Podcast
Questions and Answers
What does the Redeploy.EnablePurgeProtection function do in Azure Key Vault?
What does the Redeploy.EnablePurgeProtection function do in Azure Key Vault?
What is the purpose of the Access Policy in Azure Key Vault?
What is the purpose of the Access Policy in Azure Key Vault?
Allow access to the previously created secret.
Managed Service Identity (MSI) gives your code an automatically managed identity for authenticating to ______________ resources.
Managed Service Identity (MSI) gives your code an automatically managed identity for authenticating to ______________ resources.
Azure
Azure Static Web App allows users to view content only after Azure AD authentication.
Azure Static Web App allows users to view content only after Azure AD authentication.
Signup and view all the answers
What is the purpose of the change feed in Azure Blob Storage?
What is the purpose of the change feed in Azure Blob Storage?
Signup and view all the answers
What is required to break the current lease on a container?
What is required to break the current lease on a container?
Signup and view all the answers
Enable managed identity for a VM is done with the command Update-AzVM -ResourceGroupName 'ContosoRG' -VM $vm - IdentityId: $SystemAssigned
Enable managed identity for a VM is done with the command Update-AzVM -ResourceGroupName 'ContosoRG' -VM $vm - IdentityId: $SystemAssigned
Signup and view all the answers
To allow for _ routing between regions in Cosmos DB in case of a regional disaster, the option --enable-automatic-failover true should be set.
To allow for _ routing between regions in Cosmos DB in case of a regional disaster, the option --enable-automatic-failover true should be set.
Signup and view all the answers
What is the purpose of an Ingress Controller in Kubernetes?
What is the purpose of an Ingress Controller in Kubernetes?
Signup and view all the answers
Which Azure service helps coordinate processing of change feed across multiple workers?
Which Azure service helps coordinate processing of change feed across multiple workers?
Signup and view all the answers
Azure Blob index tags are used to search and filter by customer identifiers.
Azure Blob index tags are used to search and filter by customer identifiers.
Signup and view all the answers
The Configuration setting 'External data value' for Azure Container Instance is set to ________.
The Configuration setting 'External data value' for Azure Container Instance is set to ________.
Signup and view all the answers
Match the following storage concepts:
Match the following storage concepts:
Signup and view all the answers
What feature should be enabled in Application Insights to prevent cold start of an app service?
What feature should be enabled in Application Insights to prevent cold start of an app service?
Signup and view all the answers
Which Azure service can be used for order processing and financial transactions?
Which Azure service can be used for order processing and financial transactions?
Signup and view all the answers
Azure Logic Apps Designer allows to visually add ____________ to the logic app.
Azure Logic Apps Designer allows to visually add ____________ to the logic app.
Signup and view all the answers
Azure Event Grid is used for premium tier service bus event delivery.
Azure Event Grid is used for premium tier service bus event delivery.
Signup and view all the answers
Match the event source with the correct technology:
Match the event source with the correct technology:
Signup and view all the answers
What command is used to enable encryption for a virtual machine (VM)?
What command is used to enable encryption for a virtual machine (VM)?
Signup and view all the answers
The type '_____' is used for validating users, permitting users, and updating webapp without requiring a restart of the app.
The type '_____' is used for validating users, permitting users, and updating webapp without requiring a restart of the app.
Signup and view all the answers
Which Azure API is used to retrieve and update user profile information stored in Azure Active Directory (Azure AD)?
Which Azure API is used to retrieve and update user profile information stored in Azure Active Directory (Azure AD)?
Signup and view all the answers
Policy Section 'AppConf' is used to configure feature flags for an ASP.NET Core app.
Policy Section 'AppConf' is used to configure feature flags for an ASP.NET Core app.
Signup and view all the answers
Match the following authentication methods with their descriptions:
Match the following authentication methods with their descriptions:
Signup and view all the answers
What feature is recommended to reduce telemetry traffic and storage, as well as for the analysis of application data?
What feature is recommended to reduce telemetry traffic and storage, as well as for the analysis of application data?
Signup and view all the answers
What should be done to ensure maximum performance for dynamic content while minimizing latency and costs?
What should be done to ensure maximum performance for dynamic content while minimizing latency and costs?
Signup and view all the answers
Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log ________.
Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log ________.
