Azure Interview Questions and Answers

What is Microsoft Azure?
  • Microsoft Azure is a cloud computing platform and service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers. It provides a wide range of services including compute, storage, databases, networking, analytics, machine learning, AI, IoT, mobile, security, hybrid, and application development, deployment, and management.
What are the key benefits of using Azure?
  • Cost-Effective: Pay-as-you-go pricing, no upfront costs, economies of scale, cost management tools.
  • Scalability & Elasticity: Easily scale resources up or down based on demand using services like Virtual Machine Scale Sets.
  • Reliability: Global infrastructure with Regions and Availability Zones for high availability and disaster recovery.
  • Performance: High-speed network, various performance-optimized services.
  • Security: Robust security features, comprehensive compliance offerings, strong identity management with Azure AD.
  • Global Presence: Extensive global network of data centers.
  • Hybrid Capabilities: Strong integration with on-premises environments.
  • Innovation: Access to a wide range of cutting-edge services including AI/ML and IoT.
Explain the Azure Shared Responsibility Model.
  • The Shared Responsibility Model defines what Microsoft is responsible for and what the customer is responsible for regarding security in Azure.
  • Microsoft is responsible for "Security OF the Cloud": This includes the physical data centers, network infrastructure, and the underlying hardware and software that run Azure services.
  • Customer is responsible for "Security IN the Cloud": This includes the security of their data, endpoints (VMs, containers), account management, access control (IAM), and application security. The level of customer responsibility varies depending on the service type (IaaS, PaaS, SaaS).
What are Azure Regions and Availability Zones?
  • Regions: A set of data centers deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network. Each region is physically isolated and independent.
  • Availability Zones (AZs): Physically separate locations within an Azure region. Each AZ consists of one or more data centers with independent power, cooling, and networking. Deploying resources across multiple AZs provides high availability and fault tolerance within a region.
What is Azure Resource Manager (ARM)?
  • Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure subscription. You use management features like access control, locks, and tags to secure and organize your resources after deployment.
What is an ARM Template?
  • An ARM Template is a JSON file that defines the infrastructure and configuration for your solution. It allows you to deploy your infrastructure as code (IaC) to Azure in a declarative way. This ensures consistent and repeatable deployments.
What is Azure Resource Group?
  • An Azure Resource Group is a logical container for Azure resources. It's a way to group related resources for an application or solution, making it easier to manage them as a single unit (e.g., for deployment, updates, or deletion). Resources can be from different regions but belong to the same Resource Group.
What is Azure Virtual Machine (VM)?
  • Azure Virtual Machines are one of the compute services offered by Azure. They provide on-demand, scalable computing resources (virtual servers) that you can configure with various operating systems (Windows, Linux) and software. You have full control over the OS and software installed on the VM.
What are different Azure VM Sizes?
  • Azure VM sizes are categorized into families optimized for different workloads, such as:
    • General Purpose: (e.g., Dv3, Av2 series) - Balance of CPU, memory, and disk.
    • Compute Optimized: (e.g., Fsv2, F series) - High CPU-to-memory ratio.
    • Memory Optimized: (e.g., Ev3, M series) - High memory-to-CPU ratio.
    • Storage Optimized: (e.g., Lsv2 series) - High disk throughput and IOPS.
    • GPU Optimized: (e.g., NV, NC, ND series) - Virtual machines with GPUs for graphics rendering and machine learning.
    • High Performance Compute (HPC): (e.g., H series) - Fastest and most powerful CPU VMs.
Explain Azure Network Security Groups (NSGs).
  • Network Security Groups (NSGs) act as a virtual firewall for your Azure resources (like VMs). They allow or deny inbound and outbound network traffic to one or more Azure resources (VMs, Subnets, NICs) based on security rules. Rules are defined based on source/destination IP address, port, and protocol.
What is the difference between NSGs and Azure Firewall?
