cfr D:\_MySrc\AZ-204_training --------------------------------------------------------------------------------------------------------- AZ-204 Developing Solutions for Azure --------------------------------------------------------------------------------------------------------- use personal account for exam : jo_schoenmakers@yahoo.com --------------------------------------------------------------------------------------------------------- Main nfo url https://docs.microsoft.com/en-us/learn/certifications/exams/az-204 --------------------------------------------------------------------------------------------------------- https://www.examtopics.com/exams/microsoft/az-204/ --------------------------------------------------------------------------------------------------------- - https://docs.microsoft.com/en-us/learn/certifications/exams/az-204 The content of this exam was updated on March 26, 2021. (percentage determines amount of questions about this chapter) * Develop Azure compute solutions (25-30%) * Develop for Azure storage (10-15%)->(15-20%) * Implement Azure security (15-20%)->(20-25%) * Monitor, troubleshoot, and optimize Azure solutions (10-15%)->(15-20%) * Connect to and consume Azure services and third-party services (25-30%)->(15-20%) --------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------- -->>-- 20210416 Try exam start [167 questions] -->>-- 01 -- 20 (Topic 1 : functions ?) 01 : store logfiles on docker WEBSITES_ENABLE_APP_SERVICE_STORAGE=true DIAGDATA=/home 02 : Azure Application Gateway trough which all traffic is routed Check "Use For App Service" Set "Override backend path" to contoso.azurewebsites.net 03 : App service plan for 4 consumers, singleton, isolated network (dploy to ASE using isolated tier) 4 VM instances pricing tier isolated (The Isolated plan hosts your apps in a private, dedicated Azure environment and is ideal for apps that require secure connections with your on-premises network) 04 : Kubernetes : cfr 4 nfo (CRD Types : Custom Resource Definitions) https://www.thinktecture.com/en/kubernetes/serverless-workloads-with-keda/serverless-workloads-with-keda Connection string : Secret (Stored within) Azure function code : Deployment (With attributes to control scaling) Polling interval : ScaledObject (With polling interval) 05 : CLI Script to create az web app , auto deploy from github az group create --location westeurope --name $webappname az service plan create --name $webappname --resourcegroup myResourceGroup --sku FREE az webapp create --name $webappname --resourcegroup myResourceGroup --plan $webappname az webapp deployment source config --name $webappname --resource-group myResourceGroup --repo-url $gitrepo --branch master --manual-integration (once) (For continueous deployment use --git-token $token) https://docs.microsoft.com/en-us/azure/app-service/scripts/cli-deploy-github 06 : [NO] the "less than one minute" detail : blob storage trigger can take up to 10 mns Use Event Grid instead of the Blob storage trigger for the following scenarios: 1-Blob-only storage accounts: Blob-only storage accounts are supported for blob input and output bindings but not for blob triggers. 2-High-scale: High scale can be loosely defined as containers that have more than 100,000 blobs in them or storage accounts that have more than 100 blob updates per second. 3-Minimizing latency: If your function app is on the Consumption plan, there can be up to a ##10-minute delay in processing new blobs## if a function app has gone idle. To avoid this latency, you can switch to an App Service plan with Always On enabled. You can also use an Event Grid trigger with your Blob storage account. For an example, see the Event Grid tutorial. 07 : [YES] web.config include the applicationInitialization configuration element. Specify custom initialization actions to run the scripts Specify custom warm-up : "scripts cannot be run in applicationInitialization" https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots 08 : [YES] You need to ensure that scripts run and resources are available before a swap operation occurs. Solution: Enable auto swap for the Testing slot. Deploy the app to the Testing slot. 09 : YES : stop autoswap do it, re-enable autoswap 10 : NO : change storage to Blob 11 : TLS mutual authentication Client certificate location : HTTP request header Encoding type : Base64 12 : order : az group create -> az service plan create -> az webapp create 13 : order of scripting set vars create app config set container config set hostname 14 : Step 1: Create the Azure Functions app with a Premium plan type. to avoid cold starts and vnet support Step 2: Create a system-assigned managed identity for the application. Create a system-assigned managed identity for your application. Key Vault references currently only support system-assigned managed identities. User-assigned identities cannot be used. Step 3: Create an access policy in Key Vault for the application identity. Create an access policy in Key Vault for the application identity you created earlier. Enable the "Get" secret permission on this policy. Do not configure the "authorized application" or applicationId settings, as this is not compatible with a managed identity. 15 : Windows Azure Web Sites (WAWS) offers 3 modes: Standard, Free, and Shared : standard has least limits 16: order of create ; group -> app service plan -> webapp -> webapp deployment slot -> webapp deployment source 17 : Azure Cosmos DB : trigger function function ensureTip(){ var r = getContext().getRequest(); var body = r.getBody(); if(!("tip" in body)){ //if((isNaN(body)["tip"]) || body["tip"] === null{ body["tip"] = 0; } r.setBody(body); } 18 : ensure the app does not time out and processes the blob data Use Durable Function pattern to process the blob data NO : no timeouts ... 