Azure Function Plan Types, Authentication Flows, and Blob Storage: A Comprehensive Guide, Exams of Software Development

Download Azure Function Plan Types, Authentication Flows, and Blob Storage: A Comprehensive Guide and more Exams Software Development in PDF only on Docsity! Az204 graded A update solution For a CDN (Redis etc) what is the difference in caching behaviour rules: Override and 'Set if missing' - >>>Override honours the provided cache duration instead of the origin duration Set if missing uses the origin duration rather than the provided cache duration. What are the durable function types - >>>Orchestrator (Workflow) Activity (Stateless) Entity (Stateful) Client (Sends messages above) What are the durable function patterns - >>>Function Chaining Fan-out/Fan-in Async HTTP Monitor What are the azure function plan types - >>>Consumption - automatically adds compute power Premium - Identical to Consumption + VNET connectivity App Service - Traditional App service model (VMs) What do all Azure function plans require - >>>Storage plan Azure function triggers have a direction of what? - >>>In Azure function bindings have which direction? - >>>In , out or Inout What are the cosmodb consistency levels - >>>Strong - Bounded - Session - Consistent Prefix - Eventual - How do you generate a cosmosdb synthetic key? - >>>by concatenating multiple properties together What are the common azure authentication flows - >>>Interactive - On-Behalf-Of - Client-credentials Device code - Certificates - In azure authentication what are the ways to sign a shared access signature? - >>>Using the storage account key Using a user delegation key Only be used with secure HTTPS In azure authentication define a service principal - >>>Service principal is a security identity that user- created apps, services etc can use for specific resources In azure authentication what are the key features of a system assigned identity - >>>Created as part of the resource deleted when the resource is deleted, What is the powershell command to turn on http logging for a webapp - >>>Set-AzureWebsite -Http- LoggingEnabled 1 What is the url format for a service bus installation - >>>https://<namespace>.servicebus.windows.net/<queue/topic? What are the steps for creating a ServiceBus - >>>Create a resource group to hold the Azure resources you will be creating. az group create --name az204-svcbus-rg --location $myLocation Create a Service Bus messaging namespace. az servicebus namespace create \ --resource-group az204-svcbus-rg \ --name $myNameSpaceName\ -- location $myLocation Create a Service Bus queue az servicebus queue create --resource-group az204-svcbus-rg \ --namespace-name $myNameSpaceName\ --name az204-queue What is the max size of a storage queue message - >>>64kb When are the recommend times for using a storage queue (servicebus) - >>>Your application must store over 80 gigabytes of messages in a queue. Your application wants to track progress for processing a message in the queue. (useful if the worker processing a message crashes. Another worker can then use that information to continue from where the prior worker left off. You require server side logs of all of the transactions executed against your queues. What is the URL format for a storage queue - >>>https://<storageaccount>.queue.core.windows.net/<queue> What is the default TTL for a message in a storage queue - >>>7 days What is the TTL for a message in a storage queue of -1 - >>>The message doesn't expire What are the 3 Azure APIM Management Group Names - >>>Administrators - manage API management service Developers - granted access to the dev portal Guests - unauthenticated dev portal users with read only access. What are the APIM Access Restriction policies - >>>Limit Call rate by key Validate JWT Tokes Set usage quota by key Check HTTP Header presence Limit Call rate by subscription What are examples of APIM Advanced policies - >>>Mock Response Forward Request Retry Set request method Trace What are examples of APIM Transformation policies - >>>Convert XML to JSON Convert JSON to SML Find & replace string Set query string parameter Set backend service What are the APIM Policy Scopes - >>>Global scope - all APIs within the API Management instance Product scope - manages access to the product as a single entity API scope - affects only a single API Operation scope - affects only one operation within the API When do APIM policies execute - >>>Inbound policies execute when a request is received from a client Backend policies execute before a request is forwarded to a managed API Outbound policies execute before a response is sent to a client On-Error policies execute when an exception is raised In APIM what is the difference between products and groups - >>>Products are how APIs are surfaced to developers, and have one or more APIs, title, description, and terms of use Groups are used to manage the visibility of products to developers In Azure Authentication MSAL which flow is described as 'Native and web apps securely obtain tokens in the name of the user' - >>>Authorization Code In Azure Authentication