Azure Cloud Computing and Docker Security
77 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What does the Redeploy.EnablePurgeProtection function do in Azure Key Vault?

  • Allows deleted vault and its contents to be retained and recoverable (correct)
  • Creates a secret containing a Conditional access policy password
  • Prevents the key vault from being permanently deleted before moving the VM to a new node
  • Ensures multi-factor authentication when granting access control
  • What is the purpose of the Access Policy in Azure Key Vault?

    Allow access to the previously created secret.

    Managed Service Identity (MSI) gives your code an automatically managed identity for authenticating to ______________ resources.

    Azure

    Azure Static Web App allows users to view content only after Azure AD authentication.

    <p>True</p> Signup and view all the answers

    What is the purpose of the change feed in Azure Blob Storage?

    <p>To provide transaction logs of all the changes that occur to the blobs and the blob metadata in your storage account.</p> Signup and view all the answers

    What is required to break the current lease on a container?

    <p>BreakLeaseAsync</p> Signup and view all the answers

    Enable managed identity for a VM is done with the command Update-AzVM -ResourceGroupName 'ContosoRG' -VM $vm - IdentityId: $SystemAssigned

    <p>False</p> Signup and view all the answers

    To allow for _ routing between regions in Cosmos DB in case of a regional disaster, the option --enable-automatic-failover true should be set.

    <p>automatic failover</p> Signup and view all the answers

    What is the purpose of an Ingress Controller in Kubernetes?

    <p>Implement a single, public IP endpoint that is routed to multiple microservices</p> Signup and view all the answers

    Which Azure service helps coordinate processing of change feed across multiple workers?

    <p>Lease container</p> Signup and view all the answers

    Azure Blob index tags are used to search and filter by customer identifiers.

    <p>True</p> Signup and view all the answers

    The Configuration setting 'External data value' for Azure Container Instance is set to ________.

    <p>Azure File Share</p> Signup and view all the answers

    Match the following storage concepts:

    <p>TableOperation.insertOrReplace = Update old records DaysAfterModificationGreaterThan = Modified days threshold Cosmos DB API Core(SQL) = Stores data in document format</p> Signup and view all the answers

    What feature should be enabled in Application Insights to prevent cold start of an app service?

    <p>Always On setting</p> Signup and view all the answers

    Which Azure service can be used for order processing and financial transactions?

    <p>Azure Service Bus</p> Signup and view all the answers

    Azure Logic Apps Designer allows to visually add ____________ to the logic app.

    <p>functionality</p> Signup and view all the answers

    Azure Event Grid is used for premium tier service bus event delivery.

    <p>False</p> Signup and view all the answers

    Match the event source with the correct technology:

    <p>Event Source = Azure Blob Storage Event Receiver = Azure Event Grid Event Handler = Azure Logic App</p> Signup and view all the answers

    What command is used to enable encryption for a virtual machine (VM)?

    <p>az vm encryption enable</p> Signup and view all the answers

    The type '_____' is used for validating users, permitting users, and updating webapp without requiring a restart of the app.

    <p>Delegated</p> Signup and view all the answers

    Which Azure API is used to retrieve and update user profile information stored in Azure Active Directory (Azure AD)?

    <p>Microsoft Graph API</p> Signup and view all the answers

    Policy Section 'AppConf' is used to configure feature flags for an ASP.NET Core app.

    <p>False</p> Signup and view all the answers

    Match the following authentication methods with their descriptions:

    <p>ConfidentialClientApplicationBuilder = Code to instantiate the confidential client application with a client secret Registering the application with Azure AD tenant = Validating an Azure AD request in the app code Authentication Token Claims = Pass secret value to container Blob encryption - CustomerProvidedKey = Encrypt sensitive data</p> Signup and view all the answers

    What feature is recommended to reduce telemetry traffic and storage, as well as for the analysis of application data?

    <p>Application Insights</p> Signup and view all the answers

    What should be done to ensure maximum performance for dynamic content while minimizing latency and costs?

    <p>Use Azure Content Delivery Network (CDN)</p> Signup and view all the answers

    Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log ________.

    <p>messages</p> Signup and view all the answers

    What are the key components of the policy definition mentioned?

    <p>Tier: Standard</p> Signup and view all the answers

    What is the recommended access tier for storing data that is infrequently accessed and stored for at least 30 days?

