Implement and manage virtual networking

Question 1

what is a subnet?

Answer 1

A logical division within the virtual network

Question 2

How many reserved addresses are there in a subnet?

Answer 2

5! xxx.xxx.x.[0-3] and xxx.xxx.x.255

Question 3

What are some requirements of subnets?

Answer 3

the address range for each subnet must be unique within the address space for the virtual network, the range for one subnet can’t overlap another subnet

Question 4

What are the two types of IP addressing?

Answer 4

Private and public. Private: enables communications within the azure virtual network and your on-prem network. Public: enables you to communicate with the internet

Question 5

What are some characteristics of IP addresses?

Answer 5

IP addresses can be statically assigned or dynamically assigned, you can separate dynamically and statically assigned IP resources into different subnets

Question 6

What are network security groups?

Answer 6

A network security group uses security rules in the group to limit network traffic in the virtual network.

Question 7

What are the four characteristics of a network security group?

Answer 7

There is a list of security rules that contain a list of security rules that allow or deny inbound or outbound traffic. the nsg can be associated with a subnet or a network interface. a nsg can be associated multiple times. you can create an nsg and define security rules in the azure portal

Question 8

How do network security groups and subnets interact?

Answer 8

an nsg can restrict traffic flow to all machines within the subnet, each subnet can have a maximum of one associated nsg

Question 9

How do network security groups and network interface cards interact?

Answer 9

NSGs can have rules that control all traffic that flow through a NIC. Each network interface in a subnet can have up to one associated NSG

Question 10

What are the characteristics of the rules in network security groups?

Answer 10

Azure makes a bunch of default rules in each NSG you create. You can make more rules. You can’t delete the default rules, but you can nullify them by making them low priority to created rules that have conflicting wordings.

Question 11

What are the effects of the 3 default inbound traffic rules?

Answer 11

deny all inbound traffic except from the virtual network and azure load balancers

Question 12

What are the effects of the 3 default outbound traffic rules?

Answer 12

Allow outbound traffic to the internet and to the vnet

Question 13

What are application security groups for?

Answer 13

It seems like an alternate method of security than network security groups. Where nsgs are focused on addresses, asgs are focused on the applications. I imagine that it is more dynamic and can work with dynamic addresses better than NSGs.

Question 14

What are the valid service tags for network security group rules?

Answer 14

AzureLoadBalancer, AzureTrafficManager, Internet, SQL, Storage, VirtualNetwork

Question 15

What is the domain name system (DNS)?

Answer 15

It allows for site names instead of address numbers

Question 16

Why are there initial domain names and custom domain names?

Answer 16

You start out with an initial domain name because custom domain names must be registered.

Question 17

What are the requirements for using a custom domain name?

Answer 17

the custom domain name must be added to your directory and verified. Domain names must be unique.

Question 18

What is the verification process for custom domain names?

Answer 18

You need to provide a DNS record for the custom domain name to prove ownership

Question 19

What is a DNS zone for?

Answer 19

The DNS zone hosts the DNS records for a domain

Question 20

What are the specifications for DNS zones?

Answer 20

name, number of records, resource group, zone location, subscription, dns name servers

Question 21

What are some important characteristics of DNS zones?

Answer 21

names must be unique within a resource group. If there is an identically named resource group in a different resource group or subscription, they will have separate entries in the DNS name server.

Question 22

What are the three steps of DNS delegation?

Answer 22

Identify the DNS name servers, Update the parent domain, delegate subdomains

Question 23

Where can you find the name servers?

Answer 23

In the overview of the DNS zone

Question 24

How do you update the parent domain?

Answer 24

Ho to the registrar’s DNS management page, find the existing NS records for your parent domain, replace the existing NS records with the NS records created for your domain by Azure DNS

Question 25

How to delegate subdomains?

Answer 25

Got to the parent DNS zone for your domain in the Azure portal, find the existing NS records for you parent domain, create new NS records for your child DNS zone

Question 26

What is a DNS record set?

Answer 26

a collection of DNS records in a DNS zone

Question 27

What are the characteristics of a DNS record set?

Answer 27

All records have the same name and type, there can be no identical records, record sets can be empty but it won’t appear in the azure DNS name servers

Question 28

What’s the point of azure private DNS zones?

Answer 28

you can configure DNS zone names with a split-horizon view, which allows a private and a public DNS zone to share the same domain name. They allow azure DNS to resolve the names even though they have the same domain name

Question 29

What are the SKUs for public IP addresses?

Answer 29

Basic and standard.

Question 30

What are the defaults for basic public IP addresses?

Answer 30

are open, are available for inbound traffic only, are available when using instance meta data service, don’t support availability zones, don’t support routing preferences

Question 31

What are the defaults for standard public IP addresses?

Answer 31

always use static allocation, are secure and closed to inbound traffic, zone-redundant, can be assigned to network interfaces, stardard public load balancers, application gateways, or VPN gateways, can be utilized granularly with routing preference, and can by used as anycast frontend IPs for cross-region load balancers

Question 32

What is a public IP address prefix?

Answer 32

a reserved, static range of public IP addresses