< Exam AZ-103: Microsoft Azure Administrator
{ last updated 12/1/2019 }
001: How do you install the Az Module?
Install-Module Az -AllowClobber
Reference:
https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az?view=azps-2.5.0
002: What is the cmdlet to log into Azure?
Connect-AzAccount, or alias Login-AzAccount
Reference:
https://docs.microsoft.com/en-us/powershell/module/az.accounts/connect-azaccount?view=azps-2.5.0
003: Which cmdlet returns Azure subscription information?
Get-AzSubscription
Reference:
https://docs.microsoft.com/en-us/powershell/module/Az.Accounts/Get-AzSubscription?view=azps-2.5.0
004: How do you create a resource group using PowerShell?
New-AzResourceGroup -Name MyRG1 -Location EastUS
Reference:
https://docs.microsoft.com/en-us/powershell/module/az.resources/new-azresourcegroup?view=azps-2.5.0
005: How do you remove a resource group using PowerShell?
Remove-AzResourceGroup -Name MyRG1
Reference:
006: True or False, Azure CLI can interactively access your local machine for files.
False. Azure CLI works through the browser, and does not have interactive access.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-cli
007: Using Azure CLI, how would you restart a VM?
az vm restart -g MyRG1 -n MyVM1.
Notice that the command structure is different than cmdlets.
Reference:
https://docs.microsoft.com/en-us/cli/azure/vm?view=azure-cli-latest#az-vm-restart
008: How do you install Azure CLI?
By downloading the MSI from Microsoft (https://aka.ms/installazurecliwindows), or by using the following cmdlet:
Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList ‘/I AzureCLI.msi /quiet’
Reference:
https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest
009: How do you access Azure CLI from your local computer?
Open a command prompt or PowerShell. Type: az login.
Reference:
https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest
010: What is an Action Group?
An action group is a collection of notification preferences defined by the owner of an Azure subscription.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups
011: How many Action Groups can be configured per Subscription?
- 500
- 1,000
- 2,000
- Unlimited
012: Action Groups have three properties. What are they?
#1 Name: Enter a unique identifier for this action.
#2 Action Type: Select Email/SMS/Push/Voice, Logic App, Webhook, ITSM, or Automation Runbook.
#3 Details: Based on the action type, enter a phone number, email address, webhook URI, Azure app, ITSM connection, or Automation runbook. For ITSM Action, additionally specify Work Item and other fields your ITSM tool requires.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups
013: In Azure RBAC roles, there are over 70 built-in roles, but what are the 4 foundational roles and what permissions do they have?
Owner – Full access to all resources. Delegate access to others.
Contributor – Create and manage all types of Azure resources. Cannot grant access to others.
Reader – View Azure resources.
User Access Administrator – Manage user access to Azure resources.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles
014: What collects telemetry from your application to help analyze its operation and performance?
A. Azure Dashboard
B. Azure Advisor
C. Performance Dashboard
D. HD Insights
E. Azure Application Insights
F. Log Analytics
E. Azure Application Insights
Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for web developers on multiple platforms.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-performance
015: How do you create a Recovery Service Vault?
5 Steps
#1 – Sign in to the Azure portal > Recovery Services.
#2 – On the Azure portal menu or from the Home page, select Create a resource. Then select Management Tools > Backup and Site Recovery.
#3 – In Name, specify a friendly name to identify the vault. If you have more than one subscription, select the appropriate one.
#4 – Create a resource group or select an existing one. Specify an Azure region. To check supported regions, see geographic availability in Azure Site Recovery Pricing Details.
#5 – Click Create.
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication
016: You can get cost recommendations from the Cost tab on the __________ dashboard.
A. Calculator
B. Performance
C. Azure
D. Advisor
E. Optimization
017: What permissions do you need to access Advisor?
A. Only Owner or Contributor of a subscription
B. Owner, Contributor, or Reader of a subscription
C. Only Owner or Reader of a subscription
D. Read-Write Access is required
E. None of the above
B. Owner, Contributor, or Reader of a subscription
Reference:
https://docs.microsoft.com/en-us/azure/advisor/advisor-overview
018: To provide redundancy to your application, it is recommended that you group two or more virtual machines in _____________.
An availability set
Reference:
https://docs.microsoft.com/en-us/azure/advisor/advisor-high-availability-recommendations
019: What would you use to collect performance diagnostic data on Windows VMs in Azure?
Azure Performance Diagnostics VM Extension
Azure Performance Diagnostics VM Extension helps collect performance diagnostic data from Windows VMs. The extension performs analysis, and provides a report of findings and recommendations to identify and resolve performance issues on the virtual machine.
Reference:
020: What are the steps to enable and start backup on a VM in Azure?
8 Steps
#1 – Select Virtual machines as the resource.
