John Saville - Claude

Question 1

What is Azure AD and what protocols does it support?

Answer 1

Azure AD (now called Azure Entra ID) is Microsoft’s cloud-based identity provider that supports protocols like OAuth 2.0 OpenID Connect SAML and WS-Fed for authentication and authorization over the internet.

Question 2

How does Azure Entra ID interact with on-premises Active Directory?

Answer 2

Azure Entra ID interacts with on-premises Active Directory through Azure Entra Connect sync or Azure Entra Connect Cloud sync where user accounts are replicated from Active Directory to Azure Entra ID.

Question 3

What is the purpose of having a tenant in Azure Entra ID?

Answer 3

A tenant in Azure Entra ID is an organization’s instance that contains its users groups devices applications and conditional access policies. Applications and services trust this tenant for authentication and authorization.

Question 4

Can Azure Entra ID tenants have external users or guests?

Answer 4

Yes Azure Entra ID tenants can have external users or guests from other organizations identity providers (like Google or Facebook) or Microsoft accounts allowing them to collaborate without creating separate accounts.

Question 5

Where does an Azure Entra ID tenant reside?

Answer 5

An Azure Entra ID tenant is a global instance and does not reside within an Azure subscription. It is a separate entity that Azure subscriptions can trust for authentication and authorization.

Question 6

Can you customize the branding and user experience in an Azure Entra ID tenant?

Answer 6

Yes you can customize the branding and user experience in an Azure Entra ID tenant by configuring company branding settings background images and login messages.

Question 7

How do external users or guests appear in an Azure Entra ID tenant?

Answer 7

External users or guests appear as stub objects that refer to their primary identity in another tenant Microsoft account Google Facebook or other identity provider.

Question 8

What are the different ways to provision user accounts in Azure Entra ID?

Answer 8

User accounts can be provisioned through synchronization from Active Directory manual creation bulk creation via CSV upload provisioning from an HR system or API and scripting.

Question 9

Why are groups recommended for managing user access and permissions?

Answer 9

Groups are recommended for managing user access and permissions because it’s easier to assign roles permissions and licenses to groups rather than individual users simplifying administration and avoiding orphaned permissions when users leave.

Question 10

What are the two types of groups in Azure Entra ID and their purposes?

Answer 10

The two types of groups are security groups (for assigning roles and permissions) and Microsoft 365 groups (for collaboration tools like SharePoint and calendars).

Question 11

What is the difference between registering and joining a device in Azure Entra ID?

Answer 11

Registering a device makes it a known entity for management but is suitable for personal devices while joining a device allows more control and direct authentication using Azure Entra ID accounts suitable for corporate-owned devices.

Question 12

What are the different Azure Entra ID license levels and their key features?

Answer 12

The Azure Entra ID license levels are Free (basic features) P1 (adds conditional access self-service password reset HR-driven provisioning) and P2 (adds privileged identity management identity protection and access reviews). There is also a Governance add-on.

Question 13

What are administrative units in Azure Entra ID and how do they work?

Answer 13

Administrative units allow grouping users groups and devices and assigning roles that only apply to objects within that unit enabling granular access control delegation.

Question 14

When adding a group to an administrative unit do the users in that group automatically inherit the unit’s permissions?

Answer 14

No users in a group added to an administrative unit do not automatically inherit the unit’s permissions. The users must be explicitly added to the administrative unit as well if they need to be managed.

Question 15

What are the different Azure clouds or environments and how do they relate to Azure Entra ID tenants?

Answer 15

The different Azure clouds or environments include Commercial US Government China and others. Each cloud has its own separate instance of Azure Entra ID and tenants cannot span across different clouds.

Question 16

What are regions in Azure and how do availability zones fit into regions?

Answer 16

Regions are geographical locations where Azure resources can be deployed. Within a region there are typically three availability zones which are separate physical datacenter locations for redundancy and high availability.

Question 17

How are Azure regions paired and why is this important?

Answer 17

Azure regions are paired within the same geopolitical boundary for Azure’s safe deployment practices. Changes are rolled out to one region in a pair first then the other to avoid simultaneous failures.

Question 18

What are Azure subscriptions management groups and how are they organized?

