Aantekeningen testexamen AZ-104 Microsoft Azure Administrator
wist-ik-niet Whenever Azure Advisor detects a new recommendation for resources, an event is stored in the Azure Activity log. You can set up alerts for these events from Azure Advisor. You can select a subscription and optionally a resource group to specify the resources for which you want to receive alerts. You also need to create an action group that will contain all the users to be notified.
wist-ik-niet Only Microsoft Entra ID P1 and P2 support SSPR, but Microsoft Entra ID P1 is the lower cost option.
wist-ik-niet Application security groups allow you to group together the network interfaces from multiple virtual machines, and then use the group as the source or destination in an NSG rule. The network interfaces must be in the same virtual network.
wist-ik-niet You can use the IP address of each virtual machine as the destination, but you must create a rule for each virtual machine.
wist-ik-niet Using the subnets will require four rules and will also allow traffic to all the virtual machines on those subnets.
definitie Service-tags are for specific Azure services, such as Azure App Service or Azure Backup.
wist-ik-niet definitie A VPN-gateway is a type of virtual network gateway that sends encrypted traffic between a virtual network and an on-premises location across a public connection. You can also use a VPN gateway to send traffic between virtual networks across the Azure backbone. A VPN gateway connection relies on the configuration of multiple resources, each of which contains configurable settings.
Azure-provided name resolution does not support user-defined domain names and only supports a single virtual network
Azure DNS Private Resolver is used to proxy DNS queries between on-premises environments and Azure DNS.
When you deploy a resource by using a template, you can mention the resource group for the deployment.
An Azure container instance (Docker container) can mount Azure File Storage shares as directories and use them as persistent storage. An Azure container instance cannot mount and use as persistent storage blob containers, queues and tables.
Azure Container Apps allows a set of triggers to create new instances, called replicas. For Azure Service Bus, an event-driven trigger can be used to run the escalation method. The remaining scale triggers cannot use a scale rule based on messages in an Azure service bus.
Azure-App-Service-plans: The Standard service plan can host unlimited web apps, up to 50 GB of disk space, and up to 10 instances. The plan will cost approximately 0.20/hour. The Basic plan offers 10 GB of disk space and up to three virtual machines.
Azure-Container-Apps: Azure Container Apps manages the details of Kubernetes and container orchestration. Containers in Azure Container Apps can use any runtime, programming language, or development stack of your choice. You can define multiple containers in a single container app to implement the sidecar pattern, for example, an agent that reads logs from the primary app container in a shared volume and forwards them to a logging service.
definitie: Azure-Blob-Storage change-feed: to provide transaction logs of all the changes that occur to the blobs and the blob metadata in your storage account.
Add-AzVhd: Uploads an on-premises VHD to Azure
New-AzVM: Used to create a new virtual machine
New-AzDisk: Used to create a managed disk
New-AzDataShare: Used to create an Azure data share
definitie: virtual-network-gateway: the software VPN device for your Azure virtual network
You can detach a disk from a running virtual machine (hot removal). You do not need to stop VM2 or restart the VM1.
definitie: An IP-group is a user-defined collection of static IP addresses, ranges, and subnets. A network bridge allows you to connect multiple existing network connection in Windows together. Changing the IP configurations of the existing network interface results in VM1 being connected to Subnet2 but not to Subnet1.
An Azure container instance cannot mount and use as persistent storage blob containers, queues and tables.
definitie: Publish: If you want to run a Docker container as an Azure web service, you must configure the Publish option and select Docker container.
definitie: Runtime-stack specifies the stack that you want to use for the web app. If you want to deploy a Docker container as web app, the runtime stack option is unavailable.
Pricing plan specifies the location, features, and costs of the web app.
Continuous deployment is a strategy for software releases. This option is unavailable when you publish a Docker container as an Azure web app.
change-feed definitie The purpose of the change feed is to provide transaction logs of all the changes that occur to the blobs and the blob metadata in your storage account
definitie shared-access-signature sas A SAS provides secure delegated access to resources in a storage account. With a SAS, you have granular control over how a client can access data, including time restrictions.
File shares can be configured to use Microsoft Entra Kerberos to provide identity-based access to data storage.
definitie ip-flow-verify IP flow verify lets you specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify can identify the specific network security group (NSG) that prevents communication.
commando Add-AzVhd Uploads an on-premises VHD to Azure
commando Save-AzDeploymentTemplate save the resource ARM template #commando New-AzResourceGroupDeployment deploy a saved ARM template
wist-ik-niet definitie Point-to-Site (#P2S) VPN clients must be downloaded and reinstalled again after virtual network peering is successfully configured to ensure that the new routes are downloaded to the client.
definitie application-security-groups allow you to group together the network interfaces from multiple virtual machines and then use the group as the source or destination in an NSG rule.
definitie Entra dynamic-user-group user-based or device attribute-based rules to enable membership for dynamic membership groups
definitie Azure-Advisor: recommendations on high availability, security, performance, operational excellence and cost
Access signature (SAS) token
SAS parameters
SignedResourceTypes (srt) is required to refer services, containers or objects
SignedServices (ss) is required to refer blobs, queues, tables and files.
SignedIP (sip) is an optional parameter that refers to the range of IP addresses from which to accept requests.
Access tiers
Cold-tier: (online) cost-effective large amounts of data infrequently accessed #Hot-tier: (online) more expensive and optimized for data frequently accessed #Cool-tier: (online) optimized data rarely accessed still requires fast retrieval #Archive-tier: (offline) for data rarely accessed flexible latency requirements