Implement and Manage Virtual Networking

Question 1

What is Session persistence: Client IP?

Answer 1

in load balancer context you can achieve clients talking to the same backend server via Session persistence. It is also known session affinity, source IP affinity, or client IP affinity. This distribution mode uses a two-tuple (source IP and destination IP) or three-tuple (source IP, destination IP, and protocol type) hash to route to backend instances.

Question 2

What is a public DNS Zone?

Answer 2

A public DNS zone is a portion of the global Domain Name System (DNS) that is visible and accessible to the public. It contains information about domain names and their corresponding IP addresses, allowing users to access websites and other internet resources using human-readable domain names. Public DNS zones are managed by domain registrars, hosting providers, and other organizations responsible for maintaining the DNS infrastructure.

Question 3

What is a VPN Gateway?

Answer 3

A type of networking device that allows secure communication between an Azure virtual network and an on-premises network or another virtual network. It provides a way to establish encrypted connections over the internet, enabling secure and private communication between different network environments.

Question 4

What is a site to site VPN?

Answer 4

a type of VPN connection that enables secure communication between two or more geographically dispersed networks

Question 5

What is a point to site VPN?

Answer 5

a type of VPN connection that allows individual client devices, such as laptops, desktops, or mobile devices, to securely connect to a remote network over the internet

Question 6

What is the difference between point to site and point to site VPN services?

Answer 6

Unlike site-to-site VPNs, which connect entire networks, point-to-site VPNs establish encrypted connections between individual client devices and a central network or virtual network.

Question 7

When do you have to re-download and re-install the VPN Configuration when using a point to site VPN service?

Answer 7

Whenever there is a change in network topology.

Question 8

What is the difference between private/internal and public load balancer?

Answer 8

Private/internal load balancers distribute traffic to resources inside of a virtual network. Public balances public traffic to your virtual machines.

Internal load balancers distribute traffic within a VNET while public load balancers balance traffic to and from an internet-connected endpoint.

Question 9

What is WAF and what kind of application gateway supports it?

Answer 9

WAF=Web Application Firewall

a security feature that can be integrated with a load balancer to protect web applications from various types of cyber threats and attacks, such as SQL injection.

Application Gateway WAF Tier supports it, Standard tier does not.

Question 10

What is azure application gateway?

Answer 10

A web traffic load balancer that enables you to manage traffic to your web applications. For example, you can route traffic based on the incoming URL. So if /images are in the incoming URL, you can route traffic to a specific set of servers (known as a pool) configured for images. If /video is in the URL, that traffic is routed to another pool that’s optimized for videos.

Question 11

Can VNet peering work across Microsoft Entra Tenants?

Answer 11

Yes! This is because the networks are both within Azure.

Question 12

What are the two ways you can connect two virtual networks?

Answer 12

VNet Peering & VPN Gateways
Peering = Connecting two networks in Azure, with low latency (few hops) and does not involve the public internet
Gateways= values encryption due to use over public internet

Question 13

When deploying connecting an on premise network to an azure vnet/subnet, what is the order of steps to take?

Answer 13

1) Deploy a gateway subnet -> required to configure VNet Gateway (step 2)
2) Deploy a VPN Gateway in Azure
3) Deploy a local network gateway
4) Deploy VPN to link azure and local gateways

Question 14

What are the differences between the standard load balancer and the basic load balancer?

Answer 14

https://media.tutorialsdojo.com/BasicLoadBalancer.PNG

Backend:
- pool size
- pool endpoints
- health probe protocols & down behavior
- availability zones
- …

Question 15

What is DNS Zone file import? And what azure utilities support it?

Answer 15

A DNS zone file is a text file that contains details of every Domain Name System (DNS) record in the zone. This can be imported to Azure via the CLI and portal.

Powershell and cloud shell don’t support this import.

Question 15

What is the gateway transit setting in VNet Peering?

Answer 15

a peering property that lets one virtual network use the VPN gateway in the peered virtual network for cross-premises or VNet-to-VNet connectivity.

When the gateway transit setting is enabled for a VNet peering connection, it allows the peered virtual network to forward traffic through its VPN gateway to on-premises networks or other external networks

Question 16

If a VNet peering connection becomes disconnected, what must you do? What would cause this?

Answer 16

You must delete the peering configuration and re-create it.

Many reasons like netowrk changes (eg. ip addresses, routing issues, resource deletion).

Question 17

What types of application gateways are there?

Answer 17

Standard & WAF Tier

Question 18

What types of Azure Front Door is there?

Answer 18

Standard & Premium

Question 20

What is the purpose of a subnet mask?

Answer 20

Indicates what part of a TCP/IP Packet indicates the network, and which part indicates the host identifier

Question 21

What is the mask of /24?
What about /16?

Answer 21

It is the left most
/24 bits -> 255.255.255.0
/24 bits -> 255.255.0.0