    <p>Cool</p> Signup and view all the answers

    Match the following terms with their appropriate descriptions:

    <p>Replication: Geo-redundant storage (GRS) = Data must be replicated to a secondary region and three availability zones Account Kind: StorageV2 (general-purpose v2) = General-purpose v2 accounts: Basic storage account type for blobs, files, queues, and tables</p> Signup and view all the answers

    All websites and services must use SSL from a valid root certificate authority. True or False?

    <p>True</p> Signup and view all the answers

    ContentUploadService can access Azure Storage access keys using ____.

    <p>YAML</p> Signup and view all the answers

    Match the following key components with their descriptions:

    <p>Incoming Request policy section = ID token signature PolicyLib requirements = Use blob leases to prevent concurrency problems Policy service must use Application Insights = Automatically scale with the number of policy actions</p> Signup and view all the answers

    What action should be taken to optimize performance for predicted usage pattern in Azure Cache for Redis?

    <p>Configure the web apps for Application Insights</p> Signup and view all the answers

    Which features can be used to analyze app uptime and downtime in Azure Monitor logs and metrics? (Select all that apply)

    <p>VmInsights solution</p> Signup and view all the answers

    To implement dynamic configuration to the application, the _________________ needs to be created in the App Configuration store.

    <p>sentinel key</p> Signup and view all the answers

    Match the Azure Cache for Redis commands with their functionalities:

    <p>XREAD BLOCK 0 STREAMS seismicData $ = Command to receive seismic data allkeys-lru = Data structure for storing a collection of related items volatile-lru = Data structure for the most recently accessed cache items</p> Signup and view all the answers

    In Azure Blob Storage access, CORS is disabled to allow access from other domains.

    <p>False</p> Signup and view all the answers

    What does 'EnablePurgeProtection' do in the context of a Key Vault?

    <p>Prevents the key vault from being permanently deleted</p> Signup and view all the answers

    What configuration change can be applied to a resource from a file or stdin using 'kubectl apply'?

    <p>myapp.yaml</p> Signup and view all the answers

    What is the purpose of the Managed Service Identity (MSI)?

    <p>Recover the deleted object</p> Signup and view all the answers

    Purge Protection is an optional behavior in Key Vault and is enabled by default.

    <p>False</p> Signup and view all the answers

    Match the following Azure services with their functionalities:

    <p>Azure Content Delivery Network (CDN) = Supports auto-scaling and minimizes cost Azure App Service = Configured to Standard App Service Tier for a specific function Azure Search = Implemented using.NET SDK Azure Logic Apps = Allows design of triggered background tasks</p> Signup and view all the answers

    What is the purpose of the change feed in Azure Blob Storage?

    <p>To provide transaction logs of all the changes that occur to the blobs and the blob metadata in your storage account.</p> Signup and view all the answers

    The ______ pattern is used in the Azure Function for returning health monitoring data.

    <p>Durable Function async</p> Signup and view all the answers

    What should be done in the Azure Application Gateway's HTTP setting to enable it for the App service?

    <p>Enable Use for App service setting</p> Signup and view all the answers

    Setting the Code setting to 'Deployment slot' results in deployment errors to Service Bus when debugging locally.

    <p>False</p> Signup and view all the answers

    Match the Azure Blob Storage methods to their descriptions:

    <p>AcquireLeaseAsync = Acquire an infinite lease if null, or a specific time lease if not null. GetBlockBlobReference = Retrieve a reference to a block blob in the container. BreakLeaseAsync = Initiate an operation to break the current lease on the container. Archive access tier = Retrieval of data between one to 15 hours.</p> Signup and view all the answers

    Which method is used to update old records with TableOperation.insertOrReplace? ______ updates old records.

    <p>InsertOrReplace</p> Signup and view all the answers

    Which method is used to connect to a No-SQL globally-distributed database by using the .NET API?

    <p>new CosmosClient(EndpointUri, PrimaryKey)</p> Signup and view all the answers

    Azure Event Grid is well suited for receiving data from thousands of devices and storing them in Azure Blob storage.

    <p>False</p> Signup and view all the answers

    What is the primary usage of BlobFuse?

    <p>Mount an Azure Blob Storage container as a local file system on a Linux system.</p> Signup and view all the answers

    What is the Azure CLI command to create a Key Vault?

    <p>az keyvault create</p> Signup and view all the answers

    What Azure CLI command is used to create a key in a Key Vault?

    <p>az keyvault key create</p> Signup and view all the answers

    Which command is used to enable encryption for a virtual machine (VM)?

