Skill 4.1 Implement and Manage Virtual Networking

Question 1

What is VNet peering

Answer 1

Allows two seperate virtual networks to communicate diretly by using their IP addresses. They can either be in teh same Azure region or in seperate Azure regions.

Question 2

What is Global VNet peering

Answer 2

Peering netween vnets in different regions

Question 3

What does VNet traffic travel over

Answer 3

Microsoft Backbone infrastructure

Question 4

Can VNets have non-overlapping IP address spaces

Answer 4

no

Question 5

How many peering connections can exist on a VNet

Answer 5

500

Question 6

What must be configured to allow connectivity between a second VNet with an external network

Answer 6

Use Remote Gateways – Settings must be enabled on the peering connection from VNET-B to VNET-A. This informs VNET_B of teh availability of the gateway in VNET-A.
Allow Gateway Transit – Optio must be enabled on teh peering connection form VNET-A TO VNET-B. This permits traffic from VNET-B to use VNET-A’s gateway to send traffic to he external network.

Question 7

Where are private IP addresses configured

Answer 7

within the IP configurations of teh network interface

Question 8

What is the first private IP address to be allocated

Answer 8

.4

Question 9

What are uses for Static private IP addresses

Answer 9

Virtual machines that act as a domain controllers or DNS servers
Resources that require firewall rules using IP addresses
Resources accessed by other apps/resources through an IP address explicitly, rather then a domain name

Question 10

What happens by default when you change a IP address to static

Answer 10

Azure will assign the previously assigned dynamic IP addresses

Question 11

What is service chaining

Answer 11

Using a network virtual appliance as a hub through user-defined routes(UDR) to route inter-spoke traffic through the NVA.

Question 12

Where can a peering connection accept traffic from by default

Answer 12

Traffic originating from the VNet to which it is connected

Question 13

What does associating a public IP address with a network interface create

Answer 13

An internet facing endpoint, allowing your virtual machine to receive network traffic directly from the internet

Question 14

What does associating an VM with a public IP require

Answer 14

The NIC must be updated to reference the public IP address

Question 15

What are the tiers of public IP addresses

Answer 15

Basic – supports both static and dynamic allocation methods. Open by default for inbound traffic. Use NSGs to restrict inbound and outbound traffic. Not Zone redundant and doesn’t support availability zone. Does not support public IP prefixes.
Standard Tier – Supports static allocation only. Closed by default for inbound traffic. Use NSG’s to allow inbound traffic and restrict outbound traffic. Zone redundant by default and allows the use of availability zones and Public IP addresses

Question 16

Describe dynamic allocation

Answer 16

Only resources in use get a IP address which is reallocated if they are stopped or deleted.
An actual IP address is only allocated to the public IP address resource when the resource is in use. If a virtual machine is stopped (deallocated) or deleted, the IP address assigned to the public IP address resource is released and returned to the pool of available IP addresses.

Question 17

What must be specified when creating an IP prefix

Answer 17

prefix resource name,
subnet size,
Azure region where it will be located.

Question 18

What are the ways to configure a DNS label for an Azure public IP address

Answer 18

By specifying the DNS name label property of the public IP address resource
By creating a DNS, A record in Azure DNS or a third-party DNS service hosting a DNS domain
By creating a DNS CNAME record in Azure DNS or third pary hosting
By creating an Alias record in Azure DNS

Question 19

Describe SNAT

Answer 19

Source Network address Translation – Used for when traffic leaves a virtual machine via the private IP address and used SNAT to map the outbound traffic from the private IP address to the public IP address.

Question 20

What are default system routes in Azure

Answer 20

Within the same subnet
From one subnet to another within VNet
VMs to the internet
A VNet to another VNet through a VPN gateway
A VNet to anotehr VNet trough VNet Peering
A VNet to your on-premises network through a VPN
A VNet to your on-premises network through a VPN gateway or ExpressRoute (Optional)
VirtualNetworkServiceEndpoint (Optional)

Question 21

Describe user defined routes in Azure

Answer 21

Useful for when you want to send traffic through a virtual network appliance

Question 22

What are the next hop types supported for UDRs(User Defined Routes)

Answer 22

Virtual Appliance – A VM running a network application such as a firewall
Virtual network gateway
Virtual Network Gateway – Used to route traffic with the virtual network
Internet – Used to route a specific IP address of prefix to the internet
None– Used to drop all traffic sent to a given IP address or prefix.

Question 23

What happens if you apply a route table to a subnet if the route table contains a rule with a next hop address within that subnet.