Signup and view all the answers
What are the key components of the policy definition mentioned?
What are the key components of the policy definition mentioned?
Signup and view all the answers
What is the recommended access tier for storing data that is infrequently accessed and stored for at least 30 days?
What is the recommended access tier for storing data that is infrequently accessed and stored for at least 30 days?
Signup and view all the answers
Match the following terms with their appropriate descriptions:
Match the following terms with their appropriate descriptions:
Signup and view all the answers
All websites and services must use SSL from a valid root certificate authority. True or False?
All websites and services must use SSL from a valid root certificate authority. True or False?
Signup and view all the answers
ContentUploadService can access Azure Storage access keys using ____.
ContentUploadService can access Azure Storage access keys using ____.
Signup and view all the answers
Match the following key components with their descriptions:
Match the following key components with their descriptions:
Signup and view all the answers
What action should be taken to optimize performance for predicted usage pattern in Azure Cache for Redis?
What action should be taken to optimize performance for predicted usage pattern in Azure Cache for Redis?
Signup and view all the answers
Which features can be used to analyze app uptime and downtime in Azure Monitor logs and metrics? (Select all that apply)
Which features can be used to analyze app uptime and downtime in Azure Monitor logs and metrics? (Select all that apply)
Signup and view all the answers
To implement dynamic configuration to the application, the _________________ needs to be created in the App Configuration store.
To implement dynamic configuration to the application, the _________________ needs to be created in the App Configuration store.
Signup and view all the answers
Match the Azure Cache for Redis commands with their functionalities:
Match the Azure Cache for Redis commands with their functionalities:
Signup and view all the answers
In Azure Blob Storage access, CORS is disabled to allow access from other domains.
In Azure Blob Storage access, CORS is disabled to allow access from other domains.
Signup and view all the answers
What does 'EnablePurgeProtection' do in the context of a Key Vault?
What does 'EnablePurgeProtection' do in the context of a Key Vault?
Signup and view all the answers
What configuration change can be applied to a resource from a file or stdin using 'kubectl apply'?
What configuration change can be applied to a resource from a file or stdin using 'kubectl apply'?
Signup and view all the answers
What is the purpose of the Managed Service Identity (MSI)?
What is the purpose of the Managed Service Identity (MSI)?
Signup and view all the answers
Purge Protection is an optional behavior in Key Vault and is enabled by default.
Purge Protection is an optional behavior in Key Vault and is enabled by default.
Signup and view all the answers
Match the following Azure services with their functionalities:
Match the following Azure services with their functionalities:
Signup and view all the answers
What is the purpose of the change feed in Azure Blob Storage?
What is the purpose of the change feed in Azure Blob Storage?
Signup and view all the answers
The ______ pattern is used in the Azure Function for returning health monitoring data.
The ______ pattern is used in the Azure Function for returning health monitoring data.
Signup and view all the answers
What should be done in the Azure Application Gateway's HTTP setting to enable it for the App service?
What should be done in the Azure Application Gateway's HTTP setting to enable it for the App service?
Signup and view all the answers
Setting the Code setting to 'Deployment slot' results in deployment errors to Service Bus when debugging locally.
Setting the Code setting to 'Deployment slot' results in deployment errors to Service Bus when debugging locally.
Signup and view all the answers
Match the Azure Blob Storage methods to their descriptions:
Match the Azure Blob Storage methods to their descriptions:
Signup and view all the answers
Which method is used to update old records with TableOperation.insertOrReplace? ______ updates old records.
Which method is used to update old records with TableOperation.insertOrReplace? ______ updates old records.
Signup and view all the answers
Which method is used to connect to a No-SQL globally-distributed database by using the .NET API?
Which method is used to connect to a No-SQL globally-distributed database by using the .NET API?
Signup and view all the answers
Azure Event Grid is well suited for receiving data from thousands of devices and storing them in Azure Blob storage.
Azure Event Grid is well suited for receiving data from thousands of devices and storing them in Azure Blob storage.
Signup and view all the answers
What is the primary usage of BlobFuse?
What is the primary usage of BlobFuse?
Signup and view all the answers
What is the Azure CLI command to create a Key Vault?
What is the Azure CLI command to create a Key Vault?
Signup and view all the answers
What Azure CLI command is used to create a key in a Key Vault?
