Azure Virtual Networks

Question 1

What is an ASG?

Answer 1

Azure Application Security Groups allows you to configure the network security as a natural extension of the structure of an application. This allows you to group VMs and define network security policies based on those groups.

Question 2

What dose NSG stand for?

Answer 2

Network Security Group

Question 3

What is an NSG?

Answer 3

NSG is a Network Security Group which is used to manage the ingoing and outgoing network traffic to an Azure resources like VMs, Web Applications, etc.

Question 4

What dose ASG stand for?

Answer 4

Application Security Groups

Question 5

What is Vnet Peering

Answer 5

This is used to connect different Vnets together

Question 6

How to create subnet using Powershell

Answer 6

Net-AzVirtualNetworkSubnetConfig

Question 7

How to create Vnet using Powershell

Answer 7

Net-AzVitualNetwork

Question 8

How to create a public ip using Powershell

Answer 8

New-AzPublicIpADdress

Question 9

How to create network security group using Powershell

Answer 9

New-AzNetworkSecurityGroup

Question 9

How to create a network security rule using Powershell

Answer 9

New-AzNetworkSecurityRuleConfig

Question 10

How to create network interface using Powershell

Answer 10

New-AzNetworkInterface

Question 10

What is a user-defined routes?

Answer 10

User-Defined Routes allow you to define custom routing tables to control the flow of network traffic within your Azure virtual networks.

Question 11

What is a benefit to having Vnet Service Endpoints

Answer 11

This will enhance the security of your Azure Service Resources by securely connecting them to the Vnet. This will also completely remove internet access to the resource, only allowing access via your Vnet.

Question 12

What is Azure Alerts?

Answer 12

Azure Alerts will monitor device status and sent alerts to IT Admins when the alert has been trigged

Question 13

What is a Azure Load Balancer?

Answer 13

This is used to distribute incoming traffic to backend VMs. This operates at layer 4 of the OSI model.

Question 14

What are the different components of Azure Load Balancers

Answer 14

Azure Load Balancer
Backend VMs
Frontend IP config
Backend pool
Health probe
Load balancing rules

Question 15

What are the two Azure Load Balancer SKU’s

Answer 15

Basic Load Balancer
Standard Load Balancer

Question 16

What is the frontend IP config?

Answer 16

This is the IP address assigned to the load balancer. If you need load balance from the internet you can use public IP.

Question 17

What is the backend pool?

Answer 17

This is the pool of VMs that the load balancers will distribute the traffic accross.

Question 18

What is the health probe?

Answer 18

The health probe is to monitor the backend VMs to make sure they are healthy before the load balancer will send traffic towards it.

Question 19

What are load balancing rules?

Answer 19

These are rules used to map the traffic from the user to the backend VMs

Question 20

What are the benefits to using a basic load balancer?

Answer 20

• This can support up to 300 instances in the backend pool
• The backend VMs can be in an availability set or scale set
• Health probes can only be TCP or HTTP
• No SLA

Question 21

What are the benefits to using a standard load balancer?

Answer 21

• This can support up to 1000 instances in the backend pool
• The backend pool can contain any VM or VM scale set in a Vnet
• Health probes can only be TCP, HTTP or HTTPs
• SLA of 99.99%

Question 22

What is a public load balancer?

Answer 22

This is a load balancer is getting incoming traffic from the internet using a public IP

Question 23

What is a internal load balancer?

Answer 23

This is a load balancer that is getting incoming traffic from within a Vnet using a private IP.

Question 24

What are NAT rules used for?

Answer 24

NAT rules are used to allow users to use protocols like RDP into VMs via load balancer

Question 25

What is the Application Gateway Service?

Answer 25

Application Gateway is a web traffic load balancer working at the application layer meaning you can have multiple backend pools.

The example below show the application gateway with and image pool and video pool for a website.

Question 26

Azure Application Gateway Service vs Azure Load Balancer

Answer 26

• Azure Load Balancer works at layer 4 of the OSI model
• Azure Application Gateway Service works at layer 7 of the OSI model

Question 27

How is routing decisions made with Application Gateway?

Answer 27

These are made with HTTP request in an URL like paths or host headers. For example www.google.com/images or www.google.com/videos

Question 28

Benefits for Application Gateways?

Answer 28

• SSL/TLS termination which can allow you to configure secure connections to be processed by the application gateway resource.
• Requests can flow normal to the backend VMs.
• Reduces the work for the backend VMs.
• Web application firewall
• URL-based routing
• Multiple-site hosting

Question 29

What dose Application Gateway Standard_v2 SKU include?

Answer 29

• Autoscaling which allows the service to scale based on load patters.
• Zone redundancy to destitute across multiple availability zones for better availability.

Question 30

What does NAT mean in Azure Networking?

Answer 30

Network Address Translation

Question 31

What is Azure DNS?

Answer 31

This is a hosting service for DNS domains. This helps in providing name resolution by using MS Azure Infrastructure

Question 32

What is the purpose of the Azure DNS service

Answer 32

The Azure DNS service is used when

Question 33

What is a DNS Zone?

Answer 33

This will represent your domain name in the Azure DNS services

Question 34

What is the Azure Network Watcher service?

Answer 34

The service provides a set of tools that can be used to monitor, diagnose, view metrics and logs for resources in an Azure virtual network

Question 35

What are the tools used in the Azure Network Watcher Service?

Answer 35

Connection Monitor
IP Flow Verify
Next hop
Packet Capture

Question 36

What is the Connection Monitor tool?

Answer 36

This is used to monitor the communications between endpoints
This can be one of the following:
- VM
- Domain Name
- Uniform Resource Identifier (URI)
- IPv4 address

Question 37

What is the IP Flow Verify tool?

Answer 37

This is used to check for any communication issues from a VM perspective that might be caused by NSGs

Question 38

What is the Next Hop tool?

Answer 38

This can help diagnose any issues when it comes to the routing of traffic from Azure VM. This can tell you what the next hop to a destination from an VM.

Question 39

What is the Packet Capture tool?

Answer 39

This can be used to capture the actual network packets sent to and from a VM

Question 40

What is a point to site VPN

Answer 40

A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer

Question 41

What are two methods that a user can authenticate to a P2S VPN?

Answer 41

Certificate authentication
Microsoft Entra authentication
On-prem RADIUS server

Question 42

What is Certificate authentication (regarding P2S VPN)

Answer 42

A client certificate is a trusted root certificate installed on each client computer. Which is is used to authenticate the connecting user.

Question 43

What is Microsoft Entra authentication (regarding P2S VPN)

Answer 43

Microsoft Entra authentication allows users to connect to Azure using their Microsoft Entra credentials

Question 44

What is service endpoints

Answer 44

A service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network

Question 45

What is required to create a Vnet-to-Vnet VPN between two VNs?

Answer 45

Gateway subnet

Question 46

When can a network peering connection can be established?

Answer 46

Across different regions, resources groups and even subscriptions

Question 47

What is Azure Virtual Network Service Endpoints?

Answer 47

you can add a virtual network rule to secure the Azure service resources to your virtual network