04-Virtual Networking

Question 1

What are Azure Networking Components?

Answer 1

Virtual Network

Load Balancer

Application Gateway

Traffic Manager profile

Virtual network gateway

Virtual WAN

Question 2

What is Virtual Network

Answer 2

Logically isolated section in MS Azure and securely connect it outward

Logical representation of your own network

Create dedicated private cloud-only virtual network

Securely extend your datacenter with virtual networks

Enable hybrid cloud scenarios

Question 3

What is Load Balancer

Answer 3

Distributes incoming traffic among backend virtual machine instances

Question 4

What is Application Gateway

Answer 4

Scalable layer-7 load balancer offering various traffic routing rules and SSL termination for backend

Question 5

What is Traffic Manager profile

Answer 5

Allows you to control the distribution of user

Question 6

What is Virtual network gateway

Answer 6

VPN device in your Azure virtual network and used with site-to-site and VNet-to-VNet VPN

Question 7

What is Virtual WAN

Answer 7

Networking service that provides optimized and automated branch-to-branch

Question 8

What are Subnets

Answer 8

Logical division within your network

Virtual network can be segmented into one or more subnets

Helps improve security, increase performance, and make it easer to manage the network

Must have unique address range - cannot overlap with other subnets in the virtual network in the subscription

Question 9

What is Private IP Address

Answer 9

Used within an Azure virtual network (VNet) and your on-prem network when you use VPN gateway or ExpressRoute circuit to extend your network to Azure

Question 10

What is Public IP Address

Answer 10

Used for communication with the Internet, including Azure public-facing services

Question 11

Where can you associate Public IP Address

Answer 11

Virtual Machine - NIC

Load Balancer - Front-end configuration (Internet-facing)

VPN Gateway - Gateway IP configuration

Application Gateway - Front-end configuration

Question 12

Where can you associate Private IP Address

Answer 12

Virtual Machine

Internal Load Balancer

Application Gateway

Question 13

What is Static IP

Answer 13

FILL IN

Question 14

What is Dynamic IP

Answer 14

FILL IN

Question 15

What is Network Security Group

Answer 15

Lists the security rules that ALLOW or DENY inbound or outbound network traffic

Limits network traffic to resources in a virtual network

Associated to a subnet or a network interface

Can be associated multiple times

Question 16

What are Network Security Group (NSG) Rules

Answer 16

Enable you to filter network traffic that can flow in and out of virtual network subnets and network interfaces

There are default security rules. You cannot delete the default rules, but you can add other rules with a higher priority

Lower the number, Higher the priority

Question 17

What are NSG Effective Rules

Answer 17

Evaluated independently for the subnet and NIC

“allow” rule must exist at both levels for traffic to be admitted

Use the Effective Rules link if you are not sure which security rules are being applied

Question 18

How to create NSG rules

Answer 18

Specify

Service - destination protocol and port range for this rule

Port ranges - single port or multiple ports

Priority - lower the number, higher the priority

Question 19

What is Azure Firewall

Answer 19

Fully stateful firewall as a service

Built-in high available with unrestricted cloud scalability

Create, enforce, log application and network connectivity policies

Threat intelligence-based filtering

Fully integrated with Azure Monitoring for logging and analytics

Support for hybrid connectivity through deployment behind VPN and ExpressRoute Gateways

Question 20

How you implement firewall

Answer 20

Hub-and-spoke topology is recommended

Shared services are placed in the hub virtual network

Each environment is deployed to a spoke to maintain isolation

Question 21

What are NAT rules

Answer 21

Translate Public IP address to Private IP address

Question 22

What are Network rules

Answer 22

Allow HTTP and non-HTTP traffic.

Configure rules that contain src addr, prototols, dst ports and dst addresses.

Question 23

What are Application rules

Answer 23

Configure fully qualified domain names (FQNDs) that can be accessed from a subnet

Question 24

When is Azure AD domain created

Answer 24

When you create Azure subscription then an Azure AD domain is created for you

Initial domain name in the form domainname.onmicrosoft.com

You can customize/change the name

After custom name is added it must be verified

Question 25

Verify the Custom Domain Name does what?

Answer 25

Demonstrates ownership of the domain name

Adds a DNS record (MX or TXT) that is provided by Azure into your company’s DNS zone

Azure will query the DNS domain for the presence of the record

Can take several minutes or several hours

Question 26

Azure DNS Zones

Answer 26

DNS zone hosts the DNS records for a domain

Name of zone must be unique within the resource group

Where multiple zones share the same name, each instance is assigned different name server address

Root/Parent domain is registered at the registrar and pointed to Azure NS

Question 27

What is NS

Answer 27

Name Server, i.e. where DNS records exist

Question 28

What is DNS Delegation

Answer 28

When delegating a domain to Azure DNS, you must use the name server names provided by Azure DNS - use all four

Once DNS zone is created, update the parent registrar

For child zones, register the NS records in the parent domain

Question 29

What is DNS Records Set

Answer 29

Collection of records in a zone that have the same name are are the same type

Can add up to 20 records to any record set

Record set cannot contain two identical records

Changing the drop-down Type changes the information required

Question 30

DNS for Private Domains

Answer 30

Use your own custom domain names

Provides name resolutions for VMs within a VNet and between VNets

Automatic hostname record management

Removes the need for custom DNS solutions

Use all common DNS record types

Available in all Azure regions