and other configured services?

Message Center Reader

Which component of __Log Analytics__

is a @@cloud-based network monitoring solution@@

that monitors connectivity between

%%Azure cloud deployments%% and

on-premises locations (branch offices, etc.)?

^^Network Performance Monitor^^ (NPM),

now Connection Monitor

Which cmdlet allows you to __determine__ the __scope__ in which a @@policy definition can be used@@?

New-%%AzPolicyAssignment%%

Which cmdlet is used to create a __**snapshot**__ __**configuration**__?

New-%%AzSnapshotConfig%%

What cmdlet is used to create a __**file share**__ in Azure Files?

New-%%AzStorageShare%%

Can you create a __**device group**__

based on the

__**device owners' attributes**__?

No

Is it possible to __**disable**__

Azure Storage __**encryption**__?

No

Does an __**Application Gateway**__

support **multiple public IPs** on the gateway?

No, an application gateway supports __**only one**__ public IP address.

Does __object replication__ in Azure

synchronously ==**copy block blobs** ==between

a source %%**storage**%% **account** and a %%**destination**%% account?

**No**, it %%**asynchronously**%% copies block blobs between

a source storage account and a destination account.

For the __v2 SKU__,

are __UDRs__ supported on the __application gateway__ subnet?

No, __only__ in the __v1__ SKU

With Azure %%**Site Recovery**%%,

can you replicate data @@over a VPN@@?

**No**,

you can __only__ replicate data __over the public internet__ with

__ExpressRoute__ (Microsoft peering or an existing public peering).

VPN does not work.

Do __ExpressRoute__ connections

go over the __public__ __internet__?

No.

Is the Azure __**Compute Gallery**__ service

a __**global**__ resource?

**No**.

Although it supports global replication, it is a best practice to have at least two galleries in different regions for disaster recovery scenarios.

Does ==__**Azure Relay**__==

use the same %%network-level integration%% technologies

as VPN?

No.

An Azure relay is __**scoped to a** %%**single application endpoint**%% **on a** %%**single machine**%%__ while the VPN technology relies on altering the network environment.

\
https://learn.microsoft.com/en-us/azure/azure-relay/relay-what-is-it

https://www.youtube.com/watch?v=HBsCTqjo_lY

Are Azure Backup reports available for

Azure SQL Database, Azure File Shares, Data Protection Manager,

and Azure Backup server?

No.

At the time of this writing, Azure Backup reports are NOT available for Azure SQL Database, Azure File Shares, Data Protection Manager, and Azure Backup server.

Does @@Vnet-to-Vnet traffic@@ travel across the internet?

No.

It __only__ %%travels%% __across__

the @@Microsoft@@ Azure @@backbone@@.

Can you disable a printer

in Azure Active Directory?

No.

You cannot disable or enable a printer in Azure Active Directory

How often does Azure Storage

__check__ the @@key vault@@ for a __new__ __version__?

Once daily

Which resource allows Azure resources to

%%communicate%% with other resources

in a virtual network or an on-premises network

through a VPN gateway or ExpressRoute circuit,

__**without**__ using an __**Internet-reachable IP**__ address?

Private IP resource

What are the two options for configuring MFA to Azure resource role assignments in Azure AD @@Privileged Identity Management@@ (PIM)?

1. Require MFA on @@active assignment@@
2. Require MFA on %%activation%%

After using Azure Admin,

why is it recommended to @@apply resizing@@ to VMs

after business hours?

@@Resizing@@ %%requires%% an actively running VM to @@restart@@

In role-based access control (RBAC),

what is the term for the collection of operations

that can be performed,

such as read, write, and delete?

@@Role@@ %%definition%%

Which type of %%alerts%% notifies recipients about the @@latest costs@@ on a daily, weekly, or monthly __schedule__ based on a saved cost view

@@Scheduled@@ %%alerts%%

What cmdlet can you use to

@@redeploy@@ a Windows VM?

Set-@@AzureRmVM@@

Which __PowerShell__ cmdlet @@encrypts@@ a running VM?

Set-%%AzVMDiskEncryptionExtension%%

What PowerShell command

must you run on the target VM

to __enable__ @@inbound@@ connections

to port 5985 for WinRM

over HTTP for WinRM access?

Set-NetFirewallRule

\-Name WINRM-HTTP-In-TCP-PUBLIC

\-RemoteAddress Any

Which __type__ of __policy__ allows you to

__change__ the %%start time%%, %%expiry time%%, or %%permissions%%

for a @@Shared Access Signature@@ (SAS)?

@@Stored@@ %%Access%% policy

Method to setup __**Keys**__ and __**Values**__ around __**Labels**__,

such as intended use, projects, and cost centers,

to @@provide insight@@ into your environment

and %%track usage%%?

Tagging

A file used with the %%Azure Import/Export service%%

that lists __**disks**__ and corresponding __**drive letters**__

so that the %%Azure Import/Export%% can

correctly __**pick**__ the __**list**__ of __**disks**__ to be prepared

@@Driveset.csv@@

When creating a @@Recovery Services Vault@@

for replicating VMs,

which region cannot be used?

