Network 2

Question 1

What IP address ranges must be used for a VNet according to RFC 1918?

Answer 1

10.0.0.0-10.255.255.255 (10.0.0.0/8), 172.16.0.0-172.31.255.255 (172.16.0.0/12), 192.168.0.0-192.168.255.255 (192.168.0.0/16).

Question 2

What happens if public IP ranges are used in a VNet?

Answer 2

The addresses within your VNet will take priority, preventing VMs from accessing the corresponding Internet addresses.

Question 3

Which IP ranges are reserved by the Azure platform and cannot be used in a VNet?

Answer 3

169.254.0.0/16 (Link-local), 168.63.129.16/32 (Azure-provided DNS).

Question 4

What is the requirement for the name of a subnet within a VNet?

Answer 4

The subnet name must be unique within the VNet and cannot be changed after creation.

Question 5

Why does Azure reserve a couple of IP addresses from each subnet?

Answer 5

For network identification and broadcast.

Question 6

What properties must be defined for a virtual network (VNet)?

Answer 6

Name, Location, Address Space, DNS settings, Subnets, Peerings.

Question 7

Can VNets be peered across different subscriptions and Azure AD tenants?

Answer 7

Yes, VNets can be peered across different subscriptions and Azure AD tenants.

Question 8

What is Global VNet peering?

Answer 8

Peering between VNets in different Azure regions, allowing traffic to travel over the Microsoft backbone infrastructure.

Question 9

What is a limitation of Global VNet peering with the Load Balancer’s Basic tier?

Answer 9

Global peering cannot be used to access the front-end IP of a basic internal Azure load-balancer in the remote VNet.

Question 10

What is a hub-and-spoke network topology?

Answer 10

A design where shared resources are deployed in a hub VNet, accessed by multiple applications in separate spoke VNets.

Question 11

How can you enable spoke-to-spoke communication without additional VNet peerings?

Answer 11

By deploying a network virtual appliance (NVA) in the hub and configuring user-defined routes (UDRs) to route traffic.

Question 12

What must be enabled to share a virtual network gateway between peered VNets?

Answer 12

Allow Gateway Transit on the peering connection from the VNet with the gateway.

Question 13

What are the two pricing tiers for Public IP addresses in Azure?

Answer 13

Basic and Standard.

Question 14

What is the key difference between Basic and Standard Public IP addresses?

Answer 14

Standard tier supports zone-redundant deployment, Basic tier does not.

Question 15

What are the different DNS-related services and features in Azure?

Answer 15

Azure DNS, Azure Traffic Manager, App service domains, Azure-provided DNS, Recursive DNS, Reverse DNS.

Question 16

What does Azure Traffic Manager do?

Answer 16

Uses DNS to implement global traffic management, directing traffic based on factors such as endpoint availability and user location.

Question 17

What is the purpose of a network security group (NSG)?

Answer 17

To control inbound and outbound traffic flows to Azure resources.

Question 18

What is a service tag in Azure?

Answer 18

A platform-defined shortcut mapping to the IP ranges of various Azure services, used in NSG rules.

Question 19

What does Performance Monitor in Network Performance Monitor (NPM) do?

Answer 19

Monitors packet loss and latency between endpoints in Azure and on-premises.

Question 20

What is required to configure Performance Monitor in NPM?

Answer 20

A VM or server running the Log Analytics agent at both ends of each monitored connection.

Question 21

What does Service Connectivity Monitor in NPM do?

Answer 21

Tests outbound connectivity from your network to open a TCP port, such as a website or application.

Question 22

What is the purpose of a gateway subnet in a VNet?

Answer 22

To deploy VPN gateways; it is a dedicated subnet used only for virtual network gateways.

Question 23

What is the recommended size for a gateway subnet?

Answer 23

A CIDR /27 address block to allow for future expansion.

Question 24

Can a VPN gateway be resized between different SKUs?

Answer 24

Yes, but only between VpnGw1, VpnGw2, and VpnGw3 tiers. Not for Basic tier.

Question 25

What is Border Gateway Protocol (BGP) used for in Azure VPN gateways?

Answer 25

To exchange routing information between networks automatically, enabling high availability and transit routing.

Question 26

What is the default deployment configuration for a VPN gateway in Azure?

Answer 26

Active-standby, with two VMs for redundancy.

Question 27

What additional configuration can be used to reduce VPN gateway downtime?

Answer 27

Active-active configuration, where both gateway instances have their own public IP addresses.

Question 28

What is required for dual on-premises VPN endpoints in an active-active configuration?

Answer 28

BGP must be enabled to allow for redundant connections.

Question 29

What is a common use of Availability Zones?

Answer 29

To provide high availability at the data center level.

Question 30

What must be ensured for VNets to be connected using VNet peering?

Answer 30

They must have non-overlapping IP address spaces.

Question 31

What is the purpose of user-defined routes (UDRs) in Azure?

Answer 31

To change the default behavior of subnets, typically to route traffic through a virtual appliance.

