100% Real Microsoft Certified: Azure Administrator Associate Certification Exams Questions & Answers, Accurate & Verified By IT Experts
Instant Download, Free Fast Updates, 99.6% Pass Rate.
Microsoft Azure Administrator
Includes 559 Questions & Answers
Microsoft Certified: Azure Administrator Associate Certification Exams Screenshots
Download Free Microsoft Certified: Azure Administrator Associate Practice Test Questions VCE Files
TitleMicrosoft Azure Administrator
Microsoft Certified: Azure Administrator Associate Certification Exam Dumps & Practice Test Questions
Prepare with top-notch Microsoft Certified: Azure Administrator Associate certification practice test questions and answers, vce exam dumps, study guide, video training course from ExamCollection. All Microsoft Certified: Azure Administrator Associate certification exam dumps & practice test questions and answers are uploaded by users who have passed the exam themselves and formatted them into vce file format.
In this video, we're going to look again at the ways that you can monitor your expenses within Microsoft Azure and the various reports you can pull. And you'll see that I've added a billing report to my dashboard. And I can sort of see at a glance how my spending has been and how my spending progresses, as well as how many days are left in the month. If I click this, it'll take me to the Pay As You Go subscription. So this is my subscription, and managing cost is certainly one element of the subscription overview. I can see a projection for between now and the end of the period. I can do a more detailed report. So under cost analysis of my subscription, I can see where that $69 95 have been spent, and then I can even break that down. This is charging me by the day for this resource. So this is the day-by-day cost of these things. Okay. So as I go into the VM that I created decades ago, I can see 11% in cost for the first day and 40% for the second day. So far, $0.26 cost, etc. For. So if you really want to cut costs, you can do it here. And the filtering is really being able to filter.So if I check everything and then just only check this one resource group, then I can see what the costs of the liberals in this group have been. In the last section, we were talking about tagging as a way of being able to filter costs based on tagging. Now, this is a fairly crude and rudimentary way of looking at costs, but it's good when you're really just looking for a quick answer. You can just go in here and know what you're looking for, etc. Okay, then in this report, it's broken down by service. So I can see over across all my entire account. I paid $47.40 for this, costing me $82. I guess that's ours. There are now other methods for keeping track of costs. With Azure, if I go into all services, I can see cost management, and billing is a preview service. And this is working at the subscription level. Again, we're just looking at billing for the entire account. You can link to my subscription. So if I clicked on the 79, it would take me back to that previous screen. I don't have any other options that I have access to, and I'm not part of an organization. So Microsoft is differentiating between my account, my individual billing account, and an organisational level. So I can look at invoices, make sure that my payment methods are up to date, et cetera here.Now, there's a really cool feature that's available, but unfortunately, it's not available to me. So I purchased a pay as you go subscription. We can see under the heading "Goback" here under cost management. It's got this spacious screen that shows me I can do some cost assist within Azure, create a budget, get alerts, and get warnings when something is not spending faster than you expect your budget to spend. And look at the recommendations. The first thing I'm going to do is look at the Azure Advisor. So Azure Advisor is a tool that is automatically provided to you, and Microsoft will analyse your usage in your actual account and make recommendations. In my case, I don't have any cost recommendations that Buff can make at this time. Maybe over time they'll say you've got reserved instances that are not being used, et cetera. So there are going to be cost recommendations. If you use enough, you'll see other recommendations for high availability, security, and performance. Okay, but we're talking about cost in this section. If we go to the budget section, then unfortunately, my Pay as You Go subscription is not yet supported. So even MSDN subscriptions are not supported; only the enterprise subscriptions are. And similar to cost analysis, when you go into their payroll, you see support coming soon. It's not great, right? But basically, when you're working in an enterprise, Microsoft is coming out with budgeting and more sophisticated reporting features for analysing those. Okay, the last thing I will mention is the cloud-den service. So, Microsoft bought a company called Cloud Din, and basically, this one application, which is not available through the Azure Portal, can Azure, AWS, and Google Cloud Platform all be purchased in one place? So if we go into Cloud Din, we can see that right now. I guess it must be pulling stuff into my account. But to entities' enterprise sales, I think my account is so small that Paul Dan is shocked by how little data they actually have. But it's a dashboard. And again, you can manage your Azure, AWS, and Google Cloud Platform all in one place, create some pretty reports, do cost over time and cost trending, and there are optimising tools so we can see whether the sizing recommendations are correct. Sizing optimization? lowest instances with the lowest amount of CPU usage? Not yet, because right now it's not doing anything for me. But anyways, the cloud as a service is sort of enterprise grade across your entire cloud footprint, not just across Azure.
So the next monitoring activity we're going to talk about is log analytics. Let's go into all services and search for logs. Loganalytics is one of the options you'll see. It's a log analytics service. Now the fundamental container and the fundamental resource that Log Analytics needs to operate are called the workspace. And as you'll see here, I've created a workspace called Saz SJG Newwork. You can create your own workspace, and like I said, it's really just a storage account or a concern in which you're going to set up these logs to be pulled in and go into my existing one. But you might have to create one. Now we have this container by default, it's empty, and there are no logs coming into it. What we need to do is start adding data sources. So I'm going to go down to the virtual machine data sources, and you can see all of the virtual machines. Currently on my account, I have three of them. Two of them are submitting log files to this workspace, while one is not. Okay, to add any particular resource into this workspace, I just need to select it and say "Connect." And once I've connected it, then all of the log files from that virtual machine or that resource are going to be searchable within this work. We can do storage accounts; we can do the top-level subscription. So my page subscription is connected. So all of the activities relating to my account—dating virtual machines, creating resource groups—are subscription-level activities. They can access my log analytics account and perform searches on it. Go down into the azure. Resources. Tab. We can see here the resources that are on my account that are eligible. So I'm going to go into my first Web app resource group. And you'll see here that the security group is connected, but the web app itself is not connected. So I'm going to go into the Web; I have to give it a name. So I'm going to say Azshd Web App One. And which logs do I want to pull in? I pull in all metrics, right? The metrics again are the CPU usage and the memory, et cetera. So I'm going to save on that. Okay? And then when I go, I'm going to also do this at the service plan level. So, Azschd's new plan And I want all metrics saved. So now I've got two additional sources besides the two virtual machines. You'll see that there is actually differentiation between the metrics connection and the diagnostics connection. Okay? Because this is a service platform, or a service model, then diagnostics are less of a concern than actual metrics. Now we'll look at the workspace summary. Now, the overview of my login Alex account will tell me that I have 500 activity records that I can search on. Okay, if I close this and go into the logs section, this is the real heart of log analytics. I'm going to minimise that so that this becomes front and center. Alright, so you'll see here that the big part of green here is like, "Type your query here." It's basically a search window. And this is very reminiscent to me of the query analyzer within SQL Server Management Studio. So we can basically start typing. So if I want to say Azure Activity, then you'll see "account." You'll see that this is the data source, and the ship that I want to run against it is "account." So I want to see how many records are back. So I get a result of 103 in terms of records that are available in the Azure Activity data source. Okay, now they're very conveniently giving me the ability to filter on this. So if I wanted to say, "Okay, well, let's remove the count, run that," we could then see the actual events that are in Arc. We can see the resource group, the status, and the sub status. I just want to say that I want to filter on activity status equal to "success." So within the results, I can obviously do some filtering. But over here on the left, there's a whole set of other things that I can basically filter when I do start to select them. Let's say I want to see only the AZ SJDfirst web app resource and apply that. See how it's modified the query. It's added a where clause, where resource equals web app. So, this is very similar to a SQL query, except it doesn't say select or from right. But we can basically start to drill down. I want to see all of the start-up web app operations. So now I have two places where clause does where resource equals this and where that is, and my results are beginning to filter down. So log analytics is basically a way for you to collect thousands and millions of log records and then be able to do searches in line to see all of the activities on your account within these resources. If you filter on a specific resource, you want to find out something that happened, and this goes into the alert system because I don't know if I can go over here a little bit, but we see here that I can actually set an alert. So, let's say I want—we already have an alert in the web app stopping—but what if I want to set an alert based on the web app starting correctly? I can basically tie in from my log analytics into the alert system. As you can see, I can also pin the query results to my Azure Dashboard. So if I want this to be front and center, I want to know anytime. Within the last hour, this webapp has been started successfully. Then I want that pin on my dashboard as a report that needs to be front and center. You can do that, so Log Linux reminds me of some commercial products There's a product called Splunk that many of you are going to be familiar with being able to run queries and then do point-and-click filters based on the results. It's really great for when you're debugging something that's really wrong and you've just got a production website and people are reporting errors and you just need to sort of dig down into the records. You need a tool like this as opposed to just having raw text files that you need to control F to search through. So Log Analytics is the chunk of Azure that allows you to search through virtual machines. Storage accounts and all sorts of your top-level subscriptions provide all sorts of sources to find interesting resource errors and other types of messages that you can then act on.