Answer 18

Subscriptions are containers for deploying Azure resources. Management groups provide a hierarchy above subscriptions for organizing resources assigning roles and policies and tracking budgets across multiple subscriptions.

Question 19

How can you get started with Azure if you’re an individual or don’t have an existing enterprise subscription?

Answer 19

You can sign up for a free trial account or use the free services offered in Azure.

Question 20

What is the cost analysis and management feature in Azure used for?

Answer 20

It allows you to view your current and forecasted costs analyze costs by resource or service set budgets and get cost optimization recommendations.

Question 21

What are Azure budgets and how do they work?

Answer 21

Azure budgets allow you to set a cost threshold and configure alerts when spending reaches a certain percentage of that budget based on actual or forecasted costs. This helps track and control spending.

Question 22

What are resource groups in Azure and how should they be used?

Answer 22

Resource groups are containers for deploying related Azure resources together. Resources in the same group should share a lifecycle and are suitable for common access control policies and cost tracking.

Question 23

What is the Azure Hybrid Benefit and how does it help reduce costs?

Answer 23

The Azure Hybrid Benefit allows you to use existing on-premises Windows Server and SQL Server licenses in Azure removing the license cost from your Azure bill.

Question 24

What are Azure reservations and savings plans and how do they differ?

Answer 24

Azure reservations provide discounted rates for specific resources in specific regions with a 1-3 year commitment. Azure savings plans offer a general hourly commit for included compute services with flexible discounts.

Question 25

What are Azure tags and how can they be used?

Answer 25

Azure tags are key-value pairs that can be applied to resources resource groups or subscriptions to categorize and filter resources track ownership apply policies or use for billing purposes.

Question 26

Do Azure tags inherit from parent scopes like subscriptions or resource groups?

Answer 26

No tags do not inherit from parent scopes by default. They must be explicitly applied at each level (subscription resource group or resource).

Question 27

How can you enforce tag inheritance policies in Azure?

Answer 27

You can use Azure Policy to create a policy that forces resources to inherit tags from their parent resource group or subscription.

Question 28

What is Azure Policy and how does it work?

Answer 28

Azure Policy allows you to define and enforce rules (policies) for your Azure resources to ensure compliance with standards security requirements or other criteria. Policies have defined conditions and effects (like deny audit deploy etc.).

Question 29

What is an Azure Policy initiative and how does it differ from a single policy?

Answer 29

An Azure Policy initiative is a group or set of related policies. It allows you to assign and manage multiple policies as a single unit simplifying compliance tracking for complex requirements.

Question 30

How can you view and manage role-based access control (RBAC) in Azure?

Answer 30

You can view and manage RBAC assignments through the Access Control (IAM) pane for a resource resource group or subscription. This lets you see assigned roles and permissions and add custom roles following least privilege principles.

Question 31

How can you create a custom Azure role with specific permissions?

Answer 31

You can create a custom role by cloning an existing role then adding or removing specific permissions (actions) from different resource providers. This allows you to define a least-privilege role with only the necessary permissions.

Question 32

What is the difference between Azure roles and Azure Active Directory (Azure AD) roles?

Answer 32

Azure roles control access to Azure resources and subscriptions while Azure AD roles control access to tenant-level resources and configurations within the Azure AD service.

Question 33

What types of resource locks can you apply in Azure and what do they affect?

Answer 33

You can apply two types of resource locks: CanNotDelete (prevents deletion but allows modifications) and ReadOnly (prevents all modifications). These locks only affect the Azure control plane operations not data plane operations within resources like databases or storage.

Question 34

How are virtual networks defined and scoped in Azure?

Answer 34

A virtual network (VNet) is defined by one or more IPv4 address spaces (optionally IPv6) and it exists within the scope of a single Azure subscription and region. It cannot span multiple subscriptions or regions.

Question 35

How are subnets sized and IP addresses allocated within Azure virtual networks?

Answer 35

Within a VNet you define one or more subnets that are subsets of the VNet address space. Each subnet loses 5 IP addresses for Azure’s use (network broadcast gateway DNS). Resources deployed to a subnet are allocated a dynamic private IP from the remaining subnet range by Azure’s DHCP service.

