Azure Application Gateway Flashcards

1
Q

What is Azure Application Gateway?

A

It is a layer seven load balancer, as in a load balancer for balancing HTTP, HTTPS, WebSocket, and HTTP/2 traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Explain Azure Application Gateway in the context of its deployment architecture?

A
  1. It is deployed only in a region\n2. It can be deployed across a region or a single zone.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is its SLA availability?

A

99.99% for two or more VMs in two or more availability zones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the approach to DR?

A

It’s a regional service, so there is no MS-provided DR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Can you have a private internal IP on a VNET?

A

Yes, 100%, this is supported.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Can you terminate SSL and TLS with the Azure App Gateway?

A

Yes, both TLS and SSL termination are supported.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Scenario: I have an on-prem application that is a web server on 443

A

presenting a web interface for users; I am adding a second instance of the web server in Azure for high availability. I also currently have an express router between on-prem and Azure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Question: How can I load-balance between them using a layer seven load balancer?

A

Use the Azure Application Gateway; this enables load-balancing between on-prem and Azure web apps. As described, an express route is required to enable traffic from the load balancer to reach the on-prem web app instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Can I use the Azure App Gateway to send traffic to a public endpoint?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Can I use the Azure App Gateway to send traffic to a private endpoint on-prem?

A

Yes, provided you have a VPN or ExpressRoute to enable the backend traffic to reach the on-prem private endpoint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Can I use the Azure App Gateway to send traffic to a private endpoint on-prem without a VPN or express route?

A

You could expose the on-prem endpoint using the Azure Relay so that the Azure App Gateway can send the traffic using the Azure Relay.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Can I use the Azure App Gateway as a cross-regional load balancer?

A

No, it’s a regional load balancer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Is the App Gateway deployed automatically as a zone-redundant load balancer?

A

No, you get to deploy the load balancer at either a Single-Zone or Zone-Redundant configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Do you need to set the scale using the load balancer at deployment time?

A

No, the Azure App Gateway will automatically scale as required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

I require a virtual IP to always be static for layer seven load balancing. What option do I have

A

and can you explain it?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Does the Application Gateway support session affinity?

A

Yes, you can use cookie-based session affinity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How does cookie-based session affinity work?

A

Azure Application Gateway adds several headers to forwarded requests: x-forwarded-for, x-forwarded-port, x-forwarded-proto, x-original-host, x-original-url, and x-appgw-trace-id. You can configure header and URL modifications using Rewrite HTTP headers, URL, or path-override settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Does the Application Gateway support WebSockets?

A

Application Gateway provides native support for the WebSocket and HTTP/2 protocols. There’s no user-configurable setting to enable or disable WebSocket support selectively.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

I require the ability for connection draining with a layer seven load balancer; what options do I have?

A

The Azure Application Gateway supports connection draining.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is connection draining?

A

Connection draining helps you achieve graceful removal of backend pool members during planned service updates or problems with backend health. This setting is enabled via the Backend Setting and is applied to all backend pool members during rule creation. Once enabled, the application gateway ensures all deregistering instances of a backend pool don’t receive any new requests while allowing existing requests to be completed within a configured time limit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Does the Azure Application Gateway support custom error pages?

A

Application Gateway allows you to create custom error pages instead of displaying default error pages. You can use your branding and layout using a custom error page.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Can I use the Azure App Gateway to send traffic to another internet-based endpoint?

A

Yes, 100%; you can configure an IP on the internet as a backend endpoint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

I have a virtual machine in a VNET and want to access the Azure Application Gateway API securely without going over the Internet. How can I achieve this?

A

Use a private link with Azure App Gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

I require an Azure Kubernetes Service (AKS) Ingress controller; what is the best service?

A

Azure Application Gateway with its Ingress controller is a suitable option.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

I require a layer seven service that can rewrite headers; what are my options?

A

Azure Application Gateway has the capability to rewrite HTTP headers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

I require automated management of my Azure Application Gateway certificates for terminating HTTPS; how can I achieve this?

A

Azure Application Gateway supports Azure Key Vault integration for certificate management.

27
Q

Can you associate an NSG with the Azure App Gateway subnet?

A

You can associate NSGs with the Application Gateway subnet to apply security rules.

28
Q

Does Azure Application Gateway support private IP frontend?

A
  1. Azure Application Gateway allows for a private frontend configuration, meaning it only has a private IP address and doesn’t expose a public IP.\n2. This configuration is ideal for internal applications that do not require internet access and must remain within a private network (for example, internal-facing web apps).\n3. When combined with other network controls, such as NSGs and UDRs, the Private IP Frontend can be fully secured and isolated from external traffic.
29
Q

Can you associate an NSG with the Azure App Gateway interface?

A

NSGs provide network interface or subnet security, allowing you to define rules to control inbound and outbound traffic.

30
Q

In the context of Azure App Gateway

A

what is URL-based routing?