    <p>az vm encryption enable</p> Signup and view all the answers

    What command is used to retrieve the storage account key from Azure Key Vault?

    <p>Get-AzKeyVaultSecret</p> Signup and view all the answers

    Azure CDN rule ensures that iPhone users are redirected to the ________.

    <p>app store</p> Signup and view all the answers

    Third-party access can be authenticated using a Service Principal in Azure.

    <p>True</p> Signup and view all the answers

    What feature should be enabled to prevent 'cold start' in an app service?

    <p>Always On</p> Signup and view all the answers

    Which Azure service is used for order processing and financial transactions?

    <p>Azure Service Bus</p> Signup and view all the answers

    Queue size must not grow larger than ____ gigabytes (GB), and messages should follow a first-in-first-out (FIFO) ordering.

    <p>80</p> Signup and view all the answers

    Azure Event Grid is used to handle filtered events through a third-party system endpoint.

    <p>False</p> Signup and view all the answers

    Match the following Azure Event Grid components with their descriptions:

    <p>System topic = Third-party system endpoint to send events Event domain = Azure Function app endpoint to handle filtered events</p> Signup and view all the answers

    What is the purpose of creating a managed identity in Azure?

    <p>To provide an identity for the resources to use when connecting to Azure services</p> Signup and view all the answers

    What are the steps involved in configuring key rotation and enabling key expiry in Azure App Configuration?

    <p>Create and configure a key rotation policy</p> Signup and view all the answers

    To ensure webapp CPU is less than 85% and minimize cost, configure the web app to the ________ App Service Tier.

    <p>Standard</p> Signup and view all the answers

    Azure Application Insights can be used to analyze the impact of load time on a user's decision to purchase a product.

    <p>True</p> Signup and view all the answers

    Match the Azure Monitor tests with their descriptions:

    <p>URL ping test = Ensure websites are responsive and load within a specified time Multi-step web test = Perform a sequence of steps on a website to assess its functionality Custom track availability tests = Create personalized availability tests based on specific requirements</p> Signup and view all the answers

    What is the purpose of implementing Application Insights?

    <p>Sampling - recommended way to reduce telemetry traffic and storage, analysis of application data</p> Signup and view all the answers

    What are the requirements that the Shipping Logic app must meet?

    <p>Support ocean transport and inland transport workflows by using a Logic App</p> Signup and view all the answers

    What HTTP response code is mentioned in the content?

    <p>200</p> Signup and view all the answers

    The label printer must only receive up to ______ attempts within one minute.

    <p>5</p> Signup and view all the answers

    What header value is recommended to be added for an API call?

    <p>Ocp-Apim-Trace</p> Signup and view all the answers

    Hot storage tier is optimized for storing data that is accessed frequently.

    <p>True</p> Signup and view all the answers

    In the Azure Functions app function.json file, the queue name is '%______%' and the blob name is {queueTrigger}.

    <p>input_queue</p> Signup and view all the answers

    What is the purpose of the Azure Event Hub?

    <p>Telemetry and distributed data streaming</p> Signup and view all the answers

    All websites and services must use SSL from a valid root certificate authority. True or False?

    <p>True</p> Signup and view all the answers

    Match the following key elements with their descriptions:

    <p>Azure Key Vault = Secure storage for SSL certificates and credentials Azure Logic App = Requires secure resources to a corporate VNet ContentReviewer Role = AllowedMemberTypes: User, Value: ContentReviewer</p> Signup and view all the answers

    Study Notes

    Azure Key Vault

    • EnablePurgeProtection prevents the key vault from being permanently deleted before the soft-delete retention period has elapsed.
    • EnableSoftDelete allows deleted vault and its contents to be retained and recoverable for the specified number of days.

    Azure Access Control

    • Access Policy must be applied or assigned to Users and Groups.
    • Access control must require multi-factor authentication when granting access to the Azure portal.

    Azure Web App

    • Azure Web App can be deployed from Github using the az webapp command.
    • Azure Web App can be configured to use the Standard App Service Tier, which supports auto-scaling.
    • Autoscaling can be enabled on the web app to minimize costs.
    • A scale rule and scale condition can be added to the web app.

    Azure Functions

    • Azure Functions can be used to run background tasks, such as photo processing.
    • Azure Functions can be triggered from Azure Blob storage events.
    • Azure Functions can use a managed identity from Azure Active Directory for authentication.
    • Azure Functions can be configured to use a Premium plan type.

