New AZ 104 Final Exam Questions and Answers
What is Azure Policy?
Azure Policy is an Azure service you use to create, assign and, manage policies.
... [Show More] These policies enforce different rules and effects over your resources so that those resources stay compliant with your corporate standards and service level agreements
Can Azure Policy be used with Azure DevOps?
You can even integrate Azure Policy with Azure DevOps, by applying any continuous integration and delivery pipeline policies that affect the pre-deployment and post-deployment of your applications.
What's the difference between Azure Policy and RBAC?
RBAC focuses on user actions at different scopes. You might be added to the contributor role for a resource group, allowing you to make changes to anything in that resource group. Azure Policy focuses on resource properties during deployment and for already-existing resources. Azure Policy controls properties such as the types or locations of resources. Unlike RBAC, Azure Policy is a default-allow-and-explicit-deny system.
What steps are required to create an Azure Policy?
1. Create a policy definition
2. Assign a definition to a scope of resources
3. View policy evaluation results
What is a policy definition?
A policy definition expresses what to evaluate and what action to take. For example, you could ensure all public websites are secured with HTTPS, prevent a particular storage type from being created, or force a specific version of SQL Server to be used.
Powershell command to apply an Azure policy?
# Get a reference to the resource group that will be the scope of the assignment
$rg = Get-AzResourceGroup -Name ''
# Get a reference to the built-in policy definition that will be assigned
$definition = Get-AzPolicyDefinition | Where-Object { $_.Properties.DisplayName -eq 'Audit VMs that do not use managed disks' }
# Create the policy assignment with the built-in definition against your resource group
New-AzPolicyAssignment -Name 'audit-vm-manageddisks' -DisplayName 'Audit VMs without managed disks Assignment' -Scope $rg.ResourceId -PolicyDefinition $definition
How can policy be assigned and are they inherited?
This scope could range from a full subscription down to a resource group. Policy assignments are inherited by all child resources. This inheritance means that if a policy is applied to a resource group, it is applied to all the resources within that resource group. However, you can exclude a subscope from the policy assignment.
What are initiatives?
Initiatives work alongside policies in Azure Policy. An initiative definition is a set or group of policy definitions to help track your compliance state for a larger goal. Even if you have a single policy, we recommend using initiatives if you anticipate increasing the number of policies over time.
Once defined, initiatives can be assigned just as policies can - and they apply all the associated policy definitions.
What are Azure Management Groups?
Azure Management Groups are containers for managing access, policies, and compliance across multiple Azure subscriptions.
What's a scenario where you would use management groups?
provide user access to multiple subscriptions. By moving many subscriptions under that management group, you can create one role-based access control (RBAC) assignment on the management group that will allow that access to all the subscriptions. One assignment on the management group can enable users to have access to everything they need instead of scripting RBAC rules over different subscriptions.
How do you create a management group?
Create your first management group by entering a management group ID and display name. The management group ID is the directory unique identifier and isn't editable after the group is created. The management group display name is displayed within the Azure portal and can be changed at any time.
Root management group for each organization?
After you select Save on your first management group, a root management group is created in the Azure Active Directory (Azure AD) organization. By default, the root management group's display name is Tenant root group. The ID is the Azure AD ID. After this group is created, all existing subscriptions in the Azure AD organization are made children of the root management group. So there's only one management group hierarchy within an organization.
What is Azure Blueprints?
Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and deploy new environments with the trust they're building within organizational compliance using a set of built-in components, such as networking, to speed up development and delivery.
What is Azure Monitor?
Azure Monitor maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.
What do Activity Logs do?
Activity Logs record when resources are created or modified
What are some diagnostics you can enable?
Under resource settings, you can enable Diagnostics
- Enable guest-level monitoring
- Performance counters: collect performance data
- Event Logs: enable various event logs
- Crash Dumps: enable or disable
- Sinks: send your diagnostic data to other services for more analysis
- Agent: configure agent settings
___________________ is a service that monitors the availability, performance, and usage of your web applications, whether they're hosted in the cloud or on-premises.
Application Insights is a service that monitors the availability, performance, and usage of your web applications, whether they're hosted in the cloud or on-premises. It leverages the powerful data analysis platform in Log Analytics to provide you with deeper insights into your application's operations. Application Insights can diagnose errors without waiting for a user to report them. [Show Less]