The @@same region@@

from which you want to

replicate the VMs.

Which tier for the __App Service plan__ allows each app to receive a quota of CPU minutes, and @@charges each app@@ %%for its portion%% of the CPU quota?

Shared tier

Which parameter should you use with the

***New-AzResourceGroupDeployment*** cmdlet

to __redeploy__ an %%earlier successful deployment%%

if your current deployment fails

To specify a redeployment,

use either the

@@-RollbackToLastDeployment@@

or

%%-RollBackDeploymentName%%

parameters in the deployment command

What is the __health status__

of your Standard load balancer

if the Datapath Availability metric

has reported @@less than 25% health@@

for at least %%two minutes%%?

Unavailable

Which __type__ of __routing__

allows you to route traffic

to %%back-end server pools%%

based on the __URL paths__ of the request?

@@URL-based@@ routing

To enable %%customer-managed keys%%

on a @@storage account@@,

where must you __store__ your __keys__?

Azure @@Key Vault@@

What are the __three types__ of

@@shared access signatures@@

supported by Azure Storage?

1. @@User delegation@@ SAS,
2. Service SAS,
3. %%Account%% SAS

When using the %%Azure Import/Export%% service,

which __tool__ would you use

to @@copy data to disk@@ drives?

WAImportExport

What type of traffic

can be __load balanced__ by an

%%application gateway%%?

%%Web traffic%% (HTTP, HTTPS, WebSocket, and HTTP/2)

Why does using

Azure CDN streaming endpoints

minimize data transfer costs?

When Azure CDN is enabled for a streaming endpoint, @@data transfer charges do not apply@@ because data transfers are charged at data transfer pricing, and Azure CDN is not enabled for a streaming endpoint by default.

What are the three methods for

deploying Azure AD Join?

1. ==Windows Autopilot==
2. Bulk Deployment
3. %%Self-Service Experience%%

Can ==virtual machines== with

certificates stored in Key Vault

be @@moved to a new resource group@@

in the %%same subscription%%?

Yes

Can %%virtual machines%% with ==managed disks==

be moved to a new resource group and subscription?

Yes

Can you create a %%copy of a managed disk%%

and then @@create a new virtual machine@@

from the newly created managed disk?

Yes

Can you move %%Azure-managed disks%%?

Yes

Can you use a %%free certificate%%

to secure your custom DNS name

in ==App Service==

Yes

Do you receive the %%single sign-on%% feature

for Active Directory

if you choose the ==Free Azure AD== edition

instead of a Premium P1 edition?

Yes

Can you use ExpressRoute

to replicate on-premises virtual machines to Azure?

Yes,

%%ExpressRoute%% can be used to replicate on-premises virtual machines to Azure

Can %%custom roles%% be assigned

at the scope of a single Azure AD resource?

Yes,

they can be assigned at the ==scope of a single Azure AD== resource,

or they can be assigned at the %%default organization-wide scope%%

to grant access permissions over all app registrations in your organization.

How many Custom Roles can you create?

There is a limit of 5,000 custom roles per tenant.

\
If the Azure built-in roles don't meet the specific needs of your organization, you can create your own custom roles. Just like built-in roles, you can assign custom roles to users, groups, and service principals at management group, subscription, and resource group scopes.

Do ==premium and Isolated tiers==

allow a %%greater number of daily backups%%

than Standard tier?

Yes.

Can you replicate VMs enabled through disk encryptions to another subscription with Site Recovery

Yes.

==Site Recovery== %%supports disaster recovery of VMs with Azure disk encryption%% (ADE) enabled. You can replicate Azure VMs to a different subscription as long as the subscription is within the same Azure AD tenant.

Can you only sync with other services and Azure file shares that use the same Storage Sync Service

TRUE

You can %%only sync Azure File Shares%%

and ==other services==

that use the same Storage Sync Service.

Each resource can only exist in one resource group

TRUE

True or False: When adding a network interface to an existing VM, the %%network interface cannot have accelerated networking enabled%%, ==cannot have an IPv6 address assigned== to it, and must exist in the same virtual network as the one that contains the network interface currently attached to the VM.

TRUE

You can create a dynamic group for devices or for users, but you cannot create a rule that contains create a rule that contains both users and devices.

TRUE

All the resources in your group MUST share the same lifecycle.

\
False

False, although it is highly recommended that all resources have the same lifecycle so that you can deploy, update, and delete them together, it is not required.

If you define action tierToCool and action tierToArchive on the same block, which action is applied?

\
Least expensive action wins

Action tierToArchive is applied since it is the least expensive action

Which option under Support+Troubleshooting

should you choose to view the logs

and see a screenshot of your VM from the hypervisor?

%%Boot Diagnotics%%

What does it mean

when a subscription is locked

with the level ReadOnly?

Authorized users can read a resource,

but they cannot %%delete%% or %%update%% the resource