Network 2 Flashcards

1
Q

What IP address ranges must be used for a VNet according to RFC 1918?

A

10.0.0.0-10.255.255.255 (10.0.0.0/8), 172.16.0.0-172.31.255.255 (172.16.0.0/12), 192.168.0.0-192.168.255.255 (192.168.0.0/16).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What happens if public IP ranges are used in a VNet?

A

The addresses within your VNet will take priority, preventing VMs from accessing the corresponding Internet addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which IP ranges are reserved by the Azure platform and cannot be used in a VNet?

A

169.254.0.0/16 (Link-local), 168.63.129.16/32 (Azure-provided DNS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the requirement for the name of a subnet within a VNet?

A

The subnet name must be unique within the VNet and cannot be changed after creation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Why does Azure reserve a couple of IP addresses from each subnet?

A

For network identification and broadcast.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What properties must be defined for a virtual network (VNet)?

A

Name, Location, Address Space, DNS settings, Subnets, Peerings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Can VNets be peered across different subscriptions and Azure AD tenants?

A

Yes, VNets can be peered across different subscriptions and Azure AD tenants.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Global VNet peering?

A

Peering between VNets in different Azure regions, allowing traffic to travel over the Microsoft backbone infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a limitation of Global VNet peering with the Load Balancer’s Basic tier?

A

Global peering cannot be used to access the front-end IP of a basic internal Azure load-balancer in the remote VNet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a hub-and-spoke network topology?

A

A design where shared resources are deployed in a hub VNet, accessed by multiple applications in separate spoke VNets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How can you enable spoke-to-spoke communication without additional VNet peerings?

A

By deploying a network virtual appliance (NVA) in the hub and configuring user-defined routes (UDRs) to route traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What must be enabled to share a virtual network gateway between peered VNets?

A

Allow Gateway Transit on the peering connection from the VNet with the gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the two pricing tiers for Public IP addresses in Azure?

A

Basic and Standard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the key difference between Basic and Standard Public IP addresses?

A

Standard tier supports zone-redundant deployment, Basic tier does not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the different DNS-related services and features in Azure?

A

Azure DNS, Azure Traffic Manager, App service domains, Azure-provided DNS, Recursive DNS, Reverse DNS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does Azure Traffic Manager do?

A

Uses DNS to implement global traffic management, directing traffic based on factors such as endpoint availability and user location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the purpose of a network security group (NSG)?

A

To control inbound and outbound traffic flows to Azure resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a service tag in Azure?

A

A platform-defined shortcut mapping to the IP ranges of various Azure services, used in NSG rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What does Performance Monitor in Network Performance Monitor (NPM) do?

A

Monitors packet loss and latency between endpoints in Azure and on-premises.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is required to configure Performance Monitor in NPM?

A

A VM or server running the Log Analytics agent at both ends of each monitored connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What does Service Connectivity Monitor in NPM do?

A

Tests outbound connectivity from your network to open a TCP port, such as a website or application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the purpose of a gateway subnet in a VNet?

A

To deploy VPN gateways; it is a dedicated subnet used only for virtual network gateways.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the recommended size for a gateway subnet?

A

A CIDR /27 address block to allow for future expansion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Can a VPN gateway be resized between different SKUs?

A

Yes, but only between VpnGw1, VpnGw2, and VpnGw3 tiers. Not for Basic tier.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is Border Gateway Protocol (BGP) used for in Azure VPN gateways?

A

To exchange routing information between networks automatically, enabling high availability and transit routing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the default deployment configuration for a VPN gateway in Azure?

A

Active-standby, with two VMs for redundancy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What additional configuration can be used to reduce VPN gateway downtime?

A

Active-active configuration, where both gateway instances have their own public IP addresses.

28
Q

What is required for dual on-premises VPN endpoints in an active-active configuration?

A

BGP must be enabled to allow for redundant connections.

29
Q

What is a common use of Availability Zones?

A

To provide high availability at the data center level.

30
Q

What must be ensured for VNets to be connected using VNet peering?

A

They must have non-overlapping IP address spaces.

31
Q

What is the purpose of user-defined routes (UDRs) in Azure?

A

To change the default behavior of subnets, typically to route traffic through a virtual appliance.

32
Q

What does forced tunneling refer to in Azure networking?

A

Routing outbound Internet traffic via a VPN connection to a network security device.

33
Q

What must be done to diagnose routing issues in Azure?