    Azure Storage

    • Azure Storage provides a mechanism for recovering deleted objects, known as soft delete.
    • Azure Storage provides a mechanism for purging deleted objects, known as purge protection.

    Azure Kubernetes

    • Azure Kubernetes provides a mechanism for configuring Custom Resource Definitions (CRDs).
    • Azure Kubernetes provides a mechanism for configuring the Filter property of the SearchParameters class.

    Azure App Service

    • Azure App Service provides a mechanism for deploying web apps to a containerized environment.
    • Azure App Service provides a mechanism for configuring the web app to use a custom domain.
    • Azure App Service provides a mechanism for configuring the web app to use a managed identity.

    Azure Durable Functions

    • Azure Durable Functions provide a mechanism for running multiple actions in a specified order.
    • Azure Durable Functions provide a mechanism for monitoring the function using a monitoring console application.
    • Azure Durable Functions can be used to implement a voting system.

    Azure Resource Manager

    • Azure Resource Manager provides a mechanism for creating and deploying templates.
    • Azure Resource Manager provides a mechanism for testing and validating changes to templates.
    • Azure Resource Manager provides a mechanism for determining whether templates follow recommended practices.

    Azure Container Apps

    • Azure Container Apps provide a mechanism for running multiple microservices on Azure.
    • Azure Container Apps provide a mechanism for enabling external HTTP ingress traffic.
    • Azure Container Apps provide a mechanism for configuring a single environment for all containers.
    • Azure Search provides a mechanism for implementing a search feature using .NET SDK.
    • Azure Search provides a mechanism for configuring the QueryType property of the SearchParameters class.
    • Azure Search provides a mechanism for configuring the Filter property of the SearchParameters class.

    Azure Identity and Access

    • Azure Identity and Access provides a mechanism for authenticating users using Azure Active Directory.
    • Azure Identity and Access provides a mechanism for authorizing access to resources using Azure RBAC.
    • Azure Identity and Access provides a mechanism for configuring multi-factor authentication.

    Azure Networking

    • Azure Networking provides a mechanism for configuring the App Service plan to use a private network.
    • Azure Networking provides a mechanism for configuring the App Service plan to use a public network.
    • Azure Networking provides a mechanism for configuring the App Service plan to use a load balancer.

    Azure Monitoring and Analytics

    • Azure Monitoring and Analytics provides a mechanism for configuring metrics and alerts.
    • Azure Monitoring and Analytics provides a mechanism for configuring the QueryType property of the SearchParameters class.
    • Azure Monitoring and Analytics provides a mechanism for configuring the Filter property of the SearchParameters class.### Azure Configuration and Settings
    • Hosting plan: Premium
    • App service plan: Standard
    • Timeout value: 230 seconds
    • Code change validation feature: Deployment slot

    Python App Image Rendering

    • Deploy to Linux container
    • Stop image rendering complete

    Environment Variables

    • Compute target: Azure Container Instances
    • Container: Restart policy termination
    • AcquireLeaseAsync: If null, acquire infinite lease; if not null, must be 15 to 60 seconds

    Custom Claims and User Access Token

    • Add roles to appRoles attribute in app manifest
    • High availability storage

    Azure Container Apps

    • az containerapp ingress: Ensure traffic is routed to each revision
    • Unable to access container app and scaled to 0 instances: Enable ingress, create custom scale rule, and apply rule to container app

    Case Study

    • Internal staff report webpage load sizes are large and take a long time to load
    • Use az containerapp command to deploy python website to container

    Azure Service Bus

    • Service bus queue: Azure App Service that scales based on the number of messages contained
    • ActiveMessageCount: Messages in the queue or subscription that are in the active state and ready for delivery
    • Average: Decrease count by

    Azure Event Grid

    • Not suited for receiving data from thousands of devices and storing them in Azure Blob storage
    • Use QueueClient to receive a message when an Azure virtual machine finishes processing, ensuring messages do not persist after being handled

    Azure Storage

    • Upgrade Storage account to GPv2
    • Create a new GPV2 standard account with default access level to cool
    • Copy archive data to the GPV2 and delete the data from the original storage account

    Azure Cosmos DB

    • Partition key: Must be unique
    • Use the .NET API to connect to a No-SQL globally-distributed database
    • Use CosmosClient to create a client with endpoint and primary key
    • Change feed estimator: Monitor the progress of the change feed processor
    • Dead-letter queue: Prevent the change feed processor from retrying the entire batch when one document cannot be read

    Azure CDN

    • Use Azure CDN to distribute images
    • Process of how the CDN and the Point of Presence (POP) server will distribute the image

    Azure Blob Storage

    • daysAfterLastAccessTimeGreaterThan: Accessed
    • Use Azure Blob index tags to search and filter by customer identifier
    • Use Azure Cognitive Search to search information inside documents

    Azure Kubernetes Service

    • Kubernetes cluster with a large amount of data collected and minimized latency
    • YAML config: kind: StorageClass, provisioner: azure-disk, parameters: retain

    Azure App Service

    • Configure web app authentication and authorization: Add identity provider first
    • Use Azure Cosmos DB change feed: App1 pull model, App2 push model, Lease container
    • Use Azure BlobFuse to mount an Azure Blob Storage container as a local file system on a Linux system

    Azure Container Instance

    • Use Server Message Block (SMB) protocol to access data
    • Implement static website on Azure Blob Storage: Azure Content Delivery Network (CDN) for custom domain name, header values, and SSL certificate

    Azure API Management

    • Implement HSTS and every request must include a valid HTTP header
    • Use Certificate Authentication: Callers to the API must not send credentials to the API

    Azure Key Vault

    • Create an Azure Key Vault key named skey
    • Encrypt the intake forms using the public key portion of skey
    • Store the encrypted data in Azure Blob storage

    Azure Active Directory

    • Use Microsoft Graph API to retrieve and update user profile information
    • Use Microsoft Authentication Library (MSAL) to authenticate users

    Azure App Configuration

    • Use Azure App Configuration to store and retrieve configuration settings
    • Ensure the configuration settings are refreshed without the need to restart the app### Azure Functions
    • Azure Functions automatically parallelize change processing using a Push Model or a Pull Model.
    • The Push Model uses Azure Functions, while the Pull Model uses FeedRange for parallelization.
    • A validate-jwt policy is used to validate the OAuth token for every incoming request.

    Azure API Management

    • Azure API Management is used for response caching.
    • There are three types of caching: Account-level, Service-level, and User-delegation.
    • Service-level caching allows delegation of access to resources in a single storage service.

    Azure Active Directory

    • Azure Active Directory (Azure AD) is used for authentication and authorization.
    • Azure AD Premium is required for multi-factor authentication (MFA) implementation.
    • Azure AD provides conditional access policies and identity protection.

    Confidential Client Application

    • A Confidential Client Application is used to instantiate a confidential client application with a client secret.
    • There are two authentication methods: Service Principal and System-assigned Managed Identity.

    Role-Based Access Control (RBAC)

    • RBAC provides fine-grained access control and is used to assign permissions to users and applications.
    • ArcPush provides push/pull permissions, while ArcPull provides least privilege only pull permissions.

    Azure Blob Storage

    • Azure Blob Storage is used to store unstructured data.
    • A shared access signature (SAS) is generated for the Azure Blob storage account and provided to developers.
    • Stored access policies allow revocation of permissions without regenerating storage account keys.

    Microsoft Graph

    • Microsoft Graph is used to access user properties and authenticate applications.
    • Microsoft Graph provides APIs to access user data and requests permissions using a JWT token.
    • Microsoft Graph is used to authenticate and access Microsoft Graph in the app manifest.

    Single Sign-On (SSO)

    • Azure Active Directory B2C (Azure AD B2C) is used to implement SSO for all applications that use custom in-house identity providers.
    • Azure AD B2C provides custom policies and conditional access policies.

    Microsoft Authentication Library (MSAL)

    • MSAL is used to interface with Azure AD B2C and provide authentication and authorization.
    • MSAL provides code library to interface with Azure AD B2C and manage identities.

    Configuration Data

    • Azure App Configuration is used to store and manage application configuration data.
    • Azure App Configuration provides a managed identity and supports Azure Key Vault.

    Authentication and Authorization

    • Authentication is used to identify users and applications using JWT tokens and claims.
    • Authorization is used to grant permissions to users and applications using Azure AD and Azure RBAC.

    Microsoft Entra

    • Microsoft Entra is used to provide authentication and authorization for applications.
    • Microsoft Entra supports Azure AD B2C and provides managed identities.

