Azure Networking and Services Overview

Questions and Answers

Does enabling Floating IP satisfy the requirement for configuring an Azure internal load balancer as a listener for an availability group?

• It depends on network configuration
• No
• Only in specific scenarios
• Yes (correct)

What is the correct PowerShell cmdlet to assign a static internal IP address to an existing Azure VM?

• Run the Set-AzureStaticVNetIP PowerShell cmdlet (correct)
• Run the Set-AzureSubnet PowerShell cmdlet
• Modify the VM properties in the Azure Management Portal
• Run the New-AzureRMVMConfig PowerShell cmdlet

When migrating an application to Azure VMs, what must be done to ensure that two VMs have static internal IP addresses?

• Assign IP addresses directly via the OS settings
• Use the Azure portal to create new VMs with static IPs
• Remove any existing static IP before running the cmdlet (correct)
• Use Azure networking features only after the migration

What happens when you run the Update-AzureVM cmdlet after setting a static IP for a VM?

The VM is restarted as part of the update process (B)

In an Azure internal load balancer setup for an availability group, what is one possible reason for a configuration failure without Floating IP?

Floating IP is not enabled for communication (D)

What must be configured for the application on SRV01 to successfully communicate with SRV02 after migration to Azure VMs?

Consistent static internal IP addresses (C)

What is an important consideration when configuring internal load balancers for Azure VMs running SQL Server Always On availability groups?

The load balancer needs Floating IP enabled (A)

What should be done after a static IP address is set for a VM to make the changes effective?

Run the Update-AzureVM cmdlet (A)

What role should you assign to Admin1 to manage both internal and public load balancers while adhering to the principle of least privilege?

Network Contributor (B)

To enable granting access to the AKS cluster AKS1 for users in contoso.com, what is the first step that should be taken?

Create an OAuth 2.0 authorization endpoint (A)

Which type of group must be created to ensure that it is deleted automatically after 180 days while granting access to Library1?

A Microsoft 365 group with Dynamic User membership type (A), A Microsoft 365 group with Assigned membership type (D)

What is a limitation of the Network Contributor role in Azure?

Cannot access managed resources (A)

Which statement accurately describes the OAuth 2.0 authorization endpoint in relation to Azure Kubernetes service?

It is necessary for user authentication within Kubernetes. (D)

What type of membership does a security group require to enforce access control while allowing for automatic deletion after a certain period?

Dynamic User membership (B), Assigned membership (D)

In which scenario would you choose to recreate the AKS cluster?

If there are configuration issues preventing access (C)

Which Azure role allows users to manage Azure resources but restricts access to sensitive network settings?

Network Contributor role (C)

What is the primary requirement for moving virtual machines for App1 to Azure?

Minimize the number of open ports between the App1 tiers. (B)

Which storage tier must the blueprint files be stored in after copying them to Azure?

Archive storage tier (B)

What verification method is required for users joining devices to Azure Active Directory?

Mobile phone verification (C)

How should Admin1 receive notifications about service outages?

By modifying the properties of the subscription in the Azure portal (A)

Which group of users is permitted to join devices to Azure AD?

Only users in the Pilot group (D)

What type of storage should be used for hard disks of the virtual machines?

Unmanaged standard storage (A)

Which requirement must be implemented to secure partner access to blueprint files?

Implement temporary access restrictions (C)

What capability should User3 have regarding the Azure subscription?

Create network objects (A)

Which command correctly retrieves error events?

Event | search 'error' (D)

What must be modified to ensure records in the Azure DNS zone are resolvable from the internet?

Modify the NS records in the DNS domain registrar. (C)

What must be modified first to set the Account kind for a storage account to BlockBlobStorage?

Performance (C)

Which of the following commands combines tables and applies a search operator?

Table_name | search 'search term' (C)

Which storage account can be used for data export with the Azure Import/Export service?

Standard General Purpose v2 storage account (A)

What is a common misconception when working with EventType searches?

Using '==' instead of 'is' for comparisons. (C)

Which setting would prevent setting the storage account kind to BlockBlobStorage if left unchanged?

Performance (B)

Which command is considered incorrect for retrieving records based on EventType?

Event | where EventType is 'error' (B)

To delegate a domain to Azure DNS, which record must be changed?

NS Records (D)

What does the Azure Import/Export service support for data import?

Azure File storage and Azure Blob storage (C)

What is an essential step after creating a DNS zone in Azure?

Ensure DNS records are public. (C)

Which type of storage account is not supported for exporting data using the Azure Import/Export service?

Premium block blob storage account (C)

What will happen to files that have a more recent last modified time in the destination during an azcopy sync operation?

Files will be skipped in the destination (D)

Which of the following about the Azure DNS zone setup is true?

Delegation is possible via NS records. (B)

When creating a storage account in Azure, which setting affects the storage account's performance tier options?

Performance (A)

Which command is useful to copy multiple blobs to a blob container in Azure?

az storage blob copy start-batch (C)

Flashcards

Azure Internal Load Balancer Listener for Availability Group

Configuring an Azure Internal Load Balancer to act as a listener for a SQL Server Availability Group requires a floating IP address.

Static Internal IPs for Azure VMs

Use Set-AzureStaticVNetIP PowerShell cmdlet to set static internal IPs for Azure VMs. Then restart the VM using Update-AzureVM.

AKS Cluster Access & Azure AD

To grant Azure Active Directory (Azure AD) user access to an Azure Kubernetes Service (AKS) cluster, first create an OAuth 2.0 authorization endpoint within the Azure AD tenant.

Microsoft 365 Tenant Group Deletion

Create Security groups with 'Assigned membership' type in a Microsoft 365 tenant to ensure groups are automatically deleted after 180 days.

Azure Monitor Error Search

Use the search operator with 'error' in Azure Monitor logs to locate errors. E.g., Event | search "error"

Azure DNS Zone Public Resolvability

To resolve records from a public Azure DNS zone on the internet, modify the NS records in the DNS domain registrar.

Azure Storage Account BlockBlobStorage Kind

Set the account kind to 'BlockBlobStorage' for a Standard performance Azure Storage account, but first set performance to 'Standard'.

Azure Import/Export Supported Storage Accounts

Azure Import/Export supports Standard General Purpose v2, Blob Storage, and General Purpose v1 storage accounts.

Azure Import/Export Data Source Storage

Choose a storage account of type 'standard general-purpose v2', 'block blob storage', or 'general-purpose v1' to export data through the service.

Azure Device Group Joining Restriction

Restrict device joining to Azure AD by only allowing users in a specific group to enroll.

Mobile Phone Verification Device Enrollment

Require mobile phone verification for user identity when joining devices to Azure AD.

Azure Subscription Service Admin

Designate a service admin for an Azure subscription and ensure they receive email alerts about outages via the Subscriptions blade.

Study Notes

Azure Internal Load Balancer as Listener for Availability Group

• Enabling Floating IP for an Azure Internal Load Balancer satisfies the requirement of configuring it as a listener for a SQL Server Always On Availability Group.

Static Internal IP Addresses for Azure VMs

• To configure static internal IP Addresses for Azure VMs, run the Set-AzureStaticVNetIP PowerShell cmdlet.
• Use the Update-AzureVM cmdlet to restart the VM and assign the specified IP address.

Azure Active Directory Access to Azure Kubernetes Service

• When an administrator cannot grant access to an Azure Kubernetes Service (AKS) cluster to users in an Azure Active Directory (Azure AD) tenant, first create an OAuth 2.0 authorization endpoint within the Azure AD tenant.
• This is the recommended first step to ensure access can be granted.

Microsoft 365 Tenant and Azure Active Directory Groups

• To grant users temporary access to a Microsoft SharePoint document library while ensuring automatic deletion of groups after 180 days, create a Security group using the Assigned membership type.
• This will ensure the groups are automatically deleted after the specified period.

Azure Monitor Log Queries to Find Errors

• To find errors in Azure Monitor logs, use the search operator with the table name and the search term "error".
• Example: Event | search "error"

Azure DNS Zone Configuration

• To ensure records created in a public Azure DNS zone are resolvable from the internet, modify the NS records in the DNS domain registrar.
• This ensures resolution through proper delegation.

Azure Storage Account BlockBlobStorage Kind

• To set the Account kind for a Standard performance storage account to BlockBlobStorage, modify the Performance setting first.
• The performance setting must be Standard before you can choose BlockBlobStorage as the Account kind.

Azure Import/Export Service

• The Azure Import/Export service supports Standard General Purpose v2, Blob Storage, and General Purpose v1 storage accounts for export.
• To identify the storage account that can be used for exporting data, select a storage account that adheres to these requirements.

Azure Subscription and Storage Account Settings

• To export data from an Azure subscription using the Azure Import/Export service, the storage account must be either standard general-purpose v2, block blob storage, or general-purpose v1.
• This is a requirement for the service to work.

Azure Device Settings and User Requirements

• To restrict device joining to Azure AD to users within a specific group, modify the "Only selected users should be able to join devices" setting.
• This setting allows for control over device enrollment.
• To verify a user's identity through mobile phone verification when joining a device, modify the "Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity" setting.
• This step enhances security by requiring additional authentication.

Azure Subscription Service Admin and Email Alerts

• To designate a new user as the service admin for an Azure subscription and ensure they receive email alerts regarding service outages, from the Subscriptions blade, select the subscription and modify the Properties settings.
• This allows for specific administrative configuration.

Description

This quiz covers essential topics related to Azure networking, including Internal Load Balancers, static IP configurations, and managing Azure Active Directory access. Test your knowledge on best practices and commands used within Azure environments to ensure efficient resource management.