  • NSGs: Filter network traffic at the network interface (NIC) or subnet level based on Layer 4 (TCP/UDP) and some Layer 3 (IP) rules. They are stateless for most rules but stateful for specific traffic flows.
  • Azure Firewall: A managed, cloud-based network security service that provides stateful firewall capabilities at the VNet level. It offers advanced features like FQDN filtering, network threat intelligence, and central management. It's generally used for perimeter protection of your VNet.
What are the different ways to connect to an Azure VM?
  • RDP: For Windows VMs.
  • SSH: For Linux VMs.
  • Azure Bastion: Provides secure, seamless RDP/SSH connectivity to your VMs directly through the Azure portal over TLS, without exposing public IP addresses or requiring agents.
  • VPN or ExpressRoute: Connecting from on-premises networks.
What is Azure Blob Storage?
  • Azure Blob Storage is Microsoft's object storage solution. It is optimized for storing massive amounts of unstructured data, such as text or binary data. It's used for storing images, documents, videos, backups, and data for data lakes.
Explain different Blob Tiers in Azure Storage.
  • Hot Tier: Optimized for storing data that is accessed frequently. Highest storage cost but lowest access cost.
  • Cool Tier: Optimized for storing data that is accessed infrequently (at least 30 days). Lower storage cost but higher access cost than Hot.
  • Archive Tier: Optimized for storing data that is rarely accessed and stored for at least 180 days. Lowest storage cost but highest access cost and latency.
What are the different types of Azure Storage Accounts?
  • General-purpose v2 (GPv2): Recommended for most scenarios, supports all storage types (Blob, File, Queue, Table) and features like access tiers.
  • Blob Storage: Legacy account type specifically for Blob storage.
  • General-purpose v1 (GPv1): Legacy account type, less feature-rich and higher cost than GPv2.
  • Premium Block Blobs: For high transaction rates and low storage latency.
  • Premium File Shares: For high performance File storage.
  • Premium Page Blobs: For high-performance random read/write operations (used for VHDs for VMs).
How do you ensure data redundancy in Azure Storage?
  • Azure Storage offers various redundancy options:
    • LRS (Locally Redundant Storage): 3 copies within a single data center.
    • ZRS (Zone-Redundant Storage): 3 copies across 3 Availability Zones within a region.
    • GRS (Geo-Redundant Storage): 6 copies, 3 in the primary region (LRS) and 3 in a secondary paired region (LRS).
    • RA-GRS (Read-Access Geo-Redundant Storage): Same as GRS but allows read access to the data in the secondary region.
    • GZRS (Geo-Zone-Redundant Storage): 6 copies, 3 across 3 AZs in the primary region (ZRS) and 3 in a secondary paired region (LRS).
    • RA-GZRS (Read-Access Geo-Zone-Redundant Storage): Same as GZRS but allows read access to the data in the secondary region.
What is Azure SQL Database?
  • Azure SQL Database is a fully managed Platform-as-a-Service (PaaS) database engine that handles most of the database management functions like upgrading, patching, backups, and monitoring without user involvement. It is based on the latest stable version of the Microsoft SQL Server database engine.
Explain different deployment options for Azure SQL Database.
  • Single Database: Represents a fully managed database service.
  • Elastic Pools: A collection of single databases with a shared set of resources (CPU, memory, storage). Cost-effective for managing multiple databases with varying, unpredictable usage demands.
  • Managed Instance: Provides near 100% compatibility with the latest on-premises SQL Server database engine, offering a native virtual network (VNet) implementation and a business model favorable for on-premises SQL Server customers.
What is Azure Cosmos DB?
  • Azure Cosmos DB is Microsoft's globally distributed, multi-model database service. It offers turnkey global distribution, elastic scaling of throughput and storage, and guaranteed single-digit millisecond latencies at the 99th percentile, all backed by comprehensive SLAs. It supports various data models (key-value, document, graph, column-family).
What are Request Units (RUs) in Cosmos DB?
