Pre Azure Certification - Exam 3

Azure Mobile App Service provides services that allow you to support mobile apps across multiple platforms. It does not provide hosting services for apps for the various app stores.

Using Windows disk configuration tool, you can remap the D: drive to another letter and use D: for a storage location.

CDN is designed to deliver static files quickly by placing them geographically closer to the user.

VHD files are stored as page blobs, because page blobs are optimized for random access reads and writes.

Elastic pools allow you to group several SQL Databases together in a single pool, and all of the resources reserved for them are shared. This is good for when the demand on a database is unpredictable and varies. By pooling resources, if the demand for a few databases spikes, they will be able to fulfill that demand easily enough. This would not work if the demand for all databases in the pool all spiked together. For instance, if a single application used 3 databases to perform it's task, you can expect the demand of all three databases to spike together.

Redis will store data up to it's memory limit, and then begin evicting data based on a defined algorithm.

Azure Active Directory is a optimized for web-identity management instead of local network management. As such, it does not have support for managing computers and devices, or using non web security protocols such as Kerberos. It supports users and groups, and web-friendly security protocols such as SAML.

Azure B2C supports all four authentication providers listed (Facebook, Google+, LinkedIn, Amazon)

The only solution to needing more than 1000 VMs in a scale set is to create multiple scale sets.

You can either set up a webhook to create a ticket in your ticketing system if that functionality exists, or have the alert send an email to your ticketing system. Some ticketing systems have the ability to create tickets from an email address. Application Insights cannot help with monitoring CPU performance, since it works at the application level.

By default, the health probe needs to fail 2 consecutive times. This is checked every 15 seconds by default as well. Both values are changeable when you are setting up the load balancer.

Every service fabric application package must contain an ApplicationManifest.xml file.

CORS: The asterisk in AllowedOrigins allows calls from any domain. The askterisk in the AllowedMethods allows all HTTP VERBS to be used. This is a normal setting for public resources that you expect to be incorporated into many different websites. This allows any web server to use the resource as long as it has the right permissions, such as having a Shared Access Signature.

The Azure Search SLA is available on the basic and standard tiers, but not on the free tier.

Azure Automation DSC can be used for Linux virtual machines on premises, in Azure or in a cloud other than Azure as long as the latest version of the Powershell DSC Local Configuration for Linux is installed, and the machine has an outbound connection to the Internet.

Azure WebJobs can be in the languages that Azure supports, including Windows EXE and CMD, PowerShell, PHP, Python, JavaScript, Java, and Bash Shell.

Web App: .NET and PHP are enabled by default. You must enable other languages.

Serverless architectures are a form of Software-as-a-service where the developer can in fact upload their own code (as long as it conforms to what Microsoft allows), but large amounts of the system operate outside the control of the developer. Often they are event triggered and only live for the time it takes for the program to execute and return to the user.

but all of the Azure services (from API management, to push mobile notifications, to scaling, and use of storage services) is available to use from all three types of App Services Applications. API Apps, Mobile Apps, and Web Apps are all web apps. Only the name and icon are different.

A static public IP address is required if you need to create an A record, since you will not want the IP to change suddenly without warning.

Logic apps support nesting. You can call other logic apps as actions, and so you can create one parent logic app, and have that call child logic apps as required to do certain tasks.

NoSQL databases such as DocumentDB accept data in JSON format, which does not constrain the data to a particular schema. DocumentDB can accept any small JSON data set that you pass it.

"$filter=tags/all(t: t ne 'motel')" returns all documents that are not tagged as 'motel'.

Azure Service Bus Topics are a one-to-many communication model.

Hybrid Connection Manager is the name of the relay agent that you install inside your corporate network in order to allow selected external App Services access to endpoints inside your network using hybrid connections.

You can put any virtual machine (Windows, Linux) you wish into an availability set. As best practice, you should put virtual machines that serve the same function into the same availability set, so that front-end and back-end servers are in different availability set. But there's nothing stopping you from putting Windows and Linux servers in the same availability set if you wish.

Only entities with the same partition key can be part of the same transaction.

Storage Keys: It's very important to follow the proper key regeneration plan to ensure little disruption to your users. You must regenerate the #2 key and switch the applications to use that key. And then regenerate the first key. Both keys must be regenerated in a logical fashion.

Azure AD: Using the CSV mass import function would be the quickest way to grant access to a large number of external people if you have a list of their names and email addresses.

The .NET class Microsoft.WindowsAzure.Storage.File allows you to access an Azure File Service through .NET code.