What Azure CLI command is used to create a key in a Key Vault?
Signup and view all the answers
Which command is used to enable encryption for a virtual machine (VM)?
Which command is used to enable encryption for a virtual machine (VM)?
Signup and view all the answers
What command is used to retrieve the storage account key from Azure Key Vault?
What command is used to retrieve the storage account key from Azure Key Vault?
Signup and view all the answers
Azure CDN rule ensures that iPhone users are redirected to the ________.
Azure CDN rule ensures that iPhone users are redirected to the ________.
Signup and view all the answers
Third-party access can be authenticated using a Service Principal in Azure.
Third-party access can be authenticated using a Service Principal in Azure.
Signup and view all the answers
What feature should be enabled to prevent 'cold start' in an app service?
What feature should be enabled to prevent 'cold start' in an app service?
Signup and view all the answers
Which Azure service is used for order processing and financial transactions?
Which Azure service is used for order processing and financial transactions?
Signup and view all the answers
Queue size must not grow larger than ____ gigabytes (GB), and messages should follow a first-in-first-out (FIFO) ordering.
Queue size must not grow larger than ____ gigabytes (GB), and messages should follow a first-in-first-out (FIFO) ordering.
Signup and view all the answers
Azure Event Grid is used to handle filtered events through a third-party system endpoint.
Azure Event Grid is used to handle filtered events through a third-party system endpoint.
Signup and view all the answers
Match the following Azure Event Grid components with their descriptions:
Match the following Azure Event Grid components with their descriptions:
Signup and view all the answers
What is the purpose of creating a managed identity in Azure?
What is the purpose of creating a managed identity in Azure?
Signup and view all the answers
What are the steps involved in configuring key rotation and enabling key expiry in Azure App Configuration?
What are the steps involved in configuring key rotation and enabling key expiry in Azure App Configuration?
Signup and view all the answers
To ensure webapp CPU is less than 85% and minimize cost, configure the web app to the ________ App Service Tier.
To ensure webapp CPU is less than 85% and minimize cost, configure the web app to the ________ App Service Tier.
Signup and view all the answers
Azure Application Insights can be used to analyze the impact of load time on a user's decision to purchase a product.
Azure Application Insights can be used to analyze the impact of load time on a user's decision to purchase a product.
Signup and view all the answers
Match the Azure Monitor tests with their descriptions:
Match the Azure Monitor tests with their descriptions:
Signup and view all the answers
What is the purpose of implementing Application Insights?
What is the purpose of implementing Application Insights?
Signup and view all the answers
What are the requirements that the Shipping Logic app must meet?
What are the requirements that the Shipping Logic app must meet?
Signup and view all the answers
What HTTP response code is mentioned in the content?
What HTTP response code is mentioned in the content?
Signup and view all the answers
The label printer must only receive up to ______ attempts within one minute.
The label printer must only receive up to ______ attempts within one minute.
Signup and view all the answers
What header value is recommended to be added for an API call?
What header value is recommended to be added for an API call?
Signup and view all the answers
Hot storage tier is optimized for storing data that is accessed frequently.
Hot storage tier is optimized for storing data that is accessed frequently.
Signup and view all the answers
In the Azure Functions app function.json file, the queue name is '%______%' and the blob name is {queueTrigger}.
In the Azure Functions app function.json file, the queue name is '%______%' and the blob name is {queueTrigger}.
Signup and view all the answers
What is the purpose of the Azure Event Hub?
What is the purpose of the Azure Event Hub?
Signup and view all the answers
All websites and services must use SSL from a valid root certificate authority. True or False?
All websites and services must use SSL from a valid root certificate authority. True or False?
Signup and view all the answers
Match the following key elements with their descriptions:
Match the following key elements with their descriptions:
Signup and view all the answers
Study Notes
Azure Key Vault
- EnablePurgeProtection prevents the key vault from being permanently deleted before the soft-delete retention period has elapsed.
- EnableSoftDelete allows deleted vault and its contents to be retained and recoverable for the specified number of days.
Azure Access Control
- Access Policy must be applied or assigned to Users and Groups.
- Access control must require multi-factor authentication when granting access to the Azure portal.
Azure Web App
- Azure Web App can be deployed from Github using the
az webapp
command. - Azure Web App can be configured to use the Standard App Service Tier, which supports auto-scaling.