Question 36

What is the purpose of assigning a public IP address to an Azure resource?

Answer 36

Assigning a public IP address to an Azure resource allows it to be accessed from the public internet. Without a public IP the resource is only accessible over its private IP from within the VNet or connected networks.

Question 37

How can you enable communication between resources in different Azure virtual networks?

Answer 37

You can peer virtual networks within the same region or across regions. Peering allows resources to communicate using private IP addresses. You can enable the “Use Remote Gateway” setting to allow spokes to use the hub VNet’s gateway connectivity (VPN ExpressRoute).

Question 38

What is the purpose of Azure Virtual Network Manager?

Answer 38

Azure Virtual Network Manager allows you to centrally define and manage connectivity between virtual networks. You can create network groups (static or dynamic) and define hub-and-spoke or mesh topologies for connectivity between the groups. It also provides security admin rules to allow/deny traffic before NSG rules.

Question 39

What are Network Security Groups (NSGs) in Azure?

Answer 39

NSGs are sets of inbound and outbound security rules that can be applied to subnets or individual network interfaces. Rules specify priorities source/destination IP ranges or service tags ports and allow/deny actions.

Question 40

What are service tags in Azure Network Security Groups?

Answer 40

Service tags represent groups of IP address prefixes for specific Azure services which can be used in NSG rules instead of specifying explicit IP ranges. This allows rules to dynamically cover Azure service IP ranges as they change.

Question 41

What are application security groups in Azure?

Answer 41

Application security groups are tags that can be applied to network interfaces. These groups can then be used in NSG rules to allow or deny traffic from/to the tagged resources instead of specifying explicit IP addresses.

Question 42

What are the default inbound and outbound rules in Azure Network Security Groups?

Answer 42

By default inbound rules deny all inbound traffic except for traffic within the same VNet and certain Azure Load Balancer probes. Outbound rules allow all outbound traffic to the internet and within the VNet by default.

Question 43

What are service tags in Azure Network Security Groups?

Answer 43

Service tags represent groups of IP address prefixes for specific Azure services which can be used in NSG rules instead of specifying explicit IP ranges. This allows rules to dynamically cover Azure service IP ranges as they change.

Question 44

What are application security groups in Azure?

Answer 44

Application security groups are tags that can be applied to network interfaces. These groups can then be used in NSG rules to allow or deny traffic from/to the tagged resources instead of specifying explicit IP addresses.

Question 45

How can you view the effective routes for a network interface in Azure?

Answer 45

You can see the effective routes for a network interface by going to the virtual machine details then under “Networking” there is a section called “Effective routes” which shows all the routes affecting that network interface.

Question 46

What is Azure Firewall and what are its features?

Answer 46

Azure Firewall is a managed network virtual appliance that provides network and application-level filtering. It can define inbound/outbound rules perform SNAT DNAT application-level filtering URL filtering TLS inspection (premium SKU) and is a fully managed IPS/IDS (premium SKU).

Question 47

What is the purpose of Azure DNS and how does it work?

Answer 47

Azure DNS provides DNS domain hosting services for public and private DNS zones. Public zones can host public DNS records and use alias records to prevent dangling DNS issues. Private DNS zones allow automatic DNS record registration for Azure resources in associated VNets and enable DNS resolution between services.

Question 48

How do Azure resources resolve DNS names?

Answer 48

Azure resources resolve DNS names by querying the IP address 168.63.129.16 which is Azure’s DNS service. This IP is only accessible to resources within a VNet. For on-premises resources Azure Private DNS Resolver can be used to resolve records in private DNS zones.

Question 49

What is the Azure Private DNS Resolver and its capabilities?

Answer 49

The Azure Private DNS Resolver is a service that allows resources outside a VNet to resolve records in Azure Private DNS zones. It can also forward queries for custom DNS servers enabling hybrid DNS resolution scenarios.

Question 50

What are the two types of VPN gateways in Azure and what are their differences?

Answer 50

There are two types of VPN gateways: policy-based (static routing not recommended) and route-based (dynamic routing recommended). Route-based supports multiple tunnels point-to-site VPN and is more flexible.

