Azure

Question 1

What is the name of the connection to servers on the cloud (replaced RDP)?

Answer 1

Bastion

Question 2

What is the nickname for the virtual network?

Answer 2

Vnet

Question 3

What is the cloud name for the VPN connection?

Answer 3

ExpressRoute

Question 4

What is the connection between offices that is setup in Azure?

Answer 4

Virtual WAN

Question 5

What is the site to site or point to site (home for example) that replaces VPN?

Answer 5

VPN Gateway

Question 6

Term for connecting multiple Azure networks together?

Answer 6

Peering - note that when setup, they are off by default for security (Denied by default).

Question 7

Term for DNS?

Answer 7

Azure DNS

Question 8

What is NSG?

Answer 8

Network Security Groups are an access control config.

Question 9

What is a way to implement a public link to the cloud?

Answer 9

Azure Private Link- makes public endpoints private. (more info later, of course).

Question 10

DDoS Protection

Answer 10

This is free by default, you can upgrade it for cost.

Question 11

Azure Frewall, Web Application Firewall

Answer 11

WAF is built into the Application Gateway product. Recognizes common attacks (crosssite scripting, SQL injection, for example).

Question 12

What is CDN?

Answer 12

A content delivery network is a distributed network of servers that can efficiently deliver web content to users. A content delivery network store cached content on edge servers in point of presence (POP) locations that are close to end users, to minimize latency.

Question 13

Virtual Network Enpoints (used with VNet)

Answer 13

Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Service Endpoints enables private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address on the VNet.

Question 14

Azure Front Door

Answer 14

Another form of load balancing, I believe it uses DNS to dirstribute traffic.

Question 15

Application Gateway vs Load Balancer

Answer 15

App Gateway is application level load balancer, where as the Load Balancer is closer to core network traffic.

Question 16

Name the monitoring services with Azure. Not just performance, but what if someone can’t connect, where is the point of failure?

Answer 16

Network Watcher, ExpressRoute Monitor,
Azure Monitor
VNet Terminal Access Point (TAP)

Question 17

What is the most common way to access Azure?

Answer 17

Azure Portal; portal.azure.com

Question 18

Identity

Answer 18

An identity is an object that can be authenticated. The identity can be a user with a username and password. Identities can also be applications or other servers that require authentication by using secret keys or certificates. Microsoft Entra ID is the underlying product that provides the identity service.

Question 19

Account

Answer 19

Account An account is an identity that has data associated with it. To have an account, you must first have a valid identity. You can’t have an account without an identity.

Question 20

Microsoft Entra Account

Answer 20

A Microsoft Entra ID account_ is an identity that’s created through Microsoft Entra ID or another Microsoft cloud service, such as Microsoft 365. Identities are stored in Microsoft Entra ID and are accessible to your organization’s cloud service subscriptions. The Microsoft Entra account is also called a work or school account.

Question 21

Azure tenant (directory)

Answer 21

An Azure tenant is a single dedicated and trusted instance of Microsoft Entra ID. Each tenant (also called a directory) represents a single organization. When your organization signs up for a Microsoft cloud service subscription, a new tenant is automatically created. Because each tenant is a dedicated and trusted instance of Microsoft Entra ID, you can create multiple tenants or instances.

Question 22

Azure Subsription

Answer 22

An Azure subscription is used to pay for Azure cloud services. Each subscription is joined to a single tenant. You can have multiple subscriptions.

Question 23

Entra ID

Answer 23

First native cloud identity management (replaced Azure AD). Lots of advanced features disabled in free version. Most comprehensive is the $9 per user subscription.

Question 24

What is the cloud anti-virus?

Answer 24

MS Defender

Question 25

Name 2 special features for advanced user management.

Answer 25

Dynamic group assignment, user expiration of group membership.

Question 26

What is an advanced features available with free Entra?

Answer 26

Synchronize AD identities with Entra ID using cloud synch or connect synch.

Question 27

What is write back, for Entra?

Answer 27

When a user resets their password, it synchs back to the on premise AD.

Question 28

Conditional access, Entra feature

Answer 28

Monitors a user and determines if their risk is acceptable, such as logging on with an old version of IOS, etc.

Question 29

What are the basic areas of accounts and subscriptions?

Answer 29

Account, Tenant, Subscription, Resource Group

Question 30

Describe account

Answer 30

Email address of a user or application. App is called a Managed identity (service account). Users use multi-factor identification.

Question 31

Describe Tenant

Answer 31

A representation of an organization, similar to a namespace; noone else can use @example.com.

