Becoming a Microsoft Specialist in Microsoft Azure Infrastructure

Becoming a Microsoft Specialist in
Microsoft Azure Infrastructure Solutions
70-533 IMPLEMENTING MICROSOFT AZURE INFRASTRUCTURE SOLUTIONS
Version 4 by expert.Anonymous

cloud service role: A cloud service role is comprised of application files and a configuration.
A cloud service can have two types of role:
web role: A web role provides a dedicated Internet Information Services (IIS) web-server used for hosting front-end web
applications.
worker role: Applications hosted within worker roles can run asynchronous, long-running or perpetual tasks independent of user
interaction or input.
cloud service components: Three components are required in order to deploy an application as a cloud service in Azure:
service definition file: The cloud service definition file (.csdef) defines the service model, including the number of roles.
service configuration file: The cloud service configuration file (.cscfg) provides configuration settings for the cloud service and
individual roles, including the number of role instances.
service package: The service package (.cspkg) contains the application code and the service definition file.
http://azure.microsoft.com/en-us/documentation/articles/cloud-services-what-is/
CONCEPTS

cloud service deployment: A cloud service deployment is an instance of a cloud service deployed to the Azure staging or
production environment. You can maintain deployments in both staging and production.
deployment environments: Azure offers two deployment environments for cloud services: a staging environment in which you
can test your deployment before you promote it to the production environment. The two environments are distinguished only by
the virtual IP addresses (VIPs) by which the cloud service is accessed. In the staging environment, the cloud service's globally
unique identifier (GUID) identifies it in URLs (GUID.cloudapp.net). In the production environment, the URL is based on the
friendlier DNS prefix assigned to the cloud service (for example, myservice.cloudapp.net).
swap deployments: To promote a deployment in the Azure staging environment to the production environment, you can
"swap" the deployments by switching the VIPs by which the two deployments are accessed. After the deployment, the DNS
name for the cloud service points to the deployment that had been in the staging environment.
CONCEPTS

minimal vs. verbose monitoring: Minimal monitoring, which is configured by default for a cloud service, uses performance
counters gathered from the host operating systems for role instances (virtual machines). Verbose monitoring gathers additional
metrics based on performance data within the role instances to enable closer analysis of issues that occur during application
processing. For more information, see How to Monitor Cloud Services.
Azure Diagnostics: Azure Diagnostics is the API that enables you to collect diagnostic data from applications running in
Azure. Azure Diagnostics must be enabled for cloud service roles in order for verbose monitoring to be turned on. For more
information, see Enabling Diagnostics in Azure.
scale a cloud service: A cloud service is scaled out by increasing the number of role instances (virtual machines) deployed for
a role. A cloud service is scaled in by decreasing role instances. In the Preview Management Portal, you can also scale a
linked SQL Database instance, by changing the SQL Database edition and the maximum database size, when you scale your
service roles.
Azure Service Level Agreement (SLA): The Azure Compute SLA guarantees that, when you deploy two or more role
instances for every role, access to your cloud service will be maintained at least 99.95 percent of the time. Also, detection and
corrective action will be initiated 99.9 percent of the time when a role instance's process is not running. For more information,
see Service Level Agreements.
CONCEPTS

Microsoft Azure uses certificates in three ways:
Management certificates – Stored at the subscription level, these certificates are used to enable the use of the SDK tools, the Windows
Azure Tools for Microsoft Visual Studio, or the Service Management REST API Reference. These certificates are independent of any cloud
service or deployment.
Service certificates – Stored at the cloud service level, these certificates are used by your deployed services.
SSH Keys – Stored on the Linux virtual machine, SSH keys are used to authenticate remote connections to the virtual machine.
Certificates used in Azure are x.509 v3 certificates and can be signed by another trusted certificate or they can be self-signed. A self-signed
certificate is signed by its own creator. Because of this, the certificate is not trusted by web browsers and will cause a security alert in Internet
Explorer. Users can continue, but have to bypass a security message.
Self-signed certificates are typically used in test scenarios, or when they are used as a container for public/private keys.
Azure uses certificates to identify a trust relationship: the party to be trusted has the private key.
Management certificates (.cer certificate files): the client connecting the service needs to be trusted and has the private key.
Service certificates (.pfx certificate files): the service needs to be trusted by the client connecting to the service. For example, in an SSL
secured service scenario the SSL certificate contains the private key.
http://msdn.microsoft.com/en-us/library/azure/gg981929.aspx
Manage Certificates