Question 32

What does forced tunneling refer to in Azure networking?

Answer 32

Routing outbound Internet traffic via a VPN connection to a network security device.

Question 33

What must be done to diagnose routing issues in Azure?

Answer 33

Review the effective routes for each network interface.

Question 34

What is the use of Azure-provided DNS?

Answer 34

Internal DNS service allowing VMs in a VNet to find each other using DNS queries based on hostnames.

Question 35

What are the key properties of a VNet subnet?

Answer 35

Name, Address range, Network security group, Route table, Service endpoints, Delegations.

Question 36

What are the requirements for custom DNS settings in Azure VNets?

Answer 36

Can be configured at the VNet level and network interface level, but not at the subnet level.

Question 37

What is the difference between internal and public Load Balancer in Azure?

Answer 37

Internal Load Balancer is used for Intranet-facing applications, Public Load Balancer for Internet-facing applications.

Question 38

What does the frontend IP configuration of an Azure Load Balancer define?

Answer 38

The endpoint upon which the Load Balancer receives incoming traffic.

Question 39

What are the key uses of the Azure DNS service?

Answer 39

Hosting DNS domains, managing DNS records, and providing name servers for DNS queries.

Question 40

What does an NS record in Azure DNS do?

Answer 40

A record set at the zone apex containing the name servers for the DNS zone.

Question 41

What does a PTR record in DNS provide?

Answer 41

Reverse DNS lookups in reverse lookup zones.

Question 42

What does an SOA record indicate in DNS?

Answer 42

Start of Authority, required at the apex of every DNS zone.

Question 43

What is service chaining in a hub-and-spoke network topology?

Answer 43

Using an NVA in the hub to route inter-spoke traffic, enabling spoke-to-spoke communication without additional VNet peerings.

Question 44

What are the key functions of Azure Resource Manager templates?

Answer 44

Defining and deploying the configuration of Azure resources in a declarative manner.

Question 45

What is the purpose of Azure App Service?

Answer 45

A PaaS-hosting service for building applications that process HTTP requests.

Question 46

What does an App Service plan provide?

Answer 46

Compute resources for the web application to execute.

Question 47

What is Azure Kubernetes Service (AKS)?

Answer 47

A managed Kubernetes service for deploying and managing containerized applications.

Question 48

What is Azure Container Instances (ACI)?

Answer 48

A service for quickly deploying isolated containers without managing the backend infrastructure.

Question 49

What is the benefit of using managed disks in Azure?

Answer 49

Azure manages the storage account, simplifying the management of disks and images.

Question 50

What are the types of storage available for VM storage in Azure?

Answer 50

Standard HDD, Standard SSD, Premium SSD, Ultimate SSD.

Question 51

What is a common method of troubleshooting VMs with connectivity issues?

Answer 51

Redeploy the virtual machine to move it to a different Azure node.

Question 52

What is the Custom Script Extension used for?

Answer 52

Executing scripts on Windows or Linux-based VMs in Azure.

Question 53

What is the difference between dynamic and static IP addresses in Azure VNets?

Answer 53

Dynamic IPs are released when the VM is stopped, static IPs are retained.

Question 54

What is the purpose of Virtual Network (VNet) peering?

Answer 54

To allow virtual machines in separate VNets to communicate directly using private IP addresses.

Question 55

What is the difference between basic and standard tier public IP addresses in Azure?

Answer 55

Basic tier supports dynamic allocation and open inbound traffic by default, standard tier supports static allocation and closed inbound traffic by default.

Question 56

What is a service tag in Azure NSG rules?

Answer 56

A predefined label representing a group of IP address ranges for Azure services, used to simplify network security rules.

Question 57

What is the role of Azure Traffic Manager?

Answer 57

To provide global traffic management by using DNS to route traffic based on endpoint availability and user location.

Question 58

What are the benefits of using Azure DNS?

Answer 58

Hosting DNS domains, managing DNS records, and providing name servers for DNS queries.

Question 59

What does an A record in DNS do?

Answer 59

Maps a name to an IPv4 address.

Question 60

What is the purpose of recursive DNS in Azure?

Answer 60

To provide DNS name resolution from Azure VMs or other services, optionally using custom DNS servers.

Question 61

What is reverse DNS in Azure?

Answer 61

Configuring reverse DNS lookup for an Azure-assigned public IP address.

Question 62

What is required to delegate a DNS zone to Azure DNS?

Answer 62

Setting up appropriate NS records in the parent domain, pointing to Azure DNS name servers.

Question 63

What is the purpose of a network security group (NSG) in Azure?

Answer 63

To control inbound and outbound traffic to and from Azure resources.

Question 64

What is the significance of the CIDR /29 address block for a gateway subnet?

Answer 64

It is the minimum size required, though Microsoft recommends using a /27 for future expansion.

Question 65

What is the advantage of zone-redundant deployment for public IP addresses?

Answer 65

It provides redundancy across different availability zones, protecting against data center-level failures.