Introduction

Question 1

What ARM stand for?

Answer 1

Azure Resource Manager

Question 2

What RBAC stand for?

Answer 2

Role-based Access Control

Question 3

Two deployments models in Azure

Answer 3

• ASM - Azure Service Model (old)

- ARM - Azure Resource Model (new)

Question 4

Can resources be provisioned on different Azure regions and belong to the same resource group?

Answer 4

YES

Question 5

Does every resource need to be a part of resource group?

Answer 5

YES

Question 6

What is Idempotent feature?

Answer 6

Ensures predictability, standarization and consistency in resource deployment by ensuring that every deployment will result in the same state of resources and configuration, no matter the number of times it is executed

Question 7

What technology is Azure running on?

Answer 7

Azure runs on a customized version of Hyper-V. It’s fairly close to Hyper-V core in construct or theory, but that’s where all the similarities end.

Question 8

Four ways to interact with Azure

Answer 8

• Azure Portal
• PowerShell
• CLI
• REST API

Question 9

Feature to ensure that applications are still available even when a data center goes down.

Answer 9

Availability zones.

Question 10

Feature to provide provide redundancy at a data center level, similar to locally redundant storage

Answer 10

Availability sets

Question 11

What is Azure fault domain?

Answer 11

A fault domain is a logical group of underlying hardware that share a common power source and network switch, similar to a rack within an on-premises datacenter. As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these fault domains.

Question 12

What is availability set?

Answer 12

An Availability Set is a logical grouping capability for isolating VM resources from each other when they’re deployed. Azure makes sure that the VMs you place within an Availability Set run across multiple physical servers, compute racks, storage units, and network switches.

Question 13

What is Azure update domain?

Answer 13

An update domain is a logical group of underlying hardware that can undergo maintenance or be rebooted at the same time. As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these update domains.

Question 14

What is Azure Availability Zones?

Answer 14

Availability Zones is a high-availability offering that protects your applications and data from datacenter failures. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking

Question 15

Two Azure features for load balacing?

Answer 15

• Load Balacers (layer 4)

- Application Gateways (layer 7)

Question 16

What is Cookie-based session affinity?

Answer 16

Feature in Application Gateway feature in which all subsequent requests following the first request should be processed by the same service instance

Question 17

What is Secure Sockets Layer (SSL) offload?

Answer 17

SSL offload helps in transferring cryptography processing from the web server to the load balancer, thereby providing more resources to web servers serving users.

Question 18

What is End-to-end SSL?

Answer 18

Application Gateway feature which allows mission-critical secure applications that need complete SSL encryption and decryption even if traffic passes through load balancers.

Question 19

What is URL-based content routing?

Answer 19

Application gateway traffic redirection based on the URL content of incoming requests.

Question 20

Packet fields used for load balancing in Azure?

Answer 20

• Originating IP address
• Target IP address
• Originating port number
• Target port number
• Type of the protocol (TCP, HTTP, etc.)

Question 21

What is Azure Traffic Manager?

Answer 21

Traffic Manager helps us to create highly available solutions that span multiple geographies, regions, and data centers. It uses DNS to redirect requests to an appropriate endpoint .

Question 22

What is VM scale sets (VMSS)

Answer 22

Azure compute resource that you can use to deploy and manage a set of identical VMs.

Question 23

What is max number of VM in VMSS (VM Scale Sets)

Answer 23

• 1,000 VMs when using a platform images

- 100 VMs if using a custom image

Question 24

How Authentication is performed in Azure?

Answer 24

OpenID Connect

Question 25

How Authorisation is performed in Azure?

Answer 25

OAuth

Question 26

What Integrity mean?

Answer 26

Integrity ensures that the payload and message exchange between sender and receiver is not tampered with.

Question 27

What NSG stand for?

Answer 27

Network Security Group

Question 28

What OMS stand for?

Answer 28

Operations Management Suite

Question 29

Four services of Azure Storage Account

Answer 29

• blob
• files
• queues
• tables

Question 30

What is shared access signature (SAS)?

Answer 30

URI that grants restricted access rights to Azure storage services: blob, files, queues, and tables

Question 31

What TDE stand for?

Answer 31

Transparent Data Encryption - the technology used by SQL Server for encrypting data at rest.

Question 32

What DDM stand for?

Answer 32

Dynamic Data Masking - masking certain types of data, such as credit cards or user PII data

Question 33

Is Azure Key Vault per region or globally deployed?

Answer 33

per region

Question 34

Two important security resources to manage all security aspects of the Azure subscription, resource groups, and resources?

Answer 34

• Azure Monitor

- Azure Security Center

Question 35

Default maximum number of storage accounts per subscription?

Answer 35

200

Question 36

Max size of file share

Answer 36

5TB

Question 37

Two types of disks in Azure

Answer 37

• Managed

- Unmanaged

Question 38

Linux encryption method in Azure?

Answer 38

DM-Crypt

Question 39

Within an Azure Resource Manager (ARM) template, what three elements are required in a JSON template?

Answer 39

$schema, contentVersion and resources

Question 40

Within an Azure Resource Manager (ARM) template, what statement describes the purpose of the $schema element?

Answer 40

The $schema element specifies the location of the JSON schema file.

Question 41

What is Azure Resource Manager’s (ARM) default template deployment mode?

Answer 41

Incremental mode

Question 42

In Azure Resource Manager (ARM) templates what advantage do variables provide?

Answer 42

Variables simplify template expressions.