Management certificates permit client access to resources in your Azure subscription.
Management certificates are x.509 v3 certificates that only contain a public key, and are saved as a .cer file.
Windows Azure Tools for Microsoft Visual Studio use management certificates to authenticate a user to create and manage your deployments.
*Important*
- There is a limit of 100 management certificates per Windows Azure subscription.
- There is also a limit of 100 management certificates for all subscriptions under a specific service administrator’s user ID.
If the user ID for the account administrator has already been used to add 100 management certificates and there is a need for more
certificates, you can add a co-administrator to add the additional certificates. Before adding more than 100 certificates, see if you can reuse an
existing certificate. Using co-administrators adds potentially unneeded complexity to your certificate management process.
Management Certificates

Service certificates are x.509 v3 certificates that are uploaded to Azure and stored in the hosted service in which they will be used.
Service certificates are private key (.pfx) files. Service certificates are used for both SSL and remote desktop decryption which require a
certificate with a private key.
There are three primary uses for service certificates:
Encryption – RDP password encryption.
Server – SSL provide communications security for secure web pages.
Mutual Authentication – WCF client authentication.
Service Certificates

Virtual Network lets you provision and manage virtual private networks (VPNs) in Azure and, optionally, link the VPNs with your on-premises
IT infrastructure to create hybrid and cross-premises solutions. With Virtual Network, IT administrators can control network topology, including
configuration of DNS and IP address ranges.
Use Virtual Network to:
Create a dedicated private cloud-only virtual network
When you create a virtual network, your services and VMs within your virtual network can communicate directly and securely with each other
in the cloud. This keeps traffic securely within the virtual network, but still allows you to configure endpoint connections for the VMs and
services that require Internet communication as part of your solution.
Securely extend your data center
With Virtual Network, you can build traditional site-to-site VPNs to securely scale your datacenter capacity. Virtual Network uses industry-
standard IPSEC protocol to provide a secure connection between your corporate VPN gateway and Azure. Add as many machines as you
want behind the VPN gateway.
Enable hybrid cloud scenarios
Virtual Network gives you the flexibility to support a range of hybrid cloud scenarios. You can securely connect cloud-based applications to
any type of on-premises system such as mainframes and Unix systems.
http://msdn.microsoft.com/en-us/library/azure/dn133803.aspx
Azure Virtual Network

Is there a limit to the number of subnets in my virtual network?
There is no limit on the number of subnets you use within a virtual network. All the subnets must be fully contained in the virtual network
address space and should not overlap with one another.
Are there any restrictions on using IP addresses within these subnets?
We do reserve some IP addresses within each subnet. The first and last IP addresses of the subnets are reserved for protocol conformance.
We also additionally reserve a few extra IP addresses for our services.
How small and how large can virtual networks and subnets be?
The smallest subnet we support is a /29 and the largest is a /8 (using CIDR subnet definitions). We reserve some IP addresses from each
subnet.

How is site-to-site different from point-to-site?
Site-to-site connections let you connect between any of the computers located on your premises to any virtual machine or role instance within
your virtual network, depending on how you choose to configure routing. It’s a great option for an always-available cross-premises connection
and is well-suited for hybrid configurations. It relies on an IPsec VPN appliance (hardware or soft appliance) to be deployed at the edge of
your network for connectivity. In order to create this type of connection, you’ll have to have the required VPN hardware and an externally
facing IPv4 IP address.
Point-to-site connections let you connect from a single computer to anything located in your virtual network. It uses the Windows VPN client.
As part of the point-to-site configuration, you install a certificate and a VPN client configuration package, which contains the settings that allow
your computer to connect to any virtual machine or role instance within the virtual network. It’s great when you want to connect to a virtual
network, but aren’t located on-premises. It’s also a good option when you don’t have access to VPN hardware or an externally facing IPv4 IP
address, both of which are required for a site-to-site connection.
Note: You can configure your virtual network to use both site-to-site and point-to-site concurrently, provided that you create your site-to-site
connection using a dynamic gateway.