#2 – From the list, choose a VM to back up.
#3 – In the Operations section, choose Backup. The Enable backup window opens.
#4 – Select Create new and provide a name for the new vault, such as myRecoveryServicesVault.
#5 – If not already selected, choose Use existing, then select the resource group of your VM from the drop-down menu.
#6 – To accept the default backup policy values, select Enable Backup.
#7 – On the Backup window for your VM, select Backup now.
#8 – To accept the backup retention policy of 30 days, leave the default Retain Backup Till date. To start the job, select Backup.
Reference:
https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal
021: What are the steps to create a VM in Azure?
7 Steps
#1 – Under Services, select Virtual machines.
#2 – In the Virtual machines page, select Add.
#3 – In the Basics tab, under Project details, make sure the correct subscription is selected and then choose to Create new resource group. Type myResourceGroup for the name.
#4 – Under Instance details, type myVM for the Virtual machine name and choose East US for your Region, and then choose Windows Server 2019 Datacenter for the Image. Leave the other defaults.
#5 – Under Administrator account, provide a username, such as azureuser and a password. The password must be at least 12 characters long and meet the defined complexity requirements.
#6 – Under Inbound port rules, choose Allow selected ports and then select RDP (3389) and HTTP (80) from the drop-down.
#7 – Leave the remaining defaults and then select the Review + create button at the bottom of the page.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/quick-create-portal
022: If you need a tag to be applied to all resources in a resource group, each
resource must be tagged
A. Globally
B. Using hybrid setting
C. Individually
D. In the Azure dashboard
Individually
023: What is floating IP?
Floating IP concept is meant for port reuse scenarios. Floating IP is a portion of what is known as Direct Server Return (DSR). DSR consists of two parts: a flow topology and an IP address mapping scheme. At a platform level, Azure Load Balancer always operates in a DSR flow topology regardless of whether Floating IP is enabled or not. This means that the outbound part of a flow is always correctly rewritten to flow directly back to the origin.
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-multivip-overview
024: True or False, In the Azure App Service, authentication and authorization module runs in the same sandbox as your application code.
True
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
025: True or False, you are required to use App Service for authentication and authorization when setting up your Azure Applications.
False
Many web frameworks are bundled with security features, and you can use them if you like.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
026: When working with the authentication and authorization module, what four things does it handle with your application?
4 Steps
#1 – Authenticates users with the specified provider
#2 – Validates, stores, and refreshes tokens
#3 – Manages the authenticated session
#4 – Injects identity information into request headers
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
027: What is WaAppAgent.exe?
WaAppAgent.exe is the process for the RdAgent service, which is part of the VM Agent for Windows Azure Virtual Machines.
Reference:
https://azure.microsoft.com/en-us/blog/azure-vm-backup-pre-checks/
028: When you start discovery on the VMware appliance, it communicates with the vCenter server on which TCP by default?
- 22
- 80
- 5985 and 5986
- 53
- 443
- 445
029: Referencing the above question, the appliance sends the collected data to Azure Migrate Server Assessment and Azure Migrate Server Migration over which port?
- 22
- 80
- 5985 and 5986
- 53
- 443
- 445
Once again, the port is 443.
Reference:
https://docs.microsoft.com/en-us/azure/migrate/migrate-appliance
030: What’s the difference between Azure Migrate and Site Recovery?
Azure Migrate provides a centralized hub to manage and track discovery, assessment, and migration of on-premises machines and workloads to Azure. Azure Site Recovery is a disaster recovery solution. Azure Migrate: Server Migration tool uses some backend Site Recovery functionality for lift-and-shift migration of some on-premises machines.
Reference:
https://docs.microsoft.com/en-us/azure/migrate/resources-faq
031: How does the appliance connect to Azure?
The connection can be over the internet, or use Azure ExpressRoute with public/Microsoft peering.
Reference:
https://docs.microsoft.com/en-us/azure/migrate/resources-faq
032: What data is collected by the Azure Migrate appliance?
Performance data and metadata for VMware VMs.
Performance data and metadata for Hyper-V VMs.
Reference:
https://docs.microsoft.com/en-us/azure/migrate/resources-faq
033: What is a shared access signatures (SAS)?
A shared access signature (SAS) provides secure delegated access to resources in your storage account without compromising the security of your data. With a SAS, you have granular control over how a client can access your data. You can control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
034: In which App Servicing Plans is ‘Auto Scale’ supported?
Hint: Servicing Plans—Free, Premium, Shared, Basic, Isolated, Standard
Standard, Premium, Isolated
Reference:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
035: A shared access signature can take one of two forms. What are they?
Ad hoc SAS: When you create an ad hoc SAS, the start time, expiry time, and permissions for the SAS are all specified in the SAS URI (or implied, if start time is omitted). Any type of SAS can be an ad hoc SAS.