Question 51

How does an Azure Site-to-Site VPN work?

Answer 51

In a Site-to-Site VPN a VPN gateway is created in Azure and a VPN server on-premises establishes an encrypted connection over the internet to connect the on-premises network’s IP space to the Azure virtual network’s IP space.

Question 52

What is ExpressRoute and how does it work?

Answer 52

ExpressRoute provides private connectivity between an on-premises network and Azure by connecting the customer’s network to the Microsoft global network at a colocation facility (meet-me location). This allows private IP space communication without going over the internet.

Question 53

What is ExpressRoute Global Reach and how is it different from private peering?

Answer 53

Private peering connects an on-premises IP space to an Azure virtual network. Global Reach enables connectivity between different on-premises networks connected via different ExpressRoute circuits using the Microsoft backbone.

Question 54

What is Microsoft Peering in ExpressRoute?

Answer 54

Microsoft Peering allows private connectivity from the on-premises network to specific Azure PaaS services (e.g. Storage SQL) without going through a virtual network by advertising routes via the ExpressRoute BGP connection.

Question 55

What is Azure Virtual WAN and what are its SKUs?

Answer 55

Azure Virtual WAN is a managed service that provides site-to-site VPN ExpressRoute connectivity and hub-and-spoke networking. The Basic SKU provides site-to-site VPN while the Standard SKU adds ExpressRoute transit routing and other advanced features.

Question 56

What are User-Defined Routes in Azure and how are they used?

Answer 56

User-Defined Routes allow overriding the default routing behavior in an Azure virtual network by specifying that for a certain IP address space traffic should be routed to a specific next-hop such as a virtual appliance like an Azure Firewall.

Question 57

What are service endpoints in Azure and how do they work?

Answer 57

Service endpoints allow resources in a specific subnet to communicate with an Azure service over its public endpoint by whitelisting the subnet for that service. It provides more direct connectivity and allows controlling access at the subnet level.

Question 58

What are private endpoints in Azure and how do they differ from service endpoints?

Answer 58

Private endpoints create a private IP address in a subnet that connects to a specific instance of an Azure service bypassing the public endpoint. This allows complete isolation from the public internet and direct connection from on-premises or other virtual networks.

Question 59

How can you expose your own services in Azure using private endpoints?

Answer 59

You can enable the Private Link Service on a Standard Load Balancer with a private frontend IP. Then you can create private endpoints that connect to this frontend IP enabling secure access to your services from other virtual networks without peering.

Question 60

What is Azure Bastion and what are its different SKUs?

Answer 60

Azure Bastion is a managed jump box service that allows secure remote access to virtual machines without exposing public IP addresses. The Basic SKU allows access to VMs in the same VNet while Standard enables peered VNets cross-platform access and additional features.

Question 61

What are the two main types of load balancing solutions in Azure?

Answer 61

The two main load balancing solutions are Azure Load Balancer (Layer 4 - TCP/UDP) and Azure Application Gateway (Layer 7 - HTTP/HTTPS).

Question 62

What are the components of an Azure Load Balancer?

Answer 62

An Azure Load Balancer has a frontend IP (internal or external) one or more backend pools containing VM IP addresses health probes to monitor backend instances load balancing rules and inbound NAT rules for direct VM access.

Question 63

What are the different SKUs of the Azure Load Balancer and what are their differences?

Answer 63

There are Basic and Standard SKUs. The Basic SKU provides load balancing within a single availability set while the Standard SKU supports multiple availability sets availability zones and cross-region load balancing scenarios.

Question 64

What are the different tuple options for load balancing rules in Azure Load Balancer and what do they determine?

Answer 64

The tuple options are 5-tuple (Source IP Source Port Destination IP Destination Port Protocol) 3-tuple (Source IP Destination IP Protocol) and 2-tuple (Source IP Destination IP). They determine how sticky the client-to-backend mapping should be based on the parameters considered.

Question 65

What are the differences between the Basic and Standard SKUs of Azure Load Balancer?

Answer 65

The Basic SKU supports up to 300 instances in a backend pool has no SLA is being deprecated on September 30 2025 and only supports NIC as backend resources. The Standard SKU supports up to 1000 instances has an SLA supports availability zones and allows both NIC and IP addresses as backend resources.