- Autoscaling can be enabled on the web app to minimize costs.
- A scale rule and scale condition can be added to the web app.
Azure Functions
- Azure Functions can be used to run background tasks, such as photo processing.
- Azure Functions can be triggered from Azure Blob storage events.
- Azure Functions can use a managed identity from Azure Active Directory for authentication.
- Azure Functions can be configured to use a Premium plan type.
Azure Storage
- Azure Storage provides a mechanism for recovering deleted objects, known as soft delete.
- Azure Storage provides a mechanism for purging deleted objects, known as purge protection.
Azure Kubernetes
- Azure Kubernetes provides a mechanism for configuring Custom Resource Definitions (CRDs).
- Azure Kubernetes provides a mechanism for configuring the Filter property of the SearchParameters class.
Azure App Service
- Azure App Service provides a mechanism for deploying web apps to a containerized environment.
- Azure App Service provides a mechanism for configuring the web app to use a custom domain.
- Azure App Service provides a mechanism for configuring the web app to use a managed identity.
Azure Durable Functions
- Azure Durable Functions provide a mechanism for running multiple actions in a specified order.
- Azure Durable Functions provide a mechanism for monitoring the function using a monitoring console application.
- Azure Durable Functions can be used to implement a voting system.
Azure Resource Manager
- Azure Resource Manager provides a mechanism for creating and deploying templates.
- Azure Resource Manager provides a mechanism for testing and validating changes to templates.
- Azure Resource Manager provides a mechanism for determining whether templates follow recommended practices.
Azure Container Apps
- Azure Container Apps provide a mechanism for running multiple microservices on Azure.
- Azure Container Apps provide a mechanism for enabling external HTTP ingress traffic.
- Azure Container Apps provide a mechanism for configuring a single environment for all containers.
Azure Search
- Azure Search provides a mechanism for implementing a search feature using .NET SDK.
- Azure Search provides a mechanism for configuring the QueryType property of the SearchParameters class.
- Azure Search provides a mechanism for configuring the Filter property of the SearchParameters class.
Azure Identity and Access
- Azure Identity and Access provides a mechanism for authenticating users using Azure Active Directory.
- Azure Identity and Access provides a mechanism for authorizing access to resources using Azure RBAC.
- Azure Identity and Access provides a mechanism for configuring multi-factor authentication.
Azure Networking
- Azure Networking provides a mechanism for configuring the App Service plan to use a private network.
- Azure Networking provides a mechanism for configuring the App Service plan to use a public network.
- Azure Networking provides a mechanism for configuring the App Service plan to use a load balancer.
Azure Monitoring and Analytics
- Azure Monitoring and Analytics provides a mechanism for configuring metrics and alerts.
- Azure Monitoring and Analytics provides a mechanism for configuring the QueryType property of the SearchParameters class.
- Azure Monitoring and Analytics provides a mechanism for configuring the Filter property of the SearchParameters class.### Azure Configuration and Settings
- Hosting plan: Premium
- App service plan: Standard
- Timeout value: 230 seconds
- Code change validation feature: Deployment slot
Python App Image Rendering
- Deploy to Linux container
- Stop image rendering complete
Environment Variables
- Compute target: Azure Container Instances
- Container: Restart policy termination
- AcquireLeaseAsync: If null, acquire infinite lease; if not null, must be 15 to 60 seconds
Custom Claims and User Access Token
- Add roles to appRoles attribute in app manifest
- High availability storage
Azure Container Apps
- az containerapp ingress: Ensure traffic is routed to each revision
- Unable to access container app and scaled to 0 instances: Enable ingress, create custom scale rule, and apply rule to container app
Case Study
- Internal staff report webpage load sizes are large and take a long time to load
- Use az containerapp command to deploy python website to container
Azure Service Bus
- Service bus queue: Azure App Service that scales based on the number of messages contained
- ActiveMessageCount: Messages in the queue or subscription that are in the active state and ready for delivery
- Average: Decrease count by
Azure Event Grid
- Not suited for receiving data from thousands of devices and storing them in Azure Blob storage
- Use QueueClient to receive a message when an Azure virtual machine finishes processing, ensuring messages do not persist after being handled
Azure Storage
- Upgrade Storage account to GPv2
- Create a new GPV2 standard account with default access level to cool