Question 43

Two types of Queues in Azure

Answer 43

• Azure Storage Queues

- Azure Service Bus Queues

Question 44

Which Azure-managed storage encryption feature encrypts data within an Azure Storage account, and decrypts it on read without requiring key management or additional configuration steps?

Answer 44

Server-Side Encryption for Data at Rest

Question 45

Which encryption method applies to Azure blobs only?

Answer 45

Storage Service Encryption

Question 46

Which blob type is the most suitable for logging scenarios?

Answer 46

Append blob

Question 47

What is one reason to use a Shared Access Signature instead of an account key?

Answer 47

To provide access to a client that can’t be trusted with the account key

Question 48

Which blob type is optimized for IaaS virtual machines?

Answer 48

Page blob

Question 49

Two tiers of application gateway?

Answer 49

• standard

- WAF (web application firewall)

Question 50

DNS level load balancing

Answer 50

Traffic Manager

Question 51

Application Level load balancing

Answer 51

Application Gateway

Question 52

Traffic Manager load balancing modes.

Answer 52

• weighted
• priority
• performance

Question 53

What is global vnet peering?

Answer 53

Virtual Network Peering for vnets in different regions

Question 54

How to disable default routing to the public Internet?

Answer 54

User-defined route to override the default

Question 55

What is PHS?

Answer 55

Password Hash Synchornization - sign in method used as a part of hybrid identity solution

Question 56

What is PTA?

Answer 56

Pass-Through Authentication - allows users to sign in to both on-prem and cloud-based app with the same password.

Question 57

What is Federation?

Answer 57

Collection of domains with an established trust, which typically includes authentication and almost always authorisation.

Question 58

Which Microsoft Azure Site Recovery (ASR) component is responsible for the replication during a failover from Azure?

Answer 58

Master target server

Question 59

Which feature enable developers with the ability to perform A/B testing on Azure App Service apps, and provides you a separate deployment environment along with the default production environment?

Answer 59

Deployment Slots

Question 60

Within Azure Batch, what is a batch job?

Answer 60

A collection of tasks

Question 61

How is a Batch pool created in Azure Batch?

Answer 61

Manually by the user or automatically by the Batch service when the job is specified

Question 62

What is Azure Logic App?

Answer 62

An offering that provides the developer with visual designer that can be used to model and automate workflows.

Question 63

Four Components of Azure Storage Account?

Answer 63

• Blob
• Table
• Queue
• File

Question 64

What is a shared access signature (SAS)

Answer 64

URI that grants restricted access rights to Azure Storage resources

Question 65

Three authorization techniques in Azure

Answer 65

• Access Keys
• Shared access Signatures
• Azure Active Directory

Question 66

How many copies are created in case of Locally-redundant storage?

Answer 66

3

Question 67

Zone-redundant storage protection

Answer 67

Helps to protect against data center level failures

Question 68

Geo-redundant storage protection

Answer 68

Helps to protect against region failures

Question 69

Does VM restart cause data on temporary disk loss?

Answer 69

No

Question 70

Does VM STOP cause data on temporary disk loss?

Answer 70

Yes

Question 71

Does VM restart cause public IP reallocation?

Answer 71

No

Question 72

Does VM STOP cause public IP reallocation?

Answer 72

Yes

Question 73

Which resources can have NSG attached?

Answer 73

• subnet

- NIC

Question 74

Can VNET peering be enabled across regions?

Answer 74

YES

Question 75

Can VNET peering be enabled across subscriptions?

Answer 75

YES

Question 76

What is Azure Resource Manager?

Answer 76

Azure Resource Manager (ARM) is the native platform for infrastructure as code (IaC) in Azure.

Question 77

Four sections of Azure Resource Manager Template

Answer 77

• Resources
• Variables
• Parameters
• Outputs

Question 78

Three types of snapshots in Azure

Answer 78

• Application consistent
• File-system consistent
• Crash consistent

Question 79

Describe application-consistent snapshot

Answer 79

backup service captures the memory content, pending I/O operations

Question 80

Describe file-system snapshot

Answer 80

backup service takes a snapshot of all the files at the same time

Question 81

Describe crash-consistent snapshot

Answer 81

this happens if the virtual machine shuts down at the time of the backup process

Question 82

What’s required to attach additional NIC to an Azure VM

Answer 82

Stop the Azure VM you want to attach an additional NIC

Question 83

Is VPN gateway highly available?

Answer 83

Yes, Each VPN gateway has two instances, one in active and one in standby.

Question 84

What is Password Hash Synchornization?

Answer 84

Azure AD Connect synchronizes a hash of a hash, of user’s password from an on-premises AD instance to a cloud-based Azure AD instance

Question 85

What is Pass-through authentication?

Answer 85

similar to password hash synchronization, but here the users’ passwords is directly validated against the on-premise AD. This allows organizations to enforce their on-premise AD security and password policies

Question 86

Azure Load Balancer 3 SKUs

Answer 86

• Basic
• Standard
• Gateway

Question 87

What is Azure Application Gateway?

Answer 87

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. OSI layer 7

Question 88

Is dedicated subnet required for the application gateway?

Answer 88

YES

Question 89

What is Azure Front Door?

Answer 89

Azure Front Door is a global, scalable entry-point that uses the Microsoft global edge network to create fast, secure, and widely scalable web applications.

Front Door works at Layer 7 (HTTP/HTTPS layer) using anycast protocol with split TCP and Microsoft’s global network to improve global connectivity.

Question 90

What is the mandatory subnet name for Azure firewall?

Answer 90

AzureFirewallSubnet

Question 91

What are Azure Blueprints?

Answer 91

Helps to define a repeatable set of processes that can adhere to an organization’s standards and patterns.