MSAL which flow is described as 'Service applications run without user interaction' - >>>Client Credentials In blob storage how long must data be archived - >>>At least 180 days In blob storage how long must Cool data be stored for - >>>At least 30 days In blob storage what types of data can Block blobs store - >>>Text and binary data In blob storage what is the max size of a Block blob - >>>4.7TB In blob storage what is the ideal scenario for Append blobs - >>>logging data (e.g. from virtual machines) In blob storage what do page blobs store - >>>Random access data In blob storage what is the largest file that a page blob can store - >>>8TB In durable functions what is the Orchestrator function type - >>>workflow pattern In durable functions what is the Activity function type - >>>Stateless programing pattern In durable functions what is the Entity function type - >>>Stateful pattern In durable functions what is the client function type - >>>Sends messages above In durable functions what is the impact of Function chaining pattern - >>>Results in a sequence of events one after another In durable functions what is the Fan-out/fan-in pattern - >>>Parallel programming pattern In durable functions what is the Async HTTP pattern - >>>Used for long running requests In durable functions what is the Monitor pattern - >>>Polling pattern e.g. human interaction In cosmosdb what does the consistency level Strong provide - >>>guarantees latest committed write In cosmosdb what does the consistency level Bounded provide - >>>guarantees reads have a max lag (versions of time) In cosmosdb what does the consistency level Session provide - >>>guarantess reads, writes (consistent prefix) are correct within a client session In cosmosdb what does the consistency level Consistent prefix provide - >>>guarantees that updates are returned in order In cosmosdb what does the consistency level Eventual provide - >>>guarantees eventual consistency In azure authentication describe the authentication flow - Interactive - >>>user authentication on the web browser In azure authentication describe the authentication flow - On-Behalf-Of - >>>Application authorisation In azure authentication describe the authentication flow - Client-credentials - >>>Application authentication without user interaction In azure authentication describe the authentication flow - Device code - >>>User authentication on another device In azure authorisation, what are the 3 main ways of giving authorization - >>>Groups Based Custom Claims App Roles What is the authentication library Microsoft suggest for AAD and other authentication paths - >>>MSAL In Open Id connect what flows are recommended for a Single Page Application (SPA) - >>>Implicit PKCE In Open Id connect what flows are recommended for a Native application (public client) - >>>AuthCode without secret In Open Id connect what flows are recommended for a Web Application (confidential client) - >>>Authcode with secret In Open Id connect what flows are recommended for a Daemon application - >>>Client Confidential Flow In Open Id connect what flows are recommended for a Limited UI Application - >>>Device Code flow What are the 3 types of token in Open ID Connect - >>>Access Token ID Token Refresh Token In an Azure key vault how does soft-delete and purge protection work together - >>>purge protection prevents the final deletion of the item until the time defined in the soft delete policy has expired (7-90 days normally) What is the CLI for rehydrating a blob from the archive tier - >>>az storage blob set-tier How long might a standard priority rehydration of a blob take - >>>Up to 15 hours How long might a priority rehydration of a blob take - >>>Up to 1 hour for blob less than 10GB in size what is the CLI command to rehydrate a blob via a copy - >>>az storage blob copy start What is the upgrade cost to migrate a storage account from v1 to v2 - >>>free - but may be difference in price structure on the new storage account - e.g. by default will be migrated to Hot tier unless specified. Which type of cosmos db API should you use for a product recommendation engine - >>>Gremlin (graph database) By default, which cosmos db API connector should you recommend if there are no specific requirements - >>>SQL What type of .Net c# object do you need to use to connect to Redis Cache - >>>IDatabase class In Redis Cache .Net programming which commands do you use to add and retrieve serialized objects into the cache - >>>StringSet() and StringGet() What are 3 ways to copy blobs from one resource group to another - >>>Az-copy command CLI : AZ storage blob copy start Powershell : Start-AzStorageBlobCopy In Azure Key Vaults, what are the two types of container - >>>Vaults - storing software and HSM backed keys, secrets and certificates Managed hardware security module - only HSM backed keys In Azure key vault what is the CLI command to add a new key to the vault - >>>az keyvault secret set In Azure key vault what is the CLI command to read a key - >>>az keyvault secret show what are the three types of sampling in application insights? - >>>Adaptive Ingestion Fixed rate In Event Grid what are the common types of filtering? - >>>Subject Filtering Event Types Advanced Filtering How does event grid Subject filtering apply - >>>Allows matches on anything within the event subject. E.g. the file type or the container that the event is addressed to. https://learn.microsoft.com/en-us/azure/event-grid/event-filtering How does Event grid - Event type filtering apply - >>>Allows filtering by event type. E.g updates or deletions For azure webapps, what additional parameter for the log tail command would filter out logging and warning info to leave only error messages in the log files - >>>--only-show-errors The Lease Blob command has 5 different modes. What are they? - >>>Aquire Renew Change Release Break What is the minimum app tier required to support autoscaling functionality - >>>Standard What are the app service plans in order from cheapest to most expensive - >>>Free Tier (F1) Shared (D1) Basic (B1 - B3) Standard (S1 - S3) Premium v2 (P1v2 - P3v2) Premium v3 (P1v3 - P3v3) Isolated Service Plan (I1 - I3) What is the minimum app service plan for Staging Environments - >>>Standard (and higher) How many staging slots are there in standard - >>>5 in standard 20 in premium What are the 2 powershell commands to create a certificate and add it into a keyvault - >>>New- AzKeyVaultCertificatePolicy What is the best practice pattern for dealing with long running HTTP triggered Azure function app calls (e.g. timing out) - >>>Pass the HTTP trigger into an Azure service bus to be processed and return an immediate HTTP success response and defer the actual work in favour of immediate response. Keywork webhook What Microsoft Tool can be used to check if your ARM templates follow recommended practices? - >>>Azure resource manager test toolkit What operation can you use to test ARM template changes without deploying the template - >>>what-if operation. This predicts the changes to existing resources if the template is deployed. If the code function AcquireLeaseAsync(null) is called on a block blob. What is the length of lease that is created - >>>Infinite lease if no parameter (or null) is passed. what c# function should be used to release an infinite lease on a block blob - >>>BreakLeaseAsync(0) or ReleaseLease(condition) possibly. What is the code process for updating metadata on a blob container - >>>GetPropertiesAsync Metadata.add SetMetadataAsync what is the Azure Instance Metadata Service (IMDS) endpoint? (Http) - >>> Which .NET code objects are appropriate for connecting to a key vault - >>>SecretClient DefaultAzureCredential var client = new SecretClient(new Uri(kvUri), new DefaultAzureCredential()); What is the Cosmos DB RBAC role that allows you to provision Azure Cosmos accounts, databases, and containers, but not access the keys that are required to access the data? - >>>Cosmos DB Operator When permissioning an Azure app to access Azure API's using the logged in users permissions, should you use delegated or application permissions? - >>>Delegated (application permissions are for when an app is running as a background service When permissioning an Azure app to access Azure API's using a logged in users permissions, what permission type needs to be added - >>>user_impersonation What cmdlet should you run in order to make a request to the local Azure managed identity to request an access token - >>>Invoke-restMethod For Azure cognitive search, what is the queryType parameter for? - >>>Setting the parser - e.g. simple search/regex/fuzzy logic For Azure cognitive search, what is the searchType parameter for? - >>>whether matches are based on "all" criteria or "any" criteria in the expression. The default is "any". What is the standard way of securing the backend interface from an Azure resource to the API management gateway? - >>>Client Certificates on the Azure resource What tier of app service plan is required in order to have pre-warmed worker processes? - >>>Premium What tier of app service plan is required in order to be able to connect to virtual networks (VNET) - >>>Premium Can you set the Always on option for a consumption app service plan - >>>No. You need a full app service plan What .Net object should be used for message processing if the requirement is that the messages should not persist after being processed - >>>QueueClient What .Net Object is appropriate for connecting to a cosmos database - >>>cosmosClient In APIM gateway policies, if a scenario is NOT replacing or removing anything is it an inbound or outbound rule - >>>Inbound In API Management gateway policies if a scenario is to do with caching is it an inbound or outbound rule - >>>Inbound What is the microsoft way of running scripts from powershell for an Azure VM from Azure storage (downloaded from) - >>>Custom Script Extension Should Key Vault be considered when implementing a solution with MFA? - >>>No. Key vault is not related to multi factor auth When considering authentication for API access, which authentication object is normally used when you wish to "not send credentials to the API" - >>>Managed Identity