19 : ensure the app does not time out and processes the blob data Pass the HTTP trigger payload into an Azure Service Bus queue to be processed by a queue trigger function and return an immediate HTTP success response. YES 20 : ensure the app does not time out and processes the blob data Configure the app to use an App Service hosting plan and enable the "Always On" setting. Always on does not guarantee no timeouts ... NO --<<-- -->>-- 21 -- 34 21 : design the process that starts the photo processing Move photo processing to an Azure Function triggered from the blob upload. YES (The question mentioning that is runs on v2 tells me that YES is the right answer) 22 : Azure Blob storage, read the transaction logs of all the changes in the order in which they occurred and be retained for compliance reasons. You need to process the transaction logs asynchronously. :Enable the "change feed" on the storage account and process all changes for available events 23 : Docker image with ASP.NET Core application ContosoApp. setup script setupScript.ps1 and application files including ContosoApp.dll. Box 2: FROM microsoft/aspnetcore-build:latest Box 3: WORKDIR /apps/ContosoApp - Bxo 4: COPY ./ . Box 5: RUN powershell ./setupScript.ps1 Box 1: CMD [..] 24 : Azure Function App that processes images that are uploaded to an Azure Blob container. You create code to process images when the Function App is triggered. as quickly as possible, minimize latency You need to configure the Function App. D. Use an App Service plan. Configure the Function App to use an Azure Blob Storage trigger. ( no consumptionplan!) 25 : Virtual Machine Scale Set (VMSS), several storage accounts, and networking components How should you complete the Azure Resource Manager template? copyIndex()(name storageaccounts), copy{}(storage), Dependson[](VMS) 26 : Azure Function App in Visual Studio, process orders input by an Azure Web App, places the order info into Azure Queue Storage. You need to review the Azure Function App code No(not the processtime), yes(default poison retry=5), yes( the queue trigger retrieves a batch of messages and invokes function instances concurrently to process them), yes (table bindings) 27 : You provision a Cosmos DB NoSQL database, default consistency level database account Strong. value for Indexing Mode to Consistent You must override the default consistency level at the query level to meet the required consistency guarantees for the scenarios. String/Bounded staleness/Eventual https://docs.microsoft.com/en-us/azure/cosmos-db/consistency-levels 28 : configure dev vm image for users Tool : azure powershell Images : azure blob storage 29 : run script before serving traffic A Add the path to the static content generation tool to WEBSITE_RUN_FROM_PACKAGE setting in the host.json file. D Create a file named .deployment in the root of the repository that calls a script which generates the static content and deploys the website. 30 : You need to create a copy of the storage account in another region and copy the data export, create, modify, deploy, copy 31 : 1. Run Command 2. Custom Script Extension 32 : You need to create the web app and deploy the code Box 1: New-AzResourceGroup Box 2: New-AzAppServicePlan Box 3: New-AzWebApp Box 4: New-AzWebAppSlot 33 : assign VM identity $vm -IdentityType SystemAssigned 34 : photos in Azure Storage Blob storage. The storage account type is General-purpose V2. no ?? hmm --<<-- -->>-- 35/01 -- 53/19 (Topic 2 : storage, apps, apis ?) 35/01 : sortorder in Cosmos DB policy json composite indexes/ascending (reverted) (A query that orders by multiple properties requires a composite index) 36/02 : You need to implement the Azure Event Hub. There are 6 highways : 6 partitions , partition key Highway 37/03 : microservices solution. You plan to deploy the solution to a multinode Azure Kubernetes Service (AKS) cluster. Box 1: Helm -To create the ingress controller, use Helm to install nginx-ingress. Box 2: kubectl -To find the cluster IP address of a Kubernetes pod, use the kubectl get pod command on your local machine, with the option -o wide . Box 3: Ingress Controller - provides reverse proxy, configurable traffic routing, and TLS termination for Kubernetes services. 38/04 : Azure Service Bus queue FutureOrders: SQLFilter HighPriortyOrders: CorrelationFilter InternationalOrders: SQLFilter HighQuantityOrders: SQLFilter AllOrders: No Filter 39/05 : CDN request, not in cache get, get returns image, subseq get from cache 40/06 : Azure Cosmos DB SQL API. The data includes millions of documents. Each document may contain hundreds of properties. Which two partition keys can you use? Each correct answer presents a complete solution D. a concatenation of multiple property values with a random suffix appended ( synthetic keys) E. a hash suffix appended to a property value 41/07 : A company develops a series of mobile games. All games use a single leaderboard service. Yes, No, No, Yes 42/08 : Azure Storage Client library for .NET code Yes, no, yes 43/09 : Azure Blob storage lifecycle to move all blobs to the archive tier after 30 days. minimum SLA for data recovery for viewing data older than 30 days. B. between one and 15 hours 44/10 : ticket reservation system for an airline storage Bounded Staleness, --enable automatic failover true, --locations 'southcentralus=0 eastus=1 westus=2' (Not strong) Cosmos accounts configured with multiple write regions cannot be configured for strong consistency as it is not possible for a distributed system to provide an RPO of zero and an RTO of zero. another hint is --max-interval parameter which is used by the Bounded Staleness consistency level only. 45/11 : deploy a website to an Azure Web App using a container. The solution will use multiple containers in the same container group dockerfile : --sku B1 --is-linux --deployment-container-image-name images.azurecr.io/website:v1.0.0 container set --docker-registry-server-url https://images.azurecr.io/website:v1.0.0.azurecr.io -u admin -p admin 46/12 : back-end Azure App Service that scales based on the number of messages contained in a Service Bus queue. metric name : Active Message Count Time Grain Statistic : Count Operator : Les than or equal to Box 5 : Decrease count by 47/13 : application that uses Azure Blob storage. You need to update the metadata of the blobs. FetchAttributesAsync, Metadata.Add, SetMetadataAsync. 