All Microsoft Microsoft Certified: Azure Security Engineer Associate certification exam dumps, study guide, training courses are prepared by industry experts. Microsoft Microsoft Certified: Azure Security Engineer Associate certification practice test questions and answers, exam dumps, study guide and training courses help candidates to study and pass hassle-free!

Platform Protection: Network Security

14. Demo: Network Watcher

Now we are on the Azure Portal, and the first thing I've done is show you that I've already deployed three virtual Machines already. I've got VM tests 10, 2, and 3, and they're all in the resource group SLNetwork Watcher, which I've already created. Now one thing to note first of all is that in order to use Network Watcher, you do have to install a Network Watcher agent on the machines that you might want to use the Connection Monitor feature with. So, for example, if I go to VM Test 2 and scroll down on the left hand side, you'll see a section called Extensions, which you're probably familiar with if you took the AZ 100 exam or other Azure training.

And this is where you can add different extension agents, such as chef agents. but one in particular is that Network Watcher extension. You can see it's already installed on this one, and this is a Windows machine. If I go over to VM Test 3, this is a Linux machine where we've also installed, and you can see its operating system, Linux, here. And if we go to Extensions, you can see again that the Network Watcher agent is there. But just to show you how to install that, I'm going to go to test zero, where I haven't installed it yet. This is also a Windows machine, and we'll go down to Extensions, click Add, scroll down the left-hand side, and you will see Network Watcher Agent for Windows. And when you're building your virtual machines for the first time, you can also do it during provisioning. But first, we'll select Network Watch Agent for Windows, then click Create on the right, and then OK.

As you can see, it's initialising the deployment and is now deploying the agent. So it's logging into the machine and actually setting up that agent service to run inside the machine. So at this point we can come out of the virtual machines, and let's now focus on Network Watcher itself. To access it, click All Services. Type in Network Watcher, and you'll see it there. It's probably worth adding to your favourites because you'll probably return to it from time to time. Click Network Watcher, and this takes you into the Network Watcher overview section. First of all, on the right, you'll see your subscriptions and the regions that are supported by those subscriptions. In my case, I've got Skylines Primary, which is the one I want to use. If I expand this, I can see the regions and whether Network Watch is enabled or not in that particular region.

So I've deployed these machines in North Central. I've already enabled NetworkWatch in that region. Let's say I had them deployed in South Central. Well, I would just go over to South Central US, click these three little dots on the right for the context menu, and click Enable Network Watcher, and that will deploy the Network Watcher to that specific region as well. So just be aware of that; that's how you enable it. You may get some questions on this on the exam itself. So with those enabled, let's take a look. First of all, I am in the topology view, so I can click this.

This is under the monitoring section. Choose my subscription, Skylines Primary, select my resource group, SL Network Watcher, and immediately it will load up and show me. OK, I've got my VNet, my subnet, and I've got three network interfaces in there; those are the network interfaces associated with those three VMs, respectively. So it's quite a nice way to just get a viewpoint of what's going on in your environment, and you can also download that topology if you want to as well. Next, we'll take a look at the connection monitor. So let's click Connection Monitor on the lefthand side, and what we can do with Connection Monitor is basically track the connection between, say, two of our virtual machines for latency, whether they can reach each other, et cetera. So we click the add button here to create a new monitor, and we'll say that from VM Test 2 to VM Test 3, we choose our subscription and the virtual machine.

So we'll choose VM Test 2 and our target machine, VM Test 3, and we'll say port 22, which is our SSH port that we want to connect over. Again, we're connecting from the Windows machine to the Linux machine. We'll click "Add" at this point, and that will set up the connection monitor for us. After a little while, it should be complete. If you don't see it, just change the subscription to the one you created in the monitoring, and then it should show up for you there. And here you can see the monitor, and if you click the context menu, you can start, stop, or delete that monitor from there. Now to get the details, you need to click this details pane on the bottom, expand it out, and you might just need to move it up there slightly. Then you can scroll down, and now you can see details from that monitor.

So we can see if we scroll down, the average round-trip time is one millisecond. We know everything is fine; no probes have failed at this point, and we can also get more information to see that VM Test Two is connected on 10 5 Its next-hop IP address to reach that machine is 6, which is actually the IP of VM Test 3. If we scroll back up as well, you could get metrics on this; you could see the graph; you could sort of change the time; you could look at the data; and if you scroll down again, you could also create a topology view to kind of look at the connection between those two machines. There's nothing significant in this case. VM test zero two is going to basically, as its next hop, go into that VNet, which VM test three is in, and it's basically going to connect over 10 and 6. So this is just a great area for just monitoring connections between machines and just checking the overall health of them as well. So now we've covered connection monitoring. Let's scroll back over to the left. You'll notice you now have Alink for Network Performance Monitor.