Configuring Google as an identity provider eliminates the need to create and manage authentication and identity management
mechanism. It helps the end user experience if there are familiar authentication procedures. Using ACS, it is easy to set up a
configuration that allows your application to readily consume it and offer such functionality to end users. This How-To explains
how to accomplish this task. The following diagram depicts the overall flow of configuring a relying party of ACS for use.
ACS v2 Workflow
Summary of Steps
To configure Google as an identity provider for your application complete these steps:
Step 1 – Create a Namespace
Step 2 – Configure Google as an Identity Provider
Step 3 – Configure Trust with Relying Party
Step 4 – Configure Token Transformation Rules
Step 5 – Review Endpoints Exposed by the Namespace
How to: Configure Google as an Identity Provider

The Azure Active Directory Graph API provides programmatic access to Azure AD through REST API endpoints. Applications
can use the Graph API to perform create, read, update, and delete (CRUD) operations on directory data and objects. For
example, the Graph API supports the following common operations for a user object:
Create a new user in a directory
Get a user’s detailed properties, such as their groups
Update a user’s properties, such as their location and phone number, or change their password
Check a user’s group membership for role-based access
Disable a user’s account or delete it entirely
In addition to user objects, you can perform similar operations on other objects such as groups and applications. To call the
Graph API on a directory, the application must be registered with Azure AD and be configured to allow access to the directory.
This is normally achieved through a user or admin consent flow.
http://msdn.microsoft.com/en-us/library/azure/hh974476.aspx
Azure AD Graph API

An ASP.NET application that runs in an Azure Website can create the following kinds of logs:
Application tracing logs
The application creates these logs by calling methods of the System.Diagnostics.Trace class.
Web server logs
The web server creates a log entry for every HTTP request to the site.
Detailed error message logs
The web server creates an HTML page with some additional information for failed HTTP requests
(those that result in status code 400 or greater).
Failed request tracing logs
The web server creates an XML file with detailed tracing information for failed HTTP requests. The web server also provides an XSL file
to format the XML in a browser.
Logging affects site performance, so Azure gives you the ability to enable or disable each type of log as needed. For application logs, you can
specify that only logs above a certain severity level should be written. When you create a new website, by default all logging is disabled.
Logs are written to files in a LogFiles folder in the file system of your website and are accessible via FTP. Web server logs and application logs
can also be written to an Azure Storage account. You can retain a greater volume of logs in a storage account than is possible in the file
system. You're limited to a maximum of 100 megabytes of logs when you use the file system. (File system logs are only for short-term
retention. Azure deletes old log files to make room for new ones after the limit is reached.)
http://azure.microsoft.com/en-gb/documentation/articles/web-sites-dotnet-troubleshoot-visual-studio/
Diagnostics Log Overview

Failed request tracing logs are useful when you need to understand the details of
how IIS is handling an HTTP request, in scenarios such as URL rewriting or
authentication problems.
Azure Websites use the same failed request tracing functionality that has been
available with IIS 7.0 and later. You don't have access to the IIS settings that
configure which errors get logged, however. When you enable failed request
tracing, all errors are captured.
You can enable failed request tracing by using Visual Studio, but you can't view
them in Visual Studio. These logs are XML files. The streaming log service only
monitors files that are deemed readable in plain text mode: .txt, .html, and .log
files.
You can view failed request tracing logs in a browser directly via FTP or locally
after using an FTP tool to download them to your local computer.
http://azure.microsoft.com/en-gb/documentation/articles/web-sites-dotnet-troubleshoot-visual-studio/
Failed request tracing