    Security and Compliance

    • Security and compliance are ensured using Azure Policy and Azure Monitor.
    • Azure Policy enforces compliance and security policies, while Azure Monitor provides monitoring and logging.

    Azure Cache for Redis

    • Azure Cache for Redis is used to optimize performance and reduce latency.
    • Azure Cache for Redis provides caching rules and supports MIME types.

    Azure Front Door Service

    • Azure Front Door Service is used to optimize performance and reduce latency.
    • Azure Front Door Service provides caching rules and supports edge nodes.

    Azure Monitor and Azure Log Analytics

    • Azure Monitor is used to collect logs and metrics from applications and services.
    • Azure Log Analytics is used to analyze logs and metrics and provide insights.

    Azure Application Insights

    • Azure Application Insights is used to monitor application performance and detect anomalies.
    • Azure Application Insights provides tools such as Live Metrics Stream, Smart Detection, and Snapshot Debugger.

    Azure Cache for Redis Commands

    • Azure Cache for Redis commands are used to receive seismic data and optimize performance.
    • Azure Cache for Redis commands support XREAD BLOCK and STREAMS commands.

    Dynamic Configuration

    • Dynamic configuration is used to implement configuration changes and scaling.
    • Dynamic configuration supports App Configuration store and Sentinel keys.

    Profiler and Snapshot Debugger

    • Profiler is used to capture performance traces of applications without negatively affecting users.
    • Snapshot Debugger is used to automatically collect the state of the source code and variables when an exception is thrown.

    Azure Redis Cache Instance

    • Azure Redis Cache instance is used to handle outages and metadata loss in Azure data centers.
    • Azure Redis Cache instance supports AOF persistence and client connection logging.

    Azure Key Vault

    • EnablePurgeProtection prevents the key vault from being permanently deleted before the soft-delete retention period has elapsed.
    • EnableSoftDelete allows deleted vault and its contents to be retained and recoverable for the specified number of days.

    Azure Access Control

    • Access Policy must be applied or assigned to Users and Groups.
    • Access control must require multi-factor authentication when granting access to the Azure portal.

    Azure Web App

    • Azure Web App can be deployed from Github using the az webapp command.
    • Azure Web App can be configured to use the Standard App Service Tier, which supports auto-scaling.
    • Autoscaling can be enabled on the web app to minimize costs.
    • A scale rule and scale condition can be added to the web app.

    Azure Functions

    • Azure Functions can be used to run background tasks, such as photo processing.
    • Azure Functions can be triggered from Azure Blob storage events.
    • Azure Functions can use a managed identity from Azure Active Directory for authentication.
    • Azure Functions can be configured to use a Premium plan type.

    Azure Storage

    • Azure Storage provides a mechanism for recovering deleted objects, known as soft delete.
    • Azure Storage provides a mechanism for purging deleted objects, known as purge protection.

    Azure Kubernetes

    • Azure Kubernetes provides a mechanism for configuring Custom Resource Definitions (CRDs).
    • Azure Kubernetes provides a mechanism for configuring the Filter property of the SearchParameters class.

    Azure App Service

    • Azure App Service provides a mechanism for deploying web apps to a containerized environment.
    • Azure App Service provides a mechanism for configuring the web app to use a custom domain.
    • Azure App Service provides a mechanism for configuring the web app to use a managed identity.

    Azure Durable Functions

    • Azure Durable Functions provide a mechanism for running multiple actions in a specified order.
    • Azure Durable Functions provide a mechanism for monitoring the function using a monitoring console application.
    • Azure Durable Functions can be used to implement a voting system.

    Azure Resource Manager

    • Azure Resource Manager provides a mechanism for creating and deploying templates.
    • Azure Resource Manager provides a mechanism for testing and validating changes to templates.
    • Azure Resource Manager provides a mechanism for determining whether templates follow recommended practices.

    Azure Container Apps

    • Azure Container Apps provide a mechanism for running multiple microservices on Azure.
    • Azure Container Apps provide a mechanism for enabling external HTTP ingress traffic.
    • Azure Container Apps provide a mechanism for configuring a single environment for all containers.

    Azure Search

    • Azure Search provides a mechanism for implementing a search feature using .NET SDK.
    • Azure Search provides a mechanism for configuring the QueryType property of the SearchParameters class.
    • Azure Search provides a mechanism for configuring the Filter property of the SearchParameters class.