They recently added this. In this course, we will not go over the COVID details of NPM. We sort of mentioned it in the lecture section. So you need to know what all the NPM monitors are for. But this is where you would add your NPM monitors that are part of your log analytics workspace at this point. What you do need to know is the difference between IP Flow Verify, Next Hop, and Security Group View. So if we start with IP Flow Verify, this is a way to check if a packet is allowed or denied from a virtual machine. So again, we can sort of go in here, choose our subscription, pick our resource groups—it's already there. And so on, Network Watcher, pick our virtual machine. We'll take VM Test Zero One. At this point, it will automatically select this interface once you've selected the virtual machine and said, "Okay, what about an outbound flow?" So let's say we want to go from VM Test 1. As an example, suppose we want to ping the Bing address. Let's go ahead and type the information in for that.

So a local port will have 60,000 put into a random local port there. And for a remote address, this is the Bing IP, which is 13 1721, 200.You could use any favourite website you have on your computer. and a remote port. We know this is going to be on port 80, which is the web port that we want to check against. And at this point, we click "check." It will take a second to scroll down. You'll see it says load in a minute; you might not even be able to scroll down any further. Here we go. It's actually already done, and you can see access is allowed. And the security rule that's allowing that is the "allow Internet outbound" rule. So there's a very simple way to kind of check that things are working from a connectivity standpoint, and if they're denied, it's going to tell you which rule basically denies it. And at that point, I'm just going to hop over to Security Group View, click OK, and we don't need to save anything there.

And, essentially, I can click in here and say "Skylines." Primary: choose my resource group; choose my network interface; select our virtual machine first of all. So click Vmtest 0/1 and choose that network interface. same thing here. You're going to get a list of all the effective rules that are in effect for that particular network interface and where they're coming from. If you want to isolate them using subnet and network interface rules, you can. So you can see that these are the network interface rules; these are the subnet rules; but ultimately, these are the effective rules themselves. And you can click in on one of these rules if you want to, like, deny Internet outbounds any additional information; it would be there.

If we scroll to the right, we can see the protocol, as well as whether it is denied or allowed. So just from an overall viewpoint, instead of going back into the MSG to kind of look at things one at a time, you can just come in here, select the interface you want, and download this rule set if you want to as well. Last but not least, Next Hop is quite useful as well. You actually get some of this from that connection monitor that you may have seen earlier on. But it's the same thing: I can click my subscription; I have my resource group; and I have my machine VM test zero one. Again, I've got my network interface source IP address, and let's say that the next destination was the Bing server. Again, this just tells you what the next hop will be for that particular website or whatever IP you're trying to get to. So, after typing that, we click Next Hop. It wouldn't take too long, just probably about 10 seconds.

Again, just like before, And as soon as it's done, you can see the result. Next, type in an internet IP address. doesn't really have one there; it's going straight out to the Internet itself. Now if we do 105, which is one of the other machines in that subnet, click Next Hop. You'll notice again that we're not going to have a Next Hop-specific IP because it's a machine that's in the same VNet. So you should get a virtual network as your next hop. Next-hop type Yep. Virtual Network. There is no specific IP there. And you can see this is coming from the route table, the system route, and the built-in routes that exist in the subnet itself. Now, if we had a firewall like a Palo Alto or a Checkpoint, and we put user-defined routes in that were redirecting traffic through a firewall, like an IDsIPS device, we'd see that IP address because we redirected the traffic to that IP. And then the rule sets would be applied to one of those network virtual appliances. a few other quick points to round out your knowledge VPN is troubleshooting itself here. If you need help troubleshooting any site-to-site VPN connections, we can help. Here we've got packet capture as well.

This is quite useful. You click Add, and essentially you can do the same thing. You can select the resource group, select our subscription first, choose the resource group, choose the machine, and give it a test capture. What it will essentially do is capture. Whether you want a maximum or minimum is up to you, along with how long you want to capture for and any filters you want to put on. But this is essentially a packet capture that will output as a cap file and store that in the storage account for you. You probably won't get asked anything on the exam about packet capture. Just know that this is where you would go to do it. And then we also have connection troubleshooting to do as well. Similar framework here; you've got your subscription resource group VM destination, but here are your probesettings that you would basically put in place.