  • A Request Unit (RU) is the throughput measure in Azure Cosmos DB. It's a performance currency that abstracts the system resources such as CPU, IOPS, and memory that are required to perform the database operations supported by Cosmos DB. You provision RUs per second for your database or container.
What is the difference between Azure SQL Database and Azure Cosmos DB?
  • Azure SQL Database: Relational database, structured data, fixed schema, best for transactional workloads requiring ACID compliance.
  • Azure Cosmos DB: NoSQL database, unstructured or semi-structured data, flexible schema, best for high-performance, globally distributed applications with varying data models.
What is Azure Virtual Network (VNet)?
  • An Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. You have full control over your VNet configuration.
Explain Public and Private IP Addresses in Azure.
  • Public IP Address: Used for communication with the internet. Assigned to Azure resources like VMs, Load Balancers, Gateways.
  • Private IP Address: Used for communication within an Azure VNet and your on-premises network (if connected). Assigned to Azure resources like VMs and internal Load Balancers.
What is VNet Peering?
  • VNet Peering allows you to seamlessly connect two or more Virtual Networks in Azure. The virtual networks appear as one for connectivity purposes. Traffic between peered VNets is routed through the Microsoft backbone network and does not traverse the internet. Peering is non-transitive.
What is Azure DNS?
  • Azure DNS is a hosting service for DNS domains that provides name resolution using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services.
Explain different Routing Methods in Azure Traffic Manager.
  • Azure Traffic Manager is a DNS-based traffic load balancer. Its routing methods determine how traffic is distributed to endpoints:
    • Priority: Routes all traffic to one endpoint as long as it's healthy.
    • Weighted: Distributes traffic based on weights assigned to each endpoint.
    • Performance: Routes traffic to the endpoint with the lowest network latency for the end user.
    • Geographic: Routes traffic based on the geographic location of the user.
    • Multivalue: Returns multiple IP addresses for a domain name.
    • Subnet: Routes traffic based on the user's subnet IP range.
What is Azure Content Delivery Network (CDN)?
  • Azure Content Delivery Network (CDN) is a distributed network of servers that can efficiently deliver web content to users. CDN servers are located at Points of Presence (POPs) closer to end users, caching content and reducing latency and load on origin servers.
What is Azure ExpressRoute?
  • Azure ExpressRoute is a service that lets you create private connections between Azure data centers and infrastructure that's on your premises or in a colocation environment. ExpressRoute connections do not go over the public internet and offer lower latency, higher bandwidth, and more reliability.
What is Azure Virtual WAN?
  • Azure Virtual WAN is a networking service that provides optimized, automated, and highly scalable branch connectivity through Azure. It's a unified solution that combines networking, security, and routing functions into a single operational interface.
What is Azure Active Directory (Azure AD)?
  • Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It provides identity for your applications and resources, enables Single Sign-On (SSO), Multi-Factor Authentication (MFA), Conditional Access, and integrates with on-premises Active Directory.
Explain Azure RBAC (Role-Based Access Control).
  • Azure Role-Based Access Control (RBAC) is an authorization system that provides fine-grained access management of Azure resources. You can assign roles to users, groups, and service principals at different scopes (subscription, resource group, resource) to control what actions they can perform.
What is the principle of Least Privilege in Azure?
  • The principle of least privilege in Azure means granting only the minimum permissions necessary for users or services to perform their required tasks. This is implemented using Azure RBAC roles and assignments to minimize the potential impact of a compromised identity.
What is Azure Key Vault?
  • Azure Key Vault is a cloud service that provides a secure store for secrets. You can securely store and manage sensitive information such as API keys, passwords, certificates, and cryptographic keys. It helps keep your secrets secure and accessible only to authorized applications and users.
What is Microsoft Defender for Cloud (formerly Azure Security Center)?
  • Microsoft Defender for Cloud is a cloud security posture management (CSPM) and cloud workload protection (CWP) solution. It provides visibility into your security posture, strengthens the security of your cloud resources, and provides threat detection capabilities.