A

Review the effective routes for each network interface.

34
Q

What is the use of Azure-provided DNS?

A

Internal DNS service allowing VMs in a VNet to find each other using DNS queries based on hostnames.

35
Q

What are the key properties of a VNet subnet?

A

Name, Address range, Network security group, Route table, Service endpoints, Delegations.

36
Q

What are the requirements for custom DNS settings in Azure VNets?

A

Can be configured at the VNet level and network interface level, but not at the subnet level.

37
Q

What is the difference between internal and public Load Balancer in Azure?

A

Internal Load Balancer is used for Intranet-facing applications, Public Load Balancer for Internet-facing applications.

38
Q

What does the frontend IP configuration of an Azure Load Balancer define?

A

The endpoint upon which the Load Balancer receives incoming traffic.

39
Q

What are the key uses of the Azure DNS service?

A

Hosting DNS domains, managing DNS records, and providing name servers for DNS queries.

40
Q

What does an NS record in Azure DNS do?

A

A record set at the zone apex containing the name servers for the DNS zone.

41
Q

What does a PTR record in DNS provide?

A

Reverse DNS lookups in reverse lookup zones.

42
Q

What does an SOA record indicate in DNS?

A

Start of Authority, required at the apex of every DNS zone.

43
Q

What is service chaining in a hub-and-spoke network topology?

A

Using an NVA in the hub to route inter-spoke traffic, enabling spoke-to-spoke communication without additional VNet peerings.

44
Q

What are the key functions of Azure Resource Manager templates?

A

Defining and deploying the configuration of Azure resources in a declarative manner.

45
Q

What is the purpose of Azure App Service?

A

A PaaS-hosting service for building applications that process HTTP requests.

46
Q

What does an App Service plan provide?

A

Compute resources for the web application to execute.

47
Q

What is Azure Kubernetes Service (AKS)?

A

A managed Kubernetes service for deploying and managing containerized applications.

48
Q

What is Azure Container Instances (ACI)?

A

A service for quickly deploying isolated containers without managing the backend infrastructure.

49
Q

What is the benefit of using managed disks in Azure?

A

Azure manages the storage account, simplifying the management of disks and images.

50
Q

What are the types of storage available for VM storage in Azure?

A

Standard HDD, Standard SSD, Premium SSD, Ultimate SSD.

51
Q

What is a common method of troubleshooting VMs with connectivity issues?

A

Redeploy the virtual machine to move it to a different Azure node.

52
Q

What is the Custom Script Extension used for?

A

Executing scripts on Windows or Linux-based VMs in Azure.

53
Q

What is the difference between dynamic and static IP addresses in Azure VNets?

A

Dynamic IPs are released when the VM is stopped, static IPs are retained.

54
Q

What is the purpose of Virtual Network (VNet) peering?

A

To allow virtual machines in separate VNets to communicate directly using private IP addresses.

55
Q

What is the difference between basic and standard tier public IP addresses in Azure?

A

Basic tier supports dynamic allocation and open inbound traffic by default, standard tier supports static allocation and closed inbound traffic by default.

56
Q

What is a service tag in Azure NSG rules?

A

A predefined label representing a group of IP address ranges for Azure services, used to simplify network security rules.

57
Q

What is the role of Azure Traffic Manager?

A

To provide global traffic management by using DNS to route traffic based on endpoint availability and user location.

58
Q

What are the benefits of using Azure DNS?

A

Hosting DNS domains, managing DNS records, and providing name servers for DNS queries.

59
Q

What does an A record in DNS do?

A

Maps a name to an IPv4 address.

60
Q

What is the purpose of recursive DNS in Azure?

A

To provide DNS name resolution from Azure VMs or other services, optionally using custom DNS servers.

61
Q

What is reverse DNS in Azure?

A

Configuring reverse DNS lookup for an Azure-assigned public IP address.

62
Q

What is required to delegate a DNS zone to Azure DNS?

A

Setting up appropriate NS records in the parent domain, pointing to Azure DNS name servers.

63
Q

What is the purpose of a network security group (NSG) in Azure?

A

To control inbound and outbound traffic to and from Azure resources.

64
Q

What is the significance of the CIDR /29 address block for a gateway subnet?

A

It is the minimum size required, though Microsoft recommends using a /27 for future expansion.

65
Q

What is the advantage of zone-redundant deployment for public IP addresses?

A

It provides redundancy across different availability zones, protecting against data center-level failures.