48/14 : solution to collect point-of-sale (POS) device data from 2,000 stores located throughout the world. A single device can produce 2 megabytes (MB) of data every 24 hours. Each store location has one to five devices that send data. Solution: Provision an Azure Event Grid. Configure the machine identifier as the partition key and enable capture. NO : 2 MB data ? Event max 1 MB ? "enable capture". I have found capture only for Event Hub, not for Event Grid. 49/15 : NET application needs to receive a message each time an Azure virtual machine finishes processing data CloudQueueClient (In contrast to queues, topics and subscriptions provide a one-to-many form of communication in a publish and subscribe pattern. useful for scaling to large numbers of recipients.) 50/16 : Azure Blob GPv1 Premium storage account Step 1: Upgrade the storage account to GPv2 Step 2: Create a new GPv2 storage account and set its default access tier level to cool Step 3: Copy the data to be archived to a Standard GPv2 storage account and then delete the data from the original storage account 51/17 : You must connect to a No-SQL globally-distributed database by using the .NET API. You need to create an object to configure and execute requests in the database. C. new CosmosClient(EndpointUri, PrimaryKey); 52/18 : azcopy 53/19 : retrieve access (identity) Box 1: http://169.254.169.254/metadata/identity/oauth2/token Box 2: JsonConvert.DeserializeObject>(payload); --<<-- -->>-- 54/01 -- 81/28 (Topic 3 : security) 54/01 : You need to obtain an Azure Resource Manager access token. Solution: Run the Invoke-RestMethod cmdlet to make a request to the local managed identity for Azure resources endpoint. YES 55/02 : You need to configure the applicationג€™s manifest to meet the authentication requirements. groupMembershipClaims : all oauth2AllowImplicitFlow : true 56/03 : you need to copy specific blobs from Container1 to Container2 when a new video is uploaded. B. Create an Event Grid topic that uses the Start-AzureStorageBlobCopy cmdlet 57/04 : Azure FrontDoor.You need to purge individual assets from the Front Door cache. Which type of cache purge should you use? A. single path 58/05 : Callers to the API must not send credentials to the API. C. Managed identity 59/06 : Which API Management policy should you implement? D. validate-jwt 60/07 : To which policy section should you add the policies? inbound, inbound, outbound, outbound 61/08 : You need to register the application with an active Azure Active Directory (Azure AD) tenant. {wrong} Select the Azure AD instance. (Step 1) Select New registration. (Step 2) Create a new application and provide the name, account type and the redirect URI (Step 3) 62/09 : You need to implement multifactor authentication for the website. B. In Azure AD, create a new conditional access policy. C. Upgrade to Azure AD Premium. 63/10 : The Azure AD group must not be able to access the keys that are required to access the data You need to restrict access to the Azure AD group. C. Cosmos DB Operator 64/11 : You need to configure authorization. Solution: Configure the Azure Web App for the website to allow only authenticated requests and require Azure AD log on. No 65/12 : Solution: - Create a new Azure AD application. In the applications manifest, set value of the groupMembershipClaims option to All. - In the website, use the value of the groups claim from the JWT for the user to determine permissions. Yes 66/13 : {wrong} : YES 67/14 : Azure Key Vault Enable retention period and accidental deletion : Soft Delete Enforce retention period and accidental deletion : Purge Protection 68/15 : Every request to the backend service must include a valid HTTP authorization header. You need to configure the Azure API Management instance with an authentication policy. C. Certificate Authentication D. OAuth Client Credential Grant 69/16 : implement role-based access control (RBAC) role permissions on the containers that store photographs. You assign users to RBAC roles configure: API:Azure storage Permission:user_impersonation Type:delegated API:Microsoft Graph Permission:User.Read Type:delegated 70/17 : Azure App Configuration store named AppFeatureFlagStore that contains a feature flag named Export {wrong} UseAuthentication, Use Authorization, UseAzureAppConfiguration 71/18 : Azure Web app and several Azure Function apps. Application secrets including connection strings and certificates are stored in Azure Key Vault. C. Create a system assigned Managed Identity in each App Service with permission to access Key Vault. 72/19 : medical records document management website Solution : 1. Create an "Azure Key Vault key" named skey. 2. Encrypt the intake forms using the "public key portion" of skey. 3. Store the encrypted data in Azure Blob storage. YES 73/20 : Solution: 1. Create an Azure Cosmos DB database with Storage Service Encryption enabled. 