    Azure Identity and Access

    • Azure Identity and Access provides a mechanism for authenticating users using Azure Active Directory.
    • Azure Identity and Access provides a mechanism for authorizing access to resources using Azure RBAC.
    • Azure Identity and Access provides a mechanism for configuring multi-factor authentication.

    Azure Networking

    • Azure Networking provides a mechanism for configuring the App Service plan to use a private network.
    • Azure Networking provides a mechanism for configuring the App Service plan to use a public network.
    • Azure Networking provides a mechanism for configuring the App Service plan to use a load balancer.

    Azure Monitoring and Analytics

    • Azure Monitoring and Analytics provides a mechanism for configuring metrics and alerts.
    • Azure Monitoring and Analytics provides a mechanism for configuring the QueryType property of the SearchParameters class.
    • Azure Monitoring and Analytics provides a mechanism for configuring the Filter property of the SearchParameters class.### Azure Configuration and Settings
    • Hosting plan: Premium
    • App service plan: Standard
    • Timeout value: 230 seconds
    • Code change validation feature: Deployment slot

    Python App Image Rendering

    • Deploy to Linux container
    • Stop image rendering complete

    Environment Variables

    • Compute target: Azure Container Instances
    • Container: Restart policy termination
    • AcquireLeaseAsync: If null, acquire infinite lease; if not null, must be 15 to 60 seconds

    Custom Claims and User Access Token

    • Add roles to appRoles attribute in app manifest
    • High availability storage

    Azure Container Apps

    • az containerapp ingress: Ensure traffic is routed to each revision
    • Unable to access container app and scaled to 0 instances: Enable ingress, create custom scale rule, and apply rule to container app

    Case Study

    • Internal staff report webpage load sizes are large and take a long time to load
    • Use az containerapp command to deploy python website to container

    Azure Service Bus

    • Service bus queue: Azure App Service that scales based on the number of messages contained
    • ActiveMessageCount: Messages in the queue or subscription that are in the active state and ready for delivery
    • Average: Decrease count by

    Azure Event Grid

    • Not suited for receiving data from thousands of devices and storing them in Azure Blob storage
    • Use QueueClient to receive a message when an Azure virtual machine finishes processing, ensuring messages do not persist after being handled

    Azure Storage

    • Upgrade Storage account to GPv2
    • Create a new GPV2 standard account with default access level to cool
    • Copy archive data to the GPV2 and delete the data from the original storage account

    Azure Cosmos DB

    • Partition key: Must be unique
    • Use the .NET API to connect to a No-SQL globally-distributed database
    • Use CosmosClient to create a client with endpoint and primary key
    • Change feed estimator: Monitor the progress of the change feed processor
    • Dead-letter queue: Prevent the change feed processor from retrying the entire batch when one document cannot be read

    Azure CDN

    • Use Azure CDN to distribute images
    • Process of how the CDN and the Point of Presence (POP) server will distribute the image

    Azure Blob Storage

    • daysAfterLastAccessTimeGreaterThan: Accessed
    • Use Azure Blob index tags to search and filter by customer identifier
    • Use Azure Cognitive Search to search information inside documents

    Azure Kubernetes Service

    • Kubernetes cluster with a large amount of data collected and minimized latency
    • YAML config: kind: StorageClass, provisioner: azure-disk, parameters: retain

    Azure App Service

    • Configure web app authentication and authorization: Add identity provider first
    • Use Azure Cosmos DB change feed: App1 pull model, App2 push model, Lease container
    • Use Azure BlobFuse to mount an Azure Blob Storage container as a local file system on a Linux system

    Azure Container Instance

    • Use Server Message Block (SMB) protocol to access data
    • Implement static website on Azure Blob Storage: Azure Content Delivery Network (CDN) for custom domain name, header values, and SSL certificate

    Azure API Management

    • Implement HSTS and every request must include a valid HTTP header
    • Use Certificate Authentication: Callers to the API must not send credentials to the API

    Azure Key Vault

    • Create an Azure Key Vault key named skey
    • Encrypt the intake forms using the public key portion of skey
    • Store the encrypted data in Azure Blob storage

    Azure Active Directory

    • Use Microsoft Graph API to retrieve and update user profile information
    • Use Microsoft Authentication Library (MSAL) to authenticate users

    Azure App Configuration

    • Use Azure App Configuration to store and retrieve configuration settings
    • Ensure the configuration settings are refreshed without the need to restart the app### Azure Functions
    • Azure Functions automatically parallelize change processing using a Push Model or a Pull Model.
    • The Push Model uses Azure Functions, while the Pull Model uses FeedRange for parallelization.
    • A validate-jwt policy is used to validate the OAuth token for every incoming request.