- Copy archive data to the GPV2 and delete the data from the original storage account
Azure Cosmos DB
- Partition key: Must be unique
- Use the .NET API to connect to a No-SQL globally-distributed database
- Use CosmosClient to create a client with endpoint and primary key
- Change feed estimator: Monitor the progress of the change feed processor
- Dead-letter queue: Prevent the change feed processor from retrying the entire batch when one document cannot be read
Azure CDN
- Use Azure CDN to distribute images
- Process of how the CDN and the Point of Presence (POP) server will distribute the image
Azure Blob Storage
- daysAfterLastAccessTimeGreaterThan: Accessed
- Use Azure Blob index tags to search and filter by customer identifier
- Use Azure Cognitive Search to search information inside documents
Azure Kubernetes Service
- Kubernetes cluster with a large amount of data collected and minimized latency
- YAML config: kind: StorageClass, provisioner: azure-disk, parameters: retain
Azure App Service
- Configure web app authentication and authorization: Add identity provider first
- Use Azure Cosmos DB change feed: App1 pull model, App2 push model, Lease container
- Use Azure BlobFuse to mount an Azure Blob Storage container as a local file system on a Linux system
Azure Container Instance
- Use Server Message Block (SMB) protocol to access data
- Implement static website on Azure Blob Storage: Azure Content Delivery Network (CDN) for custom domain name, header values, and SSL certificate
Azure API Management
- Implement HSTS and every request must include a valid HTTP header
- Use Certificate Authentication: Callers to the API must not send credentials to the API
Azure Key Vault
- Create an Azure Key Vault key named skey
- Encrypt the intake forms using the public key portion of skey
- Store the encrypted data in Azure Blob storage
Azure Active Directory
- Use Microsoft Graph API to retrieve and update user profile information
- Use Microsoft Authentication Library (MSAL) to authenticate users
Azure App Configuration
- Use Azure App Configuration to store and retrieve configuration settings
- Ensure the configuration settings are refreshed without the need to restart the app### Azure Functions
- Azure Functions automatically parallelize change processing using a Push Model or a Pull Model.
- The Push Model uses Azure Functions, while the Pull Model uses FeedRange for parallelization.
- A validate-jwt policy is used to validate the OAuth token for every incoming request.
Azure API Management
- Azure API Management is used for response caching.
- There are three types of caching: Account-level, Service-level, and User-delegation.
- Service-level caching allows delegation of access to resources in a single storage service.
Azure Active Directory
- Azure Active Directory (Azure AD) is used for authentication and authorization.
- Azure AD Premium is required for multi-factor authentication (MFA) implementation.
- Azure AD provides conditional access policies and identity protection.
Confidential Client Application
- A Confidential Client Application is used to instantiate a confidential client application with a client secret.
- There are two authentication methods: Service Principal and System-assigned Managed Identity.
Role-Based Access Control (RBAC)
- RBAC provides fine-grained access control and is used to assign permissions to users and applications.
- ArcPush provides push/pull permissions, while ArcPull provides least privilege only pull permissions.
Azure Blob Storage
- Azure Blob Storage is used to store unstructured data.
- A shared access signature (SAS) is generated for the Azure Blob storage account and provided to developers.
- Stored access policies allow revocation of permissions without regenerating storage account keys.
Microsoft Graph
- Microsoft Graph is used to access user properties and authenticate applications.
- Microsoft Graph provides APIs to access user data and requests permissions using a JWT token.
- Microsoft Graph is used to authenticate and access Microsoft Graph in the app manifest.
Single Sign-On (SSO)
- Azure Active Directory B2C (Azure AD B2C) is used to implement SSO for all applications that use custom in-house identity providers.
- Azure AD B2C provides custom policies and conditional access policies.
Microsoft Authentication Library (MSAL)
- MSAL is used to interface with Azure AD B2C and provide authentication and authorization.
- MSAL provides code library to interface with Azure AD B2C and manage identities.
Configuration Data
- Azure App Configuration is used to store and manage application configuration data.
- Azure App Configuration provides a managed identity and supports Azure Key Vault.
Authentication and Authorization
- Authentication is used to identify users and applications using JWT tokens and claims.
- Authorization is used to grant permissions to users and applications using Azure AD and Azure RBAC.