Answer 23

It creates a routing loop

Question 24

What has to be enabled for a VM to accept a network packet addressed to a different machine to be passed to the virtual client

Answer 24

IP forwarding

Question 25

What are the route priorities

Answer 25

User-defined routes
System routes for traffic in a virtual network, accross a virtual network peering or to a virtual network endpoint
BGP routes
Other System routes

Question 26

What are service endpoints

Answer 26

mechanism to integrate Azure PaaS services into your virtual network and access them through a Microsoft Azure backbone network instead of over the internet. Service endpoints precent the exposure of data and services to teh internet

Question 27

What are private endpoints

Answer 27

They establish a connection between any of the supported Azure services and your virtual network. Provides a secure channel between a VNet and a service. The private endpoint gets a pirvate IP address from your VNet address space.

Question 28

What is a DNS Zone

Answer 28

representation of a domain name in an authoritative DNS server. It contains the colleciton of DNS records for a given domain name

Question 29

What is Azure’s service for purchasing domain names

Answer 29

App Service Domains service

Question 30

Where do DNS settings on a user’s device point to

Answer 30

A recursive DNS server, also sometimes known as local DNS service (or LDNS) or simply a DNS resolver. Recursive DNS service is typically hosted by your company or by your ISP

Question 31

What do NS records do

Answer 31

Tell clients on the internet where to find the name and servers for a given DNS zone. NS records are also configured in the parent zone, and a copy of the records is also present in the child zone

Question 32

What DNS services are available in Azure

Answer 32

Azure DNS
Azure Traffic Manager
App Service Domain
Azure Provided DNS
Recursive DNS
Reverse DNS

Question 33

Describe Azure DNS

Answer 33

Allows you to host your DNS domains in Azure. Provides the ability to create and manage DNS records for your domain and provides the name servers, which answer DNS queries for your domain from other users on the internet

Question 34

Azure Traffic manager

Answer 34

An intelligent DNS service that uses DNS to implement global traffic management. Where Azure DNS always provides the same DNS response to a given DNS query, in Azure Traffic manager the same query may result in one of several responses

Question 35

App Service Domains

Answer 35

Allows purchasing of domain names, which can then be hosted in Azure DNS. This service is integrated with Azure App Service but can be used for any domain registration eve if App Service is not being used.

Question 36

Azure-provided DNS

Answer 36

Sometimes called Internal DNS, it allows the VMs in your virtual network to find each other, using DNS queries based on the hostname of each VM. The DNS queries are internal (Private) to the virtual network.

Question 37

Recursive DNS

Answer 37

A service provided by Azure for DNS name resolution from your Azure VMs or other Azure services. You can also configure your VMs to use your own DNS server instead. This is sometimes informally called bring your own DNS. This is common when joining your VMs to a domain controller.

Question 38

Reverse DNS

Answer 38

Provides the ability to configure the reverse DNS lookup for an Azure-assigned public IP address.

Question 39

How does Azure Treat DNS Zones

Answer 39

As a resoure in Azure DNS. Creating a DNS zone resource allocates authoritative DNS name servers to hsot the DNS records for that zone.

Question 40

What is a glue record

Answer 40

A DNS server record that is not authoritative for the zone and is used to avoid a condition of impossible dependencies for the DNS zone.

Question 41

how does Azure DNS treat child zones

Answer 41

As entirely seperate zones.

Question 42

What is a record set

Answer 42

A collection of records with the same name and the same type.They are a child resource of the DNS zone and can contain up to 20 individual records

Question 43

What is a CAA record

Answer 43

Used to specify which certificate authorities can issue certificates for a domain. Must be configured using CLI or Powershell

Question 44

What are SPF DNS records

Answer 44

SPF records are used to identify legitimate mail servers for a domain and help prevent spam

Question 45

When creating a DNS zone what does the location field specify

Answer 45

the resource group location

Question 46

What is needed to set up a DNS delegation Zone

Answer 46

name servers must be listed in teh corresponding NS records in the parent zone.

Question 47

What is a VNET

Answer 47

A Azure Virtual Network that provides the foundation of the Azure networking infrastructure

Question 48

What IP addresses do you always lose with Azure networks

Answer 48

.0 – Network Address
.1 = Azure Gateway
.2 & .3 = DNS
.255 = Broadcast
Because of this you have can’t have a network that is smaller then a /29

Question 49

What is the most important setting when configuring a VNET

Answer 49

the IP range or ranges that the vnet will use