Network

Question 1

What IP address ranges can you use for a VNet according to RFC 1918?

Answer 1

10.0.0.0-10.255.255.255 (10.0.0.0/8), 172.16.0.0-172.31.255.255 (172.16.0.0/12), 192.168.0.0-192.168.255.255 (192.168.0.0/16).

Question 2

Why is it not recommended to use public IP ranges in your VNet?

Answer 2

Addresses within your VNet will take priority, preventing VMs from accessing the corresponding Internet addresses.

Question 3

Which IP ranges are reserved by the Azure platform and cannot be used in a VNet?

Answer 3

169.254.0.0/16 (Link-local), 168.63.129.16/32 (Azure-provided DNS).

Question 4

What are the requirements for a subnet name within a VNet?

Answer 4

The subnet name must be unique within the VNet and cannot be changed after creation.

Question 5

Why does Azure reserve a couple of IP addresses from each subnet?

Answer 5

For network identification and broadcast.

Question 6

What properties must be defined for a virtual network (VNet)?

Answer 6

Name, Location, Address Space, DNS settings, Subnets, Peerings.

Question 7

What are the name requirements for a virtual network (VNet)?

Answer 7

Must be unique within the resource group, 2-64 characters, can contain letters, numbers, underscores, periods, or hyphens, and must start and end with a letter or number.

Question 8

Can VNets be peered across different subscriptions and Azure AD tenants?

Answer 8

Yes, VNets can be peered across different subscriptions and Azure AD tenants.

Question 9

What is Global VNet peering?

Answer 9

Peering between VNets in different Azure regions, allowing traffic to travel over the Microsoft backbone infrastructure.

Question 10

What is a limitation of Global VNet peering with the Load Balancer’s Basic tier?

Answer 10

Global peering cannot be used to access the front-end IP of a basic internal Azure load-balancer in the remote VNet.

Question 11

What is a hub-and-spoke network topology?

Answer 11

A design where shared resources are deployed in a hub VNet, accessed by multiple applications in separate spoke VNets.

Question 12

How can you enable spoke-to-spoke communication without additional VNet peerings?

Answer 12

By deploying a network virtual appliance (NVA) in the hub and configuring user-defined routes (UDRs) to route traffic.

Question 13

What must be enabled to share a virtual network gateway between peered VNets?

Answer 13

Allow Gateway Transit on the peering connection from the VNet with the gateway.

Question 14

What are the two pricing tiers for Public IP addresses in Azure?

Answer 14

Basic and Standard.

Question 15

What is the key difference between Basic and Standard Public IP addresses?

Answer 15

Standard tier supports zone-redundant deployment, Basic tier does not.

Question 16

What are the different DNS-related services and features in Azure?

Answer 16

Azure DNS, Azure Traffic Manager, App service domains, Azure-provided DNS, Recursive DNS, Reverse DNS.

Question 17

What does Azure Traffic Manager do?

Answer 17

Uses DNS to implement global traffic management, directing traffic based on factors such as endpoint availability and user location.

Question 18

What is the purpose of a network security group (NSG)?

Answer 18

To control inbound and outbound traffic flows to Azure resources.

Question 19

What is a service tag in Azure?

Answer 19

A platform-defined shortcut mapping to the IP ranges of various Azure services, used in NSG rules.

Question 20

What does Performance Monitor in Network Performance Monitor (NPM) do?

Answer 20

Monitors packet loss and latency between endpoints in Azure and on-premises.

Question 21

What is required to configure Performance Monitor in NPM?

Answer 21

A VM or server running the Log Analytics agent at both ends of each monitored connection.

Question 22

What does Service Connectivity Monitor in NPM do?

Answer 22

Tests outbound connectivity from your network to open a TCP port, such as a website or application.

Question 23

What is the purpose of a gateway subnet in a VNet?

Answer 23

To deploy VPN gateways; it is a dedicated subnet used only for virtual network gateways.

Question 24

What is the recommended size for a gateway subnet?

Answer 24

A CIDR /27 address block to allow for future expansion.

Question 25

Can a VPN gateway be resized between different SKUs?

Answer 25

Yes, but only between VpnGw1, VpnGw2, and VpnGw3 tiers. Not for Basic tier.

Question 26

What is Border Gateway Protocol (BGP) used for in Azure VPN gateways?

Answer 26

To exchange routing information between networks automatically, enabling high availability and transit routing.

Question 27

What is the default deployment configuration for a VPN gateway in Azure?

Answer 27

Active-standby, with two VMs for redundancy.

Question 28

What additional configuration can be used to reduce VPN gateway downtime?

Answer 28

Active-active configuration, where both gateway instances have their own public IP addresses.

Question 29

What is required for dual on-premises VPN endpoints in an active-active configuration?

Answer 29

BGP must be enabled to allow for redundant connections.

Question 30

What is a common use of Availability Zones?

Answer 30

To provide high availability at the data center level.

Question 31

What must be ensured for VNets to be connected using VNet peering?

Answer 31

They must have non-overlapping IP address spaces.

Question 32

What is the purpose of user-defined routes (UDRs) in Azure?

