Recently passed the 70-533 exam and earned a MCSE. Now I’m studying for the transition exam AZ-102 (expiring March 31, 2019), which would give me the Azure Administrator Associate badge. In this post I will give a short description on which methods I used to pass AZ-102.
The resources I used were:
- Sharon Bennett’s LinkedIn course (30 days free trial)
- Saw the videos on the Microsoft Learn portal
- Tested my self through the official practice tests on mindhub
- Used the official Azure documentation.
- Hands-on labs in a Azure subscription (30 days free trial).
The exam is broken into 8 sections:
-
- Manage Azure Subscriptions and Resources (5-10%)
- May include but not limited to: Configure diagnostic settings on resources; create baseline for resources; create and rest alerts; analyze alerts across subscription; analyze metrics across subscription; create action groups; monitor for unused resources; monitor spend; report on spend; utilize Log Search query functions; view alerts in Log Analytics
- Implement and Manage Storage (5-10%)
- May include but not limited to: Create Azure file share; create Azure File Sync service; create Azure sync group; troubleshoot Azure File Sync
- Configure and manage virtual networks (15-20%)
- May include but not limited to: Create and configure VNET peering; create and configure VNET to VNET; verify virtual network connectivity; create virtual network gateway
- May include but not limited to: Configure Azure DNS; configure custom DNS settings; configure DNS zones
- Manage identities (15-20%)
- May include but not limited to: Add custom domains; configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming; configure self-service password reset; implement conditional access policies; manage multiple directories; perform an access review
- May include but not limited to: Install and configure Azure AD Connect; configure federation and single sign-on; manage Azure AD Connect; manage password sync and writeback
- Evaluate and perform server migration to Azure (15-20%)
- May include but not limited to: Discover and assess environment; identify workloads that can and cannot be deployed; identify ports to open; identify changes to network; identify if target environment is supported; setup domain accounts and credentials
- May include but not limited to: Migrate by using Azure Site Recovery (ASR); migrate using P2V; configure storage; create a backup vault; prepare source and target environments; backup and restore data; deploy Azure Site Recovery (ASR) agent; prepare virtual network
- Implement and manage application services (5-10%)
- May include but not limited to: Create and manage objects; manage a Logic App resource; manage Azure Function app settings; manage Event Grid; manage Service Bus
- Implement advanced virtual networking (5-10%)
- May include but not limited to: Monitor on-premises connectivity; use network resource monitoring and Network Watcher; manage external networking and virtual network connectivity
- Secure identities (5-10%)
- May include but not limited to: Enable MFA for an Azure tenant; configure user accounts for MFA; configure fraud alerts; configure bypass options; configure trusted IPs; configure verification methods; manage role-based access control (RBAC); implement RBAC policies; assign RBAC Roles; create a custom role; configure access to Azure resources by assigning roles; configure management access to Azure
- Manage Azure Subscriptions and Resources (5-10%)
If you can answer (and know the reason behind the answer) the following questions regarding Azure, you should be ready to take the AZ-102 exam. For each question I will provide a link to the answer. There might be more than one correct answer to a question, but the questions link points to which tool or technology you should know about in order to pass.
- Manage Azure Subscriptions and Resources (5-10%)
- Which method(s) allows you to configure diagnostic logs settings for your Azure resources?
- Azure Portal, PowerShell, Azure CLI, ARM templates and REST API.
- https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs
- Which Azure resources supports diagnostic logs?
- Where can diagnostic logs be stored?
- Storage account, event hub and log analytics.
- https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs
- Which PowerShell cmdlet enables or disables diagnostic logs on a resource?
- What is PT1H, and what does it mean in Azure diagnostic?
- Time grain for all capacity metrics is one hour (PT1H).
- https://docs.microsoft.com/en-us/azure/storage/common/storage-metrics-in-azure-monitor
- Which features does Azure Automation support?
- Process automation, configuration management, update management and shared capabilities.
- https://docs.microsoft.com/en-us/azure/automation/automation-intro
- Which Azure Automation feature allows you to prevent server configuration to drift?
- Which 3 steps are involved by creating a alert from Azure Monitor?
- 1) Alert Condition (target & criteria), 2) Alert Details (name, description, severity and enabled/disabled), 3) Action Group (name, short name, subscription, resource group and actions type).
- https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/alert-metric
- What is a “smart group” in in Azure Monitor?
- What is the 3 alert states in Azure Monitor?
- New, Acknowledged and Closed.
- https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-alerts
- What is the Azure Analyze Metrics update frequency?
- One-minute frequency (near real-time visibility).
- https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-collection
- What is the maximum retention period for metric data?
- Which methods allow you to access the metric data?
- Azure Portal, REST API, PowerShell and Azure CLI.
- https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-collection
- What is the PowerShell cmdlet to get all the alert history?
- Get-AzureRmLog -Caller “Microsoft.Insights/alertRules” -DetailedOutput -StartTime <datetime>
- https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/insights-powershell-samples?toc=/azure/azure-monitor/toc.json
- What is the PowerShell cmdlet to get all the alert rules?
- Get-AzureRmAlertRule -Name <rule name> -ResourceGroup <resource group> -DetailedOutput
- https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/insights-powershell-samples?toc=/azure/azure-monitor/toc.json
- If a spending limit is reached in a Azure subscription, what will happen with all the resources?
- All the resources will be disabled for the rest of the billing period (not for pay-as-you-go subscriptions).
- https://docs.microsoft.com/en-us/azure/billing/billing-spending-limit
- What is the maximum characters in a resource tag name?
- Which resources support tags?
- Which service can you use to get applied updates to virtual machines in Azure?
- Which method(s) allows you to configure diagnostic logs settings for your Azure resources?
- Implement and Manage Storage (5-10%)
- In which Azure service can you create Azure File Shares?
- What is maximum quota on a Azure File Share?
- Which PowerShell cmdlet will allow you to create a Azure File Share?
- What does Azure File Sync do?
- What is Cloud Tiering in Azure File Sync?
- A switch to enable or disable cloud tiering. With cloud tiering, infrequently used or accessed files can be tiered to Azure Files.
- https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?tabs=portal
- What does the folder “.SystemShareInformation” contain?
- Metadata.
- Which files are automatically excluded in Azure File Sync?
- What is the Azure File Sync service named in Windows Server?
- What are the Azure File Sync filter drivers named?
- StorageSync.sys and StorageSyncGuard.sys.
- https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-troubleshoot?tabs=portal1%2Cportal
- What is the PowerShell module called to review and see sync issue for Azure File Sync?
- AFSDiag.ps1 (located “c:\Program Files\Azure\StorageSyncAgent”).
- https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-troubleshoot?tabs=portal1%2Cportal
- How do you turn on debug mode while installing Azure File Sync?
- StorageSyncAgent.msi /l*v AFSInstaller.log
- https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-troubleshoot?tabs=portal1%2Cportal
- Will the Azure File Sync agent installation fail if Microsoft Update is enabled and Windows Update service is not running?
- Yes
- Is the Azure File Sync agent installation fail if the server is not registered?
- Yes, reset the Storage Sync Server to resolve.
- What does it mean when the endpoint creations fails with “AuthorizationFailed”?
- User account does not have the correct permissions in Azure.
- Configure and manage virtual networks (15-20%)
- Which assignment method must the public IP be configured with regarding VPN gateways?
- What are the SKUs for the virtual network gateway in a route-based VPN gateway type?
- Basic, VpnGw1, VpnGw2, VpnGw3
- https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
- How many Point-To-Site (P2S) connections can a virtual network gateway handle?
- What is Azure Virtual Network (VNet) Peering?
- Virtual network peering enables you to connect virtual networks in the same region, across subscriptions and regions (also known as Global VNet Peering) through the Azure backbone network (never exposed to the internet).