You could use this for a specific destination port to check a TCP connection from a VM to either an FQDN or another IPV for address, but this is somewhat redundant in some cases to some of the other checks you've got there. It just depends on what you're trying to do. For connection monitor, you do have to have those agents running on both those machines; for some of the other services, you don't, basically. So just try to understand what it is you're trying to achieve if you're trying to monitor the connection between two machines. Connection monitors are where you want to go if you're trying to understand if traffic is allowed and what might be denying it, IPflow very far is where you would go.

If you're just trying to figure out, OK, what's the next hop, where is it going to go next? The next hop view is where you'd want to go, and then these other types can help you with things like packet capture, VPN troubleshooting, and so on. So, for the exam, you should definitely know what type of diagnostic tool or monitor you would use because those are the types of questions you're likely to see. And with that, this concludes the demonstration.

Platform Protection: Host Security

1. Lecture: Virtual Machines (VMs) Overview Part 1

Now that we've gotten all of that out of the way, let's get right into the meat of the matter, and take a look at virtual machines. For those who are unfamiliar with virtual machines, it is helpful to consider how your computer works. So you have some hardware—you have a CPU, memory, and disk—and on top of that, you have your operating system. So this could be Microsoft Windows or Mac OS, and on top of that, we obviously have our applications that we install. Well, along came virtualization many years ago, and the concept is still very similar.

We still have our hardware, so we still have to run our application somewhere and have our CPU, memory, and disk. But we install something in between, which is the hypervisor. And on top of the hypervisor, it can support multiple operating systems with multiple applications. So instead of just running one operating system that may only get used 10% of the time, we can run multiple operating systems and make much better use of that CPU, memory, and disk. And every single one of these is essentially our virtual machine. And when we're in Azure, we're basically doing the same thing. We don't manage the hypervisor on premises; you would typically manage something like VMware ESXi or Microsoft HyperV.

But in the public cloud, Microsoft presents us with a whole bunch of options for provisioning our virtual machines. And that leads us on to a really, really cool thing, which is all of the VM types available to us. Typically, on premises, we would have one or maybe two different variations of host. And every time Intel releases a new CPU, we would upgrade those hosts. But in the public cloud, because of the scale that they have, you have multiple choices available to you. So if we go through this, it's very important to understand and select the right instance type for your workload. The Asuras were the very first series that Microsoft introduced. They classified it as basic or standard. So Standard are our general-purpose virtual machines. And then there's a basic version of the ASUs for testing and development. Then we get on to B, which I remember as B for burstable. These instances can burst to the full capacity of the CPU when needed, but you get a discount because you're not using the machine a lot of the time.

So it's storing CPU credits, and then when it has to consume CPU, it can use those credits and use the full capacity of the CPU. Now, if you're going to use the CPU continuously, it's obviously not going to make sense because you're not going to store any credits and you're going to get worse performance, but it's a very cost-effective option. then I highly encourage people to use them during some of the labs and other things as well. D are the general-purpose ones. You'll see a lot of these around in the enterprise, and then we have memory optimization. These are the E series. You'll see there are some other memory-optimised ones out there. This is the newest memory-optimized series they brought out recently.

This is a high memory-to-CPU-core ratio. Then we go into the F series. The CPU is optimised immediately after memory optimization. And this is the reverse. So we have a high CPU core-to-memory ratio. And so it's kind of the opposite of the E series. The G series is available. You know, Microsoft calls us Godzilla. At least that's what people tell me when I'm walking around. You may be aware that Microsoft ignites very large instances at various conferences, hence the Godzilla name for large databases and big data use cases. High-performance computing, computational molecular modeling, and scientific applications followed. That's the H series. The L series is for storage. I remember this as L for Lun, like in the traditional sense of storage. And these are storage-optimized systems with a high disc group and high IO.

Then we got the M series, another very large memory series available. These are actually much, much larger than the E series. You can go up to three or five terabytes of RAM here. Then we have the N series, which is actually divided up into NV and NC, depending on the type you choose and what configuration you require. But these are graphics card-enabled instances. Finally, we have SAP Hana certified instances on Azure.

As you can see, there are a plethora of options to choose from. And then we go into specialization. So if you just got your head around it, like, "I've got all these types," well, now there are different specializations. And you notice this in the way the instance types are written out. So, for example, we've got S for premium storage. So if you see the D series, you'll also see a DS version. DSV 2, then, is a premium storage option. We have the M specialisation as well. That's for a larger memory of a configuration type. So if, for example, we've got a standard A-2, then you might see a standard A-2 M that just has more memory. And then the final one is R, which supports remote direct memory access, also known as RDMA. And you'll notice it in things like H-16, Mr.