Using a sharding technique will allow you to distribute your files across multiple storage accounts in Azure. Now there is a limit to the maximum number of storage accounts in a subscription, so you'd have to create more Azure subscriptions if you need more than 200 storage accounts, but sharding the files across 20 or 50 storage accounts will multiple the operations per second by quite a bit.

There is a default security rule on all NSGs that deny all traffic on all ports for all protocols. You would have to create higher-priority rules to override that, and you cannot delete the default rules.

You can add boot diagnostics to an existing virtual machine, by going into the diagnostics tab in settings. From there, you need to turn the status of diagnostics on, assign a storage account, and enable boot diagnotics.

Graph API always uses graph.windows.net. Next is the tenant, and we can use "myorganization" to represent our company's directory. "me" is for the signed-in user and not for the organization level. Next we request a list of groups. And we always have to provide the api-version as a paramter.

The Geo-Restore option should be able to get a database back online in a different region as long as a recent backup is available.

In order to inspect HTTPS traffic, you will need to install an SSL certificate on the Application Gateway, and it is that certificate that the client uses to encrypt and decrypt traffic back and forth between the client and Azure. If you wish to connect the Application Gateway to the Backend pool server using HTTPS, you can configure the Application Gateway to re-encrypt the traffic before passing it along.

An App Service Environment is a dedicated hosting space for your web apps. This allows higher scale, a dedicated network connection, and keeps your apps isolated from other applications from other users.

You are trying to remotely debug your web application that is running in an Azure Virtual Machine. You have installed the virtual machine extensions for debugging, and Visual Studio is able to connect, but the problem is that you are unable to see the source code of the application as it runs. You find it really hard to debug the application without source code displaying in Visual Studio. What is the most likely cause of the lack of being able to see source code?

Most likely it is missing symbol files. You should ensure the application is compiled in Debug configuration, and publish the app to the virtual machine to include those files.

PowerShell: The location is the region that the resource is created in.

A shared access signature (SAS) provides you with a way to grant limited access to objects in your storage account to other clients, without exposing your account key. The Shared Access Signature allows any person or application with the URL to access the resource. A stored access policy can be modified or revoked, which invalidates the shared access signatures associated with it without having to invalidate your account access keys which can have other bad effects. You can revoke a shared access signature by regenerating the keys on the account as well.

Both queues and topics have a first in-first out model. A message in a queue is removed once a single application receives and processes it. A message in a topic is delivered to all subscribers.

JWT is a token that contains encrypted JSON data. It consists of a header, a payload and a signature, and is used for securely transmitting JSON data.

Azure Storage Queue is a way for applications to sends messages (small bits of data) between them in a disconnected fashion. It enables asynchronous communication, such that the receiving application does not have to be in a state ready to receive messages at a time when the message is ready to be written.

A block blob can contain 50,000 blocks of 100MB per block, or 4.75 TB

Update-AzureRmVM allows you to specific a new size for an existing VM if that size is valid for the region in which the VM is running.

Pre Azure Certification - Exam 2

Application Insights is a .NET package that allows events and messages to be passed to the monitoring and reporting layer, so that you can easily see what your application is doing and the types of errors it's encountering. It works alongside other logging and event monitoring services which you can also turn on with your application, to get a complete picture of the program execution.

Azure Blob storage can handle lots and lots of blobs, even 100+ million. There is no limit to the number of containers or number of blobs in a container, only to the 500TB limit of the account.

We can scale up or down a VM by selecting another SKU.

The PowerShell Cmdlet to create a new Virtual Machine Scale Set is New-AzureRmVmss. Azure does a fairly good job at naming it's cmdlets, so they will always start with New-, Get-, Set-, Delete- etc. And AzureRm is used for Azure Resource Manager Model.

403 FORBIDDEN is the  HTTP Status Code sent by a CORS OPTIONS preflight request if the client is not permitted to make a call to the server as it wishes to make.

You can use API Management to act as a portal for any HTTP endpoint you give it. You can use Azure API Management as a front-end management portal for API apps, even if those API apps are hosted outside of Azure - on your own premises or even within Amazon AWS.

The service principal is an account you create especially for unattended operation. As such, you can reduce the permissions to that account to the bare minimum that scripts would require. This is important for security reasons. It's an option that you can create a security certificate for this service principal, and be able to run scripts in an authenticated fashion without use of a password.

Azure keeps data with the same partition key on the same server.

Azure B2B users are like any other user, and can be added to the Administrators group if you should wish to do that.