Question 66

What is a floating IP rule in Azure Load Balancer and how does it work?

Answer 66

A floating IP rule ensures that the frontend IP address of the Load Balancer is used as the source IP when traffic is forwarded to the backend pool instances. This avoids the need for clients to rewrite application data due to network address translation.

Question 67

What is Azure Application Gateway and what features does it provide?

Answer 67

Azure Application Gateway is a Layer 7 load balancing solution optimized for web traffic (HTTP HTTPS WebSocket). It provides features like URL routing SSL/TLS termination Web Application Firewall session affinity and more.

Question 68

What are the deployment options for Azure Application Gateway regarding frontend IP configuration?

Answer 68

As of the time of recording Application Gateway can have a public IP a private IP or both. Previously it was required to have a public IP but now it’s optional.

Question 69

How does Azure Traffic Manager work and what routing methods does it support?

Answer 69

Azure Traffic Manager is a global DNS-based traffic routing service. It resolves a name to one of the available endpoints based on routing methods like Performance (closest endpoint) Round Robin Geographic Weighted and more.

Question 70

What is the Cross-Region Load Balancer in Azure and how does it work?

Answer 70

The Cross-Region Load Balancer is a global public IP address that can route traffic to regional Standard Load Balancers across multiple Azure regions. It provides a single endpoint for clients and transparently routes traffic to the appropriate regional backend.

Question 71

What is Azure Front Door and how does it provide global load balancing for Layer 7 traffic?

Answer 71

Azure Front Door is a global Layer 7 load balancing solution for web traffic. It uses a global anycast IP address split TCP and Microsoft’s global network to establish client connections at the nearest Point of Presence and then retrieve content from the origin backends which can be across regions.

Question 72

What are the different redundancy options available for Azure Storage accounts?

Answer 72

The redundancy options are: Locally Redundant Storage (LRS - 3 copies in one cluster) Zone Redundant Storage (ZRS - 3 copies across Availability Zones in a region) Geo-Redundant Storage (GRS - 3 copies in the primary region asynchronously replicated to 3 copies in a paired secondary region) and Geo-Zone Redundant Storage (GZRS - 3 copies across Availability Zones in the primary region asynchronously replicated to 3 copies in one cluster in the paired secondary region).

Question 73

What are the different types of data storage services available in an Azure Storage account?

Answer 73

The main data storage services are: Blobs (Block Append and Page) Files (SMB/NFS file shares) Tables (schema-less key-value data) and Queues (message queueing).

Question 74

What is the difference between Standard and Premium storage accounts in Azure?

Answer 74

Standard storage accounts use traditional hard disk drives and offer the general-purpose V2 (GPv2) account type with all storage services. Premium storage accounts use solid-state drives (SSDs) and offer service-specific account types like BlockBlobStorage FileStorage etc. Premium File shares are billed based on provisioned size not data stored.

Question 75

What is Storage Explorer and how can it be used to interact with Azure Storage?

Answer 75

Storage Explorer is a graphical tool that allows you to interact with Azure Storage accounts. You can view and manage Blobs File Shares Queues Tables and perform operations like adding/removing items uploading/downloading data and more.

Question 76

What is the ‘read-access geo-redundant’ option for Azure Storage accounts?

Answer 76

The ‘read-access geo-redundant’ option allows you to read data from the geo-replicated copy of your storage account in the secondary paired region in addition to the primary region.

Question 77

What is AzCopy and what is the server-side asynchronous copy feature?

Answer 77

AzCopy is a command-line utility for copying data to/from Azure Storage. The server-side asynchronous copy feature allows you to efficiently copy data between storage accounts without downloading it to your local machine first.

Question 78

What are the different tiers available for Azure Blob Storage and how do they differ in pricing and usage scenarios?

Answer 78

The tiers are: Hot (highest capacity cost lowest transaction cost - for frequent access data) Cool (lower capacity cost higher transaction cost - for infrequent access data) Cold (lowest capacity cost highest transaction cost - for rarely accessed data) and Archive (lowest capacity cost high cost to rehydrate data - for data to be stored for at least 180 days).