So in this section of the course, we're going to be talking about storage accounts, specifically how to set them up, how to manage them, and some of the technical details around them. Storage accounts are one of those fundamental pieces of cloud technology. I consider it one of those three basic services, along with virtual machines and virtual networks. Storage can be used for two purposes. One is for you to actually store files—decide you do that on a hard disk. So it becomes: Put your backup files where you put your database files; put your JPEGs in a storage account. The other is the back end of a virtual machine. So actually, there are a lot of services within Azure that need a storage account, sometimes for logging and sometimes as a fundamental piece of the technology. By default, virtual machines run on a managed storage account, which is an abstraction on top of a storage account. You can choose to create machines on top of an unmanaged storage account as well. So in this video, we're going to talk about a non-virtual machine type of storage account, which is just a general storage account. The way that you get to it is that you can either be on the homepage of the portal or you can have a dashboard. In any event, you're going to have this resource button. You can also go and view all of your storage accounts and be able to create storage accounts from that view. So I'm going to click this "Create a Resource" button. A storage account is right on the get-started list of resources. The last one, you can also go into the category of storage, and it's the first one, so I'm just going to click on that. Now we're taking into account this wizard view. There are five tabs on the Wizard. The first one is for the basics, then networking, advanced tagging, and review. So this is a pretty standard Azure Portal creation screen. The first thing we decided was which subscription this should be in. You may only have one. I only have one in this rental. And so, you can choose your subscription here. You need a resource group. Now you either already have one or you're going to create one. I'm going to create one and call it AZ 104 RG. Now it's not easy to name, and that name needs to be unique across all of Azure. And if you just choose a generic name like "Storage, that's generally going to be taken because out of the millions of users, someone has a storage account named "Storage." So generally, I use my initials. Give it a name that makes sense to you for whatever application or purpose. This is going to be the basis of the URL that you're going to use for any programmatic access, the rest API, or the SDK. Now the next big decision is the location. Now, location does matter for a couple of reasons. One is that you generally want your storage account to be as close as possible to the application or the users using that storage account. So if this storage account is going to be the back end for your website, well, then you want whatever is running your website to be in the same region as the storage account because you're going to end up having vacation legs and latency introduced if you're going to push this storage account into different regions. The other implication of the region is the cost. So, believe it or not, putting storage accounts in different regions does cost more. So, if you put it in the East, You're paying one price per day. But if you put it in Australia, it's going to be different. Southeast Asia is different, South Africa is different, et cetera. I'm going to put this in Canada. But again, the decision is going to be kind of based on your own circumstances. The next decision you make is around performance. Now the term "performance" is pretty straightforward. If you choose the premium level of performance storage accounts, you are basically choosing what's called an "SSD," which is a solid-state disk, a flash disk, for performance. It's a lot quicker to read and write to a flash disc, but there are capacity differences and pricing differences. Okay, so choosing premium is going to basically lock me into the solid-state form. If I choose standard, then it's the magnetic disk. Notice also that when I go from standard to premium, one of the selections goes away, which is access. We'll talk about that in a second. So I'm going to leave it at the standard.Only if the performance of that hard drive is of utmost importance would you pay the premium. So what kind of account do we wantnow GeneralPurpose is the storage account type that is used 99.5% of the time. It's very flexible with all the latest features. General Purpose V1 is an old version, as it's clear here, and Microsoft is not adding any new features. It doesn't have some of the features The only reason you choose General Purpose V1 is if you have compatibility with General Purpose V1 accounts that you need, like another V1 account, but that's even becoming more rare. This has been out for so many years now that it should be looking to move to Joe Pursuit. Finally, the "blob" storage is also kind of a niche storage account type. For Blob storage, again, you lose some. You can't have tables or queues or files or any other kind of storage. It's only blob storage, and you can have public containers and public files with no access codes required. Again, a niche use for storage accounts. So General Principle Two is what you're going to choose 99.5% of the time. Replication is kind of complicated. To explain, I'm not going to do much here, but as you can see, I chose Canada Central. I'm only given three options in terms of replication. Locally Redundant Storage go Storage and Read access. Locally redundant storage will keep up to three copies of my files in the same data center, so you can see them stored on different hard drives, and if one of those drives fails, Azure will be able to recreate the file because it's got two other copies in the same data center. There's another one called Zone and Storage, which distributes across multiple data centres in the same region. Geo Redundant Storage stores six copies of your file across two data centers. And this is if you need it: if a region was to go down, let's say Canada Central suffered a power outage or an internet outage and was going to be down for a couple of hours, the redundant storage would save my bacon because the file would still be available elsewhere. But locally redundant storage means I have to wait for the region to come back. Finally, the read-access version enables you to have a readable URL, a secondary URL that you can read, allowing you to divide the writing to the primary location and the reading to the global location. And that's a performance hack for frequently accessed files. If I changed this back to East US and went back down to replication, you'd see a lot more options. So the zone-redundant storage, which is the file, is stored across multiple data centres in the same region. There are also a couple of redundancy options that are now general Availability geoZone's redundant storage and read access GeoZone Redundant Storage The difference between GeoRedundant Storage and Geo Zone Redundant Storage is that GeoRedundant Storage stores your files in three durability zones spread across two regions. The read-access version of the course gives you a secondary read URL that you can use for those, and it's a little bit more expensive, but it does increase the availability of your data. That was now available in the eastern United States. It's now going to be rolled out to different regions. It's currently not available in Canada currently.Finally, the access tier There are two types of access tiers that you can set by default. One is hot, one is cool What does that mean? Basically, it means that you're going to be charged a certain amount for the storage and a certain amount for accessing those files. So basically, the charge of the storage account is split between those two accesses to the cool tier to save money. It's half the price for storage, but it's twice the price for access. So you're basically this is great for backupfiles, for zip files, store profile files. You're saving money on storage. For files you don't often access, you must consider whether you should make them hot by default or cool by default. There is such a thing as a storage lifecycle. We'll talk about that in a moment. And there's another access point to your archive tier. So you can actually put things into cold storage. So you can do this programmatically on a file-by-file basis, or you can set this as a default for the entire account. When we come back, we're going to talk about the networking tab.
So at this point, we could literally hit the Review and Create button and get a storage account created. Those are the bare minimum of decisions that must be made. But for the sake of this course and for the sake of this video, we're going to flip over to the "Networking" tab. Now, this has changed in the past year. By default, when you create an account, that storage account is accessible from anywhere in the world. Now, there are access controls and an access key is required. So it's not like your files are exposed; it's a URL that represents your storage account. Let's go back to the Basics tab. Based on the name "storage account," it's been given a URL, and you can programmatically access the storage account from anywhere in the world unless you put it behind a firewall. Now, the way that you do that is that you have to choose either a public endpoint that lives on a virtual machine or a private endpoint. So if we chose a public endpoint for the selected network, then we're going to have to choose a virtual network for it to live on and use our traditional security methods like a firewall or MSG to restrict access to that. So I'm going to say public and point to selected networks. Now, I don't have a virtual network in the CanadaCentral region, so I do need to create one. So I'm going to say my new VNET is in the default resource group, which we're going to create now. Virtual networks, address range I'm just going to accept the defaults being given here. We're not getting into the basics of how to create a virtual network in this video, but we've got at least two address ranges that are pretty wide, and then the subnet being created is a small ten-to-20 range. So this storage account will be accessible only from this virtual network or from things that have printed access to this virtual network. So if you have a virtual machine that's already on this virtual network, it would have access to the storage account by default and nothing else. To be able to access it, you'd have to again formally grant access to that storage account and put it on the default subnet. Again, there is some work behind the scenes for modifying a virtual network to accept storage accounts, and so it's going to modify the default subnet to allow storage accounts. And this is just some behind-the-scenes stuff. Go to the Advanced tab. We're now seeing more advanced decisions than we did in the past. By default, SSL is the only accessible HTTP method. If you have some reason that you want to be able to access your storage accounts through a non-secure method, you'd have to actually disable it in the real legacy system. I would not recommend you disable secure transfer unless you really have a good reason. There is an Azure file service, and so you could enable 100 terabytes of files to live in the storage account, but you actually need to do that manually. This "soft delete" concept is now enabled by default for AzureRecovery Services, but not for storage accounts. What this means is that if you were to delete a file, that file could be recovered for, in this case, up to seven days, or I can even say 30 days. Now, this is a security measure so that someone doesn't just go malicious and start to delete your files. Because if you can catch it within 30 days, then you can get those files back. The downside, of course, is you're charged for that time. So the fact that your file doesn't actually within 30days have passed is an additional 30 days of charge. The other hassle, of course, is that youcan't just delete your storage account when youwant to because you've got delete on. You'd have to disable Soft Delete before deleting your storage account. It's just a little speed bump there. I'm not going to turn on Soft Delete for now. Now, Data Lake Storage is a specialty type of storage account. It has a distinct namespace known as the Hadoop HDFS namespace. As a result, when Data LakeStorage is enabled, it has a true folder structure. So by default, a storage account has some sort of virtual folder structure. It's a container metaphor, and you can fill in your blob's names. But in a data lake, it actually has a different file system. There is NFS version three, but it is still a private preview. So it's not going to be on the exam. So we're not going to create a data lake for storage. Finally, tagging is pretty consistent across all of Azure. You can use a billing code; you can use an environment. So if this is a production environment, you can produce; you can have a person's name in there. This is just metadata for your resources. It's all optional. And so finally you click Review, and this will either tell you that there's some error or it will say it's good to go. I should mention that if you have a storage account and you're like, "Well, this is our standard storage account," we're going to want to create these. In all of our regions, in all of our subscriptions, there is a templating option. We aren't talked about. I think we've talked about the templating. We haven't talked about the formatting part of this course yet. But you would be able to get the template for what we just did via this download template link. I'm not going to do that right now. When you click Create, Azure is going to go off. Deploy this, and I'll have my brand new storage account in a matter of minutes.
