Technical Interview Potential Questions Flashcards
(16 cards)
What is a Network Security Group (NSG)?
NSGs are groups of security rules that control inbound and outbound traffic to resources based on IP addresses, ports, and protocols at the network interface (NIC) or subnet level.
NSG’s are basically customisable traffic filters.
When would you use an NSG instead of Azure Firewall?
Use an NSG for BASIC traffic filtering on individual VMs or subnets within a VNet, where simple allow/deny rules based on IP, port, and protocol suffice.
When is Azure Firewall preferred over NSG?
Azure Firewall is preferred when you need more advanced network protections it’s for enterprise-level security, providing advanced traffic filtering, logging, threat detection, and centralized control across multiple VNets or hybrid networks.
What is Azure Firewall?
Azure Firewall is a full featured, managed, stateful (remembers whats happened) network security service that provides centralized traffic filtering, application-level inspection, threat intelligence, and LOGGING across Azure virtual networks.
What is a Virtual Network (VNet) in Azure?
A VNET is just a logically separated cloud network that you can deploy resources like VM’s to. It links multiple virtual resources together securely.
What is Azure Resource Manage (ARM)?
ARM is a service for the deployment and management of Azure resources such as VM’s, VNETS, storage. ARM organises resources into RESOURCE GROUPS (virtual resources that share a lifecycle) and enables you to perform CRUD operations (create rename update destroy) in a consistent/repeatable way.
ARM is a service for making infrastructure and management of Az Resources automated and easy.
You deploy a VM in Azure but it won’t start. What steps do you take to troubleshoot?
Firstly, I would check the VM status on the Azure Portal (Virtual Machines section).
Then restart the machine if necessary from the Portal.
Check the VM’s boot diagnostics/logs for errors.
Check you have the permissions and active subscription needed to deploy it.
Check the ARM template (if used) for errors/typos.
Review any changes to the VM config.
Check Azure Service Health for any platform issues.
Create a support ticket with Azure if nothing works.
Explain the difference between a resource group and a subscription.
A Resource Group is just a logical grouping of Az Resources that generally share a lifecycle for easier management/deployment e.g. VM, network, storage account may all be spun up together.
Subscription (Azure Wallet) is a BILLING/MANAGEMENT CONTAINER that holds Resource Groups (and the Resources in them). It defines a BILLING BOUNDARY - i.e. all usage/resources within the subscription is billed together. Subscriptions make it easier for big companies to allocate Azure spending to specific departments e.g. marketing may get a subscription for resources they need and the IT department may get a seperate subscription for their needs.
How would you assign a role to a user to give them access to only one resource group?
I would use RBAC in Azure to find the Resource Group I wanted to give them access to then add the role (Reader/Contributor) I wanted to assign them then select the user/group to inherit that role.
How would you monitor the performance and health of an Azure VM?
I would use Azure Monitor (service) to track metrics of the VM such as CPU, memory, I/O and network traffic.
Setup alerts to notify if certain metric thresholds are met. Like if CPU is at 100% usage for 30 minutes send me an alert so I can check the logs to find out why.
You need to automate the deployment of multiple VMs. What tools or methods could you use?
ARM/Terraform - Templates. Simply define a parameter for VM count in the JSON/HCL file.
What is the purpose of an Azure Availability Set?
Availability sets improve your resource availability by spreading them across fault and update domains so in the event of server hardware failure the other resource copys/VMs on another physical server will still run and be accessible to you and your clients.
How does Azure Active Directory differ from on-premises Active Directory?
Azure Active Directory (now called Entra ID) works across cloud Apps like 365 (suite of apps like Excel, Word), Azure. It DOESN’T support things like Group Policy but focuses more on MFA, SSO, conditional access.
Active Directory is just for Windows domain networks.
You find out a user can’t access a resource they should have access to. How do you investigate?
Check the Access Control (IAM) section of the resource in Azure Portal to see what roles are assigned and if the user is on the list.
Use the “Check Access” feature to search for the user and see their effective permissions and role assignments are assigning the permissions.
Make sure they are in the right RBAC and Entra ID Groups.
What are some best practices when creating Network Security Group (NSG) rules?
Follow the principle of LEAST PRIVILEGE - only allow the minimum traffic necessary.
Assume breach (limit spread of potential attackers by segregating and limiting access where possible.
NSG’s by default have an implicit deny policy, which means that you only define ALLOW rules.
