AZ-104 Exam Tips

  1. In case of backup policy, if policy overlaps longest retention period will be applied
  2. Azure security groups can't be moved from one region to another. You can however, use an Azure Resource Manager template to export the existing configuration and security rules of an NSG. You can then stage the resource in another region by exporting the NSG to a template, modifying the parameters to match the destination region, and then deploy the template to the new region.
  3. Even if you have enough SKU wise  vCPU core quota, check if you have any Regional vCPU quota, you can't create more than regional i.e location wise vCPU quota
  4. Even if you machines are OFF or you have Auto-Shutdown time before Recovery service backup schedule, Azure still can take backup of all VMs i.e Azure Backup supports backup of VM that are shutdown or offline.
  5. Automatic registration of virtual machines from a virtual network that's linked to a private zone with autoregistration enabled. The virtual machines are registered (added) to the private zone as A records pointing to their private IP addresses.
  6. The Custom Script Extension downloads and executes scripts on Azure virtual machines. This extension is useful for post deployment configuration, software installation, or any other configuration or management tasks.
  7. When multiple hubs are enabled in a single virtual WAN, the hubs are automatically interconnected via hub-to-hub links, thus enabling global connectivity between branches and Vnets that are distributed across multiple regions.
  8. Azure policies applied at Management group level are inherited to further down to resources, policies can be overriden by applied policy at child management groups
  9. It is possible to add more than one web app with different runtime stacks to the same app service plan, if the runtime stack is supported on the given operating system type. Azure service plan forces you to use Windows or Linux , not mix of both. A plan must be either Windows or Linux.
  10. You can move storage to different resource group in different region. Note that region for these resources doesn't changed, just the RG itself.
  11. You CAN move NIC to a new resource group that is attached to a virtual machine n different region. Note that region for these resources doesn't changed, just the RG itself.
  12. Azure Public IPs are region specific and can't be moved from one region to another.
  13. When you create an Azure virtual machine (VM), you must create a virtual network (VNet) or use an existing VNet. You can change the subnet a VM is connected to after it's created, but you cannot change the VNet.
  14. Azure AD is a managed service. You only manage the users, groups, and policies. Deploying AD DS with virtual machines using Azure means that you manage the deployment, configuration, virtual machines, patching, and other backend tasks
  15. Azure Administrator accounts will always be able to reset their passwords no matter what Authentication method is set to.
  16. An Initiative Definition can have up to 100 policies
  17. Policy evaluation happens about once an hour, which means that if you make changes to your policy definition and create a policy assignment then it will be re-evaluated over your resources within the hour.
  18. Only the Owner and User Access Administrator roles can create or delete management locks.
  19. Azure Powershell Reference--
  20. You're limited to 256 parameters in a ARM template
  21. Azure reserves the first three IP addresses and the last IP address in each subnet address range.
  22. By default, you can create up to 50 virtual networks per subscription per region, although you can increase this limit to 500 by contacting Azure support
  23. When you add a peering on one virtual network, the second virtual network configuration is automatically added.
  24. If you select ‘Allow gateway transit’ on one virtual network; then you should select ‘Use remote gateways’ on the other virtual network.
  25. Creating a virtual network gateway can take up to 45 minutes to complete.
  26. When working with gateway subnets, avoid associating a network security group (NSG) to the gateway subnet. Associating a network security group to this subnet may cause your VPN gateway to stop functioning as expected.
  27. Once a virtual network gateway has been created, you can't change the VPN type.
  28. A public load balancer could be placed in front of the internal load balancer to create a multi-tier application
  29. In the Standard SKU you can have up to 1000 instances in the backend pool. In the Basic SKU you can have up to 100 instances.
  30. Load balancing rules can be used in combination with NAT rules. For example, you could use NAT from the load balancer’s public address to TCP 3389 on a specific virtual machine. This allows remote desktop access from outside of Azure. Notice in this case, the NAT rule is explicitly attached to a VM (or network interface) to complete the path to the target; whereas a Load Balancing rule need not be.
  31. All storage accounts are encrypted using Storage Service Encryption (SSE) for data at rest.
  32. ARM template library-
  33. Visualize your ARM template -
  34. Use openssl for getting random password - $(openssl rand -base64 32)
  35. Azure AD authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol.
  36. Import Job Flow

  37. Azure AD authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol.
  38. The maximum size allowed for the OS VHD on a generation 1 VM is 2 TB. Detailed flow -
  39. Web app deployment steps
    1. Create a resource group, and then deploy a web app to the resource group.
    2. From the Automation script blade of the resource group , click Add to Library.
    3. From the Templates service, select the template, and then share the template to the web administrators.
  40. To resolve the Active Directory issue-Run the IdFix tool then use the Update actions.
  41. To add or delete users you must be a User administrator or Global administrator in same tenant
  42. The net use command is used to connect to file shares and mount an Azure file share example= net use R: \\rebelshare <storage key> /user:Azure\rebelsa1
  43. Azure DNS supports all common DNS record types: A, AAAA, CAA, CNAME, MX, NS, PTR, SOA, SRV, and TXT.
  44. The most common type is an 'A' record, which maps a name to an IPv4 address.
  45. You can connect virtual networks to each other with virtual network peering. These virtual networks can be in the same region or different regions (also known as Global VNet peering). 
