Azure Cloud Computing and Docker Security

Questions and Answers

PDF Questions PDF Answers

What does the Redeploy.EnablePurgeProtection function do in Azure Key Vault?

Allows deleted vault and its contents to be retained and recoverable (correct)

Creates a secret containing a Conditional access policy password

Prevents the key vault from being permanently deleted before moving the VM to a new node

Ensures multi-factor authentication when granting access control

What is the purpose of the Access Policy in Azure Key Vault?

Allow access to the previously created secret.

Managed Service Identity (MSI) gives your code an automatically managed identity for authenticating to ______________ resources.

Azure

Azure Static Web App allows users to view content only after Azure AD authentication.

True

What is the purpose of the change feed in Azure Blob Storage?

To provide transaction logs of all the changes that occur to the blobs and the blob metadata in your storage account.

What is required to break the current lease on a container?

BreakLeaseAsync

Enable managed identity for a VM is done with the command Update-AzVM -ResourceGroupName 'ContosoRG' -VM $vm - IdentityId: $SystemAssigned

False

To allow for _ routing between regions in Cosmos DB in case of a regional disaster, the option --enable-automatic-failover true should be set.

automatic failover

What is the purpose of an Ingress Controller in Kubernetes?

Implement a single, public IP endpoint that is routed to multiple microservices

Which Azure service helps coordinate processing of change feed across multiple workers?

Lease container

Azure Blob index tags are used to search and filter by customer identifiers.

True

The Configuration setting 'External data value' for Azure Container Instance is set to ________.

Azure File Share

Match the following storage concepts:

TableOperation.insertOrReplace = Update old records DaysAfterModificationGreaterThan = Modified days threshold Cosmos DB API Core(SQL) = Stores data in document format

What feature should be enabled in Application Insights to prevent cold start of an app service?

Always On setting

Which Azure service can be used for order processing and financial transactions?

Azure Service Bus

Azure Logic Apps Designer allows to visually add ____________ to the logic app.

functionality

Azure Event Grid is used for premium tier service bus event delivery.

False

Match the event source with the correct technology:

Event Source = Azure Blob Storage Event Receiver = Azure Event Grid Event Handler = Azure Logic App

What command is used to enable encryption for a virtual machine (VM)?

az vm encryption enable

The type '_____' is used for validating users, permitting users, and updating webapp without requiring a restart of the app.

Delegated

Which Azure API is used to retrieve and update user profile information stored in Azure Active Directory (Azure AD)?

Microsoft Graph API

Policy Section 'AppConf' is used to configure feature flags for an ASP.NET Core app.

False

Match the following authentication methods with their descriptions:

ConfidentialClientApplicationBuilder = Code to instantiate the confidential client application with a client secret Registering the application with Azure AD tenant = Validating an Azure AD request in the app code Authentication Token Claims = Pass secret value to container Blob encryption - CustomerProvidedKey = Encrypt sensitive data

What feature is recommended to reduce telemetry traffic and storage, as well as for the analysis of application data?

Application Insights

What should be done to ensure maximum performance for dynamic content while minimizing latency and costs?

Use Azure Content Delivery Network (CDN)

Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log ________.

messages

What are the key components of the policy definition mentioned?

Tier: Standard

What is the recommended access tier for storing data that is infrequently accessed and stored for at least 30 days?

Cool

Match the following terms with their appropriate descriptions:

Replication: Geo-redundant storage (GRS) = Data must be replicated to a secondary region and three availability zones Account Kind: StorageV2 (general-purpose v2) = General-purpose v2 accounts: Basic storage account type for blobs, files, queues, and tables

All websites and services must use SSL from a valid root certificate authority. True or False?

True

ContentUploadService can access Azure Storage access keys using ____.

YAML

Match the following key components with their descriptions:

Incoming Request policy section = ID token signature PolicyLib requirements = Use blob leases to prevent concurrency problems Policy service must use Application Insights = Automatically scale with the number of policy actions

What action should be taken to optimize performance for predicted usage pattern in Azure Cache for Redis?