Question 32

Describe subscription

Answer 32

Free, pay as you go, enterprise agreements. Subscriptions can be assigned to a tenant. Tenants can have more than one subscription.

Question 33

Azure AD B2C

Answer 33

This is a ‘business to consumer’ account. This is the lowest subscription tentant option. It means a third party is used to authenticate, such as LinkedIn or Facebook, Google, etc is used to authenticate/login to Azure. One must own a paid license to create an Entra ID tentant. A paid account is different than a subscription.

Question 34

What is the full access (or old ‘domain admin’) account for Azure?

Answer 34

Global Administrator. In order to grant full permissions (and you are in say, your companies tenant), you will have to create your own tentant, and as the owner, you can be a Global Administrator.

Question 35

What allows Entra to enable the feature where an admin only has control over specific objects (users, computers etc)

Answer 35

Administrative Units allow you to assign a role, say helpdesk role, but then you can add groups to restrict the scope of the role.

Question 36

What are Azure permissions called?

Answer 36

Role Based access control. Admin configures or defines a handful of roles accross your orgainization. Permissions are assigned at the role level, not the user level.

Question 37

What are the 3 main roles for a storage resource?

Answer 37

Owner, contributor, reader (equates to full access, read/write access, read only access). Owner can assign permissions. As an admin, I would need also need these access to ‘Storage Blob’ which are the containers. Data permissions are separate from the resource permissions.

Question 38

How does Azure deal with permission conflicts/differences?

Answer 38

Instead of the most restrictive, it merges the permissions.

Question 39

What are the parameter settings of a VM or other resuources called (allowing to set limits, for example on the size created)?

Answer 39

SKUs (Stock Keeping Unit) which is a sales term. Used in creating a Cost Management Policy (by saying 2 processor servers only, for example).

Question 40

Where do you find if someone got greedy and created a VM in Dev beyond the limits set?

Answer 40

Compliance (report). Note that compliance policies don’t prevent the resource from being created, just sends a complinace policy violation alert.

Question 41

What is a BLOB

Answer 41

Stands for Binary Large Object, and refers to a cloud storage account in binary form that does not conform to a drive format.

Question 42

Name/value pairs that allow you to group resources into consolidated view billing catagories.

Answer 42

Tags. Can add all sorts of info too, contact info, billing code, phone number, location etc, then add the tag to whatever resource you choose. Good for report queries.

Question 43

Why create multiple subscriptions?

Answer 43

Departments might pay for their own resources within your tenant. Or, it could be as simple as having 2 credit cards, or a new billing account for a company (tenant).

Question 44

Describe a blueprint

Answer 44

It is a template for you Entra ID tenant structure. If you need to create a new one, all permissions, resource groups, policies, billing, etc etc are recreated.

Question 45

What is needed to set a storage blob to push files to a back up storage?

Answer 45

Object Replication - This replication is asynchronous and there is no SLA for how long it will take.

Question 46

How to get mass data into or out of Azure?

Answer 46

Create an import job or an export job, or if very large, the subscribe to a Data Box where they send a USB drive.

Question 47

What is the powershell format to move data from one container to the other?

Answer 47

.\azcopy copy [source blob with SAS] [destination blob with SAS]

Go to container and hit (copy) near SAS area.

Question 48

What are the different levels or types of storage accounts?

Answer 48

Azure blobs (objects), Azure Data Link (huge amount), Azure files, Azure queues, Azure tables. Need Premium account for high performance, or Standard if low performance is acceptable.

Question 49

What feature would you use to replicate a local file server to Azure cloud?

Answer 49

Azure File Synch - Download the Azure File Synch Agent to the file server, then register the server with the storage synch Service. Synch does not mean all directories.

Question 50

Along with other properties such as expiration or revocation, how is SAS most secure?

Answer 50

Use a user delegation SAS when possible delegation SAS provides superior security service SAS or an account SAS user delegation SAS is secured with Microsoft credentials so that you do not need to store your account key with your code

Question 51

What is a datalink?

Answer 51

I think it can be best described as a connection to the data. Containers need to have a DNS entry for example. It’s the feature that enables web access from the outside.

Question 52

What is ARM?

Answer 52

Azure Resource Manager, where you can create templates so you or others can create resources including VMs with a standard configuration. Java Script Object Notation JSON - Can also use the Bicep language

Question 53

What is the feature that allows you to scale up or out when your application processing increases?

Answer 53

Autoscale. Remember that when you have a scale out setting, for example, make sure you have a scale in setting for when the processor returns to say less than 30%. You can also change the scale up (out too?) setting to manual.