Microsoft Entra
- Microsoft Entra is used to provide authentication and authorization for applications.
- Microsoft Entra supports Azure AD B2C and provides managed identities.
Security and Compliance
- Security and compliance are ensured using Azure Policy and Azure Monitor.
- Azure Policy enforces compliance and security policies, while Azure Monitor provides monitoring and logging.
Azure Cache for Redis
- Azure Cache for Redis is used to optimize performance and reduce latency.
- Azure Cache for Redis provides caching rules and supports MIME types.
Azure Front Door Service
- Azure Front Door Service is used to optimize performance and reduce latency.
- Azure Front Door Service provides caching rules and supports edge nodes.
Azure Monitor and Azure Log Analytics
- Azure Monitor is used to collect logs and metrics from applications and services.
- Azure Log Analytics is used to analyze logs and metrics and provide insights.
Azure Application Insights
- Azure Application Insights is used to monitor application performance and detect anomalies.
- Azure Application Insights provides tools such as Live Metrics Stream, Smart Detection, and Snapshot Debugger.
Azure Cache for Redis Commands
- Azure Cache for Redis commands are used to receive seismic data and optimize performance.
- Azure Cache for Redis commands support XREAD BLOCK and STREAMS commands.
Dynamic Configuration
- Dynamic configuration is used to implement configuration changes and scaling.
- Dynamic configuration supports App Configuration store and Sentinel keys.
Profiler and Snapshot Debugger
- Profiler is used to capture performance traces of applications without negatively affecting users.
- Snapshot Debugger is used to automatically collect the state of the source code and variables when an exception is thrown.
Azure Redis Cache Instance
- Azure Redis Cache instance is used to handle outages and metadata loss in Azure data centers.
- Azure Redis Cache instance supports AOF persistence and client connection logging.
Azure Key Vault
- EnablePurgeProtection prevents the key vault from being permanently deleted before the soft-delete retention period has elapsed.
- EnableSoftDelete allows deleted vault and its contents to be retained and recoverable for the specified number of days.
Azure Access Control
- Access Policy must be applied or assigned to Users and Groups.
- Access control must require multi-factor authentication when granting access to the Azure portal.
Azure Web App
- Azure Web App can be deployed from Github using the
az webapp
command. - Azure Web App can be configured to use the Standard App Service Tier, which supports auto-scaling.
- Autoscaling can be enabled on the web app to minimize costs.
- A scale rule and scale condition can be added to the web app.
Azure Functions
- Azure Functions can be used to run background tasks, such as photo processing.
- Azure Functions can be triggered from Azure Blob storage events.
- Azure Functions can use a managed identity from Azure Active Directory for authentication.
- Azure Functions can be configured to use a Premium plan type.
Azure Storage
- Azure Storage provides a mechanism for recovering deleted objects, known as soft delete.
- Azure Storage provides a mechanism for purging deleted objects, known as purge protection.
Azure Kubernetes
- Azure Kubernetes provides a mechanism for configuring Custom Resource Definitions (CRDs).
- Azure Kubernetes provides a mechanism for configuring the Filter property of the SearchParameters class.
Azure App Service
- Azure App Service provides a mechanism for deploying web apps to a containerized environment.
- Azure App Service provides a mechanism for configuring the web app to use a custom domain.
- Azure App Service provides a mechanism for configuring the web app to use a managed identity.
Azure Durable Functions
- Azure Durable Functions provide a mechanism for running multiple actions in a specified order.
- Azure Durable Functions provide a mechanism for monitoring the function using a monitoring console application.
- Azure Durable Functions can be used to implement a voting system.
Azure Resource Manager
- Azure Resource Manager provides a mechanism for creating and deploying templates.
- Azure Resource Manager provides a mechanism for testing and validating changes to templates.
- Azure Resource Manager provides a mechanism for determining whether templates follow recommended practices.
Azure Container Apps
- Azure Container Apps provide a mechanism for running multiple microservices on Azure.
- Azure Container Apps provide a mechanism for enabling external HTTP ingress traffic.
- Azure Container Apps provide a mechanism for configuring a single environment for all containers.
Azure Search
- Azure Search provides a mechanism for implementing a search feature using .NET SDK.
- Azure Search provides a mechanism for configuring the QueryType property of the SearchParameters class.
