Wednesday, May 27, 2020
Home Tech Microsoft Exam AZ-103: Microsoft Azure Administrator

Exam AZ-103: Microsoft Azure Administrator

During the Microsoft ignite in November 2019 Orlando, FL I have taken a free exam try on the AZ-103. Unfortunately I did not pass the exam with a score of 580 (without learning).
During the week I’ve followed multiple related sessions and build my own Microsoft AZ-103 Cheat Sheet which I’m happy to share with you.

The AZ-103 is a new certification which combines the (retired) AZ-100 & AZ-101 & AZ-102 exams. The exam of AZ-103 gives you a clear image of the possibilities and limitations of Azure.
As Azure administrator you need to be able to setup your Azure playground on the most efficient way to reach your desired goal of the Microsoft IaaS solutions. During my technical sessions at ignite I made a handy summary for those intent to complete the AZ-103 exam and earn their badge & certificate.

General:
Understanding the difference between monitor, advisor & cost management:
* Monitor is regarding monitoring the environment and gives insight of the metrics of your Azure playground. Tip: To monitor network traffic it’s advised to use Azure Network Watcher.
* Advisor gives the recommendation of the environment. How to make your Azure playground better, faster and more optional avail abilities. The Advisor gives also advice about machines that are running at at full capacity and how to run than better and faster.
* Cost management gives insight in the total cost and how to get more value of your money spent in your Azure playground.

Data migration tools:
During my sessions some migration tools to use:
* Data migration Assistant Tool – Which is being used for migrating SQL databases.
* Microsoft Azure Storage Explorer – Which is being used for transport of data between Azure & on-prem.
* Azure Import / Export Service – This is a service for migration of large bulk data by transmitting the physical storage
* Azure File Sync – Tool being used to sync files permanent between Azure & on-prem.
* Azure Site Recovery – This is mainly for recovery / disaster recovery of your Azure playground. Azure site recovery takes care of the 2nd synced environment which can be enabled when the primary playground is unavailable. Azure sire recovery can also being used to move on-prem machines to Azure.
* AZCopy.exe – CLI utility for copying data from on-prem to an Azure Blob or Azure File Storage.

Exam AZ-103 tips & trics:
* During the exam take a good look at ALL the answers. Usually 2 answers are absolutely rubbish and not relevant.
* VM’s can be moved to another resource group incl their resources HOWEVER not it’s VNET. This needs to be re-created in the other resource group.
* When a resource group from location A is being moved to location B within the same geographic location than it remains the same RG.
* Max. FaultDomain is 2,3 and Max. Update domain is 20.
* To deploy Linux machines inclusive custom settings and software you have to create a “Cloud-init.txt” file and use the “AZ VM CREATE” command.
* MFA will be enabled via Conditional Access.
* Alert SMS messages can only being sent “every 5 minutes”.
*You can group certain NIC’s of virtual machines via the ASG (Application Security Group). As long as they are within the same virtual network. The ASG can also being used within NSG (Network security group). This way you maintain the security of your machines despite if they are on a subnet or network.

Virtual Machines:
* Virtual machines can be placed in a “availability zone”. This means that the machines their own name and configuration but the machines are running differently over several fault- and update domains. This to protect when the playground becomes unavailable.
* Virtual machines can be set in “scale-set”. The set contains several identical machines running on metric basis (scale out) and scaled in. So example when the processor load is above a certain percentage than machine X comes in with several scaled in machines to reduce the load.
* Virtual machines can be enrolled with the use of templates. This way you can spin up multiple VM’s at the same time.
* Changing the format of the VM, this effect of course the cost of the machine. Also when MIND YOUR STEP: When changing the format of a VM. You will ALWAYS need to reboot your VM.
* Azure Automational State Configuration makes it possible to write DSC (Desired State Configuration) and to maintain it. DSC makes it possible to supply the machine of a specific configuration or role even if the user manual overwrites the current config.

Azure Storage accounts / backups:
* The recovery service vault can only backup resources within own geographic environment.
* To restore a VM from recovery service and you wish to add the availability set to a case to restore certain disks (and not the VMs), you will need to run a script to create a new VM with the disks in a availability set.
* Managed Disks could NOT be moved in the past but NOW it can be moved to another resource group or subscription.
* Azure backup can backup managed disk and even un-managed disk these days.
* ZRS (Zone Redundant Storage) accepts only StorageV2 accounts ( so it won’t accept NO storage or Blob).
* When choosing for Blob storage and when choosing for file storage?
Well a file storage you choose when a SMB share is created for storing tools. When you want to store data via REST interface or when web-data of streaming than Blob can be better used for storing this type of data.
* GRS (Geo-redundant storage) & RA-GRS (read access Geo-redundant storage).
RA-GRS is way more expensive, contains read access to the data in a remote zone. Despite when Microsoft fail over when GRS is enabled and there is a fail over then you always are able to access your data.
* General-PurposeV2 is a combination of older general-purpose storage & Blob storage. General PurpiseV2 supports queue, table and disk storage, and just like in Blob storage it supports hot and cool and archive tiers. Hot is optimized for data that is being used often. Cool is data that is not being used on daily basis and archived is data that is only being used once in a while…it also supports General-PurposeV2 as the same goes for Standard and Premium performance tiers.

