Module 2ba - Exploring Azure Core Products - Networking, AVNs Flashcards

1
Q

What are Azure Virtual Networks (AVNs)? What do they enable resources to do?

A

A set of Resources that links other Azure Resources, enabling them to communicate with each other, with users on the Internet and with on-prem client computers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Hint: V U

How do you connect one Azure Virtual Network to another one? Why is this significant?

A

You connect them through VN Peering (VNP) and User-Defined Routing (UDR)

Why the significance?

ISOLATION - Because two AVNs are by default isolated from one another. Resources assigned to one AVN cannot communicate with Resources in another AVN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What two options do you have for AVN DDos Protection? Which one is a Premium Service?

A

Basic DDos Protection and Standard DDos Protection (Premium Service)

*Know the cost vs benefit of selecting one

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are two (2) means by which AVNs can communicate with the public Internet?

A

AVNs can connect to the public internet by default. You just need to enable a public IP Address OR a public Load Balancer (these are both Resources you can provision for the AVN).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AVNs - Define the concept of Isolation

A

Isolation: AVNs allow you to create multiple isolated virtual networks, defined by a private IP Address Space that uses public or private IP Address Ranges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AVNs - How do you handle Name Resolution?

A

Use the built-in Name Resolution Service for name resolution, or configure the VN to use an internal or external DNS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Hhint: four (4) ways

How do you manage AVNs?

A

AVNs can be managed through

  • Azure Portal
  • Azure CLI
  • Secure Shell
  • Remote Desktop Protocol (good ol’ fashioned RPD lolol)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How do you modify an AVN after creation?

A

Azure Portal and Azure CLI

  • Add PEERINGS (link to another AVN)
  • Add additional Address Spaces
  • Connect machines
  • Add additional SubNets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AVN Names must be unique globally (T/F)?

A

False. They need to be unique within your SUBSCRIPTION, but NOT GLOBALLY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Hint: 3 ways to do it

How do AVNs communicate with On-Prem resource/end points?

A
  • Point-To-Site
  • Site-to-Site VPN
  • Azure ExpressRoute
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Hint: 3 ways to do it

How do you enable integration and communication between the Resources in an AVN?

A

Deploy Resources to the SAME AVNs - AVNs can connect to/add virtually all other Service types; Power Apps Service Environment, AK8s, VM Scale Sets, etc that are deployed to themselves

Setup Private Link - private access to specific Resources from Virtual Network or One-Prem Network

Service Endpoints - Endpoints can be used to connect to other Resource types like SQL DBs or Storage Accounts. You can link multiple Azure resources to AVNs to provide improved security and optimized routing between resources (AVNs isolate those resources to the single network)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AVNs - define the concept of Segmentation

A

Segmentation: You can divvy up the IP Address space into SubNets (via CIDR) and allocate part of the defined space to each named SubNet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Hint: 2 ways to do it

How can AVNs filter network traffic?

A

You can filter traffic between SubNets using two approaches:

Network Security Groups - A Resource where you can add inbound and outbound security rules for ingress/egress traffic

Network Virtual Appliances - An NVA is a specialized VM that carries out a specific network function like running a firewall or performing WAN optimization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the default behavior for routing network traffic, and what are the two ways to override it?

A

By default, Azure routes traffic between subnets on any connected virtual networks, on-prem networks, and the internet.

To override:

Route Tables - Define rules about how traffic gets directed and rerouted

Border Gateway Protocol (BGP) - Propagates On-Prem BGP routes to AVNs, works with Azure VPN Gateways or ExpressRoutes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

General Knowledge: What is CIDR Notation?

A

Classless Inter-Domain Routing. Defines the range of IP Addresses available for your AVN. Azure provides the initial IP Address, you’ll need to partition it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

CIDR Address Spaces need to be unique within your Subscription and with any network you connect to (T/F)

A

True

17
Q

What is an Azure ExpressRoute connection between AVNs and an On-Prem network?

A

Azure ExpressRoute - Provides dedicated connectivity to Azure that doesn’t go over the public Internet, providing greater bandwidth and higher levels of security.

More on this in a different deck…

18
Q

What is a Point-To-Site connection between AVNs and an On-Prem network?

A

Point-To-Site - VPN-type typical approach, where an external PC (like my work laptop) VPNs into the corporate network via encrypted connection. For AVNs, you’d initiate a VPN connection to it. Requires an approved device (like my laptop or a phone or tablet, etc.)

19
Q

Hint: Who are these connections intended for?

What is a Site-to-Site VPN connection used for? What three (3) things should you know about them?

A

Site-to-Site VPN - Used to link your On-Prem VPN device or gateway to the Azure VPN gateway in an AVN.

  • Connections are encrypted
  • Work over the Internet
  • Not intended for public use, more specifically for Admins who need access to Azure resources
20
Q

What are the rules for valid SubNet names? Which of the following are valid/invalid?

  • 234FFF
  • FFF234
  • 234FFF_
  • 234-FFF
  • D34_FFF-234
  • 234-FFF@234
  • D34.FFF.
  • D34FFF$
  • -234_FFF
  • _234+FFF
  • $234DDD
A

Rules are:

  • Begins - alphanumeric only
  • Ends - alphanumeric or _
  • Contains - alphanumeric or - _ .

234-FFF@234 - contains special char

D34.FFF. - ends with period

D34FFF$ - ends with special char

-234_FFF - begins with hyphen

_234+FFF - begins with underscore

$234DDD - begins with special char

Only the first 5. The rest are invalid.

21
Q

What is User-Defined Routing and what two (2) entities can it control routing for?

A

UDR (user-defined routing) - Allows network admins to control routing tables between SubNets within a virtual network as well as BETWEEN virtual networks.

22
Q

What is Virtual Network Peering? Where does all the traffic flow?

A

VN Peering - Allows contact between AVNs in different Regions. All traffic flows privately through Microsoft’s Backbone Network