Azure Networking Services

Question 1

Which key networking capabilities does Azure Virtual Network provide?

Answer 1

Isolation and segmentation
    Internet communications
    Communicate between Azure resources
    Communicate with on-premises resources
    Route network traffic
    Filter network traffic
    Connect virtual networks

Question 1

What is Azure Virtual Networks?

Answer 1

Azure virtual networks enable Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers. You can think of an Azure network as a set of resources that links other Azure resources.

Question 2

what kind of service is Azure Virtual Network?

Answer 2

IaaS

Question 3

does Azure Virtual Networks allow for isolation and segmentation when implementing multiple virtual networks in Azure?

Answer 3

Yes

Question 4

How is Azure Virtual Networks abbreviated?

Answer 4

Vnets

Question 5

What does vnets use to route and filter networks accross regions?

Answer 5

network peering

Question 6

When you set up a virtual network, what do you do with the ip addresses?

Answer 6

You define a private IP address space by using either public or private IP address ranges. You can divide that IP address space into subnets and allocate part of the defined address space to each named subnet.

Question 7

Can a VM in Azure connect to the internet by default?

Answer 7

yes

Question 8

How do you enable incoming internet connections on VMs?

Answer 8

By defining a public IP address or a public load balancer. For VM management, you can connect via the Azure CLI, Remote Desktop Protocol, or Secure Shell.

Question 9

In which two ways can you connect Azure resources to communicate with eachother?

Answer 9

Virtual networks Virtual networks can connect not only VMs but other Azure resources, such as the App Service Environment for Power Apps, Azure Kubernetes Service, and Azure virtual machine scale sets.

Service endpoints You can use service endpoints to connect to other Azure resource types, such as Azure SQL databases and storage accounts. This approach enables you to link multiple Azure resources to virtual networks to improve security and provide optimal routing between resources.

Question 10

In which three ways can you connect cloud resources with on-premise resources?

Answer 10

Point-to-site virtual private networks: The typical approach to a virtual private network (VPN) connection is from a computer outside your organization, back into your corporate network. In this case, the client computer initiates an encrypted VPN connection to connect that computer to the Azure virtual network.

Site-to-site virtual private networks: A site-to-site VPN links your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network. In effect, the devices in Azure can appear as being on the local network. The connection is encrypted and works over the internet.

Azure ExpressRoute: For environments where you need greater bandwidth and even higher levels of security, Azure ExpressRoute is the best approach. ExpressRoute provides dedicated private connectivity to Azure that doesn’t travel over the internet. (You’ll learn more about ExpressRoute in a separate unit later in this module.)

Question 11

Azure routes traffic between subnets on any connected virtual networks, on-premises networks, and the internet. How can you control routing?

Answer 11

Route tables: A route table allows you to define rules about how traffic should be directed. You can create custom route tables that control how packets are routed between subnets.

Border Gateway Protocol: Border Gateway Protocol (BGP) works with Azure VPN gateways or ExpressRoute to propagate on-premises BGP routes to Azure virtual networks.

Question 12

How does Azure Vnets allow you to filter traffic between subnets?

Answer 12

Network security groups: A network security group is an Azure resource that can contain multiple inbound and outbound security rules. You can define these rules to allow or block traffic, based on factors such as source and destination IP address, port, and protocol.

Network virtual appliances: A network virtual appliance is a specialized VM that can be compared to a hardened network appliance. A network virtual appliance carries out a particular network function, such as running a firewall or performing wide area network (WAN) optimization.

Question 13

What is UDR?

Answer 13

User-defined Routing. UDR is a significant update to Azure’s Virtual Networks as this allows network admins to control the routing tables between subnets within a VNet, as well as between VNets, thereby allowing for greater control over network traffic flow.

Question 14

From where can you configure Azure Virtual Network Instances?

Answer 14

You can create and configure Azure Virtual Network instances from the Azure portal, Azure PowerShell on your local computer, or Azure Cloud Shell.

Question 15

How do you define an address space when you set up a virtual network?

Answer 15

When you set up a virtual network, you define the internal address space in Classless Interdomain Routing (CIDR) format. This address space needs to be unique within your subscription and any other networks that you connect to. Let’s assume you choose an address space of 10.0.0.0/24 for your first virtual network. The addresses defined in this address space range from 10.0.0.1 to 10.0.0.254. You then create a second virtual network and choose an address space of 10.0.0.0/8. The addresses in this address space range from 10.0.0.1 to 10.255.255.254. Some of the addresses overlap and can’t be used for the two virtual networks. But you can use 10.0.0.0/16, with addresses that range from 10.0.0.1 to 10.0.255.254, and 10.1.0.0/16, with addresses that range from 10.1.0.1 to 10.1.255.254. You can assign these address spaces to your virtual networks because there’s no address overlap.

Question 16

How to write subnet names?

Answer 16

Subnet names must begin with a letter or number and end with a letter, number, or underscore. They may contain only letters, numbers, underscores, periods, or hyphens.

Question 17

Which settings do you need to configure when setting up a virtual network?

Answer 17

Network name, Address space, Subscription (only if there are multiple), Resource group, Location, Subnet, DDoS protection type (Basic or Standard), and Service endpoints.

Question 18

Which additional settings can you define after creating a virtual network?

Answer 18

Network security group and route table. You can also amend the service endpoints.

Question 19

What do VPNs do?

Answer 19

Connect on-premises datacenters to virtual networks through a site-to-site connection.

Connect individual devices to virtual networks through a point-to-site connection.

Connect virtual networks to other virtual networks through a network-to-network connection.

Question 20

What is a policy-based VPN

Answer 20

Policy-based VPN gateways specify statically the IP address of packets that should be encrypted through each tunnel. This type of device evaluates every data packet against those sets of IP addresses to choose the tunnel where that packet is going to be sent through.

Question 21

What are route-based VPNs?

Answer 21

If defining which IP addresses are behind each tunnel is too cumbersome, route-based gateways can be used. With route-based gateways, IPSec tunnels are modeled as a network interface or virtual tunnel interface. IP routing (either static routes or dynamic routing protocols) decides which one of these tunnel interfaces to use when sending each packet. Route-based VPNs are the preferred connection method for on-premises devices. They’re more resilient to topology changes such as the creation of new subnets.

Question 22

What should you use a Basic VPN gateway for?

Answer 22

A Basic VPN gateway should only be used for Dev/Test workloads. In addition, it’s unsupported to migrate from Basic to the VpnGW1/2/3/Az SKUs at a later time without having to remove the gateway and redeploy.

Question 23

Which Azure resources are required before you can deploy an operational VPN gateway?

Answer 23

Virtual network, GatewaySubnet, Public IP address, Local network gateway, Virtual network gateway, and Connection.

Question 24

What on-premise resources are required to connect your datacenter to a VPN gateway?

Answer 24

A VPN device that supports policy-based or route-based VPN gateways

A public-facing (internet-routable) IPv4 address

Question 25

Why are VPN gateways deployed as two instances in an active/standby configuration even if you see only one VPN gateway resource in Azure?

Answer 25

When planned maintenance or unplanned disruption affects the active instance, the standby instance automatically assumes responsibility for connections without any user intervention. Connections are interrupted during this failover, but they’re typically restored within a few seconds for planned maintenance and within 90 seconds for unplanned disruptions.

Question 26

What is Azure ExpressRoute?

Answer 26

ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure and Microsoft 365.

Question 27

What type of connectivity do you need for Azure ExpressRoute?

Answer 27

Connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual cross-connection through a connectivity provider at a colocation facility.

Question 28

Which routing protocol does ExpressRoute use?

Answer 28

Border Gateway Protocol (BGP)

Question 29

which 3 connectivity models does ExpressRoute support?

Answer 29

CloudExchange colocation
Point-to-point Ethernet connection
Any-to-any connection