Triggered (Scheduled/On Demand)
Whatever is written to console output and console error will go to a log file for the specific triggered webjob run. You can see it on the
WebJobs dashboard but the file itself is located under d:homedatajobstriggered{jobname}{jobrunid}.
Continuous
Whatever is written to console output and console error will go to the application logs as log entries with log level Information/Error. The first
100 log entries when the continuous WebJob starts will also show up in the continuous WebJob log file that is available on the WebJobs
dashboard.
The file itself is under d:homedatajobscontinuous{jobname}.
.NET WebJobs
If you're using .NET console application as your WebJob, you can follow the same guideline as for an ASP.NET website. Once you use the
Trace class, your traces are handled as application logs (including triggered WebJobs).
http://blog.amitapple.com/post/2014/06/azure-website-logging
Application Logs for WebJobs

File system
Log files will have some retention policy for each type:
Web server logs have a maximum size per log file and per sum of all log files (which is configurable in the Azure portal).
Similar for application logs, each log file can get up to 128 KB and the total size of all log files will go up to 1 MB after that old files are
removed.
Detailed error messages and FREB have a maximum amount of files (each file consists of a single error).
Blob storage
Web server logs and application logs stored in blob storage can be configured with a retention policy for deleting log files older than X days.
http://blog.amitapple.com/post/2014/06/azure-website-logging
Retention Policies

Deploying your website in the traditional way, whether
deploying via WebDeploy, FTP, git, CI or any other way, has
weaknesses that may or may not concern you:
After the deployment completes the website might restart
and this results in a cold start for the website, the first
request will be slower (can be significant depending on the
website).
Potentially you are deploying a "bad" version of your
website and maybe you would want to test it (in production)
before releasing it to your customers.
This is where staged deployment comes into play. Instead
of deploying directly to our production website we
create a deployment slot used for staging and we
deploy our new bits there.
Then we "warm" our site (staging slot) by making requests
to it and we can start testing our new bits verifying
everything works as expected. Once we're ready we hit the
Azure Portal's Swap button (or PowerShell/xplat cli
command) and the slots will be swapped.
http://blog.amitapple.com/post/2014/11/azure-websites-slots
Staged Deployment
One important concept to understand about deployment slots is how the
configuration works.
A deployment slot is a full Azure Website and as one it has all the same
configurations as any Azure Website. When you swap deployment slots there
are some settings you actually need to keep with the slot and not swap them.
A setting that is not swapped is referred to as a setting that is sticky to the
slot. Some of the default settings that are sticky to the slot:
Most obvious one is the url
- http://mysite-staging.azurewebsites.net/ will always point to the staging slot.
WEBSITE_HOSTNAME environment variable for the staging slot will always
be mysite-staging.azurewebsites.net and this is something we can use in our
website code to find it's currently running in the Production slot or staging
slot.
Deployment settings - if you have the deployment profile for the staging
slot, after a swap the profile would still point to the staging slot.
Deployment Slot App Settings / Configuration

The storage service offers two types of blobs, block blobs and page blobs. You specify the blob type when you create the blob.
Once the blob has been created, its type cannot be changed, and it can be updated only by using operations appropriate for that blob type,
i.e., writing a block or list of blocks to a block blob, and writing pages to a page blob.
All blobs reflect committed changes immediately. Each version of the blob has a unique tag, called an ETag, that you can use with access
conditions to assure you only change a specific instance of the blob.
• Block blobs include features that help you manage large files over networks.
• Block blobs let you upload large blobs efficiently.
• The maximum size for a block blob is 200 GB, and a block blob can include no more than 50,000 blocks
• Page blobs are a collection of 512-byte pages optimized for random read and write operations.
• The maximum size for a page blob is 1 TB.
http://msdn.microsoft.com/en-us/library/azure/ee691964.aspx
Understanding Block blobs and Page blobs