What is Microsoft Sentinel (formerly Azure Sentinel)?
  • Microsoft Sentinel is a scalable, cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. It collects security data from various sources, detects threats using analytics and AI, investigates incidents, and automates responses.
What is Azure Policy?
  • Azure Policy is a service that helps you manage and prevent IT issues through policy definitions that enforce rules and effects on your resources. Policies can enforce requirements like only allowing specific VM sizes, requiring tagging, or ensuring encryption is enabled.
What is Azure Blueprints?
  • Azure Blueprints is a service that enables you to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. It's a way to package Azure Policy, RBAC assignments, Resource Manager templates, and Resource Groups into a single deployable unit.
What is Azure Monitor?
  • Azure Monitor is a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It provides insights into the performance and health of your applications and infrastructure. It includes capabilities for metrics, logs, alerts, and application monitoring.
Explain Azure Monitor Metrics and Logs.
  • Azure Monitor Metrics: Numerical values collected at regular intervals that describe some aspect of a system at a particular time. Used for real-time analysis and alerting.
  • Azure Monitor Logs: Event data collected from various sources, organized into records with different sets of properties. Used for deeper analysis, correlation, and long-term retention. Log Analytics is the primary tool for querying logs using Kusto Query Language (KQL).
What is Azure Automation?
  • Azure Automation is a cloud-based automation and configuration management service that supports consistent management across your Azure and non-Azure environments. It includes process automation (runbooks), configuration management (DSC), update management, and shared resources like credentials and variables.
What is Azure Advisor?
  • Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and recommends solutions to improve the high availability, security, performance, and cost-effectiveness of your Azure resources.
What is Azure DevOps?
  • Azure DevOps is a set of development services that provide comprehensive capabilities for the software development lifecycle. It includes Azure Repos (Git repositories), Azure Pipelines (CI/CD), Azure Boards (Agile planning), Azure Test Plans (manual/exploratory testing), and Azure Artifacts (package management).
What is Azure Pipelines?
  • Azure Pipelines is a cloud-based service within Azure DevOps that provides continuous integration (CI) and continuous delivery (CD) capabilities. It allows you to automatically build, test, and deploy your code to various targets, including Azure, other clouds, or on-premises environments.
What is Azure Functions? (revisited)
  • Azure Functions is a serverless compute service that enables you to run small pieces of code ("functions") without explicitly provisioning or managing infrastructure. You pay only for the execution time of your code. Functions are triggered by various events.
What is Azure Logic Apps?
  • Azure Logic Apps is a cloud-based service that helps you automate workflows and integrate apps, data, services, and systems by visually designing workflows. It's a serverless orchestration service that uses connectors to interact with various services.
What is the difference between Azure Functions and Azure Logic Apps?
  • Azure Functions: Code-first approach, write code in a language of your choice, ideal for implementing small pieces of business logic in a serverless manner.
  • Azure Logic Apps: Workflow-first approach, visually design workflows, ideal for integrating multiple services and orchestrating complex processes without writing much code.
What is Azure Service Bus?
  • Azure Service Bus is a fully managed enterprise integration message broker. It's used to decouple applications and services by allowing them to communicate asynchronously using message queues and topics (publish-subscribe).
What is Azure Event Grid?
  • Azure Event Grid is a serverless event routing service that makes it easy to build event-driven applications. It enables you to react to relevant events happening across Azure services and third-party sources using push-based delivery.
What is Azure Event Hubs?
  • Azure Event Hubs is a highly scalable data streaming platform and event ingestion service. It's designed for scenarios where you need to ingest and process large volumes of streaming data from many sources simultaneously.
When would you use Service Bus vs. Event Grid vs. Event Hubs?
  • Service Bus: For decoupling applications with reliable message delivery, transactional messaging, and advanced features like dead-lettering (enterprise messaging).