2. Store the intake forms in the Azure Cosmos DB database. NO : use "Azure Key vault and public key encryption". Store the encrypted from in Azure Storage Blob storage 74/21 : Solution: Store the intake forms as Azure Key Vault secrets. NO : use the Key Vault as storage for Application data or config not user data. 75/22 : Linux virtual machine (VM) configure Azure Disk Encryption for the VM az Keyvault create (--resource, --location) az Keyvault key create (--protection software) az VM create (--image, --admin, --disk) az VM encryption enable (-- key-encryption-key,) --volumetype all 76/23 : You need to implement authentication for the Azure API to access other Azure resources C. Managed identity (basic policy Basic authentication. effectively sets the HTTP Authorization header) 77/24 : You need to retrieve a storage account key secret from Azure Key Vault. Step 1: Get-AzSubscription - Step 2: Set-AzContext -SubscriptionId Step 3: Get-AzStorageAccountKey - Step 4: $secretvalue = ConvertTo-SecureString -AsPlainText -Force Set-AzKeyVaultSecret -VaultName -Name -SecretValue $secretvalue Step 5: Get-AzKeyVaultSecret - 78/25 : grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager. You need to obtain an Azure Resource Manager access token. Solution: Use an X.509 certificate to authenticate the VM with Azure Resource Manager. NO (Use Invoke-WebRequest cmdlet, make request to the local managed identity for Azure resources endpoint to get an access token for Azure Resource Manager.) 79/26 : Solution: Use the Reader role-based access control (RBAC) role to authenticate the VM with Azure Resource Manager. NO (Use Invoke-WebRequest cmdlet, make request to the local managed identity for Azure resources endpoint to get an access token for Azure Resource Manager.) 80/27 : You need to implement an Azure CDN rule that ensures that iPhone users are redirected to the app store. "Conditions" : "parameters" "@odata.type":"Microsoft.Azure.Cdn.Models.DeliveryRuleIsDeviceConditionParameters", "matchValues" : ["IOS ?? Mobile"] doc unclear "RequestHeader": "@odata.type":"Microsoft.Azure.Cdn.Models.DeliveryRuleRequestHeaderConditionParameters", "selector": "HTTP_USER_AGENT" "matchValues" : ["IOS ?? Mobile"] 81/28 : Solution: - Configure and use Integrated Windows Authentication in the website. - In the website, query "Microsoft Graph API" to load the group to which the user is a member. NO (Instead in the Azure AD applications manifest, set value of the groupMembershipClaims option to All.And use jwt) --<<-- -->>-- 82/01 -- 98/17 (Topic 4 : telemetry) 82/01 : Application insights : Which two dependency telemetry properties should you use? Each correct answer presents part of the solution. B. Telemetry.Id D. Telemetry.Context.Operation.Id 83/02 : Azure Front Door Service. The File MIME type is supported by the service YES Edge node must be purged of all cache assets NO (files bigger than 8 MB ?) The compression type is supported YES 84/03 : You need to configure Azure CDN caching rules. Caching behaviour : Override Cache expiration duration : 1 hour Query string caching behaviour : cache every unique url 85/04 : web app that uses tier D1 app service plan You need to ensure that the web app automatically scales when CPU load is about 85 percent and minimize costs. Step 1: Configure the web app to the Standard App Service Tier The Standard tier supports auto-scaling, and we should minimize the cost. Step 2: Enable autoscaling on the web app (First enable autoscale) Step 3: Add a scale rule Step 4: Add a Scale condition 86/05 : several ASP.NET web applications to Azure App Service. You plan to save session state information and HTML output Proposed Solution: Enable Application Request Routing (ARR). NO -> redis !?! (Application Request Routing is for controlling internet traffic in IIS using a proxy server. It doesn't deal with managing state information.) (Application Request Routing is for scaling and load balancing.) 87/06 : Proposed Solution: Deploy and configure an Azure Database for PostgreSQL. Update the web applications. NO 88/07 : gaming platform includes an entity named Team. You need to invalidate the cache when team data is changed void ClearCachedTeams() IDatabase cache = Connection.GetDatabase(); cache.KeyDelete("Team"); 89/08 : temperature data to an Azure Service Bus queue Create a blank logic app {wrong} Add a logic app trigger that fires when one or more messages arrive in the queue Add an action that reads IoT temp data from SBQ Add a condition that compares data to thresholds Add an action that sends an email to specified personnel it t is outside thresholds 90/09 : configure the application to track webpages and custom events. You need to identify trends in application usage {wrong} Which page visited by users most often "correlate to a product purchase" : Funnels How does "load time" of the product display page affect a users decision to purchase a product : Impact Which events most influence a users decision to "continue to use the app" : Retention Are there places in the application that "users often perform repetitive actions" : User flows 91/10 : gateway solution for a public facing news API. The news API back end is implemented as a RESTful service and uses an OpenAPI specification. ensure that you can access the news API by using an Azure API Management service instance D. New-AzureRmApiManagementBackendProxy -Url $ApiUrl (Wrong ?) 92/11 : Azure Service Bus to publish alarms You need to implement a reply trail auditing solution. A. Assign the value of the hazard message "SessionID" property to the "ReplyToSessionId" property. D. Assign the value of the hazard message "MessageId" property to the "CorrelationId" property. 