Azure Blob storage is a service for storing large amounts of unstructured
data, such as text or binary data, that can be accessed from anywhere in
the world via HTTP or HTTPS. You can use Blob storage to expose data
publicly to the world, or to store application data privately.
Common uses of Blob storage include:
Serving images or documents directly to a browser
Storing files for distributed access
Streaming video and audio
Performing secure backup and disaster recovery
Storing data for analysis by an on-premises or Azure-hosted service
http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-how-to-use-blobs/
Azure Blob Storage
Storage Account: All access to Azure Storage is done through a storage account.
Container: A container provides a grouping of a set of blobs. All blobs must be in a container. An account can contain an unlimited number of
containers. A container can store an unlimited number of blobs.
Blob: A file of any type and size. There are two types of blobs that can be stored in Azure Storage: block and page blobs. Most files are block
blobs. A single block blob can be up to 200 GB in size. Page blobs, another blob type, can be up to 1 TB in size, and are more efficient when
ranges of bytes in a file are modified frequently. URL format: http://<storage account>.blob.core.windows.net/<container>/<blob>
Page blobs are mainly used for VHDs and Block blobs are used for other files such as images, media, etc.

Azure Files complement Azure Data Disks. A data disk can only be attached to one Azure Virtual Machine at a time.
Data disks are fixed format VHDs stored as page blobs in Azure Storage and are used by the virtual machine to store durable data.
File shares based on Azure Files can be accessed in the same way as the local disk is accessed (using native file system APIs) and can be
shared across many virtual machines. The following table compares Azure Files with Azure Data Disks.
Azure Data Disks Vs Azure Files

Implement Websites (15-20%)
• Deploy websites
http://azure.microsoft.com/en-us/documentation/articles/web-sites-deploy/
Define deployment slots; roll back deployments, configure and deploy packages, deploy web jobs, schedule web jobs
http://azure.microsoft.com/en-us/documentation/articles/web-sites-create-web-jobs/
1 70-533 Implementing Microsoft Azure Infrastructure Solutions by expert.Anonymous

• Configure websites
Configure app settings, connection strings, handlers, and virtual directories; configure certificates,
custom domains, and traffic manager; configure SSL bindings and runtime configurations;
manage websites by using Windows PowerShell and Xplat-CLI
http://azure.microsoft.com/en-us/documentation/articles/web-sites-configure/
http://azure.microsoft.com/en-us/documentation/articles/web-sites-php-create-web-sites/#PowerShell

• Configure diagnostics, monitoring, and analytics
Retrieve diagnostics data; view streaming logs; configure endpoint monitoring, alerts,
and diagnostics; monitor website resources
http://azure.microsoft.com/en-us/documentation/articles/web-sites-monitor/

• Configure scale and resilience
Configure auto-scale using built-in and custom schedules; configure by metric; change the size of an instance
http://azure.microsoft.com/en-us/documentation/articles/web-sites-scale/

• Manage hosting plans
Create hosting plans; migrate websites between hosting plans; create a website within a hosting plan
http://azure.microsoft.com/en-us/documentation/articles/azure-web-sites-web-hosting-plans-in-depth-overview/

Implement Virtual Machines (15‒20%)
• Deploy workloads on Azure virtual machines (VMs)
Identify supported Microsoft workloads; deploy and connect to a Linux VM; create VMs
http://support.microsoft.com/kb/2721672
http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-linux-how-to-log-on/

• Implement images and disks
Create specialized and generalized images for Windows and Linux; copy images between
storage accounts and subscriptions; upload VHDs
http://azure.microsoft.com/blog/2014/04/14/vm-image-blog-post/
http://azure.microsoft.com/blog/2014/05/01/vm-image-powershell-how-to-blog-post/
http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-create-upload-vhd-windows-server/

• Perform configuration management
Automate configuration management by using PowerShell Desired State Configuration and custom script extensions;
enable puppet and chef extensions
http://azure.microsoft.com/blog/2014/04/11/vm-agent-and-extensions-part-1/
http://azure.microsoft.com/blog/2014/04/15/vm-agent-and-extensions-part-2/
http://azure.microsoft.com/blog/2014/04/24/automating-vm-customization-tasks-using-custom-script-extension/

• Configure VM networking
Settings include reserved IP addresses, access control list (ACL), internal name resolution, DNS at the cloud service level,
load balancing endpoints, HTTP and TCP health probes, public IPs, firewall rules, direct server return, and Keep Alive
http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/
http://azure.microsoft.com/blog/2014/04/08/microsoft-azure-load-balancing-services/

• Configure VM resiliency
Scale up and scale down VM sizes; auto-scale; configure availability sets
http://azure.microsoft.com/en-us/documentation/articles/cloud-services-how-to-scale/#autoscale
http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-manage-availability/

Implement Virtual Machines (15-20%)
• Design and implement VM storage
Configure disk caching; plan storage capacity; configure operating system disk redundancy;
configure shared storage using Azure File service; configure geo-replication; encrypt disks
http://blogs.msdn.com/b/windowsazurestorage/archive/2011/09/15/introducing-geo-replication-for-windows-azure-storage.aspx
http://blogs.msdn.com/b/windowsazurestorage/archive/2014/05/12/introducing-microsoft-azure-file-service.aspx
http://blogs.msdn.com/b/windowsazurestorage/archive/2013/12/04/introducing-read-access-geo-replicated-storage-ra-grs-for-windows-azure-storage.aspx

Implement Virtual Machines (15-20%)
• Monitor VMs
Configure endpoint monitoring, alerts, and diagnostics
http://azure.microsoft.com/en-us/documentation/articles/cloud-services-how-to-monitor/

Implement Cloud Services (15-20%)
• Configure cloud services and roles
Configure instance count and size, operating system version and family, upgrade and fault domains, ACLs, reserved IPs,
and network access rules; configure local storage; configure dedicated and co-located caching, local and cloud configurations,
and local disks; configure multiple websites; configure custom domains
http://azure.microsoft.com/en-us/documentation/articles/cloud-services-how-to-configure/
http://blogs.technet.com/b/yungchou/archive/2011/05/16/window-azure-fault-domain-and-update-domain-explained-for-it-pros.aspx
http://azure.microsoft.com/en-us/documentation/articles/cloud-services-custom-domain-name/

• Deploy and manage cloud services
Upgrade a deployment; VIP swap a deployment; package a deployment; modify configuration files;
perform in-place updates; perform runtime configuration changes using the portal; scale a cloud service;
create service bus namespaces and choose a tier; apply scalability targets
http://azure.microsoft.com/en-us/documentation/articles/cloud-services-how-to-configure

• Monitor cloud services
Monitor service bus queues, topics, relays, and notification hubs; configure diagnostics
http://azure.microsoft.com/en-us/documentation/articles/service-bus-monitor-message-entities/

Implement Storage (15-20%)
• Implement blobs and Azure files
Read data; change data; set metadata on a container; use encryption (SSL); perform an async blob copy;
configure a Content Delivery Network (CDN); implement storage for backup and disaster recovery;
configure Azure Backup; define blob hierarchies; configure custom domains; configure the Import and Export Service
http://msdn.microsoft.com/en-us/library/azure/dd135715.aspx
http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-how-to-use-blobs/
http://azure.microsoft.com/en-us/documentation/articles/storage-import-export-service/

• Manage access
Create and manage shared access signatures; use stored access policies; regenerate keys
http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/

• Configure diagnostics, monitoring, and analytics
Configure retention policies and logging levels; analyze logs
http://azure.microsoft.com/en-us/documentation/articles/storage-monitor-storage-account/

• Implement SQL databases
Choose the appropriate database tier and performance level; configure point in time recovery and geo-replication;
import and export data and schema; design a scaling strategy
http://msdn.microsoft.com/en-us/library/ff803375.aspx
http://azure.microsoft.com/blog/2014/08/26/new-azure-sql-database-service-tiers-generally-available-in-september-with-
reduced-pricing-and-enhanced-sla/

• Implement recovery services
Create a backup vault; deploy a backup agent; back up and restore data
http://azure.microsoft.com/en-us/documentation/articles/backup-configure-vault/

Implement an Azure Active Directory (15-20%)
• Integrate an Azure AD with existing directories
Implement DirSync, O365 integration, and single sign-on with on-premises Windows Server 2012 R2;
add custom domains; monitor Azure AD
http://azure.microsoft.com/en-us/documentation/articles/active-directory-whatis/
http://technet.microsoft.com/en-us/library/jj573653.aspx