  46. To ensure this VNet can be connected to other networks, the address space should never overlap with any other networks in your environment
  47. To perform a custom deployment of the virtual machine, Once Cloud-init.txt has been created, you can deploy the VM with az vm create cmdlet, sing the --custom-data parameter to provide the full path to the cloud- init.txt file.
  48. If you try to deploy your own template in the portal, there are 3 available options for configuration- "Subscription", "Resource Group", "Location"
  49. To connect to subnet adn NSG, Both VNet and NSG must be in the same region.
  50. Before you create a backend pool on Load balancer, you must Remove the public IP address from VM
  51. If you have a read only lock on resource group, you still can uplaod file on storage account under that resource group
  52. Azure Active Directory (Azure AD) supports bulk user create and delete operations and supports downloading lists of users. Just fill out comma-separated values (CSV) template you can download from the Azure AD portal.
  53. To restore the deleted files to an on-premises computer--
    1. From the Azure portal,click File Recovery from the vault.
    2. Select a restore point
    3. Download and run a script.
    4. Copy the files by using File Explorer
  54. VM will be restarted after we change its size (restarting is obviously a downtime). 
  55. To inspect all the network traffic from VM1 to VM2 for a period of X hours. Solution: From Azure Network Watcher, you create a packet capture.
  56. In Availability set, to ensure that visitors are serviced by the same web server for each request. set Session persistence to Client IP and protocol
  57. To use Recovery Services vaults on VM, From the VM blade, click Disaster recovery, click Replication settings, and then select already created recovery serice vault
  58. If the VM you wish to resize is part of an availability set, then you must stop all VMs in the availability set before changing the size of any VM in the availability set.
  59. The alert rate limit thresholds are:
    1. SMS: No more than 1 SMS every 5 minutes.
    2. Voice: No more than 1 Voice call every 5 minutes.
    3. Email: No more than 100 emails in an hour.
  60. there's a limit of 100 VMs that can be associated to the same backup policy from the portal.
  61. To quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering, Use Advisor Blade
  62. With the Azure Backup Microsoft Azure Recovery Services (MARS) you are limited to a maximum of 3 backups per day.
    1. Azure VMs: Once a day.
    2. Machines protected by DPM/MABS: Twice a day.
    3. Machines backed up directly by using the MARS agent: Three times a day.
  63. Sysprep --> Sysprep (System Preparation) prepares a Windows installation (Windows client and Windows Server) for imaging, allowing you to capture a customized installation. Sysprep removes PC-specific information from a Windows installation, "generalizing" the installation so it can be installed on different PCs. With Sysprep you can configure the PC to boot to audit mode, where you can make additional changes or updates to your image. Or, you can configure Windows to boot to the Out-of-Box Experience (OOBE).
  64. waagent -->  deprovision the VM by using the Azure VM agent to delete machine-specific files and data. Use the waagent command with the -deprovision+user parameter on your source Linux VM.
  65. Always remember the standard formate for UNC path is : \\<storage account name>.(blob, queue, file or table)\<File name>
  66. The network interface needs to get a private IP address from the address space of the virtual network. Hence the network interface needs to be created in the same region as the virtual network.
  67. To invite the external partner to sign in to the Azure AD tenant, From the Users blade, modify the External collaboration settings.
  68. To monitor the metrics and the logs of linux VM, use Linux Diagnostic Extension (LAD) 3.0
  69. To remove the backup data stored for VM, Stop the backup
  70. Effect of MFA policy
  71. uploading certificate in web app-- 
    1. Certificate format for HTTPS access: PFX
    2. Certificate format for external service access: CER
  72. on Prem VM migration requiremnt, few to mention windows, ge1 or gen2, no bitlocker
  73. The Backup and Restore feature requires the App Service plan to be in the Standard, Premium or Isolated tier
  74. Azure file sync setup process
    1. Deploy a Storage Sync Service. --> This is done on Azure .
    2. Create a sync group. --> this is done on Azure
    3. Install Azure File Sync agent on the server with the full data set. --> This is done on server1.
    4. Register that server and create a server endpoint on the share. --> This is done on server1.
    5. Let sync do the full upload to the Azure file share (cloud endpoint).
    6. After the initial upload is complete, install Azure File Sync agent on each of the remaining servers.
    7. Create new file shares on each of the remaining servers.
    8. Create server endpoints on new file shares with cloud tiering policy, if desired. (This step requires additional storage to be available for the initial setup.)
    9. Let Azure File Sync agent do a rapid restore of the full namespace without the actual data transfer. After the full namespace sync, sync engine will fill the local disk space based on the cloud tiering policy for the server endpoint.
    10. Ensure sync completes and test your topology as desired.
    11. Redirect users and applications to this new share.
    12. You can optionally delete any duplicate shares on the servers.
  75. The connection monitor capability monitors communication at a regular interval and informs you of reachability, latency, and network topology changes between the VM and the endpoint.
  76. Command to deploy an application using an Azure Container registry image--kubectl apply
  77. TO increase CPU use scale up option
Previous Post Next Post