93/12 : Azure function that connects to an Azure SQL Database instance. The function is triggered by an Azure Storage queue. You receive reports of numerous System.InvalidOperationExceptions with the following message "Timeout expired. The timeout period elapsed prior to obtaining a connection from the pool. This may have occurred because all pooled connections were in use and max pool size was reached." You need to prevent the exception. C. Convert the Azure Function to the Premium plan 94/13 : Proposed Solution: Deploy and configure Azure Cache for Redis. Update the web applications. YES 95/14 : Proposed Solution: Deploy and configure Azure Cache for Redis. Update the web applications. Box 1: TimeStamp = ago(1d) Box 2: distinct containerID Box 3: where ContainerID in (ContainerIDs) Box 4: summarize Count by Computer 96/15 : deploy a web app to App Service on Linux. You create an App Service plan. You create and push a custom Docker image that contains the web app to Azure Container Registry. You need to access the console logs generated from inside the container in real-time. Box 1: config - To Configure logging for a web app use the command: az webapp log config Box 2: --docker-container-logging Syntax include: az webapp log config [--docker-container-logging {filesystem, off}] Box 3: webapp - To download a web app's log history as a zip file use the command: az webapp log download Box 4: {wrong} download - tail (real time) 97/16 : Application Insights telemetry You need to configure a test for the web app. B. multi-step web C. URL ping 98/17 : Azure Function app with an HTTP trigger. The API Management instance is configured in consumption plan mode. All API calls are authenticated by using OAuth. API calls must be cached. Customers must not be able to view cached data for other customers. You need to configure API Management policies for caching. {wrong} caching-type : internal (not in consumption ?? --> external ?) downstream-caching-type Private Authorization --<<-- -->>-- 099/01 -- 122/24 (Topic 5 : logic apps ?) 099/01 : Weather Which types of policies should you implement? {wrong} inbound,outbound,backend 100/02 : Messages must be communicated in first-in-first-out (FIFO) order. --> FIFO in def of service bus ! wrong C - Azure Service Bus 101/03 : Azure Blob Storage. Admins move blobs from hot storage to archive tier storage every month Recurrance condition true : tier blob false : put message in queue list blobs 2 102/04 : Azure Service application that processes queue data when it receives a message from a mobile application Queuesize < 80 Gb, FIFO, Minimize costs Solution: Use the .Net API to add a message to an Azure Service Bus Queue from the mobile application. Create an Azure Function App that uses an Azure Service Bus Queue trigger. YES (1. FIFO - Service Bus guarantees that ) (2. Size < 80 GB - you should consider Storage Queue when data exceeds that limit) Question is tailored for Service Bus :) 103/05 : Solution: Provision an Azure Notification Hub. Register all devices with the hub. NO notification hub is for pushing the data, to a mobile device, not for collecting the data. Azure Event Hub is for telemetry and distributed data broadcasting (Outbound) 104/06 : Solution: Provision an Azure Service Bus. Configure a topic to receive the device data by using a correlation filter. YES 105/07 : Solution: Provision an Azure Event Grid. Configure event filtering to evaluate the device identifier. NO An event is a lightweight notification of a condition or a state change. Event hubs is usually used reacting to status changes 106/08 : several existing Logic Apps.You need to change definitions, add new logic, and optimize these apps on a regular basis. edit B2B workflows : enterprise integration pack edit defs in Json : code view editor visually add functionality : Logic Apps designer 107/09 : You create an Azure Service Bus instance by providing a name, pricing tier, subscription, resource group, and location. az servicebus queue create --resource-group $resourceGroupName --namespace-name $namespaceName --name BasicQueue 108/10 : uses Azure Storage Queues No,Yes,Yes 109/11 : You create an Azure Service Bus instance by providing a name, pricing tier, subscription, resource group, and location. C: new AzureRmServiceBusQueue --resource-group $resourceGroupName --namespace-name $namespaceName --name BasicQueue 110/12 : cfr 102/04 Solution: Use the .Net API to add a message to an Azure Storage Queue from the mobile application. Create an Azure Function App that uses an Azure Storage NO : servicebus 111/13 : Azure Service Bus solution. restos , drivers Create a single Service Bus Namespace. {wrong}Create a single Service Bus Topic. Create a Service Bus subscription for each restaurant for which a driver can receive orders. 112/14 : news and blog content app for Windows devices. A notification must arrive on a users device when there is a new article available for them to view. You need to implement push notifications. NotificationHubClient hub = NotificationHubClient.Createclientfromconnectionstring() SendWindowsNativeNotificationAsync 113/15 : Azure messaging solution. requirements: Provide transactional support, Provide duplicate detection, Store the messages for an unlimited period of time. A. Azure Service Bus Topic B. Azure Service Bus Queue 114/16 : Azure Storage Queues. (cfr 108/10 other question 2 !) No, Yes, Yes 115/17 : gateway solution for a public facing news API. You need to configure back-end authentication Box 1: Azure Resource - Box 2: Client cert - 116/18 : "Event Grid" Your apps event data will be sent to a "serverless function" that checks compliance. a new event subscription at the scope of your resource. The event must be invalidated after a specific period of time. You need to configure Event Grid. Webhook event delivery : SAS Tokens (expiration time) (Shared Access Signature (SAS)) Topic publishing : ValidationCode Handshake 117/19 : API Policy object by using the following XML markup Yes, No, No 118/20 : Azure messaging services.uses a publish-subscribe model and eliminates the need for constant polling A. Service Bus C. Event Grid 119/21 : Azure Service Bus. the first subscription application. In the Azure portal you see that messages are being sent to the subscription for each topic. You create and initialize a subscription client object by supplying the correct details, but the subscription application is still not consuming the messages. You need to ensure that the subscription client processes all messages. D. subscriptionClient."RegisterMessageHandler"(ProcessMessagesAsync, messageHandlerOptions); 120/22 : Solution: Use the .Net API to add a message to an Azure Storage Queue from the mobile application. Create an Azure VM that is triggered from Azure Storage Queue events. NO 121/23 : No : costs ? 122/24 : REST web service : 409 : conflict but 500 context.Blah blah && context.blahblah --<<-- -->>-- Topic 6 - 23 : testlets --> 45 Q Topic 6 Testlet 1 01 : standard tier, profile akamai, optimization dynamic site acceleration (dsa) 02 : tools : backup and restore : az backup // performance : Accelerated Networking Topic 7 Testlet 10 01 : You need to retrieve the database connection string : cpandlkeyvault...../secrets/PostgreSQLConn/Querystring 02 : You need to correct the corporate website error Step 1: Generate a certificate - Step 2: Upload the certificate to Azure Key Vault Step 3: Import the certificate to Azure App Service Step 4: Update line SCO5 of Security.cs to include error handling and then redeploy the code 03 : You need to configure API Management for authentication Policy : Validate JWT Policy section : Outbound 04 : You need to authenticate the user to the corporate website A. ID token signature D. Azure AD endpoint URI 05 : correct the Azure Logic app error message Authentication level : function // managed identity system-assigned 06 : configure Azure Service Bus to Event Grid integration Tier : Premium RBAC : Contributor Topic 8 Testlet 11 01 : 02 : Topic 9 Testlet 12 01 : 02 : Topic 10 Testlet 13 01 : 02 : Topic 11 Testlet 14 01 : 02 : 03 : 04 : Topic 12 Testlet 15 01 : 02 : 03 : Topic 13 Testlet 16 01 : 02 : Topic 14 Testlet 17 01 : 02 : Topic 15 Testlet 18 01 : 02 : 03 : Topic 16 Testlet 2 01 : You need to correct the RequestUserApproval Function app error. C. Update the function to be stateful by using Durable Functions to process the request payload. Topic 17 Testlet 3 01 : A. Set Always On to true. B. Ensure that the Azure Function is using an App Service plan. Topic 18 Testlet 4 01 : Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages. You need to ensure that validation testing is triggered per the requirements. 1. ImagePushed 2. repository 3. topic 02 : configure the ContentUploadService deployment Windows containers in a group do not support custom vnet, so must be Linux (C). Exposing to internet/public is not yet supported, so must be private (A). Topic 19 Testlet 5 01 : 02 : 03 : Topic 20 Testlet 6 01 : Topic 21 Testlet 7 01 : 02 : Topic 22 Testlet 8 01 : 02 : 03 : 04 : 05 : Topic 23 Testlet 9 01 : 02 : --<<-- --<<-- end try exam --------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------- 365 Days Contributor Access (Expires Apr 17, 2022) (keep ok) examtopics@schumipage.be/ThisIsMyExAcc06! // ExamTaker314 (keep ok) --------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------- -->>-- Full Index Develop Azure compute solutions (25-30%) Implement IaaS solutions  provision virtual machines (VMs)  configure, validate, and deploy ARM templates  configure container images for solutions  publish an image to the Azure Container Registry  run containers by using Azure Container Instance Create Azure App Service Web Apps  create an Azure App Service Web App  enable diagnostics logging  deploy code to a web app  configure web app settings including SSL, API settings, and connection strings  implement autoscaling rules including scheduled autoscaling and autoscaling by operational or system metrics Implement Azure functions  create and deploy Azure Functions apps  implement input and output bindings for a function  implement function triggers by using data operations, timers, and webhooks  implement Azure Durable Functions  implement custom handlers Develop for Azure storage (15-20%) Develop solutions that use Cosmos DB storage  select the appropriate API and SDK for a solution  implement partitioning schemes and partition keys  perform operations on data and Cosmos DB containers  set the appropriate consistency level for operations  manage change feed notifications Develop solutions that use blob storage  move items in Blob storage between storage accounts or containers  set and retrieve properties and metadata  perform operations on data by using the appropriate SDK  implement storage policies, and data archiving and retention Implement Azure security (20-25%) Implement user authentication and authorization  authenticate and authorize users by using the Microsoft Identity platform  authenticate and authorize users and apps by using Azure Active Directory  create and implement shared access signatures Implement secure cloud solutions  secure app configuration data by using App Configuration Azure Key Vault  develop code that uses keys, secrets, and certificates stored in Azure Key Vault  implement solutions that interact with Microsoft Graph Monitor, troubleshoot, and optimize Azure solutions (15-20%) Integrate