• Configure the Application Access Panel
Configure single sign-on with SaaS applications using federation and password based; add users and groups to
applications; revoke access to SaaS applications; configure access; federation with Facebook and Google ID
http://msandbu.wordpress.com/2014/06/23/azure-active-directory-premium-preview/

• Integrate an app with Azure AD
Web apps (WS-federation); desktop apps (OAuth); graph API

Implement Virtual Networks (15-20%)
• Configure a virtual network
Deploy a VM into a virtual network; deploy a cloud service into a virtual network; configure static IPs;
configure internal load balancing; design subnets
http://azure.microsoft.com/en-us/documentation/articles/create-virtual-network/

• Modify a network configuration
Modify a subnet; import and export a network configuration
http://msdn.microsoft.com/en-us/library/azure/jj156097.aspx

• Design and implement a multi-site or hybrid network
Choose the appropriate solution between ExpressRoute, site-to-site, and point-to-site;
choose the appropriate gateway; identify supported devices and software VPN solutions;
identify networking prerequisites; configure regional virtual networks and multi-site virtual networks

Sample Questions
FOR PRACTICE ONLY
11 Questions

You manage an Azure Service Bus for your company.
You plan to enable access to the Azure Service Bus for an application named Contoso LOB.
You need to create a new shared access policy for subscriptions and queues that has the following requirements:
- Receives messages from a queue
- Deadletters a message
- Defers a message for later retrieval
- Enumerates subscriptions
- Gets subscription description
In the table below, identify the permission you need to assign to ensure that Contoso LOB is able to accomplish the above
requirements. Make only one selection in each column.
Access Level Queues Subscription
Send
Listen
Manage
01
Access Level Queues Subscription
Send
Listen
Manage
ANSWER :
REFERENCES :

Your network includes a legacy application named LegacyApp1.
The application only runs in the Microsoft .NET 3.5 Framework on Windows Server 2008.
You plan to deploy to Azure Cloud Services. You need to ensure that LegacyApp1 will run correctly in the new environment.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. Upload a VHD with Windows Server 2008 installed.
B. Deploy LegacyApp1 to a cloud service instance configured with Guest OS Family 2.
C. Deploy LegacyApp1 to a cloud service instance configured with Guest OS Family 1.
D. Deploy LegacyApp1 to a cloud service instance configured with Guest OS Family 3.
02
ANSWER :
Guest OS Family 1 and Guest OS Family 2 supports .NET 3.5 and .NET 4.0.
Guest OS Family 3 and Guest OS Family 4 supports .NET 4.0 and .NET 4.5.
REFERENCES :
B and C

You administer a cloud service named contosoapp that has a web role and worker role.
Contosoapp requires you to perform an in-place upgrade to the service.
You need to ensure that at least six worker role instances and eight web role instances are available
when you apply upgrades to the service. You also need to ensure that updates are completed for all instances
by using the least amount of time. Which value should you use with each configuration?
To answer, drag the appropriate value to the correct configuration. Each value may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
03
ANSWER :
http://msdn.microsoft.com/en-us/library/azure/hh472157.aspx#proceed
REFERENCES :

You migrate a Windows Server .NET web application to Azure Cloud Services.
You need enable trace logging for the application.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Update the service definition file.
B. Update the Azure diagnostics configuration.
C. Update the service configuration file.
D. Enable verbose monitoring.
E. Update the application web.config file.
04
ANSWER :
http://msdn.microsoft.com/en-us/magazine/ff714589.aspx
REFERENCES :
A and B

You manage a cloud service that is running in two small instances. The cloud service hosts a help desk application.
The application utilizes a virtual network connection to synchronize data to the company's internal accounting system.
You need to reduce the amount of time required for data synchronization.
What should you do?
A. Configure the servers as large instances and re-deploy.
B. Increase the instance count to three.
C. Deploy the application to Azure Web Sites.
D. Increase the processors allocated to the instances.
05
ANSWER :
REFERENCES :
A