2. Lecture: VMs Overview Part 2

Alright, so we have all of these various types and specializations, but how do we actually compare the CPU performance differences between different types? We know some might have a faster CPU and more memory, but are those calls actually equal in terms of actual performance? And so Azure Compute Units, also known as ACUs, are a way to compare CPU performance between different types and sizes of virtual machines. It's a Microsoft-created performance benchmark. So they took one of the ASU's virtual machines and started it at 100, and then equated all your different other instance types to that one.

Essentially, you can say that a VM with an ACU of 200 has twice the performance of a VM with an ACU of 100. And a good way to really look at all of this is to go to the OS reference documentation for Windows Virtual Machines or Linux Virtual Machines. And Microsoft actually lists all of these out for you. And these are actually great sites just from a deployment aspect and for revising for the exam. I highly encourage you to check them out.

And if we go to the Windows one here, what we'll see as this pops up is a section called Concepts. In here. If we expand that out, you'll see VM types and sizes. But if you scroll a little bit further down in types and sizes, you'll see Azure Compute units here. And if we expand this out, you can see here the SKU families, from zero to four.

And you can see the ACU numbers here. If we compare, say, anything in the range of 1 to 4, or 5 to 7, he's all about 100. And if we go down to something like a DS 1V 2, the performance there is going to be 210. The other thing to note is the two-to-one ratio that you'll see on the V threes, the DV threes, and the EV three S. And this is because they are now hyperthreaded. For example, a DV-2 might give you 210–250 on the ACU number, but when you go up to the V-3, you're actually getting less performance. So it's just something to keep in mind as you start to invest in your instance types in Azure. Definitely compare these, so you know what you're actually getting. Don't just think about the pricing calculator. If it's something that you're redoing that depends on the CPU

3. Demo: Create a VM

in the azure portal. And one of the things you might notice if you have built virtual machines before is that things have changed a little bit over time. A Microsoft continues to change this part of the portal, but we can go ahead and click Virtual Machines and see I've already got one virtual machine there. That's just a Linux virtual machine I've got running. I'm going to add another one. We're going to build a Windows virtual machine at this point. So I'm going to click "Add" right away. Now you'll see the Create a Virtual Machine panel appear, and you'll notice they've added these tabs across the top to make it easier to move forward and back throughout the process. If we go through the Subscription button, you would choose the subscription that you want to provision this virtual machine into and then choose the resource group that you want to use.

Now I've already got a resource group called AZDemo created, where VM-1 is currently located, but I'm going to add another VM to that resource group. So we'll continue to use the AZ demo. I now need to give it a virtual machine name. So in my case, I'm just going to refer to this VM demo as "One," and now I need to choose the region so I can choose any of the Azure regions that I'm entitled to provision into. In my case, I'll go with East US. And next, we have the availability options.

Now if I click this, you will see that sometimes we will get an availability zone and sometimes we will get availability sets. So availability sets were covered in one of the lectures, and if you haven't jumped to that yet, feel free to jump ahead to availability sets. Because availability sets are located within the same data center, you can have two virtual machines in separate racks of power and network connectivity. Availability Zones are located in the same region, but in different data centers. So it's another way to get additional redundancy.

Now Microsoft is rolling these out gradually to all the regions. If you click this icon, it's blurred out a little bit there, but you can click the little blue thing that says view locations that support availability zones, and then you can choose those, but I definitely encourage you to understand the differences between availability sets and availability zones because Microsoft is really emphasising availability zones going forward. Next, we choose the image. So I'm going to choose a Windows or Linux image here. These are the standard ones available to you, and you can choose Windows Server 2016 directly from this pane. Now, if I wanted to see all the images, I could click "Browse all images and disks," which would show me everything available to me from my marketplace. But in my case, I'm just going to do a 2016 data centre server. Next, we move on to the sizes, so I can click change size here. And this will give me all the different VM sizing options available to me.

And I can apply different filters to these. I can get rid of these filters if I want to. I can add additional filters. It is currently considering general-purpose premium discs in small sizes. That's why I'm only getting a few right now. If I get rid of the small, it's going to certainly open it up to a lot more sizes that are available to me. And in some cases, your subscription may just not support that. Or perhaps you've also got a policy in place that doesn't allow you to choose specific VM types. But in my case, I'm going to go back up, and I'm going to choose one of the B ones. I'm going to choose the B one, Ms. Two data discs are supported by that option, which is a one-processor system with two gigabytes of RAM. It has a maximum IOPS of 800, includes a temporary storage drive with four gigs on it, and is using premium disks. And on the right, I can see that my monthly cost is estimated to be $15.40.