caching and content delivery within solutions  configure cache and expiration policies  configure cache and expiration policies for Azure Redis Cache  implement secure and optimized application cache patterns including data sizing, connections, encryption, and expiration Instrument solutions to support monitoring and logging  configure an app or service to use Application Insights  analyze and troubleshoot solutions by using Azure Monitor  implement Application Insights web tests and alerts Connect to and consume Azure services and third-party services (15-20%) Implement API Management  create an APIM instance  configure authentication for APIs  define policies for APIs Develop event-based solutions  implement solutions that use Azure Event Grid  implement solutions that use Azure Notification Hubs  implement solutions that use Azure Event Hub  import OpenAPI definitions Develop message-based solutions  implement solutions that use Azure Service Bus  implement solutions that use Azure Queue Storage queues --<<-- --------------------------------------------------------------------------------------------------------- lab files lokaal via github https://github.com/MicrosoftLearning/AZ-204-DevelopingSolutionsforMicrosoftAzure --------------------------------------------------------------------------------------------------------- - voor examen : - use bash - onofficieel : examtopics.com : https://www.examtopics.com/exams/microsoft/az-204/ - officieel : ms measureup oefenvragen 91 eur --------------------------------------------------------------------------------------------------------- nfo : free learning path voor az204 lessen in filmpkes : FreeCourseWebcom_Microsoft AZ-204 Certification Course - Developing Solutions for Azure.zip documentation https://docs.microsoft.com/en-us/learn/certifications/exams/az-204?tab=tab-learning-paths --------------------------------------------------------------------------------------------------------- AzureSdk CLI : add packs : dotnet add package Newtonsoft.Json dotnet add package Microsoft.Extensions.Configuration.Json dotnet add package StackExchange.Redis --------------------------------------------------------------------------------------------------------- mywebappcodejsch https://mywebappcodejsch.scm.azurewebsites.net:443/mywebappcodejsch.git --------------------------------------------------------------------------------------------------------- http://imgwebjoschoenmakers.azurewebsites.net/ code D:\_MySrc\AZ-204_training\AZ-204-master\Allfiles\Labs\01\Starter\Web --------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------- how to see code or docker on webapp : configuration second tab --------------------------------------------------------------------------------------------------------- Is het mogelijk om resources te clonen en/of te moven between accounts ? --> azcopy ?? of copy json config --------------------------------------------------------------------------------------------------------- bash ? cloud cli ? (in portal :) --------------------------------------------------------------------------------------------------------- -->>-- FR 26/03/2021 ------------- vrijdag ochtend 09:00 - 12:00 de kosten : subscription -> budget -> alert cost analysis Azure monitoring --> alerts (slide) azure sentinel (not in course) azure notebooks : zoeken naar afwijkingen azure security insights playbooks : reageren op alerts : action steps, logic apps Log analitics : analyse op logging data Application insights : collects data : voor betalen ... : instrumentation key Azure defender plans : betalen per agent on resource Azure security center : security tips -unified monitoring -datadriven insights -workflow integrations -> 12 monitoring --<<-- -->>-- TH 25/03/2021 ------------- fe https://cdnmediajsc.azureedge.net/di-20000101-scheme.jpg cdn endpoint hostname media https://cdnmediajsc.azureedge.net cdn endpoint hostname video https://cdnvideojsc.azureedge.net cdn endpoint hostname cdnwebjsc https://cdnwebjsc.azureedge.net video url https://az204cdnhostjsc.blob.core.windows.net/video media url https://az204cdnhostjsc.blob.core.windows.net/media landingpage webapp url https://landingpagejoschoenmakers.azurewebsites.net -> Lab 13 : CDN other cache : content delivery network (CDN) : edge servers, (pops) point of presence locations Prim Key contososportsappredisjoschoenmakers.redis.cache.windows.net:6380,password=KAPko3e1B9gHg66Z7VvwDRnzL3oEKqUS22nxM2Z5wow=,ssl=True,abortConnect=False CreateRedis-contososportsappredisjoschoenmakers-20210325134007 -> exercice : https://docs.microsoft.com/en-us/learn/modules/optimize-your-web-apps-with-redis/4-exercise-create-redis-cache?pivots=csharp hostname/port/accessKey reddis cli Azure cache for redis redis cache (open src NoSQL storage mechanism) Key-Value pairs (complex data structures for both allowed:unique) in mem -> 13 integrate caching and content delivery within solutions oefening servicebus (not in lab, wel in examen) https://docs.microsoft.com/en-us/learn/modules/implement-message-workflows-with-service-bus/1-introduction git clone https://github.com/MicrosoftDocs/mslearn-connect-services-together.git -> LAB 11 storagequeues (10:15) ok (10:50) storagequeue (messages > 80 Gb) azure servicebus nuget pkg async storage queue (size unlimited,default logbook) - servicebus queue (bigger messages)(size limited 80Gb)(delivery garantee)(batches)(FIFO) servicebus 3ways of communication (uses 1 domain namespace) Queues : decoupled receive-handle (tijdelijke opslag van berichten) topics : queue with multiple subscribers (not in basic tier) relays : rechtstreekse coupling async data contract message (with data)<-> event(notification)(status changes) azure