You manage a cloud service that has a web application named WebRole1.
WebRole1 writes error messages to the Windows Event Log.
Users report receiving an error page with the following message:
"Event 26 has occurred. Contact your system administrator."
You need to access the WebRole1 event log.
Which three actions should you perform? Each correct answer presents part of the solution.
A. Enable verbose monitoring.
B. Update the WebRole1 web.config file.
C. Update the cloud service definition file and the service configuration file.
D. Run the Set-AzureVMDiagnosticsExtension PowerShell cmdlet.
E. Run the Enable-AzureWebsiteApplicationDiagnostic PowerShell cmdlet.
F. Create a storage account.
06
ANSWER :
http://azure.microsoft.com/en-us/documentation/articles/cloud-services-how-to-monitor/
REFERENCES :
A, B, and C

You manage an application hosted on cloud services. The development team creates a new version of
the application. The updated application has been packaged and stored in an Azure Storage account.
You have the following requirements:
- Deploy the latest version of the application to production with the least amount of downtime.
- Ensure that the updated application can be tested prior to deploying to the Production site,
- Ensure that the original version of the application can be restored until the new version is verified.
Which four steps should you perform in sequence? To answer, move the appropriate actions from the list
of actions to the answer area and arrange them in the correct order.
07
ANSWER :
http://msdn.microsoft.com/en-us/library/ff803371.aspxREFERENCES :

You manage a cloud service that utilizes data encryption.
You need to ensure that the certificate used to encrypt data can be accessed by the cloud service application.
What should you do?
A. Upload the certificate referenced in the application package.
B. Deploy the certificate as part of the application package.
C. Upload the certificate's public key referenced in the application package.
D. Use RDP to install the certificate.
08
ANSWER :
REFERENCES :
A

You administer a Windows Server virtual machine (VM).
You upload the VM to Azure. You need to ensure that you are able to deploy the BGInfo and VMAccess extensions.
What should you do?
A. Select the Install the VM Agent checkbox while provisioning a VM based on your uploaded VHD.
B. Select the Enable the VM Extensions checkbox while provisioning a VM based on your uploaded VHD.
C. Install the VM Agent MSI and execute the following Power Shell commands:
$vm = Get-AzureVM -serviceName $svc -Name $name
$vm.VM.ProvisionGuestAgent = $true
Update-AzureVM -Name Sname -VM $vm.VM -ServiceName $svc
D. Install the VM Agent MSI and execute the following Power Shell commands:
$vm = Get-AzureVM -serviceName $svc -Name $name
Set-AzureVMBGInfoExtension -VM $vm.VM
Set-AzureVM Access Extension -VM $vm.VM
Update-AzureVM -Name Sname -VM $vm.VM -ServiceName $svc
09
ANSWER :
REFERENCES :
A

You manage a cloud service that supports features hosted by two instances of an Azure virtual machine (VM).
You discover that occasional outages cause your service to fail.
You need to minimize the impact of outages to your cloud service.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Deploy a third instance of the VM.
B. Configure Load Balancing on the VMs.
C. Redeploy the VMs to belong to an Affinity Group.
D. Configure the VMs to belong to an Availability Set.
10
ANSWER :
http://msdn.microsoft.com/en-us/library/hh973190.aspx
REFERENCES :
C and D

You administer an Azure subscription with an existing cloud service named Contoso cloud service.
Contoso cloud service contains a set of related virtual machines (VMs) named
Contoso DC, Contoso SQL and ContosoWeb1.
You want to provision a new VM within Contoso cloud service. You need to use the latest gallery image to create a
new Windows Server 2012 R2 VM that has a target IOPS of 500 for any provisioned disks.
Which PowerShell command should you use?
11
ANSWER :
http://msdn.microsoft.com/en-us/library/dn495159.aspx
REFERENCES :
A

Resources:
HTTPS://WWW.MICROSOFT.COM/LEARNING/EN-US/EXAM-70-533.ASPX

Becoming a Microsoft Specialist in Microsoft Azure Infrastructure

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Becoming a Microsoft Specialist in Microsoft Azure Infrastructure

Similar to Becoming a Microsoft Specialist in Microsoft Azure Infrastructure (20)

Recently uploaded

Recently uploaded (20)

Becoming a Microsoft Specialist in Microsoft Azure Infrastructure