Now, one thing to note with the B series, as you probably heard about when we did electron VM types, is that the B series does use the concept of CPU credits. As a result, when you do provision them, they may take a little longer to build. The purpose of the B series is really for web servers, so when they're not in use, they're generating credits. When they are in use, they're consuming those credits, but you don't want to use them if you're running things at 100% all the time. However, they are very cheap to run for lab purposes. You have a smaller memory version of the B-one. You got the B one, which is the double-memory version of the B one. much cheaper to run for the purposes of your lab. But again, they take a little bit longer to provide. But if you select one, then go ahead and click select, and then that takes you onto the next section. So now we need to include our administrator account. And you'll notice that things like admin aren't allowed.

That's a restricted word. If I go back and just type in my name, that is allowed. and we can move forward with that. and then you can go ahead and type in your password. This is the Windows password to get into the machine. Once we've got all that typed in and the password matches, we can then move on to the inbound port. The rules in this section are pretty important because if we want to RDP into the machine, say over the Internet, we do need to expose that. So we can allow selected ports and choose the ports that we want to expose. Or perhaps RDP is one I want to expose.

This is great that they added those things; they aren't just open by default. You have to choose to allow those inbound ports to be open, and you can further lock them down using Azure Security Center and just-in-time access as well. But for right now, yeah, just go ahead and select RDP. If you do plan on connecting to the machine after you've deployed it, which you'll need for some of the subsequent demonstrations that we do, One thing to note is the one difference between Windows and Linux here: in Linux, we could be prompted to generate a key and put that in here. Or we could use a user account. In Windows, we just use a username and password for the administrator account. If we keep going down, the next thing we have to do is save money, which is up to 49% if you already own an Azure licence for that Windows server.

So if you already have one, simply select yes and choose your licence type. You have to confirm that you have software assurance for that, and that will reduce the cost that you pay for those Windows servers. So this is a great benefit if you've got a lot of Windows machines that you move into Azure. You will get a cost benefit by already having that software assurance. But in my case, I don't. So I'm going to click no and then move onto the next panel, which is the disc section. So here are our disc types. And as you can see, this machine, because it is an S series, does support premium SSDs as well as standard SSDs and standard HDD as well.I'm going to just go ahead and choose PremiumSSD for my discs there, and then I can choose if I want to create and attach a new disc or attach an existing disc as well. So perhaps I deleted a machine, but I left behind a virtual hard disc that I want to attach to this machine. I could do that there if I wanted to just go ahead and create a second disk. And here you can see that I can choose my disc type. So, if I want to use a different type than the one I used for the primary disks, keep in mind that I currently have that OS disc on Premium SSD.

also have that temporary disc that's on a local disc associated with the host that the virtual machine runs on. So that has specific use cases where I want fast access to a locally cached disk. And then this disk Again, I can choose SSD, Premium, Standard SSD, or Standard HDD. In my case, I'm just going to choose a standard HDD right now. Choose the name of that disk. That's the Azure name for the disk, not the name inside of Windows. The size and then the source type If I want to choose a snapshot or a Blob that I already have of a VHD, I can do that. But in my case, this is just going to be an empty disc that I attach to this virtual machine. With that, I click OK, and then we scroll down a little bit further, and then I can move on to more advanced pieces as well. So if I want to use ManageDisks, the default is now yes. That's what we always recommend. But if I wanted to manage the discs myself, I could choose not to go there if I wanted to.

Next, we move on to networking. And in networking, first of all, you're going to see details around the network interface. So when you create a virtual machine, a network interface card is created for you and is associated with the virtual machine. I choose the virtual network that I want to connect this virtual machine to. So, once again, I could create a new virtual network or simply connect it to one that already exists. In your enterprise, you'll probably have a scheme of networks and subnets that you want to utilize. Choose the subnet. In my case, I just have the 100:00:24 subnet that I'm going to use and whether or not I want to create that public IP. So I can click here and by default it will prompt to create it, but I could choose "none" if I don't want the public IP. So perhaps I'm connecting through my VPN or Expressroute from my data centre that I have.Then I wouldn't need a public IP to access the machine. Or perhaps I'm using a point-to-site VPN connection to get into the virtual network in Azure.