So I've created another storage account for this demo. Now this storage account is area-access, globally redundant storage. and we're going to see in a second what that means. Now, if we look at it quickly, I've created a Blob account with a single container called New and asingle a file called test HTML inside of it. Now, if we go into the properties of this storage account and scroll down a bit, we can see that there are both primary and secondary endpoints because this is globally redundant read-access storage. That means there is actually a master endpoint and then read access. And I can use this endpoint if the first one ever becomes down or unavailable. Now, all of the services within the storage account have this public endpoint. So the Blob stores files, queues tables, etc. For now, don't get alarmed. And that doesn't mean that your archive is necessarily open to the public. This is a private storage account. What makes it secure is that you require an accesskey in order to get access to the storage account. So simply going to this URL without the accesskey isn't going to get you anything. and we'll demonstrate that in a second. If we go into the access key section, we can see the access keys we're talking about. So Azure gives us two keys by default. You can see them listed as Key One and Key Two. If you have either one of these keys, then you can get full, complete access to this storage account, full, complete access.This is a master key, and there's no restriction on it. If your key was ever compromised or compromised, you could simply invalidate it by regenerating it. So there's this regenerate button; I'm going to click it and see that the one that was there before has now changed and the previous key no longer works to access an Orange account. So Azure recommends that you only use one of the keys at a time. And then if you ever need to change it, you can switch over to the second key and invalidate the first. Because if you invalidate this key while somebody is using it, basically, that programme will stop working immediately. So this is why you always have a primary and a backup. And if you ever need to switch, the backup becomes the primary. So this is not actually the recommended approach for accessing a storage account. So perhaps if you're using a development environment for your own personal use or a very small, limited environment, you can certainly use the access keys embedded in your program. But in a production setting, an enterprise setting, when you've got lots of eyes and lots of hands on it, these keys are powerful, and if they ever get released, it could cause you to have a bad day. So the recommended way of sharing access to a storage account, to programs, or to other individuals is not through keys but through something called a shared accessor. We'll switch over to the shared access signature. A shared access signature is a token that you can generate and sign with one of your keys that you can.Then someone with that token is going to have limited permissions on it. You can set the limits, and we'll look at that. So for instance, we can set the limits to only the Blob account and access to the queue table and file. We can give the person only read access, but note that delete, add, or create a list access is good for containers, so they can see the contents of the container. We can specify start and end dates and times for this. This looks like about 20 hours by default, but I can certainly change this to February instead of January and give it days. We can also filter by IP address. So only certain systems and servers within your own environment can access this, and you can even set the IP range. You can force the protocol. And here's where you specify which key is going to be cryptographically behind this. So let's leave that with Key One. Now, if I generate this actual signature, we're given the connection string like normal in terms of using it in our code. We're given just the raw token or we're given the combination, which is a URL. I'm going to copy this third one onto my clipboard here. So now let's go back. We said earlier that we could use this public endpoint URL in order to access this file. Actually, I'm going to go into the overview of containers, into the container itself, and into the file. And we can even see in the properties of the file a way of accessing that file. So I just typed the URL of that file into my browser, and as you can see, it's newTest HTML, and it says a resource could not be found. And this is basically a message that says I do not have permission to access this file. And even this is https So this file is giving us a permissions error because we're not using either the Access key or a Share signature to access it. Let me change this URL. So now I'm going to put the new test HTML file name, but I'm going to use the shared access key for signature. At the end of this URL, you can see that text. Now when I paste it Now we're getting the contents of the file because our Shared Access signature grants us access to it. Now we're not going to be able to go, and once we've generated it, it's lost. And so we're not going to go and see the signature that we already created. We can always create another one. We can effectively create an unlimited number of them effectively.And again, this one that we did create only has read permissions. So this is how you use shared access signatures to grant others secure, limited access to your storage account. Instead of giving them your access keys, you
ExamCollection provides the complete prep materials in vce files format which include Microsoft Certified: Azure Administrator Associate certification exam dumps, practice test questions and answers, video training course and study guide which help the exam candidates to pass the exams quickly. Fast updates to Microsoft Certified: Azure Administrator Associate certification exam dumps, practice test questions and accurate answers vce verified by industry experts are taken from the latest pool of questions.
Microsoft Microsoft Certified: Azure Administrator Associate Video Courses
Top Microsoft Certification Exams
SPECIAL OFFER: GET 10% OFF
Pass your Exam with ExamCollection's PREMIUM files!
SPECIAL OFFER: GET 10% OFF
Use Discount Code:
A confirmation link was sent to your e-mail.
Please check your mailbox for a message from firstname.lastname@example.org and follow the directions.
Download Free Demo of VCE Exam Simulator
Experience Avanset VCE Exam Simulator for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your free trial.