Advanced Virtual Networking Concepts
1. What is a Virtual Network Appliance (VNA)?
Answer: A virtual appliance, like a firewall or router, used for advanced networking in a VNet.
2. What is Azure Virtual WAN?
Answer: A networking service for centralizing and managing hybrid and cloud networks.
3. What is a Hub-and-Spoke network topology in Azure?
Answer: A design where the hub VNet acts as a central point, and spoke VNets are connected to it.
4. What is Azure Route Server?
Answer: A service for managing routing between Azure VNets and your network devices using BGP.
5. What is IP Forwarding in Azure?
Answer: Enables a VM to act as a router, forwarding traffic to other network destinations.
6. What is Azure Network Watcher?
Answer: A monitoring service for diagnosing and visualizing network issues.
7. What is the purpose of Network Watcher’s Connection Monitor?
Answer: To monitor the reachability of endpoints and measure latency.
8. What is Network Performance Monitor (NPM)?
Answer: A tool for monitoring the performance of your network across Azure and hybrid environments.
9. What is Packet Capture in Azure?
Answer: A feature of Network Watcher to capture network traffic for diagnostics.
10. What is Effective Security Rules in Network Watcher?
Answer: A tool to analyze and view applied NSG rules for a resource.
Hybrid Connectivity and VPNs
11. What is a P2S (Point-to-Site) VPN?
Answer: A secure VPN connection from a single device to an Azure VNet.
12. What is a S2S (Site-to-Site) VPN?
Answer: A secure VPN connection between an on-premises network and Azure.
13. What is a Multi-Site VPN in Azure?
Answer: A VPN configuration that connects multiple on-premises sites to Azure.
14. What is Coexistence in VPN Gateways?
Answer: The ability to use both ExpressRoute and VPN Gateway simultaneously.
15. What is Azure Local Network Gateway?
Answer: Represents the on-premises network in a VPN connection.
16. What is Azure Virtual Network Gateway?
Answer: Provides encrypted connectivity for VPNs and ExpressRoute.
17. What is the difference between BGP and Static Routing in VPN?
Answer:
o BGP: Dynamically updates routes.
o Static: Requires manual configuration.
18. What is High Availability (HA) for VPN Gateways?
Answer: Ensures minimal downtime with active-active or active-passive configurations.
19. What is Azure Traffic Analytics?
Answer: A tool for analyzing traffic flow and identifying security threats.
20. What are Shared Key Authentication and Certificate Authentication in VPNs?
Answer: Two methods for authenticating P2S and S2S VPNs.
Application Delivery and Acceleration
21. What is Azure Front Door?
Answer: A global load balancer with traffic acceleration and content delivery.
22. What is Global Load Balancing?
Answer: Distributing traffic across multiple Azure regions using Azure Front Door or Traffic Manager.
23. What is the difference between Azure CDN and Front Door?
Answer:
o CDN: Optimizes static content delivery.
o Front Door: Provides dynamic content routing and acceleration.
24. What is SSL Termination?
Answer: Offloading SSL decryption to services like Application Gateway or Front Door.
25. What is Azure SignalR Service?
Answer: A managed service for real-time messaging in applications.
26. What is WAF in Azure Application Gateway?
Answer: A Web Application Firewall protecting against common web vulnerabilities.
27. What is Sticky Session in Application Gateway?
Answer: Ensures a user is routed to the same backend during a session.
28. What is a Listener in Application Gateway?
Answer: Configures routing based on incoming request characteristics.
29. What is a Rewrite Rule in Application Gateway?
Answer: Modifies request or response headers as traffic flows through.
30. What is Autoscaling in Application Gateway?
Answer: Automatically adjusts the gateway instance count based on traffic load.
Security and Protection
31. What is Azure Firewall Premium?
Answer: Advanced Firewall with TLS inspection and URL filtering capabilities.
32. What is DDoS Protection Standard?
Answer: Enhanced protection against Distributed Denial-of-Service attacks.
33. What is Azure NSG Flow Logs?
Answer: Logs for monitoring and analyzing network traffic controlled by NSGs.
34. What is Azure Bastion?
Answer: A PaaS solution for secure RDP/SSH access to VMs without exposing public IPs.
35. What is Just-in-Time VM Access?
Answer: A feature to restrict access to VMs for specified periods.
36. What is an Azure Private Endpoint?
Answer: A private IP within a VNet for accessing Azure services securely.
37. What is the difference between Private Endpoint and Service Endpoint?
Answer:
o Private Endpoint: Maps services to private IPs in your VNet.
o Service Endpoint: Secures traffic to Azure services without mapping private IPs.
38. What is User-Defined Routing (UDR)?
Answer: Custom routing rules to direct traffic to specific paths.
39. What is Forced Tunneling in Azure?
Answer: Routes internet-bound traffic through an on-premises gateway for compliance.
40. What is Azure Cross-Region Load Balancing?
Answer: Balances traffic across multiple Azure regions for resilience and latency optimization
Azure Active Directory (AAD) and Identity Management
1. What is Azure Active Directory (AAD)?
Answer: A cloud-based identity and access management service that provides directory services, identity governance, and security for Azure applications.
2. What are the different types of Azure Active Directory tenants?
Answer:
o Azure AD Free: Basic features for small businesses.
o Azure AD Premium P1: Advanced identity management features.
o Azure AD Premium P2: Includes identity protection and privileged identity management (PIM).
3. What is Azure Active Directory Domain Services (AAD DS)?
Answer: A managed domain service providing domain join, group policy, and LDAP support in Azure without the need for domain controllers.
4. What is Azure AD B2C?
Answer: Azure Active Directory Business to Consumer (B2C) is a cloud identity management service for external users.
5. What is Azure AD B2B?
Answer: Azure Active Directory Business to Business (B2B) allows sharing applications and resources with external partners securely.
6. What is a Managed Identity in Azure?
Answer: A feature that provides an identity for applications to access Azure resources without storing credentials in code.
7. What is Azure AD Join?
Answer: A method for connecting devices directly to Azure AD without requiring on- premises Active Directory.
8. What is the difference between Azure AD and Microsoft Account (MSA)?
Answer:
o Azure AD: Used for organizational accounts.
o MSA: Used for consumer-based accounts (e.g., Outlook.com, Xbox).
9. What is Self-Service Password Reset (SSPR) in Azure AD?
Answer: A feature allowing users to reset their passwords without IT intervention.
10. What is Azure AD Connect?
Answer: A tool that allows synchronization of on-premises Active Directory to Azure AD.
Authentication and Multi-Factor Authentication (MFA)
11. What is Multi-Factor Authentication (MFA)?
Answer: A security method that requires two or more verification factors (something you know, something you have, something you are).
12. What are the verification methods available in Azure MFA?
Answer:
o Phone call
o Text message
o Mobile app notification
o Mobile app code
o Hardware token
13. What is Conditional Access in Azure AD?
Answer: A policy-based access control feature that uses conditions (e.g., location, device state) to determine access to resources.
14. What is the difference between Azure MFA and Windows Hello for Business?
Answer:
o Azure MFA: Requires multiple forms of authentication.
o Windows Hello for Business: A passwordless authentication method using biometrics or PIN.
15. How can you enforce MFA for all users in Azure AD?
Answer: By enabling conditional access policies that require MFA for all users.
16. What is an Identity Protection Policy in Azure AD?
Answer: Policies to monitor and respond to suspicious sign-ins based on risk levels.
17. What is Azure AD Identity Governance?
Answer: Tools to manage identity lifecycle, access reviews, and entitlement management to ensure secure and compliant access.
18. What is Azure AD Privileged Identity Management (PIM)?
Answer: A service to manage, control, and monitor access within Azure AD, Azure, and other Microsoft Online Services.
19. What is Azure AD Password Protection?
Answer: A feature that helps protect against weak passwords by enforcing password policies and banning certain password patterns.
20. What is a Security Info in Azure AD?
Answer: A method for users to update their MFA settings and contact information for security purposes.
Azure Key Vault and Secrets Management
21. What is Azure Key Vault?
Answer: A service for securely storing and managing keys, secrets, and certificates.
22. What types of secrets can you store in Azure Key Vault?
Answer: Passwords, API keys, certificates, connection strings, and cryptographic keys.
23. What is a Managed HSM in Azure Key Vault?
Answer: A fully managed hardware security module (HSM) service for securely storing and managing cryptographic keys.
24. What is a Key Vault Access Policy?
Answer: Defines which users or applications have access to the Key Vault and what operations they can perform.
25. What is Key Vault soft delete?
Answer: A feature that allows deleted keys and secrets to be retained for a recovery period before they are permanently removed.
26. What is Azure Key Vault Logging?
Answer: Allows logging of all access to the Key Vault for monitoring and auditing purposes.
27. What is the difference between Azure Key Vault and Azure Storage Account?
Answer:
o Azure Key Vault: Primarily for secure storage of secrets and keys.
o Azure Storage Account: General-purpose storage for blobs, files, queues, and tables.
28. Can Azure Key Vault store SSH keys?
Answer: Yes, Azure Key Vault can store SSH keys, in addition to other secrets and certificates.
29. What is Azure Key Vault Certificate Management?
Answer: A feature to securely manage the lifecycle of SSL/TLS certificates.
30. How does Azure Key Vault integrate with Azure Active Directory?
Answer: It uses Azure AD for authentication and authorization to access stored secrets.
Role-Based Access Control (RBAC)
31. What is Role-Based Access Control (RBAC)?
Answer: A system to assign roles to users, groups, or applications to control access to Azure resources.
32. What are the three types of roles in RBAC?
Answer:
o Owner: Full access to all resources.
o Contributor: Can create and manage resources but cannot assign roles.
o Reader: Can view resources but cannot modify them.
33. What is the difference between a role assignment and a role definition?
Answer:
o Role Assignment: A mapping of a role to a user or group.
o Role Definition: A set of permissions that are associated with a role.
34. What is the default role in Azure for new users?
Answer: The default role is Reader.
35. How can you create custom roles in Azure RBAC?
Answer: By defining a custom role in JSON format that specifies allowed actions and scopes.
36. What is Azure RBAC scope?
Answer: The level at which a role is assigned, such as a subscription, resource group, or individual resource.
37. What are Azure AD roles, and how are they different from Azure RBAC roles?
Answer:
o Azure AD Roles: Manage access to Azure Active Directory features.
o Azure RBAC Roles: Control access to Azure resources.
38. What is the difference between Assigning a Role to a User and Granting a Role in
Azure RBAC?
Answer:
o Assigning: Links a user or group to a role and scope.
o Granting: The action of allowing a user or group to have permissions.
39. What is the principle of least privilege in RBAC?
Answer: Assigning only the minimum required permissions to users or groups to perform their job functions.
40. What is a Conditional Access policy in Azure AD?
Answer: A policy-based access control feature that uses conditions like user location, device compliance, and application sensitivity to grant or block access to resources.
Azure Security Center and Threat Management
41. What is Azure Security Center?
Answer: A unified security management system offering threat protection for workloads in Azure, hybrid, and on-premises environments.
42. What are the two main security levels in Azure Security Center?
Answer:
o Free: Basic security features and recommendations.
o Standard: Advanced threat protection and additional security features.
43. What is Azure Security Center’s Cloud Security Posture Management (CSPM)?
Answer: A feature that helps organizations continuously monitor and assess their security posture across cloud services.
44. What is Azure Defender?
Answer: A set of advanced security capabilities within Azure Security Center that protects against threats to Azure resources.
45. What are Security Recommendations in Azure Security Center?
Answer: Suggested actions to improve security posture and mitigate risks.
46. What is Just-in-Time Access in Azure Security Center?
Answer: A feature that temporarily grants access to virtual machines for specific tasks, improving security by reducing unnecessary access.
47. What is Azure Sentinel?
Answer: A cloud-native SIEM (Security Information and Event Management) service for intelligent security analytics and threat detection.
48. What is the purpose of Security Alerts in Azure Security Center?
Answer: To notify administrators of detected security threats and vulnerabilities.
49. What is Azure Firewall Threat Intelligence?
Answer: A feature that helps detect and block traffic from known malicious IP addresses.
50. How does Azure Security Center integrate with Azure Defender for Identity?
Answer: It provides advanced protection against identity-based threats by integrating security alerts and actions.
Compliance and Security Best Practices
51. What is Azure Compliance Manager?
Answer: A tool to help organizations manage their compliance requirements and assess their adherence to industry standards and regulations.
52. What are Security Baselines in Azure Security Center?
Answer: Pre-configured, best-practice security settings for common Azure services to ensure compliance with security requirements.
53. What is Azure Policy?
Answer: A service to enforce organizational standards and assess compliance across Azure resources.
54. What is Azure Blueprints?
Answer: A service to define, deploy, and manage resource templates that ensure compliance with organizational standards.
55. What is the difference between Azure Policy and Azure Blueprints?
Answer:
o Azure Policy: Enforces rules for resources.
o Azure Blueprints: Provides a way to automate deployments and apply policies for governance.
56. What is Azure AD Access Reviews?
Answer: A feature that helps organizations regularly review and confirm user access to resources.
57. What are Azure AD Audit Logs?
Answer: Logs that track events and changes within Azure Active Directory to help with security monitoring and compliance.
58. What is the Azure Security Benchmark?
Answer: A set of security controls based on industry standards and best practices for securing Azure workloads.
59. What is Azure Information Protection?
Answer: A solution to classify, label, and protect data based on its sensitivity.
60. What is Azure Key Vault Managed Identity integration?
Answer: Integrates Key Vault with Azure AD Managed Identity for secure access to keys and secrets without storing credentials in code.