- https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering
- How many virtual network peering is supported by virtual network?
- 50 (10 is the default)
- https://azure.microsoft.com/is-is/pricing/details/virtual-network/
- What is the PowerShell cmdlet to create a VNet peering from one to another?
- Add-AzureRmVirtualNetworkPeering
- https://docs.microsoft.com/en-us/powershell/module/azurerm.network/add-azurermvirtualnetworkpeering?view=azurermps-6.13.0
- What is the PowerShell cmdlet to create a site-to-site (S2S) connection between virtual network gateways or on-premise devices?
- New-AzureRmVirtualNetworkGatewayConnection
- https://docs.microsoft.com/en-us/powershell/module/azurerm.network/new-azurermvirtualnetworkgatewayconnection?view=azurermps-6.13.0
- What is the PowerShell cmdlet for creating a Azure DNS zone?
- Which PowerShell cmdlet allows you to set DNS records?
- Manage identities (15-20%)
- Which records can you use to verify a custom domain name i Azure AD?
- Which edition of Azure AD is Azure AD Identity Protection available from?
- In Azure AD Identity Protection which three user risk level are available?
- Does Azure Global Administrators have local administrator permissions on Azure AD domain joined devices?
- What is the maximum number of questions required to register in Azure AD Self-Service Password Reset (SSPR)?
- What is the minimum number of questions required to reset in Azure AD Self-Service password Reset?
- What is the minimum license for Azure AD Access Reviews?
- Azure AD Premium P2 or Enterprise Mobility + Security (EMS) E5
- https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
- Where can you take action on Azure AD Access Reviews for users?
- Azure AD Access Panel
- https://docs.microsoft.com/en-us/azure/active-directory/governance/perform-access-review
- Evaluate and perform server migration to Azure (15-20%)
- What version of vCenter Server is supported in Azure Migrate?
- Version 5.5, 6.0, or 6.5
- https://docs.microsoft.com/en-us/azure/migrate/migrate-overview
- Which region is the metadata stored in Azure Migrate?
- West Central US/East US
- https://docs.microsoft.com/en-us/azure/migrate/migrate-overview
- How many VMs are supported in a single discovery using Azure Migrate?
- How many projects are supported in a single subscription for Azure Migrate?
- Which kind of disk is supported for the migration assessment in Azure Migrate?
- What does OVA stand for in a Azure Migrate environment?
- Open Virtualization Appliance
- https://docs.microsoft.com/en-us/azure/migrate/migrate-overview
- What are the three assessments delivered in Azure Migrate?
- Suitable Workloads, Sizes and Monthly Cost Estimate.
- https://docs.microsoft.com/en-us/azure/migrate/migrate-overview
- What are the different status suitability in the assessment done by Azure Migrate?
- Ready for Azure, Conditionally ready for Azure, Not ready for Azure and Readiness unknown.
- https://docs.microsoft.com/en-us/azure/migrate/concepts-assessment-calculation
- What the workload suitability for machine properties in Azure Migrate to get the status Ready for Azure?
- Boot type BIOS, less or equal than 32 CPU cores, equal or less than 3892 GB RAM, equal or less than 65 HDD attached with less than 4TB of allocated size and 32 NICs or less.
- https://docs.microsoft.com/en-us/azure/migrate/concepts-assessment-calculation
- What is the guest OS suitability for Azure Migrate to get Ready for Azure?
- Windows Server 2008+ and endorsed Linux distributions.
- https://docs.microsoft.com/en-us/azure/migrate/concepts-assessment-calculation
- In the workload suitability of sizes, which options are allowed?
- Performance (storage, network and compute) and on-premises sizing.
- https://docs.microsoft.com/en-us/azure/migrate/concepts-assessment-calculation
- What is the collector in Azure Migrate?
- The Azure Migrate Collector is a lightweight appliance that can be used to discover an on-premises vCenter environment for the purposes of assessment with the Azure Migrate service, before migration to Azure.