Azure Service Buss supports Queues, Topics and Relays. Queues are a FIFO messaging system, and the message can be read by only one reader. Topics are a publisher-subscriber model, and the messages can be read by many readers (any who subscribe to it). And Relay is a two-way communication channel, and does not store messages. It only relays them.

The stored access policy is associated with any shared access signatures, and gives the benefit of being able to be invalidated from within Azure which will then invalidate other shared access signatures. If you distribute a shared access signature without a stored access policy, then the only way to expire a shared access signature early (before it's expiry date) is to invalidate the storage keys.

When you reserve a static public IP address, that address stays associated with your account even if it's not associated with an application or virtual machine. Only when you delete the static IP address resource is it reclaimed by Azure.

Azure automatically hides the storage queue message as soon as it's read for a short period of time so that multiple workers don't read the same message. The worker who reads the message needs to delete the message once it's processed so that it doesn't get picked up by another job.

Azure Web Jobs are scheduled using either CRON jobs or Azure Scheduler.

 Azure Automation DSC can be used for an Amazon AWS virtual machine as long as the latest version of the WMF (Windows Management Framework) is installed, and the machine has an outbound connection to the Internet.

Azure Active Directory can only manage one domain in a single tenant.

Azure functions support C#, F#, Node.js, Python, PHP, batch, bash, or any executable.

Azure Hybrid Connections only require outbound internet access from the WCF application, and not open inbound access. It is a more secure way of connecting to an on-prem service, and reduces the number of open connections.

The two basic methods are to use a Shared Access Signature (as with many ways to protect access to Azure resources from outside) and to restrict access to the app using an IP range. You can also use API Management to convert the logic app into a managed web service, and that opens a lot more security options. Logic apps are secured through SSL already, and you cannot add a plaintext-password to the URL.

Only IP addresses can be in the back-end pool, and those addresses must either be on the same virtual network as the Azure Application Gateway, across VPN or vnet peering, or publicly accessible regardless of where they are hosted. Basically, the Application Gateway needs to be able to access the IP of the virtual machine it sends traffic to.

The primary advantage to using a CDN network to store static files such as images, videos or scripts is that it increases the performance of the web site from the user's perspective, as the files are served to them from a physical location that is closest to them geographically.

 The lowest App Service Plan level that allows auto-scaling is the standard plan or above.

Graph API: You should send deltaLink= on the initial request, and then track the deltaLink value that it sends back. You then send that deltaLink value on the next request and you will only receive back the differences since that initial request.

Availability Set: Microsoft automatically assigns Virtual Machines across 3 fault domains (physical servers) and 20 update domains (5 by default) to minimize uptime during planned and unplanned outages.

Using a third-party provider will save you time from having to code all of the new user registration as well as forgot / change passwords. You can also use Azure B2C on sites that are not hosted in Azure. Also, it may be true that users don't want to create yet another account just to use your site and this might lower the barrier to entry for acquiring registered users. Azure B2C does not provide the application anything other than the email address in most cases, and so applications do not get access to users social media profiles, their personal information stored there, nor the ability to post on the users' behalf.

You should select "attach debugger" from the context menu in order to get Visual Studio to connect to the remotely running process.

The A record maps a custom domain to an IP address.

Azure Storage Accounts are limited to 500 TB of capacity, total.

Yes, you can deploy any operating system as a custom VHD image even if it's not in the Azure Portal. As long as it runs on a 64-bit CPU.

ARR Affinity uses cookies to ensure the user visiting the load balanced site is always redirected to the same back end server, effectively making the session sticky. Of course there's a downside to this, in that if the server becomes slow or goes down, the user's session is interrupted and they may lose what they were working on.

Redis is the preferred temporary data caching solution with Azure. There were other solutions in the past, but Microsoft has settled on Redis going forward. Redis is based on an open-source project, and is used widely outside of Azure. The product has a lot of features and is proven technology for temporary storage (but also supports persistence if needed).

Azure Service Bus Queue is a First In, First Out ordering platform. Even thought messages might be pulled in FIFO order, there's no guarantee that they will be processed exactly in order because a few things can happen that cause a message to be delayed or fail the processing step, and other processors may process messages after that in the meantime. So you can't absolutely guarantee messages will be processed in order.

All of the standard service tiers offer a maximum of 250 GB of database size. You can get 4 TB from the high options of the Premium Tier.

Cosmos DB supports MongoDB and DocumentDB document formats. It also supports Table storage as a key-value pair, and Graph API.

The Shared Access Signature (SAS) allows you to specific and limited access to a storage account without having to hand over the keys to the account. You can only do this at the account level, and not limit access to individual blobs or containers. If you do need to specify access to only certain blobs or containers, you may need a separate account for those.

