Deploy & Manage Azure Compute Resources

Question 1

A representation of your own network in the cloud; logical isolation of the Azure cloud dedicated to your subscription

Answer 1

Azure Virtual Network (VNet)

Question 2

VNet uses:

Answer 2

• Create a dedicated private cloud-only VNet; - Securely extend your data center; - Enable hybrid cloud scenarios

Question 3

A public IP address resource can be associated with:

Answer 3

VM network interfaces, internet-facing load balancers, VPN gateways, and app gateways

Question 4

Static or dynamic IP assignment; Open by default security; For Net Interfaces, VPN Gateways, App Gateways, Internet-facing load balancers; Not zone redundant

Answer 4

Basic SKU

Question 5

Static IP address assignment; Security by default & closed to inbound traffic; Network interfaces or public standard load balancers; Zone redundant by default

Answer 5

Standard SKU

Question 6

Contains a list of security rules that allow or deny inbound or outbound network traffic; can be associated to a subnet or network interface

Answer 6

Network Security Group (NSG)

Question 7

NSG Rules Specifications:

Answer 7

Name, Priority, Port, Protocol, Source, Destination, Allow/Deny

Question 8

Enables configuration of network security as an extension of an application’s structure

Answer 8

Application Security Group (ASG)

Question 9

ASG Constraints:

Answer 9

• Limits in subscription; One ASG as the source & destination in a security rule; All network interfaces assigned to an ASG must exist in the same virtual network

Question 10

ASG Benefits:

Answer 10

A single management experience; Increase limits on multiple dimensions; a great level of simplification; a seamless integration with your architecture

Question 11

Managed, cloud-based network security service that protects AZ VN resources

Answer 11

Azure Firewall

Question 12

Fully stateful firewall as a service w/ build-in high availability & unrestricted cloud scalability

Answer 12

Azure Firewall

Question 13

Azure Firewall features:

Answer 13

Built-in high availability, Availability Zones, Unrestricted cloud scalability, Application FQDN Filtering rules, Network traffic filtering rules, Threat intelligence, Multiple public IP addresses

Question 14

Recommended to use ___-___ network topology when deploying Azure Firewal

Answer 14

Hub(virtual network in Azure that acts as a central point of connectivity to your on-premises network), Spoke (Virtual networks that peer with the hub & can be used ti isolate workloads)

Question 15

Three rules configured in Azure Firewall:

Answer 15

NAT, Network, Application

Question 16

When packet is inspected, rules are processed in order of:

Answer 16

Network, then Application

Question 17

The initial domain name can’t be ___ or ___. You can add a ___ ___ ___ you control.

Answer 17

changed or deleted; routable custom domain name