- Azure Search provides a mechanism for configuring the Filter property of the SearchParameters class.
Azure Identity and Access
- Azure Identity and Access provides a mechanism for authenticating users using Azure Active Directory.
- Azure Identity and Access provides a mechanism for authorizing access to resources using Azure RBAC.
- Azure Identity and Access provides a mechanism for configuring multi-factor authentication.
Azure Networking
- Azure Networking provides a mechanism for configuring the App Service plan to use a private network.
- Azure Networking provides a mechanism for configuring the App Service plan to use a public network.
- Azure Networking provides a mechanism for configuring the App Service plan to use a load balancer.
Azure Monitoring and Analytics
- Azure Monitoring and Analytics provides a mechanism for configuring metrics and alerts.
- Azure Monitoring and Analytics provides a mechanism for configuring the QueryType property of the SearchParameters class.
- Azure Monitoring and Analytics provides a mechanism for configuring the Filter property of the SearchParameters class.### Azure Configuration and Settings
- Hosting plan: Premium
- App service plan: Standard
- Timeout value: 230 seconds
- Code change validation feature: Deployment slot
Python App Image Rendering
- Deploy to Linux container
- Stop image rendering complete
Environment Variables
- Compute target: Azure Container Instances
- Container: Restart policy termination
- AcquireLeaseAsync: If null, acquire infinite lease; if not null, must be 15 to 60 seconds
Custom Claims and User Access Token
- Add roles to appRoles attribute in app manifest
- High availability storage
Azure Container Apps
- az containerapp ingress: Ensure traffic is routed to each revision
- Unable to access container app and scaled to 0 instances: Enable ingress, create custom scale rule, and apply rule to container app
Case Study
- Internal staff report webpage load sizes are large and take a long time to load
- Use az containerapp command to deploy python website to container
Azure Service Bus
- Service bus queue: Azure App Service that scales based on the number of messages contained
- ActiveMessageCount: Messages in the queue or subscription that are in the active state and ready for delivery
- Average: Decrease count by
Azure Event Grid
- Not suited for receiving data from thousands of devices and storing them in Azure Blob storage
- Use QueueClient to receive a message when an Azure virtual machine finishes processing, ensuring messages do not persist after being handled
Azure Storage
- Upgrade Storage account to GPv2
- Create a new GPV2 standard account with default access level to cool
- Copy archive data to the GPV2 and delete the data from the original storage account
Azure Cosmos DB
- Partition key: Must be unique
- Use the .NET API to connect to a No-SQL globally-distributed database
- Use CosmosClient to create a client with endpoint and primary key
- Change feed estimator: Monitor the progress of the change feed processor
- Dead-letter queue: Prevent the change feed processor from retrying the entire batch when one document cannot be read
Azure CDN
- Use Azure CDN to distribute images
- Process of how the CDN and the Point of Presence (POP) server will distribute the image
Azure Blob Storage
- daysAfterLastAccessTimeGreaterThan: Accessed
- Use Azure Blob index tags to search and filter by customer identifier
- Use Azure Cognitive Search to search information inside documents
Azure Kubernetes Service
- Kubernetes cluster with a large amount of data collected and minimized latency
- YAML config: kind: StorageClass, provisioner: azure-disk, parameters: retain
Azure App Service
- Configure web app authentication and authorization: Add identity provider first
- Use Azure Cosmos DB change feed: App1 pull model, App2 push model, Lease container
- Use Azure BlobFuse to mount an Azure Blob Storage container as a local file system on a Linux system
Azure Container Instance
- Use Server Message Block (SMB) protocol to access data
- Implement static website on Azure Blob Storage: Azure Content Delivery Network (CDN) for custom domain name, header values, and SSL certificate
Azure API Management
- Implement HSTS and every request must include a valid HTTP header
- Use Certificate Authentication: Callers to the API must not send credentials to the API
Azure Key Vault
- Create an Azure Key Vault key named skey
- Encrypt the intake forms using the public key portion of skey
- Store the encrypted data in Azure Blob storage
Azure Active Directory
- Use Microsoft Graph API to retrieve and update user profile information
- Use Microsoft Authentication Library (MSAL) to authenticate users
Azure App Configuration
- Use Azure App Configuration to store and retrieve configuration settings
- Ensure the configuration settings are refreshed without the need to restart the app### Azure Functions
- Azure Functions automatically parallelize change processing using a Push Model or a Pull Model.