Service SAS with stored access policy: A stored access policy is defined on a resource container, which can be a blob container, table, queue, or file share. The stored access policy can be used to manage constraints for one or more service shared access signatures. When you associate a service SAS with a stored access policy, the SAS inherits the constraints—the start time, expiry time, and permissions—defined for the stored access policy.NOTEA user delegation SAS or an account SAS must be an ad hoc SAS. Stored access policies are not supported for the user delegation SAS or the account SAS.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
036: Which App Servicing Plans have ‘250 GB and up’ disk storage?
Hint: Servicing Plans—Free, Premium, Shared, Basic, Isolated, Standard
Premium & Isolated
Reference:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
037: How do you create a function app?
6 Steps
#1 – From the Azure portal menu, select Create a resource.
#2 – In the New page, select Compute > Function App.
#3 – Specify Function settings:
| Setting | Suggested value | Description |
|---|---|---|
| Subscription | Your subscription | The subscription under which this new function app is created. |
| Resource Group | myResourceGroup | Name for the new resource group in which to create your function app. |
| Function App name | Globally unique name | Name that identifies your new function app. Valid characters are a-z (case insensitive), 0-9, and -. |
| Publish | Code | Option to publish code files or a Docker container. |
| Runtime stack | Preferred language | Choose a runtime that supports your favorite function programming language. Choose .NET for C# and F# functions. |
| Region | Preferred region | Choose a region near you or near other services your functions access. |
#4 – Specify Host settings:
| Setting | Suggested value | Description |
|---|---|---|
| Storage account | Globally unique name | Create a storage account used by your function app. Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only. You can also use an existing account, which must meet the storage account requirements. |
| Operating system | Preferred operating system | An operating system is pre-selected for you based on your runtime stack selection, but you can change the setting if necessary. |
| Plan | Consumption plan | Hosting plan that defines how resources are allocated to your function app. In the default Consumption Plan, resources are added dynamically as required by your functions. In this serverless hosting, you only pay for the time your functions run. When you run in an App Service plan, you must manage the scaling of your function app. |
Select the Next : Monitoring > button.
#5 – Specify Monitoring settings:
| Setting | Suggested value | Description |
|---|---|---|
| Application Insights | Default | Creates an Application Insights resource of the same App name in the nearest supported region. By expanding this setting, you can change the New resource name or choose a different Location in an Azure geography where you want to store your data. |
Select Review + Create to review the app configuration selections.
#6 – Select Create to provision and deploy the function app.
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-first-azure-function
038: How do you add an IP to a VM?
4 Steps
#1 – In the portal, click More services > type virtual machines in the filter box, and then click Virtual machines.
#2 – In the Virtual machines pane, click the VM you want to add IP addresses to. Click Network interfaces in the virtual machine pane that appears, and then select the network interface you want to add the IP addresses to. In the example shown in the following picture, the NIC named myNIC from the VM named myVM is selected.
#3 – In the pane that appears for the NIC you selected, click IP configurations.
#4 – Complete the steps in one of the sections that follow, based on the type of IP address you want to add.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-multiple-ip-addresses-portal
039: How do you create a Public IP address resource?
2 Steps
#1 – In the portal, click Create a resource > Networking > Public IP address.
#2 – In the Create public IP address pane that appears, enter a Name, select an IP address assignment type, a Subscription, a Resource group, and a Location, then click Create.
Reference:
Review the following link…in detail. Know how to assign the public IP address to different resources:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-multiple-ip-addresses-portal
040: How do you create a virtual network peer?
6 Steps
#1 – In the search box at the top of the Azure portal, enter virtual networks in the search box. When Virtual networks appear in the search results, select it. Do not select Virtual networks (classic) if it appears in the list, as you cannot create a peering from a virtual network deployed through the classic deployment model.
#2 – Select the virtual network in the list that you want to create a peering for (this means, virtual networks must exist—if they do not, create them).
#3 – Under SETTINGS, select Peerings.
#4 – Select + Add.
#5 – Enter or select values for the following settings: Name, Virtual Network Deployment model, I know my resource ID, Subscription, Virtual Network, Allow Virtual Network Access, Allow Forwarded Traffic, Allow Gateway Transit, and Use Remote Gateways.
#6 – Select OK to add the peering to the virtual network you selected.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering
041: QUESTION
…
Reference:
link
042: QUESTION
…
Reference:
link
043: QUESTION
…
Reference:
link
044: QUESTION
…
Reference:
link
045: QUESTION
…
Reference:
link
046: QUESTION
…
Reference:
link
047: QUESTION
…
Reference:
link
048: QUESTION
…
Reference:
link
160 more to be added…