Configure the web apps for Application Insights

Which features can be used to analyze app uptime and downtime in Azure Monitor logs and metrics? (Select all that apply)

VmInsights solution

To implement dynamic configuration to the application, the _________________ needs to be created in the App Configuration store.

sentinel key

Match the Azure Cache for Redis commands with their functionalities:

XREAD BLOCK 0 STREAMS seismicData $ = Command to receive seismic data allkeys-lru = Data structure for storing a collection of related items volatile-lru = Data structure for the most recently accessed cache items

In Azure Blob Storage access, CORS is disabled to allow access from other domains.

False

What does 'EnablePurgeProtection' do in the context of a Key Vault?

Prevents the key vault from being permanently deleted

What configuration change can be applied to a resource from a file or stdin using 'kubectl apply'?

myapp.yaml

What is the purpose of the Managed Service Identity (MSI)?

Recover the deleted object

Purge Protection is an optional behavior in Key Vault and is enabled by default.

False

Match the following Azure services with their functionalities:

Azure Content Delivery Network (CDN) = Supports auto-scaling and minimizes cost Azure App Service = Configured to Standard App Service Tier for a specific function Azure Search = Implemented using.NET SDK Azure Logic Apps = Allows design of triggered background tasks

What is the purpose of the change feed in Azure Blob Storage?

To provide transaction logs of all the changes that occur to the blobs and the blob metadata in your storage account.

The ______ pattern is used in the Azure Function for returning health monitoring data.

Durable Function async

What should be done in the Azure Application Gateway's HTTP setting to enable it for the App service?

Enable Use for App service setting

Setting the Code setting to 'Deployment slot' results in deployment errors to Service Bus when debugging locally.

False

Match the Azure Blob Storage methods to their descriptions:

AcquireLeaseAsync = Acquire an infinite lease if null, or a specific time lease if not null. GetBlockBlobReference = Retrieve a reference to a block blob in the container. BreakLeaseAsync = Initiate an operation to break the current lease on the container. Archive access tier = Retrieval of data between one to 15 hours.

Which method is used to update old records with TableOperation.insertOrReplace? ______ updates old records.

InsertOrReplace

Which method is used to connect to a No-SQL globally-distributed database by using the .NET API?

new CosmosClient(EndpointUri, PrimaryKey)

Azure Event Grid is well suited for receiving data from thousands of devices and storing them in Azure Blob storage.

False

What is the primary usage of BlobFuse?

Mount an Azure Blob Storage container as a local file system on a Linux system.

What is the Azure CLI command to create a Key Vault?

az keyvault create

What Azure CLI command is used to create a key in a Key Vault?

az keyvault key create

Which command is used to enable encryption for a virtual machine (VM)?

az vm encryption enable

What command is used to retrieve the storage account key from Azure Key Vault?

Get-AzKeyVaultSecret

Azure CDN rule ensures that iPhone users are redirected to the ________.

app store

Third-party access can be authenticated using a Service Principal in Azure.

True

What feature should be enabled to prevent 'cold start' in an app service?

Always On

Which Azure service is used for order processing and financial transactions?

Azure Service Bus

Queue size must not grow larger than ____ gigabytes (GB), and messages should follow a first-in-first-out (FIFO) ordering.

80

Azure Event Grid is used to handle filtered events through a third-party system endpoint.

False

Match the following Azure Event Grid components with their descriptions:

System topic = Third-party system endpoint to send events Event domain = Azure Function app endpoint to handle filtered events

What is the purpose of creating a managed identity in Azure?

To provide an identity for the resources to use when connecting to Azure services

What are the steps involved in configuring key rotation and enabling key expiry in Azure App Configuration?

Create and configure a key rotation policy

To ensure webapp CPU is less than 85% and minimize cost, configure the web app to the ________ App Service Tier.