Again, I wouldn't need a public IP, but in my case, I want a public IP so that I can just RDP into it. Because this is a standalone Azure environment and I'm not connected via VPN or Express Route, Then we come across NIC network security groups. So again, on a subnet, I can have my network security group, and I could just rely on the rules there.

But I could also have a network security group associated with the network interface card of the virtual machine itself. Now I have the option of not doing so; if I select none, you can see that all ports in this virtual machine may be exposed to the public internet, posing a security risk. So, obviously, I strongly advise you to select at least a basic one and then select which ports you want there. Or you can choose an advanced one. It takes away that basic option for you there. But you would then configure that network security group to be more specific to the rules that you want. In my case, I'm going to choose Basic. I'm going to choose Allow selected ports and select RDP as we previously did.

Next, we have the option of accelerated networking. Now, accelerated networking is only available on certain instance types and certain operating system versions. So perhaps you've got Red Hat 7 and you want the accelerated networking that is available on that machine. on specific D-series versions of the instance type. And that allows faster networking between virtual machines that have accelerated networking enabled. Essentially, it bypasses one of the virtualization layers and goes directly to the Nic card, improving throughput all around. So that's when you would use accelerated networking. Next, we have load balancing. So if we want to, we can place this virtual machine in the backend pool of an existing load balancing solution. In our case right now, we're not looking to do that or load-balance this with other virtual machines. So we will move on to the management section.

So under management, you can see how we have a few things. First of all, we have boot diagnostics, so we can opt to turn these on or off. And generally, we just keep them on because it helps us diagnose any problems in the virtual machine. Oscar diagnostics are available. If you covered the monitoring section earlier on in the course or in some of the other videos we have, this is where you can turn on those guest level metrics or you can just keep them off and just rely on the host level metrics from Azure and the diagnostic storage account, which is where the diagnostic logs associated with those two things are going to be stored. It will create one for you.

If you don't specify one for identity, as will be covered later on in Identity, you can have a system-managed identity automatically assigned to you. And then we have things like automatic shutdown. So enabling auto shutdown is something I always, always recommend you do in a lab environment. Turn it on, choose the time, and whatever time zone you're basically in, So in my case, I am in central time right now.

So go back the other way. It's going to be Central Time in the US and Canada, and at 7:00 p.m., this machine will basically shut off automatically, which will save me money in my lab. I can also choose whether or not to notify before shutdown. Next, we have backup itself. So one of the fantastic features about Azure is that you have backup built in, and it's as simple as clicking and enabling backup, choosing your recovery services vault if you have one, or creating a new one right now, and choosing a backup policy. And there are already some of those built in for you. So, if you want to back up your virtual machine, you should have this enabled by default, especially if you aren't using another third-party backup solution. But for the purposes of the lab, I don't need to back up this machine. So I'm going to turn that off and then move on to Guest Config.

Now, Guest Config is more focused on things like PowerShell, DS extensions, Chef Puppet, etc. They're not something we're going to cover in COVID right now, but you will see them in a separate module in the course if you haven't already done so already. So we're going to move on to tags. Tags are really just a way for us to organise our data. You've probably seen some tags in demos already, but let's say I just wanted my cost center. My cost centre is lab in my case. I can use this point in time to go ahead and add various tags to my build. Finally, I can review and create. And this is great because it also gives us the option to download the template. And you'll see Arm templates in automation much later in the course. But you can download the template for use in your automation tools right here before you go ahead and build it. But if you are happy with it, check through everything, make sure everything is as expected, and then go ahead and click Create. and that will begin building your virtual machine.

Windows Machines B take approximately five to ten minutes to complete. You know, if you choose a D series on PremiumDisk, then they'll be created in much less time. And finally, Linux machines are a little bit quicker as well. So there are plenty of options. But you can monitor your deployment here. You can cancel it during deployment if you want to. You can see the services in Azure that have already been deployed. You'll notice that, like the IP and the NSG, the discs are all separate services. You can watch them deploy there if you want to. You can also go and see the template on the left hand side. You can still download it here if you want to. You can add it to your library if you want to redeploy similar machines. This is a good way to kind of create that Arm template and get it the way you want it for deployment later via automation. But with that, this concludes the demonstration. And in the subsequent demos, you will see how to connect to your Windows or Linux machines.

Microsoft Certified: Azure Security Engineer Associate certification practice test questions and answers, training course, study guide are uploaded in ETE files format by real users. Study and pass Microsoft Microsoft Certified: Azure Security Engineer Associate certification exam dumps & practice test questions and answers are the best available resource to help students pass at the first attempt.