Virtual Networking:
* To connect VNETS and NSG’s can only be done within the same geographic environment.
* Classic VNETs can’t be moved to another resource group.
* VNETs can always be connected to each other with VNET Peering or Virtual Network Gateway. No matter where the networks are configured (subscription, location etc.)
* Subnets can sent default traffic to and from when the option is set to automatic routing between the VNETs address spaces. Traffic between VNETs are not being routed.
* Private IP = Intern IP. Each NIC has a private IP and can be provided with a public (external) IP address.
* Load balancers:
a load balancer can be enabled to device network traffic between 2 or multiple virtual machines. The load balancer can sent traffic by connection 1 sending to machine A and by connection 2 it can sent the traffic to machine B.

Subscription, tenant and Azure AD
* Know the difference between a subscription, tenant & Azure AD.
Tenant = registration of a *.onmicrosoft.com
Subscription = a folder where resources are being managed and connected with a credit card (payment method).
Azure AD = Azure active directory manages users for 1 or multiple subscriptions. Azure AD is a service that is a stand-alone from the tenant but is connected.
1 Tenant can have multiple subscriptions and AD’s, but not the other way around. When creating the tenant it also created the Azure AD to manages the name. When a tenant is being registered there is usually a custom DNS name attached to it ( instead of the *.onmicrosoft.com).
You need to see a tenant as main container. Merging of tenants can be a challenging job.
Multiple subscriptions can use the same ADs in the tenant as trusted ID provider. But each subscription can ONLY have 1 AD trust.
Please see below to summary the AzureAD under “Resource Providers”.

Azure Powershell & Bash (CLI):
To manage Azure (on-prem) you need to have the “AZ” module. You can install this via: “Install-Module -Name Az -AllowClobber”. You will also need the the Azure resource manager module which is: “Install-Module AzureRM”
To sign in you simply type: “Connect-AzAccount”
* To login via CMD or Powershell you type: “AZ login”
* Powershell commands start with what you need to do such as (New/Login/Get etc.)
* CLI commando’s start with “AZ” followed by objects such as “group/network/storage account” and then followed by the action. Those can be: “create / check-name” etc.
From the Azure portal you can also start the webconsole of Azure Powershell or CLI.

Powershell v.s CLI:
* PS: New resource group: ” New-AzureRmResourceGroup
New-AzureRmResourceGroup -Name SatA -Location “WestEurope” -tag @{environment=”SatA”; type=”RG”}
* CLI/Bash: New resource group: ” az group create
az group create –name SatB –location WestEurope –tags environment=SatB type=RG
* PS: Set a lock on the RG: “New-AzResourceLock
New-AzResourceLock -LockName LockHQ -LockLevel CanNotDelete -ResourceGroupName HQ -Force
* PS: Delete a resource group: “Remove-AzureRmResourceGroup
* PS: “Move-AzureRmResource” to move a resource group.

Thank you:
Thank you for reading this post about the Microsoft AZ-103 exam Cheat Sheet. Now this means this is NOT the sheet to pass the exam. This is my own written summary by Bart van der Does with the help of the technical sessions at Microsoft ignite 2019 in Orlando, FL.
It covers the basics of the exam, from the 53 multiple choice questions I had, 1 case study and 2 labs. In the labs you don’t always have all possibilities, I also found out that the exam had a lot of questions about data migration & VNETs. You are required to earn 700 points minimal in order to pass the exam. So you don’t have to answer every question correctly please please READ READ AND READ every question carefully!
The algorithm of Microsoft decides how much points for each question is there to earn and lab. With the labs it’s about the end result and not about the way you getting there. If you are familiar with Powershell then please do so. It’s important to understand the topics and to know where you can find the objects in Azure. So study hard and become an Certified Azure Administrator!

Regards,

Bart van der Does

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Bart van der Does: Arnold Palmer Invitational

Please come back later to see full review(Under construnction 17-03-2020)

Bart van der Does: Donald Trump National Doral – Miami, FL

Jack Nicklaus, Bobby Jones, Lee Trevino, Sam Sneed, Arnold Palmer, Tom Kite, Seve Ballesteros, Nick Faldo, Ernie Els, Tiger Woods as the...

Titleist EXP•01 | “Straight from the R&D Lab”

From all the years on tour I worked as a caddie on the PGA European Tour I fancy the first tournaments of the year....

Recent Comments