Answer 32

To change the default behavior of subnets, typically to route traffic through a virtual appliance.

Question 33

What does forced tunneling refer to in Azure networking?

Answer 33

Routing outbound Internet traffic via a VPN connection to a network security device.

Question 34

What must be done to diagnose routing issues in Azure?

Answer 34

Review the effective routes for each network interface.

Question 35

What is the use of Azure-provided DNS?

Answer 35

Internal DNS service allowing VMs in a VNet to find each other using DNS queries based on hostnames.

Question 36

What are the key properties of a VNet subnet?

Answer 36

Name, Address range, Network security group, Route table, Service endpoints, Delegations.

Question 37

What are the requirements for custom DNS settings in Azure VNets?

Answer 37

Can be configured at the VNet level and network interface level, but not at the subnet level.

Question 38

What is the difference between internal and public Load Balancer in Azure?

Answer 38

Internal Load Balancer is used for Intranet-facing applications, Public Load Balancer for Internet-facing applications.

Question 39

What does the frontend IP configuration of an Azure Load Balancer define?

Answer 39

The endpoint upon which the Load Balancer receives incoming traffic.

Question 40

What are the key uses of the Azure DNS service?

Answer 40

Hosting DNS domains, managing DNS records, and providing name servers for DNS queries.

Question 41

What is an NS record in Azure DNS?

Answer 41

A record set at the zone apex containing the name servers for the DNS zone.

Question 42

What does a PTR record in DNS provide?

Answer 42

Reverse DNS lookups in reverse lookup zones.

Question 43

What does an SOA record indicate in DNS?

Answer 43

Start of Authority, required at the apex of every DNS zone.

Question 44

What is service chaining in a hub-and-spoke network topology?

Answer 44

Using an NVA in the hub to route inter-spoke traffic, enabling spoke-to-spoke communication without additional VNet peerings.

Question 45

What are the key functions of Azure Resource Manager templates?

Answer 45

Defining and deploying the configuration of Azure resources in a declarative manner.

Question 46

What is the purpose of Azure App Service?

Answer 46

A PaaS-hosting service for building applications that process HTTP requests.

Question 47

What does an App Service plan provide?

Answer 47

Compute resources for the web application to execute.

Question 48

What is Azure Kubernetes Service (AKS)?

Answer 48

A managed Kubernetes service for deploying and managing containerized applications.

Question 49

What is Azure Container Instances (ACI)?

Answer 49

A service for quickly deploying isolated containers without managing the backend infrastructure.

Question 50

What is the benefit of using managed disks in Azure?

Answer 50

Azure manages the storage account, simplifying the management of disks and images.

Question 51

What are the types of storage available for VM storage in Azure?

Answer 51

Standard HDD, Standard SSD, Premium SSD, Ultimate SSD.

Question 52

What is a common method of troubleshooting VMs with connectivity issues?

Answer 52

Redeploy the virtual machine to move it to a different Azure node.

Question 53

What is the Custom Script Extension used for?

Answer 53

Executing scripts on Windows or Linux-based VMs in Azure.

Question 54

What is the difference between dynamic and static IP addresses in Azure VNets?

Answer 54

Dynamic IPs are released when the VM is stopped, static IPs are retained.

Question 55

What is the purpose of Virtual Network (VNet) peering?

Answer 55

To allow virtual machines in separate VNets to communicate directly using private IP addresses.

Question 56

What is the difference between basic and standard tier public IP addresses in Azure?

Answer 56

Basic tier supports dynamic allocation and open inbound traffic by default, standard tier supports static allocation and closed inbound traffic by default.

Question 57

What is a service tag in Azure NSG rules?

Answer 57

A predefined label representing a group of IP address ranges for Azure services, used to simplify network security rules.

Question 58

What is the role of Azure Traffic Manager?

Answer 58

To provide global traffic management by using DNS to route traffic based on endpoint availability and user location.

Question 59

What are the benefits of using Azure DNS?

Answer 59

Hosting DNS domains, managing DNS records, and providing name servers for DNS queries.

Question 60

What does an A record in DNS do?

Answer 60

Maps a name to an IPv4 address.

Question 61

What is the purpose of recursive DNS in Azure?

Answer 61

To provide DNS name resolution from Azure VMs or other services, optionally using custom DNS servers.

Question 62

What is reverse DNS in Azure?

Answer 62

Configuring reverse DNS lookup for an Azure-assigned public IP address.

Question 63

What is required to delegate a DNS zone to Azure DNS?

Answer 63

Setting up appropriate NS records in the parent domain, pointing to Azure DNS name servers.

Question 64

What is the purpose of a network security group (NSG) in Azure?

Answer 64

To control inbound and outbound traffic to and from Azure resources.

Question 65

What is the significance of the CIDR /29 address block for a gateway subnet?

Answer 65

It is the minimum size required, though Microsoft recommends using a /27 for future expansion.

Question 66

What is the advantage of zone-redund

ant deployment for public IP addresses?

Answer 66

It provides redundancy across different availability zones, protecting against data center-level failures.