    Azure API Management

    • Azure API Management is used for response caching.
    • There are three types of caching: Account-level, Service-level, and User-delegation.
    • Service-level caching allows delegation of access to resources in a single storage service.

    Azure Active Directory

    • Azure Active Directory (Azure AD) is used for authentication and authorization.
    • Azure AD Premium is required for multi-factor authentication (MFA) implementation.
    • Azure AD provides conditional access policies and identity protection.

    Confidential Client Application

    • A Confidential Client Application is used to instantiate a confidential client application with a client secret.
    • There are two authentication methods: Service Principal and System-assigned Managed Identity.

    Role-Based Access Control (RBAC)

    • RBAC provides fine-grained access control and is used to assign permissions to users and applications.
    • ArcPush provides push/pull permissions, while ArcPull provides least privilege only pull permissions.

    Azure Blob Storage

    • Azure Blob Storage is used to store unstructured data.
    • A shared access signature (SAS) is generated for the Azure Blob storage account and provided to developers.
    • Stored access policies allow revocation of permissions without regenerating storage account keys.

    Microsoft Graph

    • Microsoft Graph is used to access user properties and authenticate applications.
    • Microsoft Graph provides APIs to access user data and requests permissions using a JWT token.
    • Microsoft Graph is used to authenticate and access Microsoft Graph in the app manifest.

    Single Sign-On (SSO)

    • Azure Active Directory B2C (Azure AD B2C) is used to implement SSO for all applications that use custom in-house identity providers.
    • Azure AD B2C provides custom policies and conditional access policies.

    Microsoft Authentication Library (MSAL)

    • MSAL is used to interface with Azure AD B2C and provide authentication and authorization.
    • MSAL provides code library to interface with Azure AD B2C and manage identities.

    Configuration Data

    • Azure App Configuration is used to store and manage application configuration data.
    • Azure App Configuration provides a managed identity and supports Azure Key Vault.

    Authentication and Authorization

    • Authentication is used to identify users and applications using JWT tokens and claims.
    • Authorization is used to grant permissions to users and applications using Azure AD and Azure RBAC.

    Microsoft Entra

    • Microsoft Entra is used to provide authentication and authorization for applications.
    • Microsoft Entra supports Azure AD B2C and provides managed identities.

    Security and Compliance

    • Security and compliance are ensured using Azure Policy and Azure Monitor.
    • Azure Policy enforces compliance and security policies, while Azure Monitor provides monitoring and logging.

    Azure Cache for Redis

    • Azure Cache for Redis is used to optimize performance and reduce latency.
    • Azure Cache for Redis provides caching rules and supports MIME types.

    Azure Front Door Service

    • Azure Front Door Service is used to optimize performance and reduce latency.
    • Azure Front Door Service provides caching rules and supports edge nodes.

    Azure Monitor and Azure Log Analytics

    • Azure Monitor is used to collect logs and metrics from applications and services.
    • Azure Log Analytics is used to analyze logs and metrics and provide insights.

    Azure Application Insights

    • Azure Application Insights is used to monitor application performance and detect anomalies.
    • Azure Application Insights provides tools such as Live Metrics Stream, Smart Detection, and Snapshot Debugger.

    Azure Cache for Redis Commands

    • Azure Cache for Redis commands are used to receive seismic data and optimize performance.
    • Azure Cache for Redis commands support XREAD BLOCK and STREAMS commands.

    Dynamic Configuration

    • Dynamic configuration is used to implement configuration changes and scaling.
    • Dynamic configuration supports App Configuration store and Sentinel keys.

    Profiler and Snapshot Debugger

    • Profiler is used to capture performance traces of applications without negatively affecting users.
    • Snapshot Debugger is used to automatically collect the state of the source code and variables when an exception is thrown.

    Azure Redis Cache Instance

    • Azure Redis Cache instance is used to handle outages and metadata loss in Azure data centers.
    • Azure Redis Cache instance supports AOF persistence and client connection logging.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    AZ-204 Notes.pdf

    Description

    This quiz assesses your knowledge of Azure cloud computing, Docker image creation, and security features such as TLS mutual authentication and client certificate validation. It also covers stored procedures and application deployment.

    Use Quizgecko on...
    Browser
    Browser