Standard

Azure Application Insights can be used to analyze the impact of load time on a user's decision to purchase a product.

True

Match the Azure Monitor tests with their descriptions:

URL ping test = Ensure websites are responsive and load within a specified time Multi-step web test = Perform a sequence of steps on a website to assess its functionality Custom track availability tests = Create personalized availability tests based on specific requirements

What is the purpose of implementing Application Insights?

Sampling - recommended way to reduce telemetry traffic and storage, analysis of application data

What are the requirements that the Shipping Logic app must meet?

Support ocean transport and inland transport workflows by using a Logic App

What HTTP response code is mentioned in the content?

200

The label printer must only receive up to ______ attempts within one minute.

5

What header value is recommended to be added for an API call?

Ocp-Apim-Trace

Hot storage tier is optimized for storing data that is accessed frequently.

True

In the Azure Functions app function.json file, the queue name is '%______%' and the blob name is {queueTrigger}.

input_queue

What is the purpose of the Azure Event Hub?

Telemetry and distributed data streaming

All websites and services must use SSL from a valid root certificate authority. True or False?

True

Match the following key elements with their descriptions:

Azure Key Vault = Secure storage for SSL certificates and credentials Azure Logic App = Requires secure resources to a corporate VNet ContentReviewer Role = AllowedMemberTypes: User, Value: ContentReviewer

Study Notes

Azure Key Vault

• EnablePurgeProtection prevents the key vault from being permanently deleted before the soft-delete retention period has elapsed.
• EnableSoftDelete allows deleted vault and its contents to be retained and recoverable for the specified number of days.

Azure Access Control

• Access Policy must be applied or assigned to Users and Groups.
• Access control must require multi-factor authentication when granting access to the Azure portal.

Azure Web App

• Azure Web App can be deployed from Github using the az webapp command.
• Azure Web App can be configured to use the Standard App Service Tier, which supports auto-scaling.
• Autoscaling can be enabled on the web app to minimize costs.
• A scale rule and scale condition can be added to the web app.

Azure Functions

• Azure Functions can be used to run background tasks, such as photo processing.
• Azure Functions can be triggered from Azure Blob storage events.
• Azure Functions can use a managed identity from Azure Active Directory for authentication.
• Azure Functions can be configured to use a Premium plan type.

Azure Storage

• Azure Storage provides a mechanism for recovering deleted objects, known as soft delete.
• Azure Storage provides a mechanism for purging deleted objects, known as purge protection.

Azure Kubernetes

• Azure Kubernetes provides a mechanism for configuring Custom Resource Definitions (CRDs).
• Azure Kubernetes provides a mechanism for configuring the Filter property of the SearchParameters class.

Azure App Service

• Azure App Service provides a mechanism for deploying web apps to a containerized environment.
• Azure App Service provides a mechanism for configuring the web app to use a custom domain.
• Azure App Service provides a mechanism for configuring the web app to use a managed identity.

Azure Durable Functions

• Azure Durable Functions provide a mechanism for running multiple actions in a specified order.
• Azure Durable Functions provide a mechanism for monitoring the function using a monitoring console application.
• Azure Durable Functions can be used to implement a voting system.

Azure Resource Manager

• Azure Resource Manager provides a mechanism for creating and deploying templates.
• Azure Resource Manager provides a mechanism for testing and validating changes to templates.
• Azure Resource Manager provides a mechanism for determining whether templates follow recommended practices.

Azure Container Apps

• Azure Container Apps provide a mechanism for running multiple microservices on Azure.
• Azure Container Apps provide a mechanism for enabling external HTTP ingress traffic.
• Azure Container Apps provide a mechanism for configuring a single environment for all containers.

Azure Search

• Azure Search provides a mechanism for implementing a search feature using .NET SDK.
• Azure Search provides a mechanism for configuring the QueryType property of the SearchParameters class.
• Azure Search provides a mechanism for configuring the Filter property of the SearchParameters class.

Azure Identity and Access

• Azure Identity and Access provides a mechanism for authenticating users using Azure Active Directory.
• Azure Identity and Access provides a mechanism for authorizing access to resources using Azure RBAC.
• Azure Identity and Access provides a mechanism for configuring multi-factor authentication.

Azure Networking

• Azure Networking provides a mechanism for configuring the App Service plan to use a private network.
• Azure Networking provides a mechanism for configuring the App Service plan to use a public network.
• Azure Networking provides a mechanism for configuring the App Service plan to use a load balancer.

Azure Monitoring and Analytics

• Azure Monitoring and Analytics provides a mechanism for configuring metrics and alerts.
• Azure Monitoring and Analytics provides a mechanism for configuring the QueryType property of the SearchParameters class.
• Azure Monitoring and Analytics provides a mechanism for configuring the Filter property of the SearchParameters class.### Azure Configuration and Settings
• Hosting plan: Premium
• App service plan: Standard
• Timeout value: 230 seconds
• Code change validation feature: Deployment slot

Python App Image Rendering

• Deploy to Linux container
• Stop image rendering complete

Environment Variables

• Compute target: Azure Container Instances
• Container: Restart policy termination
• AcquireLeaseAsync: If null, acquire infinite lease; if not null, must be 15 to 60 seconds

Custom Claims and User Access Token

• Add roles to appRoles attribute in app manifest
• High availability storage

Azure Container Apps

• az containerapp ingress: Ensure traffic is routed to each revision
• Unable to access container app and scaled to 0 instances: Enable ingress, create custom scale rule, and apply rule to container app

Case Study

• Internal staff report webpage load sizes are large and take a long time to load
• Use az containerapp command to deploy python website to container

Azure Service Bus

• Service bus queue: Azure App Service that scales based on the number of messages contained
• ActiveMessageCount: Messages in the queue or subscription that are in the active state and ready for delivery
• Average: Decrease count by

Azure Event Grid

• Not suited for receiving data from thousands of devices and storing them in Azure Blob storage
• Use QueueClient to receive a message when an Azure virtual machine finishes processing, ensuring messages do not persist after being handled

Azure Storage

• Upgrade Storage account to GPv2
• Create a new GPV2 standard account with default access level to cool
• Copy archive data to the GPV2 and delete the data from the original storage account

Azure Cosmos DB

• Partition key: Must be unique
• Use the .NET API to connect to a No-SQL globally-distributed database
• Use CosmosClient to create a client with endpoint and primary key
• Change feed estimator: Monitor the progress of the change feed processor
• Dead-letter queue: Prevent the change feed processor from retrying the entire batch when one document cannot be read

Azure CDN

• Use Azure CDN to distribute images
• Process of how the CDN and the Point of Presence (POP) server will distribute the image

Azure Blob Storage

• daysAfterLastAccessTimeGreaterThan: Accessed
• Use Azure Blob index tags to search and filter by customer identifier
• Use Azure Cognitive Search to search information inside documents

Azure Kubernetes Service

• Kubernetes cluster with a large amount of data collected and minimized latency
• YAML config: kind: StorageClass, provisioner: azure-disk, parameters: retain

Azure App Service

• Configure web app authentication and authorization: Add identity provider first
• Use Azure Cosmos DB change feed: App1 pull model, App2 push model, Lease container
• Use Azure BlobFuse to mount an Azure Blob Storage container as a local file system on a Linux system

Azure Container Instance

• Use Server Message Block (SMB) protocol to access data
• Implement static website on Azure Blob Storage: Azure Content Delivery Network (CDN) for custom domain name, header values, and SSL certificate

Azure API Management

• Implement HSTS and every request must include a valid HTTP header
• Use Certificate Authentication: Callers to the API must not send credentials to the API

Azure Key Vault

• Create an Azure Key Vault key named skey
• Encrypt the intake forms using the public key portion of skey
• Store the encrypted data in Azure Blob storage

Azure Active Directory

• Use Microsoft Graph API to retrieve and update user profile information
• Use Microsoft Authentication Library (MSAL) to authenticate users

Azure App Configuration

• Use Azure App Configuration to store and retrieve configuration settings
• Ensure the configuration settings are refreshed without the need to restart the app### Azure Functions
• Azure Functions automatically parallelize change processing using a Push Model or a Pull Model.
• The Push Model uses Azure Functions, while the Pull Model uses FeedRange for parallelization.
• A validate-jwt policy is used to validate the OAuth token for every incoming request.

Azure API Management

• Azure API Management is used for response caching.
• There are three types of caching: Account-level, Service-level, and User-delegation.
• Service-level caching allows delegation of access to resources in a single storage service.

Azure Active Directory

• Azure Active Directory (Azure AD) is used for authentication and authorization.
• Azure AD Premium is required for multi-factor authentication (MFA) implementation.
• Azure AD provides conditional access policies and identity protection.

Confidential Client Application

• A Confidential Client Application is used to instantiate a confidential client application with a client secret.
• There are two authentication methods: Service Principal and System-assigned Managed Identity.

Role-Based Access Control (RBAC)

• RBAC provides fine-grained access control and is used to assign permissions to users and applications.
• ArcPush provides push/pull permissions, while ArcPull provides least privilege only pull permissions.

Azure Blob Storage

• Azure Blob Storage is used to store unstructured data.
• A shared access signature (SAS) is generated for the Azure Blob storage account and provided to developers.
• Stored access policies allow revocation of permissions without regenerating storage account keys.

Microsoft Graph

• Microsoft Graph is used to access user properties and authenticate applications.
• Microsoft Graph provides APIs to access user data and requests permissions using a JWT token.
• Microsoft Graph is used to authenticate and access Microsoft Graph in the app manifest.

Single Sign-On (SSO)

• Azure Active Directory B2C (Azure AD B2C) is used to implement SSO for all applications that use custom in-house identity providers.
• Azure AD B2C provides custom policies and conditional access policies.

Microsoft Authentication Library (MSAL)

• MSAL is used to interface with Azure AD B2C and provide authentication and authorization.
• MSAL provides code library to interface with Azure AD B2C and manage identities.

Configuration Data

• Azure App Configuration is used to store and manage application configuration data.
• Azure App Configuration provides a managed identity and supports Azure Key Vault.

Authentication and Authorization

• Authentication is used to identify users and applications using JWT tokens and claims.
• Authorization is used to grant permissions to users and applications using Azure AD and Azure RBAC.

Microsoft Entra

• Microsoft Entra is used to provide authentication and authorization for applications.
• Microsoft Entra supports Azure AD B2C and provides managed identities.

Security and Compliance

• Security and compliance are ensured using Azure Policy and Azure Monitor.
• Azure Policy enforces compliance and security policies, while Azure Monitor provides monitoring and logging.

Azure Cache for Redis

• Azure Cache for Redis is used to optimize performance and reduce latency.
• Azure Cache for Redis provides caching rules and supports MIME types.

Azure Front Door Service

• Azure Front Door Service is used to optimize performance and reduce latency.
• Azure Front Door Service provides caching rules and supports edge nodes.

Azure Monitor and Azure Log Analytics

• Azure Monitor is used to collect logs and metrics from applications and services.
• Azure Log Analytics is used to analyze logs and metrics and provide insights.

Azure Application Insights

• Azure Application Insights is used to monitor application performance and detect anomalies.
• Azure Application Insights provides tools such as Live Metrics Stream, Smart Detection, and Snapshot Debugger.

Azure Cache for Redis Commands

• Azure Cache for Redis commands are used to receive seismic data and optimize performance.
• Azure Cache for Redis commands support XREAD BLOCK and STREAMS commands.

Dynamic Configuration

• Dynamic configuration is used to implement configuration changes and scaling.
• Dynamic configuration supports App Configuration store and Sentinel keys.

Profiler and Snapshot Debugger

• Profiler is used to capture performance traces of applications without negatively affecting users.
• Snapshot Debugger is used to automatically collect the state of the source code and variables when an exception is thrown.

Azure Redis Cache Instance

• Azure Redis Cache instance is used to handle outages and metadata loss in Azure data centers.
• Azure Redis Cache instance supports AOF persistence and client connection logging.

Azure Key Vault

• EnablePurgeProtection prevents the key vault from being permanently deleted before the soft-delete retention period has elapsed.
• EnableSoftDelete allows deleted vault and its contents to be retained and recoverable for the specified number of days.

Azure Access Control

• Access Policy must be applied or assigned to Users and Groups.
• Access control must require multi-factor authentication when granting access to the Azure portal.

Azure Web App

• Azure Web App can be deployed from Github using the az webapp command.
• Azure Web App can be configured to use the Standard App Service Tier, which supports auto-scaling.
• Autoscaling can be enabled on the web app to minimize costs.
• A scale rule and scale condition can be added to the web app.

Azure Functions

• Azure Functions can be used to run background tasks, such as photo processing.
• Azure Functions can be triggered from Azure Blob storage events.
• Azure Functions can use a managed identity from Azure Active Directory for authentication.
• Azure Functions can be configured to use a Premium plan type.

Azure Storage

• Azure Storage provides a mechanism for recovering deleted objects, known as soft delete.
• Azure Storage provides a mechanism for purging deleted objects, known as purge protection.

Azure Kubernetes

• Azure Kubernetes provides a mechanism for configuring Custom Resource Definitions (CRDs).
• Azure Kubernetes provides a mechanism for configuring the Filter property of the SearchParameters class.

Azure App Service

• Azure App Service provides a mechanism for deploying web apps to a containerized environment.
• Azure App Service provides a mechanism for configuring the web app to use a custom domain.
• Azure App Service provides a mechanism for configuring the web app to use a managed identity.

Azure Durable Functions

• Azure Durable Functions provide a mechanism for running multiple actions in a specified order.
• Azure Durable Functions provide a mechanism for monitoring the function using a monitoring console application.
• Azure Durable Functions can be used to implement a voting system.

Azure Resource Manager

• Azure Resource Manager provides a mechanism for creating and deploying templates.
• Azure Resource Manager provides a mechanism for testing and validating changes to templates.
• Azure Resource Manager provides a mechanism for determining whether templates follow recommended practices.

Azure Container Apps

• Azure Container Apps provide a mechanism for running multiple microservices on Azure.
• Azure Container Apps provide a mechanism for enabling external HTTP ingress traffic.
• Azure Container Apps provide a mechanism for configuring a single environment for all containers.

Azure Search

• Azure Search provides a mechanism for implementing a search feature using .NET SDK.
• Azure Search provides a mechanism for configuring the QueryType property of the SearchParameters class.
• Azure Search provides a mechanism for configuring the Filter property of the SearchParameters class.

Azure Identity and Access

• Azure Identity and Access provides a mechanism for authenticating users using Azure Active Directory.
• Azure Identity and Access provides a mechanism for authorizing access to resources using Azure RBAC.
• Azure Identity and Access provides a mechanism for configuring multi-factor authentication.

Azure Networking

• Azure Networking provides a mechanism for configuring the App Service plan to use a private network.
• Azure Networking provides a mechanism for configuring the App Service plan to use a public network.
• Azure Networking provides a mechanism for configuring the App Service plan to use a load balancer.

Azure Monitoring and Analytics

• Azure Monitoring and Analytics provides a mechanism for configuring metrics and alerts.
• Azure Monitoring and Analytics provides a mechanism for configuring the QueryType property of the SearchParameters class.
• Azure Monitoring and Analytics provides a mechanism for configuring the Filter property of the SearchParameters class.### Azure Configuration and Settings
• Hosting plan: Premium
• App service plan: Standard
• Timeout value: 230 seconds
• Code change validation feature: Deployment slot

Python App Image Rendering

• Deploy to Linux container
• Stop image rendering complete

Environment Variables

• Compute target: Azure Container Instances
• Container: Restart policy termination
• AcquireLeaseAsync: If null, acquire infinite lease; if not null, must be 15 to 60 seconds

Custom Claims and User Access Token

• Add roles to appRoles attribute in app manifest
• High availability storage

Azure Container Apps

• az containerapp ingress: Ensure traffic is routed to each revision
• Unable to access container app and scaled to 0 instances: Enable ingress, create custom scale rule, and apply rule to container app

Case Study

• Internal staff report webpage load sizes are large and take a long time to load
• Use az containerapp command to deploy python website to container

Azure Service Bus

• Service bus queue: Azure App Service that scales based on the number of messages contained
• ActiveMessageCount: Messages in the queue or subscription that are in the active state and ready for delivery
• Average: Decrease count by

Azure Event Grid

• Not suited for receiving data from thousands of devices and storing them in Azure Blob storage
• Use QueueClient to receive a message when an Azure virtual machine finishes processing, ensuring messages do not persist after being handled

Azure Storage

• Upgrade Storage account to GPv2
• Create a new GPV2 standard account with default access level to cool
• Copy archive data to the GPV2 and delete the data from the original storage account

Azure Cosmos DB

• Partition key: Must be unique
• Use the .NET API to connect to a No-SQL globally-distributed database
• Use CosmosClient to create a client with endpoint and primary key
• Change feed estimator: Monitor the progress of the change feed processor
• Dead-letter queue: Prevent the change feed processor from retrying the entire batch when one document cannot be read

Azure CDN

• Use Azure CDN to distribute images
• Process of how the CDN and the Point of Presence (POP) server will distribute the image

Azure Blob Storage

• daysAfterLastAccessTimeGreaterThan: Accessed
• Use Azure Blob index tags to search and filter by customer identifier
• Use Azure Cognitive Search to search information inside documents

Azure Kubernetes Service

• Kubernetes cluster with a large amount of data collected and minimized latency
• YAML config: kind: StorageClass, provisioner: azure-disk, parameters: retain

Azure App Service

• Configure web app authentication and authorization: Add identity provider first
• Use Azure Cosmos DB change feed: App1 pull model, App2 push model, Lease container
• Use Azure BlobFuse to mount an Azure Blob Storage container as a local file system on a Linux system

Azure Container Instance

• Use Server Message Block (SMB) protocol to access data
• Implement static website on Azure Blob Storage: Azure Content Delivery Network (CDN) for custom domain name, header values, and SSL certificate

Azure API Management

• Implement HSTS and every request must include a valid HTTP header
• Use Certificate Authentication: Callers to the API must not send credentials to the API

Azure Key Vault

• Create an Azure Key Vault key named skey
• Encrypt the intake forms using the public key portion of skey
• Store the encrypted data in Azure Blob storage

Azure Active Directory

• Use Microsoft Graph API to retrieve and update user profile information
• Use Microsoft Authentication Library (MSAL) to authenticate users

Azure App Configuration

• Use Azure App Configuration to store and retrieve configuration settings
• Ensure the configuration settings are refreshed without the need to restart the app### Azure Functions
• Azure Functions automatically parallelize change processing using a Push Model or a Pull Model.
• The Push Model uses Azure Functions, while the Pull Model uses FeedRange for parallelization.
• A validate-jwt policy is used to validate the OAuth token for every incoming request.

Azure API Management

• Azure API Management is used for response caching.
• There are three types of caching: Account-level, Service-level, and User-delegation.
• Service-level caching allows delegation of access to resources in a single storage service.

Azure Active Directory

• Azure Active Directory (Azure AD) is used for authentication and authorization.
• Azure AD Premium is required for multi-factor authentication (MFA) implementation.
• Azure AD provides conditional access policies and identity protection.

Confidential Client Application

• A Confidential Client Application is used to instantiate a confidential client application with a client secret.
• There are two authentication methods: Service Principal and System-assigned Managed Identity.

Role-Based Access Control (RBAC)

• RBAC provides fine-grained access control and is used to assign permissions to users and applications.
• ArcPush provides push/pull permissions, while ArcPull provides least privilege only pull permissions.

Azure Blob Storage

• Azure Blob Storage is used to store unstructured data.
• A shared access signature (SAS) is generated for the Azure Blob storage account and provided to developers.
• Stored access policies allow revocation of permissions without regenerating storage account keys.

Microsoft Graph

• Microsoft Graph is used to access user properties and authenticate applications.
• Microsoft Graph provides APIs to access user data and requests permissions using a JWT token.
• Microsoft Graph is used to authenticate and access Microsoft Graph in the app manifest.

Single Sign-On (SSO)

• Azure Active Directory B2C (Azure AD B2C) is used to implement SSO for all applications that use custom in-house identity providers.
• Azure AD B2C provides custom policies and conditional access policies.

Microsoft Authentication Library (MSAL)

• MSAL is used to interface with Azure AD B2C and provide authentication and authorization.
• MSAL provides code library to interface with Azure AD B2C and manage identities.

Configuration Data

• Azure App Configuration is used to store and manage application configuration data.
• Azure App Configuration provides a managed identity and supports Azure Key Vault.

Authentication and Authorization

• Authentication is used to identify users and applications using JWT tokens and claims.
• Authorization is used to grant permissions to users and applications using Azure AD and Azure RBAC.

Microsoft Entra

• Microsoft Entra is used to provide authentication and authorization for applications.
• Microsoft Entra supports Azure AD B2C and provides managed identities.

Security and Compliance

• Security and compliance are ensured using Azure Policy and Azure Monitor.
• Azure Policy enforces compliance and security policies, while Azure Monitor provides monitoring and logging.

Azure Cache for Redis

• Azure Cache for Redis is used to optimize performance and reduce latency.
• Azure Cache for Redis provides caching rules and supports MIME types.

Azure Front Door Service

• Azure Front Door Service is used to optimize performance and reduce latency.
• Azure Front Door Service provides caching rules and supports edge nodes.

Azure Monitor and Azure Log Analytics

• Azure Monitor is used to collect logs and metrics from applications and services.
• Azure Log Analytics is used to analyze logs and metrics and provide insights.

Azure Application Insights

• Azure Application Insights is used to monitor application performance and detect anomalies.
• Azure Application Insights provides tools such as Live Metrics Stream, Smart Detection, and Snapshot Debugger.

Azure Cache for Redis Commands

• Azure Cache for Redis commands are used to receive seismic data and optimize performance.
• Azure Cache for Redis commands support XREAD BLOCK and STREAMS commands.

Dynamic Configuration

• Dynamic configuration is used to implement configuration changes and scaling.
• Dynamic configuration supports App Configuration store and Sentinel keys.

Profiler and Snapshot Debugger

• Profiler is used to capture performance traces of applications without negatively affecting users.
• Snapshot Debugger is used to automatically collect the state of the source code and variables when an exception is thrown.

Azure Redis Cache Instance

• Azure Redis Cache instance is used to handle outages and metadata loss in Azure data centers.
• Azure Redis Cache instance supports AOF persistence and client connection logging.

Description

This quiz assesses your knowledge of Azure cloud computing, Docker image creation, and security features such as TLS mutual authentication and client certificate validation. It also covers stored procedures and application deployment.