Question 79

What are lifecycle management policies for Azure Blob Storage and how can they help optimize costs?

Answer 79

Lifecycle management policies allow you to define rules to automatically transition blobs between the different access tiers (Hot Cool Cold Archive) based on filters like age last access time etc. This helps optimize costs by moving less frequently accessed data to lower-cost tiers.

Question 80

What is object replication in Azure Blob Storage and how is it different from geo-replication?

Answer 80

Object replication allows you to asynchronously copy blobs between storage accounts across containers and even across regions based on rules you define. Unlike geo-replication which only replicates to the paired region object replication gives you more flexibility in where you replicate your data.

Question 81

What is Azure File Sync and how does it work?

Answer 81

Azure File Sync allows you to centralize your file shares in Azure Files while keeping the flexibility to cache the data on-premises for local access. It synchronizes changes from the cloud endpoint to on-premises servers or cloud-based Windows file shares.

Question 82

What is the purpose of having two access keys in an Azure Storage account?

Answer 82

The two access keys allow you to rotate and regenerate one key at a time without disrupting access to the storage account. While one key is in use you can regenerate the other key and then switch to using the new key.

Question 83

What is the preferred way to access Azure Storage data instead of using the storage account access keys?

Answer 83

The preferred way is to use role-based access control (RBAC) for the data plane which allows you to assign granular permissions to identities (users or service principals) through built-in roles like “Blob Data Reader” or “Queue Data Contributor”.

Question 84

What are shared access signatures in Azure Storage and when are they useful?

Answer 84

Shared access signatures (SAS) provide granular time-limited access to specific storage resources without exposing the storage account keys. They are useful when you need to grant temporary access to a client or an untrusted application.

Question 85

How does encryption work for Azure managed disks compared to Storage accounts?

Answer 85

For managed disks you first create a disk encryption set in your Azure Key Vault and then associate your managed disks with that encryption set. This allows you to use your own customer-managed keys to encrypt the disks at rest.

Question 86

What are the different types of Azure managed disks and how do they differ in performance characteristics?

Answer 86

The types are: Standard HDD Standard SSD (with burst capabilities) Premium SSD (with configurable performance tiers) Premium SSD v2 (with configurable IOPS and throughput) and Ultra Disk (with highest performance and lowest latency configurable IOPS and throughput).

Question 87

What is the recommended way to provision resources in Azure?

Answer 87

The recommended way to provision resources in Azure is to use declarative methods like ARM JSON templates or Azure Bicep rather than manually creating resources through the portal or CLI. These templates allow you to define the desired state of resources and can be version-controlled and automated through pipelines.

Question 88

What are the different service models in Azure and how do they differ in terms of responsibilities?

Answer 88

The service models are: Infrastructure as a Service (IaaS) like Virtual Machines where you manage the OS data and application

Question 89

Why is it important to choose the right VM size and SKU for your workload?

Answer 89

Choosing the right VM size and SKU is important to ensure that your workload has the appropriate resources (CPU memory storage networking) and performance characteristics. This helps avoid wasted resources or underprovisioning and allows you to scale out by adding or removing VMs based on demand.

Question 90

What are the different dimensions that define a VM size and SKU in Azure?

Answer 90

The dimensions include CPU count/speed memory amount storage performance characteristics (disk type IOPS throughput) networking capabilities and specialized hardware like GPUs. These dimensions combine to define the VM’s capabilities and performance characteristics.

Question 91

How can you scale virtual machines in Azure based on workload demand?

Answer 91

Azure allows you to scale VMs by adding or removing instances based on demand. Rather than provisioning a single large VM you can deploy multiple smaller VMs and scale out by adding more instances or scale in by removing instances as the workload changes.

Question 92

What is the purpose of Azure Bastion and how does it help secure access to virtual machines?

Answer 92

Azure Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over SSL. It helps reduce the attack surface by eliminating the need for public IP addresses on VMs removing the need for jump boxes and providing just-in-time access through the Azure portal.

Question 93

What is the difference between Availability Sets and Availability Zones in Azure?

