Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AZ-303 > Virtual Networks > Flashcards

Virtual Networks Flashcards

1
Q

I want to enable two vNETS to talk to each other but not have the traffic leave the Microsoft network, what options do I have?

A

Network peering will create a logical connection between two vNETS and traffic is only over the Microsoft network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When using Network Peering can I you have two vNETS with same peering?

A

No, IP CIDR ranges have to have non over lapping network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When using Network Peering can you have transit networking?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

I have vNETs in separate regions, I am concerns that vNET peering is not able to be used to connect these vNETs, what options have i here?

A

You can use vNET petering across regions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

I have vNETs in separate subscriptions, I am concerns that vNET peering is not able to be used to connect these vNETs, what options have i here?

A

You can use vNET peering across subscriptions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Is transitive routing supported when using vNET peering?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a network security group?

A

You can add then to a ENI and they enable you to filter network traffic at L4 using a one or more rules. You can block network traffic in or out of the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What default rules do you get?

A
  • Allow vNET inbound
  • Allow load balancer
  • Deny all
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

I currently have my network security group assigned to a VM and all outbound traffic is blocked, I want to only allow traffic to Azure storage, how can I do this?

A

Use NSG Service Tag, the NSG service tag can be like, internet, storage, etc.
With NSG’s outbound traffic you have the ability to select a service such as storage service to be allowed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is an NSG service tag?

A

An NSG Service Tag can used as destination when creating outbound rule, this enable you to selects Azure service like storage, load balancer, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an application security group?

A

You add your NIC’s for your VM’s to the application security group and then in NSG you can in the outbound select an application security group the NSG riles will apply to. Or you can select the app security group as a source in the input rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is traversing the network in vNET peering and can I do it?

A

This means you have say 3 vNETS peered and you try travers form one network through another, this is not possible in Azure Peering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When using vNET peering is your traffic going over the internet?

A

No, only on Azure private network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Is vNET peering highly available?

A

Yes, Azure uses multiple redundant paths.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When using vNNET peering, is latency high?

A

No, there is low latency, comparable with native Azure networking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Can you have vNET peering across regions?

A

Yes, 100%, you can have vNET peering across regions, known as Global peering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Can you have vNET peering across subscriptions?

A

Yes, 100%, you even get the option to select subscription when you are configuring the vNET peering.

18
Q

Can you have vNET peering across Tenants?

A

Yes, 100%

19
Q

What is a Virtual interface?

A

The virtual interface is used to attach to a VM and is allocated a private IP and optional public IP, these can be dynamic, meaning they can change or static, each NIC can have more then a single ip allocated.

20
Q

Can a virtual network interface have more than a single IP?

A

Yes

21
Q

Can I attach more then a single interface to a VM?

A

Yes, but depending on VM size will determine now many interfaces you can have.

22
Q

I am using Basic network SKU, I want to use zones, is this possible?

A

No, only with standard SKU.

23
Q

What security option has a virtual network?

A
  • DDOS

- Firewall

24
Q

Where is the network security group attached?

A

Its attached to the virtual network interface or to the entire subnet

25
Q

What is an application security group?

A

This is a logical construct to group VM so you can use the group as a SRC or DST in a network security group rule.

26
Q

I have a vNET with two subnets and i require the ability to connect to VM that only have private IP’s in the vNET’s subnets, what option do i have?

A

You can use the Azure bastion service top create a bastion in the vNET that enables you to connect to.

27
Q

What is the bastion service?

A

It enables you to create bastion to enable you to RDP from external sources to the private VPC. Bastion is a managed service.

28
Q

When I use a bastion services, do i need to take any network considerations?

A

You need a separate bastion subnet.

29
Q

What is a service endpoint?

A

It enables you to connect form you VPC to a Azure or 3rd party service with out going to the internet. In effect private connectivity, all traffic over Azure network.

30
Q

Where do you enable the service endpoint?

A

In the services it self, for example storage will have storage endpoints you select and set the VNET that can be used to access from.

31
Q

If I want to route all traffic to a VM acting as a router in my network, how can i do this?

A

Custom route table (User defined routes)

32
Q

Can you modify systems routes?

A

No

33
Q

Are system routes applied at subnet, VNET or vNIC?

A

subnet, traffic is routed from subnet based on system routes.

34
Q

What is virtual network peering?

A

It creates a connection between two VNETs so VMSs can talk to each other.

35
Q

How dose virtual network peering commutate, over internet, over private network or something else?

A

Over Azure network ,traffic never goes to the internet.

36
Q

With Azure peering, can you have over lapping network?

A

No

37
Q

What is a VPN point to site connection used for?

A

It is a type of VPN that enables the secure private connection form a user device like a laptop to you VNET.

38
Q

When creating a VPN point to site connection, how is network configured?

A

You have to create a gateway subnet, like 10.0.0.0/27, then create a virtual network gateway?

39
Q

When creating a VPN point to site connection, how are certs configured?

A
  • You generate a root cert with public key and upload to azure
  • You then use the root cert with private key with the downloader azure client VPN agent.
40
Q

When I want to create a VPN point to site what do i need to create with the VNET?

A

Virtual network gateway

41
Q

When setting up a site to site VPN what are the logical components?

A
  • Local gateway
  • Virtual network gateway
  • Gateway subnet
  • Your VNET used for apps

AZ-303 (27 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions