Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Microsoft Azure Administrator > Configure and manage virtual networks for Azure administrators > Flashcards

Configure and manage virtual networks for Azure administrators Flashcards

1
Q

How are hybrid cloud server deployments established?

A

By using Azure virtual networks to create a private network in Azure and securely connect resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When cloud resources use Azure virtual network, how is the network segmented?

A

An Azure virtual network is a logical isolation of the Azure cloud resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Does each network have its own subnet?

A

Each virtual network has its own Classless Inter-Domain Routing (CIDR) block and can be linked to other virtual networks and on-premises networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What must be considered when creating a hybrid azure network solution?

A

The CIDR blocks (subnets) of the connecting networks must not overlap.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In an Azure virtual network, who controls the DNS settings and segmentation?

A

The tenant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When creating a subnet, how many IPs are reserved, and in what order?

A

Azure reserves five IP addresses. The first four addresses and the last address are reserved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How do certain servicers and Azure networks interact?

A

A service might require or create their own subnet; Each service directly deployed into a virtual network has specific requirements for routing and the types of traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How is network traffic between all subnets in a virtual network routed by default?

A

Azure routes network traffic between all subnets in a virtual network, by default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Can virtual networks in azure be isolated?

A

You can override Azure’s default routing to prevent Azure routing between subnets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

If traffic between two resources in a virtual network should be routed through a virtual network appliance, how should it be deployed?

A

Deploy the resources to different subnets because the virtual network appliance should have its own subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How do service endpoints function with virtual networks/subnets?

A

You can limit access to Azure resources with a virtual network service endpoint; Deny access to the resources from the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the purpose of a network security group?

A

Each network security group contains rules that allow or deny traffic to and from sources and destinations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define ‘Azure Private Link’

A

provides private connectivity from a virtual network to Azure platform as a service (PaaS), customer-owned, or Microsoft partner services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the security benefit of Azure Private Link?

A

The service eliminates data exposure to the public internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When creating a virtual network IP address range, what should be considered in relation to the organization?

A

Plan to use an IP address space that’s not already in use in your organization; The range can be either on-premises or in the cloud, but not both.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Can an address space be changed once its created?

A

Once you create the IP address space, it can’t be changed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

In a virtual network, can subnets overlap?

A

The range for one subnet can’t overlap with other subnet IP address ranges in the same virtual network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Once a virtual network is deployed, how can resources communicate?

A

You can assign IP addresses to Azure resources to communicate with other Azure resources, your on-premises network, and the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the two types of Azure IP addresses?

A

private and public.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the function of a private azure IP address?

A

Enable communication within an Azure virtual network and your on-premises network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How are private Azure IPs assigned when connecting to on-premises resources for a hybrid deployment?

A

Created when you config a VPN gateway or Azure ExpressRoute circuit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the function of a Public Azure IP address?

A

Allowing your resource to communicate with the internet and public facing azure services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the two ways IP addresses can be assigned in Azure?

A

IP addresses can be statically assigned or dynamically assigned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the difference between static and dynamically assigned IP addresses?

A

Static IP addresses don’t change.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are the best scenarios for static IP addresses?

A
  • Role based VMs like DNS servers and DCs
  • IP based security models that require static IPs
  • TLS Certificates linked to an IP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

When creating a public IP address to be used with a load balancer, what must be considered when establishing the “SKU” configuration detail?

A

Must match the SKU of the Azure load balancer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

How are static public IP addresses assigned/created?

A

Assigned when a public IP address is created.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

How are dynamic public IP addresses assigned/created?

A

Assigned after a public IP address is associated to an Azure resource and is started for the first time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

In what circumstances would a dynamic IP address change?

A

If a resource such as a virtual machine is stopped (deallocated) and then restarted through Azure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

In what circumstances would a static IP address change?

A

Static addresses aren’t released until a public IP address resource is deleted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What are the typical resources a public IP address is associated with?

A

Virtual machine network interfaces, internet-facing load balancers, VPN gateways, and application gateways.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is the purpose of the “SKU” configuration detail when creating an Azure public IP address?

A

Your SKU choice affects the IP assignment method, security, available resources, and redundancy options.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What are the typical resources a private IP address is associated with?

A

Virtual machine network interfaces, internal load balancers, and application gateways.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

How are private IP addresses assigned/allocated?

A

Allocated from the address range of the virtual network subnet that a resource is deployed in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Can private IP addresses be dynamic?

A

Yes; Can be dynamic or static.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

How are dynamic private IP addresses assigned in Azure?

A

Azure assigns the next available unassigned or unreserved IP address in the subnet’s address range.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What resources can a network security group be applied to?

A

You can assign a network security group to a subnet or a network interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

How do network security groups secure network?

A

Contains a list of security rules that allow or deny inbound or outbound network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Can a network security group be assigned to multiple networks/sunets?

A

A network security group can be associated multiple times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is the purpose of a virtual DMZ?

A

Acts as a buffer between resources within your virtual network and the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

How many network security groups can be associate with a subnet/network?

A

Each subnet can have a maximum of one associated network security group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

How do network security groups function when assigned to a subnet?

A

Restricts traffic flow to all machines that reside within the subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

How do network security groups function when assigned to a virtual NIC?

A

Controls all traffic that flows through a NIC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

How many network security groups can be associate with a virtual NIC?

A

Each network interface that exists in a subnet can have zero, or one, associated network security groups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

When a network security group is created, what does Azure include by default?

A

Azure creates the default security rules in each network security group that you create.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What are the two most important default rules created when deploying a network security group?

A

“DenyAllInbound” traffic and “AllowInternetOutbound” traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What are other security rules to be specified when creating a network security group?

A

Name; Priority; Port/Protocol; Source/Destination IP; Action (allow/deny)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

How are rules processed in a network security group?

A

All security rules for a network security group are processed in priority order.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

In what order are rules in a network security group processes?

A

When a rule has a low Priority value, the rule has a higher priority or precedence in terms of order processing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Can default security rules be removed?

A

No.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

How can default security rules be overrided?

A

By creating another security rule that has a lower Priority setting for your network security group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

How many default inbound rules does Azure define in a network security group?

A

3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What are the 3 default inbound traffic rules in a network security group?

A
  1. AllowVnetInBound
  2. AllowAzureLoadBalancerInBound
  3. DenyAllInBound
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

How many default outbound rules does Azure define in a network security group?

A

3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Where are the default outbound rules Azure defines in a network security group?

A
  1. AllowVnetOutBound
  2. AllowAzureLoadBalancerOutBound
  3. AllowAllOutBound
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What is the purpose of the 3 default outbound rules in a network security group?

A

Only allow outbound traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What is the purpose of the 3 default inbound rules in a network security group?

A

These rules deny all inbound traffic except traffic from your virtual network and Azure load balancers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

For inbound traffic, in what order does Azure process network security group rules between subnets and NICs?

A

Azure first processes network security group security rules for any associated subnets and then any associated network interfaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

For outbound traffic, in what order does Azure process network security group rules between subnets and NICs?

A

Azure first evaluates network security group security rules for any associated network interfaces followed by any associated subnets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

When creating a network security group, what should be considered to ensure connectivity between a subnet and a NIC?

A

If you have a subnet or NIC in your network security group, you must define an allow rule at each level. Otherwise, the traffic is denied for any level that doesn’t provide an allow rule definition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Define ‘intra-subnet traffic’

A

VMs in the same subnet to sending traffic to each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Is intra-subnet traffic enabled by default?

A

Yes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

How can intra-subnet traffic be disabled?

A

By defining a rule in the network security group to deny all inbound and outbound traffic.

64
Q

When assigning priorities to rules in a network security group, what is best practice?

A

Leave gaps in your priority numbering, such as 100, 200, 300, and so. The gaps in the numbering allow you to add new rules without having to edit existing rules.

65
Q

How can an admin be sure if rules in a network security group are being applied?

A

By using “Effective security rules” in the azure portal.

66
Q

Define an ‘Application security group’

A

Enable you to configure network security as a natural extension of an application’s structure; Group VMs and define network security policies based on those groups.

67
Q

How can application security groups be utilized along side network security groups?

A

Join VMs to an application security group. Then use the application security group as a source or destination in the network security group rules.

68
Q

How can application security groups be leveraged to eliminate network security groups?

A

By logically grouping VMS by application and purpose with application security groups.

69
Q

How can application security groups decrease the number of rules in network security groups?

A

Removes the need to create a separate rule for each virtual machine; Dynamically apply new rules to designated application security groups.

70
Q

Does an IP address need to be specified with an application security group?

A

No.

71
Q

What mechanism/service connects two separate virtual networks to each other?

A

Azure Virtual Network peering lets you connect virtual networks in the same or different regions.

72
Q

Describe the connection between two virtual subnets using azure virtual network peering

A

After the networks are peered, the two virtual networks operate as a single network, for connectivity purposes.

73
Q

What are the two types of Azure Virtual Network peering?

A

regional and global.

74
Q

Define ‘Regional virtual network peering’

A

Connects Azure virtual networks that exist in the same region.

75
Q

Define ‘Global virtual network peering’

A

Connects Azure virtual networks that exist in different regions.

76
Q

Can peering exist between different Azure government cloud regions?

A

Global peering of virtual networks in different Azure Government cloud regions isn’t permitted; Virtual networks in the same Azure Government cloud region can be peered.

77
Q

Does Azure virtual network peering create private network connections between peers?

A

Yes; Network traffic between peered virtual networks is private. Traffic between the virtual networks is kept on the Microsoft Azure backbone network

78
Q

Describe the relationship between resources in a azure virtual network peering

A

Resources in one virtual network communicate with resources in a different virtual network; The individual virtual networks are still managed as separate resources.

79
Q

What is the purpose of Azure VPN Gateway tranit in a Virtual Network peering?

A

The virtual network peers can communicate to resources outside the peering.

80
Q

What is the purpose of implementing an Azure VPN Gateway in a peered virtual network?

A

To act as a transit point to access resources in another network.

81
Q

In order for an admin to implement a virtual network peering, what roles must be assigned to their account?

A

Network Contributor or Classic Network Contributor.

82
Q

In a peering of virtual networks, what is the second network referred to as?

A

The remote network.

83
Q

What indicates a successfully established peering?

A

Both virtual networks in the peering have a status of Connected.

84
Q

When virtual network peering is deployed, how do other virtual network and resources interact with the peering?

A

The communication capabilities in a peering are available to only the virtual networks and resources in the peering. Other mechanisms have to be used to enable traffic to and from resources and networks outside the private peering network.

85
Q

What are the 3 ways to extend connectivity of your peering to resources and virtual networks outside your peering network?

A
  1. Hub and spoke networks
  2. User-defined routes
  3. Service chaining
86
Q

Define a virtual hub and spoke virtual network peering

A

The hub virtual network can host a Azure VPN gateway and each spoke can peer with a different virtual network to increase peering capabilities.

87
Q

Define ‘User-defined route (UDR)’ virtual network peering

A

Enables the next hop in a user-defined route to be the IP address of a virtual machine in the peered virtual network, or a VPN gateway.

88
Q

Define ‘Service chaining’ virtual network peering

A

Used to direct traffic from one virtual network to a virtual appliance or gateway.

89
Q

Define Azure ‘system routes’

A

Used to direct network traffic between virtual machines, on-premises networks, and the internet.

90
Q

Where is information about system routes recorded?

A

In a route table.

91
Q

What is the purpose of a route table?

A

Contains a set of rules (called routes) that specifies how packets should be routed in a virtual network.

92
Q

How are packets routed through a system route?

A

Each packet is handled based on the associated route table; Packets are matched to routes by using the destination.

93
Q

What occurs when a matching route can’t be found for a packet?

A

The packet is dropped.

94
Q

In a user-defined route (UDR), what can the net hop target be configured as?

A

Virtual network gateway
Virtual network
Internet
Network virtual appliance (NVA)

95
Q

Where are user-defined routes (UDRs) stored?

A

In a route table

96
Q

Can multiple subnets access a route table?

A

Yes.

97
Q

Does Microsoft charge the tenant for creating route tables in Azure?

A

No.

98
Q

How do service endpoints change the way virtual networks use IP addresses?

A

Private IP addresses are used as the source IP when accessing the Azure service from a virtual network.

99
Q

How are service endpoints secured?

A

Virtual network rules.

100
Q

How can public internet access be removed with a service endpoint?

A

Virtual network rules used to create service endpoints can remove public internet access?

101
Q

How is traffic routed with a service endpoint?

A

Through the Microsoft Azure backbone network.

102
Q

Where are service endpoints confiugred?

A

Service endpoints are configured through the subnet.

103
Q

What is the purpose of implementing a service endpoint?

A

Secure resources traffic in a virtual network with virtual network rules; Removing public internet access to resources, and allowing traffic only from your virtual network.

104
Q

How can you extend the company’s private address space with direct connections to Azure resources?

A

Virtual network service endpoints extend the private address space in Azure.

105
Q

What is the purpose of Azure Load Balancer?

A

To efficiently distribute incoming and outgoing network traffic across back-end servers and resources.

106
Q

What are the two types of load balancers Azure allows you to deploy?

A

public or internal; or combined config.

107
Q

What are the four necessary components to configure an Azure load balancer?

A
  1. Front-end IP configuration
  2. Back-end pools
  3. Health probes
  4. Load-balancing rules
108
Q

Describe ‘Front-end IP configuration’ when implementing an Azure load balancer?

A

Specifies the public IP or internal IP that your load balancer responds to.

109
Q

Describe ‘Back-end pools’ when implementing an Azure load balancer?

A

Services and resources that traffic will be distributed between.

110
Q

Describe ‘Health probes’ when implementing an Azure load balancer?

A

Ensure the resources in the backend are healthy and are able to receive requests.

111
Q

Describe ‘Load-balancing rules’ when implementing an Azure load balancer?

A

Determine how traffic is distributed to back-end resources.

112
Q

What are the 3 SKUs available for Azure Load Balancer?

A

Basic, Standard, and Gateway.

113
Q

How many pools does a Basic and Standard SKU allow?

A

The Basic SKU allows up to 300 pools, and the Standard SKU allows up to 1,000 pools.

114
Q

What resources can be implemented in a backend pool?

A

Availability sets, virtual machines, or Azure Virtual Machine Scale Sets.

115
Q

Define a ‘HTTP Health probe’

A

Load balancer probes back-end pool endpoints every 15 seconds via http(s).

116
Q

How is a resource considered healthy during an HTTP probe?

A

The resource is considered healthy if it responds with an HTTP 200 message within the specified timeout period.

117
Q

What is the default timeout period in an HTTP health probe?

A

Default is 31 seconds.

118
Q

Define a ‘TCP Health probe’

A

Relies on establishing a successful TCP session to a defined probe port; If the connection is refused, the probe fails.

119
Q

To configure a probe what 4 settings must be specified?

A

Port, URI, Interval, and unhealthy threshold.

120
Q

What must be previously configured before implementing a load balancing rule?

A

A frontend, backend, and health probe for your load balancer.

121
Q

By default, how does Azure distribute load balanced traffic?

A

Distributes network traffic equally among.

122
Q

By default, how does Azure load balancer route traffic to an available endpoint in a pool?

A

Uses a five-tuple hash to map traffic to available servers.

123
Q

What does the five-tuple hash used to distribute traffic between servers in a pool include?

A

Source/Destination IP and port, and protocol type.

124
Q

Define ‘Session persistance’

A

Specifies how to handle traffic from a client.

125
Q

How are successive requests from a client trafficked in a load balanced solution by default?

A

Successive requests from a client go to any virtual machine in your pool.

126
Q

What are the 3 available settings for session persistence?

A
  1. None/default - Any VM can handle the request
  2. Client IP: Successive requests from the same client IP address go to the same virtual machine.
  3. Client IP and protocol: Successive requests from the same client IP address and protocol combination go to the same virtual machine.
127
Q

Define ‘Azure application gateway’

A

A load balancer to manage traffic to web apps.

128
Q

What are Azure Application Gateway’s two primary methods for routing traffic?

A
  1. Path-based routing
  2. Multi-site routing
129
Q

Define ‘Path-based routing’ or ‘URL-based routing’

A

Route traffic to backend server pools based on URL Paths of the request.

130
Q

Define ‘Multi-site routing’

A

Configures more than one web application on the same application gateway instance.

131
Q

Can the Azure Application Gateway redirect traffic?

A

Yes.

132
Q

How is multi-site routing performed?

A

Register multiple CNAMEs for the IP address of your application gateway and specify the name of each site; Application Gateway uses separate listeners to wait for requests for each site.

133
Q

What is the purpose of implementing an HTTP(s) listener when deploying an application gateway?

A

Receive the traffic and route the requests to the back-end pool based on routing rules.

134
Q

What is the function of a routing rule in an application gateway configuration?

A

Defines how to analyze the request to direct the request to the appropriate back-end pool.

135
Q

What are the two types of listeners?

A

Basic or Multi-site.

136
Q

Define a ‘basic’ listener

A

Routes a request based on the path in the URL.

137
Q

Define a ‘Multi-site’ listener

A

Routes a request based on the path in the URL and handle TLS/SSL certificates

138
Q

List a few configurations that a routing rule can establish

A

Encryption; Protocol; Session persistence; request timeout; health probes.

139
Q

What is the status code range of a healthy agent after a health probe?

A

200-399

140
Q

What is the smallest supported subnet in Azure virtual Network?

A

/29

141
Q

What is the largest supported subnet in Azure virtual Network?

A

/2

142
Q

Define ‘Azure DNS’

A

A hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure.

143
Q

Can Azure DNS be used to register DNS names?

A

No.

144
Q

With Azure DNS, can it be used to manage private DNS?

A

Yes.

145
Q

Define an ‘Apex domain’

A

Your domain’s highest level

146
Q

Define an ‘Azure alias record’

A

enable a zone apex domain to reference other Azure resources from the DNS zone.

147
Q

What resources can an alias record point towards?

A

A Traffic Manager profile
Azure Content Delivery Network endpoints
A public IP resource
A front-end profile

148
Q

How can azure alias records ensure DNS records are current?

A

When the underlying IP address of a resource, service, or application is changed, the alias record ensures that any associated DNS records are automatically refreshed.

149
Q

What is the next hop for traffic sent to the IP ‘0.0.0.0’

A

The internet.

150
Q

Define a ‘virtual network gateway’

A

Sends encrypted traffic between Azure and on-premises over the internet and to send encrypted traffic between Azure networks.

151
Q

What is the purpose of a User-defined route?

A

Ro override the default system routes so traffic can be routed through firewalls or NVAs.

152
Q

If multiple routes are available in a route table, how does Azure select the best route?

A

Azure uses the route with the longest prefix match.

153
Q

What is Azure’s priority of routing rules?

A
  1. User-define routes
  2. BGP routes
  3. System routes
154
Q

Define a network virtual appliance (NVA)

A

A VM that consists of layers like:
a firewall
a WAN optimizer
application-delivery controllers
routers
load balancers
IDS/IPS
proxies

155
Q

Where are network virtual appliances (NVAs) located?

A

You can deploy NVAs chosen from providers in Azure Marketplace.

Microsoft Azure Administrator (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions