CASE Studies in AZ-104

Hello Everyone… 🙋‍♂️ this is Akash here.

Let me tell you, Recently I have cleared my azure administrator exam AZ-104 and I found the key areas where we have to keep more focus while doing this certification. This might help you to clear the exam as well.

This Certification based on skills as listed below,

1. Manage Azure identities and governance
2. Implement and manage storage
3. Deploy and manage Azure compute resources
4. Configure and manage virtual networking
5. Monitor and back up Azure resources

But, more priority on, Which are purely based on Practical and Case Scenario.
a. Configure and manage virtual networking (Up to 35%)
b. Deploy and manage Azure compute resources (Up to 30%)
c. Manage Azure identities and governance (Up to 20%)

Below are the scenario which mostly cover the above areas, let’s see one by one.

A. Site to Site VPN Connection (S2S VPN)

What is S2S VPN?

A site-to-site virtual private network (VPN) is a connection between two or more networks, such as a corporate network and a branch office network.

In azure, Here we basically connect On prem Customer site →to → Azure Cloud.

Source from: https://docs.microsoft.com/en-us/azure/vpn-gateway/media/tutorial-site-to-site-portal/diagram.png

Actions which minimize cost and create VPN connection,

1. Create local site VPN gateway
2. Create azure VPN gateway (Which SKU is VpnGw1)
   (Choose cost effective and appropriate SKU which helps us in minimizing the cost)
   Extra: Before we create VPN gateway we need Virtual Network. Used for gateway subnet address range.
3. Create connection.

B. Suppose your organization wants to Linux VM’s deployed in Azure infra and issuing a policy that each VM only be authenticate by a system other than Password/ Credential. Which is the best authentication method for the same?

Ans: Use SSH Key, why
SSH is the default connection protocol for Linux VMs hosted in Azure.
is an encrypted connection protocol that provides secure sign-ins over unsecured connections.

{If you do not wish to use SSH keys, you can password authentication to Linux VM. If your VM is not exposed to the Public Internet, using passwords may be ok. However, Still we need to have manage passwords for each Linux VM and maintain healthy password policies and practices, such as minimum password length and regular updates. But as per questions we have to choose authentication method rather than password.}

C. Your company having 3 VM’s Deployed in azure with a Single Load Balancer (LB), You want to ensure that LB can load balance request across the 3 VM’s.
Ans: Ensure that the LB is created in the same Virtual network where VM’s are created. But Why LB is in Same Virtual network, because we will get high availability through load balancing and this will be done by with the help of LB.

For Application tier and backend databases can be run behind an ILB so that they are not exposed to public Internet use. This enables internal Line of Business applications to run in Azure and be accessed within the cloud or from on-premises. When we exposing the application or service to Public Add Public load balancer into picture to enhance the security.

D. Your company wants to transfer 6 TB of data to azure subscription. Company planning to use Azure Import/Export Service.
Ans: Here data amount is large so company decided to use azure import/export service. By using this we can securely import data to azure Blob storage and Azure file by shipping disk drive to an azure Data Center.

On Prem {Large Size Data} — → <Import/Export> → — Azure DC.

E. In azure AD tenant, a administrator Enabled Self sign password reset (SSPR) for all users and enabled Security questions for authentication. Do other administrators have required to answer those security questions?

Ans: No. For azure administrator role, the password reset policy is different. Wherein they are not asked for security questions. This policy only applicable to users.

F. Company wants to sync on premises file server with azure cloud file. what are the Actions to perform to implement?

Ans: This will be achieved by using below steps,

1. Install the azure file sync agent on on prem window server.
2. Register windows server with storage sync service.
3. Create a sync group and a cloud endpoint.
4. Create a server endpoint

Hybrid file service.

This is the hybrid case scenario.

Windows server -(Azure file sync agent)→Azure File share

Server Endpoint → Windows File Server

Cloud Endpoint →Azure File

If you want me to write more scenario based questions, please do comment on this.