Answer 93

Availability Sets provide resiliency by spreading VMs across different fault domains (racks) within a datacenter. Availability Zones offer a higher level of resiliency by physically separating resources across different datacenters with isolated power networking and cooling protecting against datacenter-level failures.

Question 94

What is a Virtual Machine Scale Set in Azure and how does it help with scaling?

Answer 94

A Virtual Machine Scale Set allows you to deploy and manage a group of identical load balanced VMs. It enables automatic scaling by adding or removing VMs from the scale set based on configurable rules tied to performance metrics like CPU utilization. This allows automatic scaling of resources to match workload demand.

Question 95

What are the differences between Uniform and Flexible Virtual Machine Scale Sets?

Answer 95

Uniform scale sets have a single VM template and configuration across all instances. Flexible scale sets allow mixing different VM sizes types (e.g. spot instances) and configurations within the same scale set providing more flexibility in optimizing costs and capabilities.

Question 96

What is the purpose of a Container Registry in Azure?

Answer 96

A Container Registry in Azure is a private secure registry for storing and managing your container images. It allows you to build push and pull container images to be used for deploying containerized applications across Azure services like Azure Kubernetes Service App Service etc.

Question 97

How does a Docker container differ from a Virtual Machine in terms of its architecture and resource utilization?

Answer 97

A Docker container runs at the user mode level sharing the host kernel with other containers while a Virtual Machine runs a complete guest operating system with higher overhead. Containers provide process isolation and share kernel resources resulting in a more lightweight and efficient utilization of resources compared to VMs.

Question 98

What is the purpose of Azure Container Instances (ACI) and how does it differ from Azure Kubernetes Service (AKS)?

Answer 98

Azure Container Instances (ACI) allows you to run individual containers without managing any underlying infrastructure. It’s suitable for simple standalone containerized workloads. Azure Kubernetes Service (AKS) provides a full container orchestration layer using Kubernetes enabling management of multi-container applications scalability networking storage and other advanced features.

Question 99

What are the different networking models available in Azure Kubernetes Service (AKS) for pod communication?

Answer 99

The different networking models in AKS include: Kubenet (basic) Azure CNI (pods share IP space with nodes) Azure CNI with Kubernetes Calico (dynamic IP allocation) and Azure CNI overlay (separate pod IP space using overlay networking).

Question 100

What is the purpose of App Service in Azure and how does it differ from container-based services like AKS?

Answer 100

App Service is a fully managed platform for building and hosting web applications and services without managing underlying infrastructure. It provides predefined app hosting plans with autoscaling capabilities. Unlike container services like AKS which require managing containers and orchestration App Service abstracts away those complexities for simpler web app hosting.

Question 101

What are the different components of Azure Monitor and how do they aid in monitoring Azure resources?

Answer 101

Azure Monitor provides monitoring data through: Activity Log (control plane events) Metrics (time-based resource signals) Logs (configured via Diagnostic Settings to send to storage event hubs or Log Analytics) and various agents/extensions for guest-level monitoring. This allows comprehensive monitoring of Azure resources across control plane resource metrics and log data.

Question 102

What are the different types of Log Analytics workspaces available in Azure Monitor and how do they differ in terms of capabilities and pricing?

Answer 102

There are three types of Log Analytics workspaces: Analytics (full KQL capabilities included data ingestion/storage) Basic (subset of KQL pay per query and storage) and Archive (long-term storage up to 12 years requires restore/search jobs to query). Analytics is suitable for full query capabilities Basic is cost-effective for limited use cases and Archive is for long-term data retention.

Question 103

What is the purpose of Network Watcher in Azure and what are some of its key features?

Answer 103

Network Watcher is a network monitoring and troubleshooting tool in Azure. Its key features include: network topology view IP flow verification next hop information VPN diagnostics NSG flow logging packet capture and connection troubleshooting. It helps diagnose and resolve network issues within Azure resources.

Question 104

How can alert processing rules in Azure Monitor help manage and respond to alerts?

Answer 104

Alert processing rules in Azure Monitor allow you to define actions to take or suppression rules when alerts are raised. You can configure action groups (email SMS webhooks functions etc.) to be called when specific alerts occur or suppress alerts based on schedules severity or other criteria. This helps streamline alert response and notification processes.