Azure has SDKs for the major mobile platforms including Android and iOS, as well as the cross-platform clients Xamarin and the hybrid client Cordova. It also supports back end SDK's for .NET and Node.JS. Each SDK is available with an MIT license and is open-source.

Swagger allows humans and computers to discover and understand the capabilities of a service without having access to documentation, source code or having to inspect the traffic itself. Most projects don't even have any documentation, so having Swagger docs is a huge improvement. And it does save time from a developer having to hand-write the name, parameter names, parameter types, and return data format for every method of a service.

Azure Search partition is I/O and disk space. It's where the index is stored, and also provides temporary storage when needed.

Linux Virtual Machines use SSH for administration, and SSH uses a public key certificate to authenticate the user.

OData uses readable Booleans such as "and" and logical operators such as "gt" and "lt". So $filter=price gt 100 and inventory gt 0 is the correct answer.

Azure File Service can be mounted using SMB, and used as a remote drive (by letter) in Windows or mounted in Linux.

Azure Service Fabric is a new programming model for application development, where the developer creates several microservices instead of big monolithic apps. Service Fabric is one of the "serverless" programming options, along with Azure Functions and Logic Apps.

Azure B2C is great for handling millions of hundreds of millions of users in an Azure Active Directory instance, without polluting your corporate AD service with those records.

The alert function checks the metrics every minute. In the example given - 50% over 30 minutes - if the CPU remains above 50% every time it's checked (every minute) for 30 consecutive minutes, the alert will trigger.

NSG rules are evaluated in priority order, from the lowest number (100) to the highest number (4096).

Every Virtual Machine comes with 2 disks - the operating system disk and the temporary data disk. They often support data disks, but they do not get them by default.

Pre Azure Certification - Exam 1

Each storage account gets two and only two keys. Primary and Secondary.

An Azure App Service Plan is like a dedicated hosting environment. It can host Web Apps, Mobile Apps, Functions, and API apps. Logic apps used to support App Service Plans, but don't any more.

Page blobs are optimized for representing IaaS disks and supporting random writes, and may be up to 1 TB in size. An Azure virtual machine network attached IaaS disk is a VHD stored as a page blob.

Service Fabric is a microservices model that relies on smaller components dedicated to a specific task, working together to deliver services to the users. This is the opposite of the monolith single application model. Since the components are small, they are often very quick to deploy and can result in zero downtime for the application. These applications are more dense, taking more full advantage of existing servers. This results in less servers required to support the functionality. And the service fabric distributed model allows nodes to be running both inside and outside Azure at the same time, including even nodes in AWS or on premises. It is not a less complicated architecture, since it often adds more complexity to the design. But you get the benefits of cost savings and increased availability.

NSGs can only be applied to resources within the region it's created.

Server clustering is a feature of the premium tier.

Azure throttling IO per second limits are based on the account level, so in order to exceed them you will need to create multiple accounts. There is no automated way to shard blobs into separate accounts. That must be done by the application.

Azure Web Jobs cannot be created using .NET Core

Managed storage accounts are charged by the amount of data and the number of transactions, but Microsoft takes care of ensuring the files are stored on their servers in a way that won't get throttled or have those traditional limits.

DocumentDB, now one part of CosmosDB, is specifically designed as a NoSQL data service that guarantees low-latency and quick response time. Perfect for storing small bits of JSON there.

You can choose from Verizon or Akamai when creating a CDN on Azure.

SAML 2.0 uses a signed-token mechanism to signal authentication. The application directs the user to Active Directory, which the user logs into directly. Active Directory sends the user back to the application with a signed token which is checked to ensure it hasn't been tampered with.

Using the filtering capability of Azure Service Bus topics, only receive messages that are relevant to the person. But display all alerts that pass this filter.

The New-AzureRmWebAppBackup command creates a backup of a web app.

You are limited to 20 static IP addresses per subscription in Azure.
OData is an industry-standard, supported by companies such as Microsoft, IBM, SAP, Progress Software, etc. It creates a standard language that can be used to query data from many sources, including Azure SQL, SharePoint, SSRS, and other sources.

Azure limits 4 TB for standard unmanaged disks. Premium disks can be up to 4 TB depending on level. Of course, you can have several data disks depending on the VM size you choose. There is a 500 TB maximum for the entire storage account.

Azure SQL Database service can be protected by using either a database or server level firewall, which is configured in a specific table inside either the master database (database or server firewall) or the specific database being protected (database firewall only). Azure SQL Database is Software as a Service and does not run on a virtual network, and cannot be protected by an NSG.

Bearer tokens have some well-known security issues. You have to send the tokens over SSL to prevent man-in-the-middle attacks, and a short expiry time minimizes the damage if the token is intercepted.

Web apps support languages such as ASP.NET, Node.js, PHP, Python, and Java.

Azure Automation DSC can be used for an on-premises virtual machine as long as the latest version of the WMF (Windows Management Framework) is installed, and the machine has an outbound connection to the Internet, it can be managed by Azure DSC.

You can set an expiry date when you create the shared access signature, and when that date passes, the key will no longer work. If you used stored access policies, you can invalidate or delete the policy and it will invalidate the shared access signature as well. And finally, if you change your storage account keys, all shared access signatures will be invalidated automatically. You cannot update a shared access signature after it's been created.

There is a maximum of 1000 VMs in a single VMSS.

Azure Hybrid Connections is designed to allow Azure Web Apps or Mobile Apps to connect to services that run inside a network, without needing modifications to the firewall settings. It does this by opening a connection to Azure from the network (from inside) which allows API calls to be made from Azure to a WCF service running inside the network. ExpressRoute and Site-to-Site VPN's require a gateway to be installed.

Azure AD B2B collaboration allows you to connect your Azure AD with an external partner, allowing them to assign permissions to applications you allow them to.

A replica is an instance of the index. You sometimes want multiple replicas so that your search can be load balanced.

The NuGet package Swashbuckle is used to generate Swagger documentation for Azure API apps.

Azure Storage Queues are for short messages, which have a 64 KB maximum.

Anything you can do to optimize your application to make less queries will obviously make it a better user experience and slow down the growth problems for the future. Adding redis caching to catch some queries before they get to the database is a good idea (such as lookup tables for UX fields), as well as turning queries into batches as much as possible. Also, of course, Azure allows you to scale the database up one more level, so that would also be a solution (short term). CDN would not help with this problem since that deals with static assets like JS files, CSS, images or videos. You're not storing videos in the database, are you? :)

Windows Deployment Services is one of the unsupported roles of Windows Servers inside Azure.

Currently you can create alerts on CPU Percentage used, network in, network out, disk bytes read, disk bytes written, disk read operations per second, disk write operations per second.

Azure Application Gateway is a layer-7 load balancer, which is the application level. Azure Load Balancer is layer-4, transport level. Traffic Manager works at the DNS level.

The Set-AzureRmWebApp command allows you to set the host name using the -HostName property.

In order to debug a Virtual Machine, the Remote Debugging extension has to be installed on that virtual machine.

Azure Table uses partition key and row key which together must be unique.

Azure Active Directory is Azure's Identity as a Service offering, which provides directory services, identity governance, and application access management

Azure distributes the VMs evenly among 5 update domains by default. When the sixth VM is added to the availability set, it will be put on the first update domain. The seventh, when it's created, will be on the second.

Azure Logic Apps and Functions are two services at the core of Azure's Serverless applications. Serverless applications are billed based on consumption (per transaction or per KB), and the developer does not have to worry about the server or a service level plan.

System Center Operations Manager (SCOM) is for managing and monitoring large cloud installations. It is used as a management tool for on-premises Windows Sever and Hyper-V based-clouds, but it can also integrate with and manage Azure apps. Among other things, it can install Application Insights on existing live apps. If an app goes down, it tells you in seconds. Note that Log Analytics does not replace SCOM. It works well in conjunction with it.

Graph API supports both JSON and XML for requests and responses.

We cannot use the "scale up" function of azure to move from a HDD VM to one that uses Premium SSD storage as the scaling option restricts you to a VM of the same storage type - standard or premium storage.

A CORS pre-flight request is made using an HTTP OPTIONS call to the server that holds the resources, in this case the Azure storage service. The server returns a status 200 OK if the CORS request is accepted. Having received permission to make the request, then the main request is made from client to server.

Shared Access Signatures are the primary way to grant access to a Service Bus Queue. You generate them in the Azure Portal, and then can hand them out to client applications that need access to that queue. If you make them using a Stored Access Policy, you can revoke access at any time.

There are 9 triggers that can start a function: blobs, event hubs, HTTP request, GitHub, queues, Service Bus Queue, Service Bus Topic, Timers, or a webhook.

We can restrict the number of API calls over a short period of time. The number of API calls over a long period of time (or forever). You can restrict by IP address, or use that as a way to throttle usage. You can check for values in the header.

Using vnet peering, you can use Application Gateway to distribute traffic to different regions for true internal load balancing.