- The Push Model uses Azure Functions, while the Pull Model uses FeedRange for parallelization.
- A validate-jwt policy is used to validate the OAuth token for every incoming request.
Azure API Management
- Azure API Management is used for response caching.
- There are three types of caching: Account-level, Service-level, and User-delegation.
- Service-level caching allows delegation of access to resources in a single storage service.
Azure Active Directory
- Azure Active Directory (Azure AD) is used for authentication and authorization.
- Azure AD Premium is required for multi-factor authentication (MFA) implementation.
- Azure AD provides conditional access policies and identity protection.
Confidential Client Application
- A Confidential Client Application is used to instantiate a confidential client application with a client secret.
- There are two authentication methods: Service Principal and System-assigned Managed Identity.
Role-Based Access Control (RBAC)
- RBAC provides fine-grained access control and is used to assign permissions to users and applications.
- ArcPush provides push/pull permissions, while ArcPull provides least privilege only pull permissions.
Azure Blob Storage
- Azure Blob Storage is used to store unstructured data.
- A shared access signature (SAS) is generated for the Azure Blob storage account and provided to developers.
- Stored access policies allow revocation of permissions without regenerating storage account keys.
Microsoft Graph
- Microsoft Graph is used to access user properties and authenticate applications.
- Microsoft Graph provides APIs to access user data and requests permissions using a JWT token.
- Microsoft Graph is used to authenticate and access Microsoft Graph in the app manifest.
Single Sign-On (SSO)
- Azure Active Directory B2C (Azure AD B2C) is used to implement SSO for all applications that use custom in-house identity providers.
- Azure AD B2C provides custom policies and conditional access policies.
Microsoft Authentication Library (MSAL)
- MSAL is used to interface with Azure AD B2C and provide authentication and authorization.
- MSAL provides code library to interface with Azure AD B2C and manage identities.
Configuration Data
- Azure App Configuration is used to store and manage application configuration data.
- Azure App Configuration provides a managed identity and supports Azure Key Vault.
Authentication and Authorization
- Authentication is used to identify users and applications using JWT tokens and claims.
- Authorization is used to grant permissions to users and applications using Azure AD and Azure RBAC.
Microsoft Entra
- Microsoft Entra is used to provide authentication and authorization for applications.
- Microsoft Entra supports Azure AD B2C and provides managed identities.
Security and Compliance
- Security and compliance are ensured using Azure Policy and Azure Monitor.
- Azure Policy enforces compliance and security policies, while Azure Monitor provides monitoring and logging.
Azure Cache for Redis
- Azure Cache for Redis is used to optimize performance and reduce latency.
- Azure Cache for Redis provides caching rules and supports MIME types.
Azure Front Door Service
- Azure Front Door Service is used to optimize performance and reduce latency.
- Azure Front Door Service provides caching rules and supports edge nodes.
Azure Monitor and Azure Log Analytics
- Azure Monitor is used to collect logs and metrics from applications and services.
- Azure Log Analytics is used to analyze logs and metrics and provide insights.
Azure Application Insights
- Azure Application Insights is used to monitor application performance and detect anomalies.
- Azure Application Insights provides tools such as Live Metrics Stream, Smart Detection, and Snapshot Debugger.
Azure Cache for Redis Commands
- Azure Cache for Redis commands are used to receive seismic data and optimize performance.
- Azure Cache for Redis commands support XREAD BLOCK and STREAMS commands.
Dynamic Configuration
- Dynamic configuration is used to implement configuration changes and scaling.
- Dynamic configuration supports App Configuration store and Sentinel keys.
Profiler and Snapshot Debugger
- Profiler is used to capture performance traces of applications without negatively affecting users.
- Snapshot Debugger is used to automatically collect the state of the source code and variables when an exception is thrown.
Azure Redis Cache Instance
- Azure Redis Cache instance is used to handle outages and metadata loss in Azure data centers.
- Azure Redis Cache instance supports AOF persistence and client connection logging.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz assesses your knowledge of Azure cloud computing, Docker image creation, and security features such as TLS mutual authentication and client certificate validation. It also covers stored procedures and application deployment.