31
Q

In the context of Azure App Gateway

A

what is multiple-site hosting?

32
Q

What type of authentication does Azure Application Gateway support through its reverse proxy?

A

NTLM authentication.

33
Q

Does Azure Application Gateway support NTLM authentication for backend servers?

A

Yes, it supports NTLM authentication for backend servers.

34
Q

What is the limitation of NTLM authentication with Azure Application Gateway?

A

NTLM authentication cannot be used for end-to-end SSL.

35
Q

When should you use Azure Application Gateway with NTLM authentication?

A

Use when the backend server requires NTLM for client authentication.

36
Q

What is the purpose of connection draining in Azure Application Gateway?

A

To allow in-progress requests to complete before removing a backend server.

37
Q

When is connection draining useful in Azure Application Gateway?

A

During backend server maintenance or scaling to avoid disrupting client requests.

38
Q

How does connection draining affect backend instances in Azure Application Gateway?

A

It prevents new connections while allowing existing connections to finish processing.

39
Q

You need to configure a web application on Azure App Gateway to support efficient

A

multiplexed communication with clients using modern browsers. Which protocol feature should you enable to achieve this?

40
Q

A client reports that a web application behind Azure App Gateway is experiencing slow page loads due to connection limitations. What feature could help improve load times by allowing multiple requests over a single connection?

A

Enable HTTP/2 support.

41
Q

You want to use Azure App Gateway to support a backend service that requires both HTTP/1.1 and HTTP/2 for compatibility purposes. Can you enable both protocols simultaneously on Azure App Gateway?

A

Yes, both HTTP/1.1 and HTTP/2 can be enabled simultaneously.

42
Q

Describe the Azure App Gateway architecture when deployed.

A
  1. It is a regional-based service\n2. You select a single-zone or multi-zone deployment\n3. Scales automatically
43
Q

Does Azure Application Gateway support WAF (Web Application Firewall) integration?

A

Yes, Azure Application Gateway has a WAF SKU that provides built-in WAF capabilities to protect against common vulnerabilities.

44
Q

How can you configure Azure Application Gateway to handle traffic for multiple backend pools depending on different domains?

A

Use multiple-site hosting to route requests based on the requested hostname to specific backend pools.

45
Q

What are the two tiers available for Azure Application Gateway?

A

Standard and WAF.

46
Q

What is the difference between the Standard and WAF tiers of Azure Application Gateway?

A

The WAF tier includes all the features of the Standard tier along with Web Application Firewall capabilities.

47
Q

How does autoscaling work in Azure Application Gateway?

A

Azure Application Gateway automatically scales based on traffic load to meet performance requirements.

48
Q

Can Azure Application Gateway be used with Azure Traffic Manager?

A

Yes

49
Q

What is the maximum number of backend pools supported by Azure Application Gateway?

A

Azure Application Gateway supports up to 100 backend pools.

50
Q

How does Azure Application Gateway handle health probes?

A

Azure Application Gateway uses health probes to monitor the health of backend servers and remove unhealthy instances from the backend pool.

51
Q

What are the available protocols for Azure Application Gateway listeners?

A

HTTP and HTTPS.

52
Q

How can you enable end-to-end SSL in Azure Application Gateway?

A

Configure SSL certificates for both the frontend listener and backend server settings.

53
Q

What is the benefit of using rewrite rules in Azure Application Gateway?

A

Rewrite rules allow for modifications of request and response headers

54
Q

Can Azure Application Gateway support redirection?

A

Yes

55
Q

How does Azure Application Gateway integrate with Azure Key Vault?

A

Azure Application Gateway can use Azure Key Vault to manage SSL certificates for secure communication.

56
Q

What are SSL profiles in Azure Application Gateway?

A

SSL profiles allow you to configure SSL policy settings

57
Q

What is a custom probe in Azure Application Gateway?

A

A custom probe allows you to specify the URL path

58
Q

How can Azure Application Gateway enhance the security of backend services?

A

Azure Application Gateway provides TLS termination

59
Q

How does Azure Application Gateway handle backend instance failures?

A

Unhealthy instances are removed from the backend pool based on health probe results

60
Q

What is an Azure Application Gateway listener?

A

A listener is an entity that checks for incoming client requests on a specific IP and port combination.

61
Q

What is URL Path-based Routing in Azure Application Gateway?

A

URL Path-based Routing allows routing of requests to different backend pools based on the URL structure of incoming requests.

62
Q

What is Azure Application Gateway’s role in DDoS protection?

A

Azure Application Gateway can be combined with Azure DDoS Protection for enhanced mitigation of distributed denial-of-service attacks.

63
Q

Is it possible to have TLS traffic passed to the backend?

A

No, it has to be terminated at the front end first, and it tends to have TLS to the back end from the front end.

64
Q

What is End-to-End TLS Encryption in Azure Application Gateway?

A

This is where traffic is first terminated at front end and then unencrypted