queue storage azure service bus -> 11 develop message-based solutions --<<-- -->>-- WE 24/03/2021 ------------- notification hubs : device registration, installation (new, not .net sdk, yet): advanced registration push notification service (pns) --> apns(apple), mpns(windows) -> [not in course !] push notification service cfr EventPublisher D:\_MySrc\AZ-204_training\AZ-204-master\Allfiles\Labs\10\Starter\EventPublisher -> LAB 10 - (14:25) ok 16:30 (some code issues in vscode) eventhub : (event streaming), big data , veel subscribers, combine data for analysis cfr 11 azure servicebus --> messages events, messages ? event grid : event driven architecture (pub-sub) -> 10 Azure event grid (problem solving, fe missing messages) -> LAB 09 (13:20) (14:00) ok - automating by using logic apps logic app designer trigger : polling, push connectors : special api app (twitter, ...) actions and triggers not realtime performance automation, trigger -> 09 logic app -> LAB 08 (11:35) ok (12:20) apim subscriptions : secure apis open api == swagger api gateway, api management service (testen, 4 developers) -> 08 API Management (APIM) -> LAB 07 (ok) app configuration manager (settings, secrets for apps) (new) managed identity (system <-> user assigned) Azure key vault(auto scaling)(secrets)(managed identity), hardware security modules(HSM) FIPS 140-2 -> 07 securing applications --<<-- -->>-- TU 23/03/2021 ------------- -> ok - lab 06 access resource OAuth 2.0 access tokens Active Directory Authentication Library (ADAL) (only accounts in azure AD) integratie met active directory Module 06 Implement User authentication and authorization -> ok - lab 05 Deploying compute workloads by using images and containers container groups azure container Instances (ACI) (for simple apps, no kubernites) azure container registry (ACR) Containers (cfr docker): Mechanism to package and deploy an application arm-ttk : azure resource manager toolkit (tests) templates : infrasctructure as a code New lang : Bicep replaces json templates https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/bicep-overview Availability VM Categories Price (storage - compute) VM's (Name !) -> module 05 Implement IaaS solutions ex1 task 3 hangs (create azure db) -> lab 04 constructing a ployglot data solution arch on tables, low edits -> Azure Table API semi gestructureerd -> mongodb (low downtime) metadata (links between products): gemlin, uses graph fe:semi gestructureerd, flexible schema, webshop ? -> core sql (schemaloos) , not table, not cassandra, not gremlin, not mongo (geen sql) table api (auto index) mongodb api : API's : standard core sql api, jason docs, javascript : recommended consistency levels : standard session regio -> Azure cosmos db : document store, json docs lab 03 tem ex 3/3, todo ex3/4 en ex4 -> Lab [03] AZ Storage --<<-- -->>-- MO 22/03/2021 ------------- azcopy Access tiers (premium hot-cool-archive) storage acc -> container -> blob (block(media),append(log files),page(like (virtual) disk)) -> Azure storage ----------------------- run.csx test func echo : httprepl http://localhost:7071 funcstorjoschoenmakers function App Name : funclogicjoschoenmakers resource group : Serverless-UKYYZYR82G -> Azure functions (serverless) (altijd storage account nodig) ----------------------- ---- ---- http://imgwebjoschoenmakers.azurewebsites.net/ deploy az webapp deployment source config-zip --resource-group AZ-204 --src api.zip --name imgapijoschoenmakers az webapp deployment source config-zip --resource-group AZ-204 --src web.zip --name imgwebjoschoenmakers imgwebjoschoenmakers.azurewebsites.net resource group : AZ-204 D:\_MySrc\AZ-204_training\AZ-204-master\Allfiles\labs\01\starter\api imgapi url : imgapijoschoenmakers.azurewebsites.net App Service Plan : ManagedCostPlan Storage Account Name az204devjoschoenmakers ConnectionString DefaultEndpointsProtocol=https;AccountName=az204devjoschoenmakers;AccountKey=Qk4os5/xlk0wMZMbCUWUDXtIEI5XD7rbBov4x2CVHlWiN9O9W7H14AnHRoGeVVNvwkv5c1CzwcZT71wcNA9xxA==;EndpointSuffix=core.windows.net ---- ---- VM : SEA-DEV\admin Storageaccountname : imgstorjoschoenmakers -> App Services Web Apps --<<-- -------------------------------------------------------------------------------- -->>-- Course nfo/settings https://portal.azure.com/#home azure pass https://gk.labsonline.it/ OMP3DI QV2SVUC8I5IXJTO3P3 https://www.microsoftazurepass.com/ - busy - Saskia simon (4 maanden) certificate ? powershell, bash jo.schoenmakers@protime.eu/ThisIsMyGKAcc06! jo.schoenmakers@protime.eu/ThisIsMySkillPipeAccount06! // LCYT-YSGD-VGOO-MWKI //https://www.skillpipe.com/ Join Zoom Meeting https://gkemea.zoom.us/j/94683416227?pwd=YVp3dGQzQWhzSWJWczdmY2I1VTZvZz09 Meeting ID: 946 8341 6227 Passcode: 822561 From Ariane Quaghebeur Thanks for attending the course “M-AZ204 Developing Solutions for Microsoft Azure” from Global Knowledge. Course Date/time : 22nd - 26th March 2021 // Course time: 09.00 – 16.30 Trainer: Saskia van Stek Delivery method: Via virtual classroom Note: on the first day of the course, about 30 to 15 minutes prior to the start, you’ll receive an INVITE from the trainer to join the class. Here are some useful tips to make your virtual classroom experience the best it can be: https://www.globalknowledge.com/en-be/resources/articles/10-tips-for-getting-the-most-out-of-virtual-classes. --<<-- --------------------------------------------------------------------------------------------------------- MyAzure@schumipage.be/Deceiver1 --------------------------------------------------------------------------------------------------------- http://portal.azure.com ---------------------------------------------------------------------------------------------------------