Implement and Manage Virtual Networking

Question 1

What is Session persistence: Client IP?

Answer 1

in load balancer context you can achieve clients talking to the same backend server via Session persistence. It is also known session affinity, source IP affinity, or client IP affinity. This distribution mode uses a two-tuple (source IP and destination IP) or three-tuple (source IP, destination IP, and protocol type) hash to route to backend instances.

Question 2

What is a public DNS Zone?

Answer 2

A public DNS zone is a portion of the global Domain Name System (DNS) that is visible and accessible to the public. It contains information about domain names and their corresponding IP addresses, allowing users to access websites and other internet resources using human-readable domain names. Public DNS zones are managed by domain registrars, hosting providers, and other organizations responsible for maintaining the DNS infrastructure.

Question 3

What is a VPN Gateway?

Answer 3

A type of networking device that allows secure communication between an Azure virtual network and an on-premises network or another virtual network. It provides a way to establish encrypted connections over the internet, enabling secure and private communication between different network environments.

Question 4

What is a site to site VPN?

Answer 4

a type of VPN connection that enables secure communication between two or more geographically dispersed networks

Question 5

What is a point to site VPN?

Answer 5

a type of VPN connection that allows individual client devices, such as laptops, desktops, or mobile devices, to securely connect to a remote network over the internet

Question 6

What is the difference between point to site and point to site VPN services?

Answer 6

Unlike site-to-site VPNs, which connect entire networks, point-to-site VPNs establish encrypted connections between individual client devices and a central network or virtual network.

Question 7

When do you have to re-download and re-install the VPN Configuration when using a point to site VPN service?

Answer 7

Whenever there is a change in network topology.

Question 8

What is the difference between private/internal and public load balancer?

Answer 8

Private/internal load balancers distribute traffic to resources inside of a virtual network. Public balances public traffic to your virtual machines.

Internal load balancers distribute traffic within a VNET while public load balancers balance traffic to and from an internet-connected endpoint.

Question 9

What is WAF and what kind of application gateway supports it?

Answer 9

WAF=Web Application Firewall

a security feature that can be integrated with a load balancer to protect web applications from various types of cyber threats and attacks, such as SQL injection.

Application Gateway WAF Tier supports it, Standard tier does not.

Question 10

What is azure application gateway?

Answer 10

A web traffic load balancer that enables you to manage traffic to your web applications. For example, you can route traffic based on the incoming URL. So if /images are in the incoming URL, you can route traffic to a specific set of servers (known as a pool) configured for images. If /video is in the URL, that traffic is routed to another pool that’s optimized for videos.

Question 11

Can VNet peering work across Microsoft Entra Tenants?

Answer 11

Yes! This is because the networks are both within Azure.

Question 12

What are the two ways you can connect two virtual networks?

Answer 12

VNet Peering & VPN Gateways
Peering = Connecting two networks in Azure, with low latency (few hops) and does not involve the public internet
Gateways= values encryption due to use over public internet

Question 13

When deploying connecting an on premise network to an azure vnet/subnet, what is the order of steps to take?

Answer 13

1) Deploy a gateway subnet -> required to configure VNet Gateway (step 2)
2) Deploy a VPN Gateway in Azure
3) Deploy a local network gateway
4) Deploy VPN to link azure and local gateways

Question 14

What are the differences between the standard load balancer and the basic load balancer?

Answer 14

https://media.tutorialsdojo.com/BasicLoadBalancer.PNG

Backend:
- pool size
- pool endpoints
- health probe protocols & down behavior
- availability zones
- …

Question 15

What is DNS Zone file import? And what azure utilities support it?

Answer 15

A DNS zone file is a text file that contains details of every Domain Name System (DNS) record in the zone. This can be imported to Azure via the CLI and portal.

Powershell and cloud shell don’t support this import.

Question 15

What is the gateway transit setting in VNet Peering?

Answer 15

a peering property that lets one virtual network use the VPN gateway in the peered virtual network for cross-premises or VNet-to-VNet connectivity.

When the gateway transit setting is enabled for a VNet peering connection, it allows the peered virtual network to forward traffic through its VPN gateway to on-premises networks or other external networks

Question 16

If a VNet peering connection becomes disconnected, what must you do? What would cause this?

Answer 16

You must delete the peering configuration and re-create it.

Many reasons like netowrk changes (eg. ip addresses, routing issues, resource deletion).

Question 17

What types of application gateways are there?

Answer 17

Standard & WAF Tier

Question 18

What types of Azure Front Door is there?

Answer 18

Standard & Premium

Question 20

What is the purpose of a subnet mask?

Answer 20

Indicates what part of a TCP/IP Packet indicates the network, and which part indicates the host identifier

Question 21

What is the mask of /24?
What about /16?

Answer 21

It is the left most
/24 bits -> 255.255.255.0
/24 bits -> 255.255.0.0

Question 22

What is Azure private DNS?

Answer 22

It managed and resolves domain names in a virtual network without the need to configure a custom DNS solution.

Virtual networks must be linked to the private DNS zone.

Question 23

What is auto-registration and what azure service does it apply to?

Answer 23

It applies to Azure private DNS, and automatically updates DNS records whenver a VM in a VNet is created, updates its IP, or is deleted.

Question 24

Can Public DNS Zones be linked to VNets?

Answer 24

No, you can not use public DNS zones as they do not have the capability to use virtual network links

Question 25

What are the different DNS Record types?

Answer 25

A (Address) Record: Maps a domain name to the IPv4 address of the server hosting the domain.
AAAA (IPv6 Address) Record: Similar to the A record, but maps a domain name to the IPv6 address of the server hosting the domain.
NS - Nameserver = indicating which servers are responsible for providing DNS information for that domain. NS records are used to delegate a subdomain to a different set of name servers.
CNAME (Canonical Name) Record: Creates an alias for a domain name, allowing it to resolve to another domain name.
MX (Mail Exchange) Record: Specifies the mail server responsible for receiving email on behalf of a domain.
PTR (Pointer) Record: Used for reverse DNS lookups, mapping an IP address to a domain name.
SOA (Start of Authority) Record: Contains administrative information about the DNS zone, including the primary name server and other parameters.
SRV (Service) Record: Specifies the location of a specific service within a domain, such as a SIP or XMPP service.
TXT (Text) Record: Allows arbitrary text to be associated with a domain, commonly used for adding human-readable information or for domain verification purposes.

Question 26

What is a pre-requisite for virtual network peering?

Answer 26

The two peered VNets do not have overlapping IP Address spaces.

Question 27

Can Network Security Groups be associated with resources outside of the region it is associated with?

Answer 27

Nosiry

Question 28

Can VNets in different tenants be peered?

Answer 28

Yessiry

Question 29

What DNS record types are supported by Microsoft Entra ID for registering custom domain names to a tenant?

Answer 29

TXT and MX

Question 30

What is the difference between NSG and ASGs?

Answer 30

ASGs group VMs based on application requirements so VMs can have specific network traffic rules based on the purpose they serve.

Question 31

What is azure service bus?

Answer 31

Azure Service Bus is a fully managed enterprise message broker with message queues and publish-subscribe topics

Question 32

Can you create a VM without a VNet?

Answer 32

No