Azure Networking and Services Overview

Questions and Answers

Does enabling Floating IP satisfy the requirement for configuring an Azure internal load balancer as a listener for an availability group?

It depends on network configuration

No

Only in specific scenarios

Yes (correct)

What is the correct PowerShell cmdlet to assign a static internal IP address to an existing Azure VM?

Run the Set-AzureStaticVNetIP PowerShell cmdlet (correct)

Run the Set-AzureSubnet PowerShell cmdlet

Modify the VM properties in the Azure Management Portal

Run the New-AzureRMVMConfig PowerShell cmdlet

When migrating an application to Azure VMs, what must be done to ensure that two VMs have static internal IP addresses?

Assign IP addresses directly via the OS settings

Use the Azure portal to create new VMs with static IPs

Remove any existing static IP before running the cmdlet (correct)

Use Azure networking features only after the migration

What happens when you run the Update-AzureVM cmdlet after setting a static IP for a VM?

The VM is restarted as part of the update process

In an Azure internal load balancer setup for an availability group, what is one possible reason for a configuration failure without Floating IP?

Floating IP is not enabled for communication

What must be configured for the application on SRV01 to successfully communicate with SRV02 after migration to Azure VMs?

Consistent static internal IP addresses

What is an important consideration when configuring internal load balancers for Azure VMs running SQL Server Always On availability groups?

The load balancer needs Floating IP enabled

What should be done after a static IP address is set for a VM to make the changes effective?

Run the Update-AzureVM cmdlet

What role should you assign to Admin1 to manage both internal and public load balancers while adhering to the principle of least privilege?

Network Contributor

To enable granting access to the AKS cluster AKS1 for users in contoso.com, what is the first step that should be taken?

Create an OAuth 2.0 authorization endpoint

Which type of group must be created to ensure that it is deleted automatically after 180 days while granting access to Library1?

A Microsoft 365 group with Dynamic User membership type

What is a limitation of the Network Contributor role in Azure?

Cannot access managed resources

Which statement accurately describes the OAuth 2.0 authorization endpoint in relation to Azure Kubernetes service?

It is necessary for user authentication within Kubernetes.

What type of membership does a security group require to enforce access control while allowing for automatic deletion after a certain period?

Dynamic User membership

In which scenario would you choose to recreate the AKS cluster?

If there are configuration issues preventing access

Which Azure role allows users to manage Azure resources but restricts access to sensitive network settings?

Network Contributor role

What is the primary requirement for moving virtual machines for App1 to Azure?

Minimize the number of open ports between the App1 tiers.

Which storage tier must the blueprint files be stored in after copying them to Azure?

Archive storage tier

What verification method is required for users joining devices to Azure Active Directory?

Mobile phone verification

How should Admin1 receive notifications about service outages?

By modifying the properties of the subscription in the Azure portal

Which group of users is permitted to join devices to Azure AD?

Only users in the Pilot group

What type of storage should be used for hard disks of the virtual machines?

Unmanaged standard storage

Which requirement must be implemented to secure partner access to blueprint files?

Implement temporary access restrictions

What capability should User3 have regarding the Azure subscription?

Create network objects

Which command correctly retrieves error events?

Event | search 'error'

What must be modified to ensure records in the Azure DNS zone are resolvable from the internet?

Modify the NS records in the DNS domain registrar.

What must be modified first to set the Account kind for a storage account to BlockBlobStorage?

Performance

Which of the following commands combines tables and applies a search operator?

Table_name | search 'search term'

Which storage account can be used for data export with the Azure Import/Export service?

Standard General Purpose v2 storage account

What is a common misconception when working with EventType searches?

Using '==' instead of 'is' for comparisons.

Which setting would prevent setting the storage account kind to BlockBlobStorage if left unchanged?

Performance

Which command is considered incorrect for retrieving records based on EventType?

Event | where EventType is 'error'

To delegate a domain to Azure DNS, which record must be changed?

NS Records

What does the Azure Import/Export service support for data import?

Azure File storage and Azure Blob storage

What is an essential step after creating a DNS zone in Azure?

Ensure DNS records are public.

Which type of storage account is not supported for exporting data using the Azure Import/Export service?

Premium block blob storage account

What will happen to files that have a more recent last modified time in the destination during an azcopy sync operation?

Files will be skipped in the destination

Which of the following about the Azure DNS zone setup is true?

Delegation is possible via NS records.

When creating a storage account in Azure, which setting affects the storage account's performance tier options?

Performance

Which command is useful to copy multiple blobs to a blob container in Azure?

az storage blob copy start-batch

Study Notes

Azure Internal Load Balancer as Listener for Availability Group

• Enabling Floating IP for an Azure Internal Load Balancer satisfies the requirement of configuring it as a listener for a SQL Server Always On Availability Group.

Static Internal IP Addresses for Azure VMs

• To configure static internal IP Addresses for Azure VMs, run the Set-AzureStaticVNetIP PowerShell cmdlet.
• Use the Update-AzureVM cmdlet to restart the VM and assign the specified IP address.

Azure Active Directory Access to Azure Kubernetes Service

• When an administrator cannot grant access to an Azure Kubernetes Service (AKS) cluster to users in an Azure Active Directory (Azure AD) tenant, first create an OAuth 2.0 authorization endpoint within the Azure AD tenant.
• This is the recommended first step to ensure access can be granted.

Microsoft 365 Tenant and Azure Active Directory Groups

• To grant users temporary access to a Microsoft SharePoint document library while ensuring automatic deletion of groups after 180 days, create a Security group using the Assigned membership type.
• This will ensure the groups are automatically deleted after the specified period.

Azure Monitor Log Queries to Find Errors

• To find errors in Azure Monitor logs, use the search operator with the table name and the search term "error".
• Example: Event | search "error"

Azure DNS Zone Configuration

• To ensure records created in a public Azure DNS zone are resolvable from the internet, modify the NS records in the DNS domain registrar.
• This ensures resolution through proper delegation.

Azure Storage Account BlockBlobStorage Kind

• To set the Account kind for a Standard performance storage account to BlockBlobStorage, modify the Performance setting first.
• The performance setting must be Standard before you can choose BlockBlobStorage as the Account kind.

Azure Import/Export Service

• The Azure Import/Export service supports Standard General Purpose v2, Blob Storage, and General Purpose v1 storage accounts for export.
• To identify the storage account that can be used for exporting data, select a storage account that adheres to these requirements.

Azure Subscription and Storage Account Settings

• To export data from an Azure subscription using the Azure Import/Export service, the storage account must be either standard general-purpose v2, block blob storage, or general-purpose v1.
• This is a requirement for the service to work.

Azure Device Settings and User Requirements

• To restrict device joining to Azure AD to users within a specific group, modify the "Only selected users should be able to join devices" setting.
• This setting allows for control over device enrollment.
• To verify a user's identity through mobile phone verification when joining a device, modify the "Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity" setting.
• This step enhances security by requiring additional authentication.

Azure Subscription Service Admin and Email Alerts

• To designate a new user as the service admin for an Azure subscription and ensure they receive email alerts regarding service outages, from the Subscriptions blade, select the subscription and modify the Properties settings.
• This allows for specific administrative configuration.

Description

This quiz covers essential topics related to Azure networking, including Internal Load Balancers, static IP configurations, and managing Azure Active Directory access. Test your knowledge on best practices and commands used within Azure environments to ensure efficient resource management.