- https://docs.microsoft.com/en-us/azure/migrate/concepts-collector
- What is collected with the collector in Azure Migrate?
- VM display name, VM inventory path, IP address, MAC address, OS, number of cores/disks/nics, memory size, disk size and performance counters vm, disk and network.
- https://docs.microsoft.com/en-us/azure/migrate/concepts-collector
- What is the valid options for the replication frequency in Azure Site Recovery?
- 30 seconds, 5 minutes or 15 minutes for Hyper-V. For VMware the replication is continuous.
- https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-faq
- Which storage account types are supported in Azure Site Recovery?
- Only storage general purpose v1
- https://docs.microsoft.com/en-us/azure/site-recovery/tutorial-prepare-azure
- Is it necessary to place the storage account for site recovery in the same region (location) as the recovery services vault?
- Yes (the sames goes the for the virtual network)
- https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-faq
- How many steps are there in preparing source and target environments for Azure Site Recovery?
- 5 (step 1: protection goal, step 2: deployment planning, step 3: prepare source environment, step 4: prepare target, step: 5 replication settings)
- https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure
- Which command can you use to install the mobility service for Azure Site Recovery?
- UnifiedAgent.exe /Role “MS” /InstallLocation “C:\Program Files (x86)\Microsoft Azure Site Recovery” /Platform “VmWare” /Silent
- https://docs.microsoft.com/en-us/azure/site-recovery/vmware-physical-mobility-service-install-manual
- Is deploying a Windows Server 2016 with the DHCP role to Azure supported?
- What is the maximum size for a VHD?
- What version of vCenter Server is supported in Azure Migrate?
- Implement and manage application services (5-10%)
- Which tool(s) can be used to manage Azure Logic Apps?
- Logic Apps Designer, Templates or Visual Studio
- https://docs.microsoft.com/en-us/azure/logic-apps/quickstart-create-first-logic-app-workflow
- What happens when the daily usage quota is met on a Function App?
- The Function App will be stopped until the following day.
- https://docs.microsoft.com/en-us/azure/azure-functions/functions-how-to-use-azure-function-app-settings
- Service Bus queues allow for what type of communication between systems?
- One-direction communication
- https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-queues-topics-subscriptions
- What does the Event subscription handle in Event Grid?
- A subscription tells Event Grid which events on a topic you’re interested in receiving. When creating the subscription, you provide an endpoint for handling the event. You can filter the events that are sent to the endpoint. You can filter by event type, or subject pattern.
- https://docs.microsoft.com/en-us/azure/event-grid/concepts
- Which tool(s) can be used to manage Azure Logic Apps?
- Implement advanced virtual networking (5-10%)
- Which tool can evaluate health on a on-premise domain controller, AD FS and WAP from Azure?
- Azure AD Connect Health Agent
- https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install
- Which service can be used to perform health checks on on-premise and Azure networks?
- Network Performance Monitor (NPM)
- https://docs.microsoft.com/en-us/azure/azure-monitor/insights/network-performance-monitor
- What tools includes the NPM?
- Performance Monitor, ExpressRoute Monitor and Service Endpoint Monitor.
- https://docs.microsoft.com/en-us/azure/azure-monitor/insights/network-performance-monitor
- Which tool can evaluate health on a on-premise domain controller, AD FS and WAP from Azure?
- Secure identities (5-10%)
- In Azure MFA, if you need to change the usage model in a provider, what should you do?
- Re-create the usage model.
- https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-authprovider
- What is the PowerShell cmdlet to assign a user a new RBAC role in Azure?
- Which tools allows you to create custom RBAC definitions?
- PowerShell, Azure CLI or the REST api.
- Which PowerShell cmdlet allows you to create a new definitation?
- In Azure MFA, if you need to change the usage model in a provider, what should you do?
Let me know how you studied for the exam in the comments below.
Congratulations with the exam! And thank you for sharing all the ressources!