  • Event Grid: For reacting to events from Azure services or custom sources, using a publish-subscribe model with push delivery (event routing).
  • Event Hubs: For high-throughput data streaming and ingestion from many sources (big data streaming).
What is Azure Site Recovery?
  • Azure Site Recovery is a service that contributes to your disaster recovery strategy by managing and orchestrating replication, failover, and failback of machines. It can replicate Azure VMs between regions, or replicate on-premises VMs (VMware, Hyper-V) and physical servers to Azure.
What is Azure Backup?
  • Azure Backup is a service that provides a simple, reliable, and cost-effective backup solution for your data. It can back up data from on-premises (using the Azure Backup agent or MABS), Azure VMs, Azure file shares, SQL Server, and SAP HANA databases running in Azure.
What is the difference between Azure Site Recovery and Azure Backup?
  • Azure Site Recovery: Focused on **Disaster Recovery** (DR). Replicates entire machines (VMs, physical servers) to enable rapid failover to a secondary location in case of a disaster. Primarily for business continuity.
  • Azure Backup: Focused on **Backup and Restore**. Creates copies of data (files, applications, databases) to allow recovery from accidental deletion, corruption, or ransomware attacks. Primarily for data protection.
What is Azure Migrate?
  • Azure Migrate is a hub for migration, modernization, and innovation in Azure. It provides a centralized console to discover, assess, and migrate on-premises workloads (servers, databases, web apps, data) to Azure.
What is Azure Cost Management and Billing?
  • Azure Cost Management and Billing is a suite of tools that helps you understand, report on, and optimize your Azure costs. It includes features for cost analysis, creating budgets, setting up alerts, exporting cost data, and leveraging cost optimization recommendations from Azure Advisor.
What are Reserved VM Instances?
  • Reserved VM Instances (RIs) allow you to save money compared to pay-as-you-go prices by committing to a one-year or three-year term for a specified VM size and region. They provide a billing discount and help you manage your compute capacity.
What are Azure Savings Plans?
  • Azure Savings Plans for compute offer flexible savings on compute costs. You commit to spending a fixed hourly amount for one or three years, and you get a discount on the usage of compute services like Virtual Machines, Azure Dedicated Hosts, Container Instances, Azure Premium Functions, and Azure App Service Stamps, regardless of region, instance family, OS, or tenancy. They offer more flexibility than RIs.
What are Spot VMs?
  • Spot VMs allow you to take advantage of unused capacity at significant cost savings compared to pay-as-you-go prices. However, Azure can reclaim this capacity at any time with a 30-second notice when Azure needs the capacity back. Spot VMs are suitable for workloads that can handle interruptions, like batch jobs or stateless applications.
What is Azure Marketplace?
  • Azure Marketplace is an online store that offers applications and services built by Microsoft and its partners. You can find and deploy a wide range of solutions, including virtual machine images, managed applications, software as a service (SaaS), and data services.
What is Azure App Service?
  • Azure App Service is a fully managed PaaS offering for building, deploying, and scaling web apps, mobile backends, and RESTful APIs. It supports various programming languages and frameworks and includes features like auto-scaling, load balancing, continuous deployment, and integration with other Azure services.
What is the difference between Azure VMs and Azure App Service?
  • Azure VMs: IaaS offering. You manage the entire VM, including the OS, runtime, and application dependencies. Provides maximum control but requires more management effort.
  • Azure App Service: PaaS offering. Azure manages the underlying infrastructure (OS, patching, scaling). You only focus on your application code. Simpler to manage but less control over the environment.
What is Azure Kubernetes Service (AKS)? (revisited)
  • Azure Kubernetes Service (AKS) is a managed Kubernetes service that makes it easy to deploy, manage, and scale containerized applications using Kubernetes on Azure. Azure manages the Kubernetes control plane, and you manage the worker nodes.
What is Azure Container Instances (ACI)? (revisited)
  • Azure Container Instances (ACI) is a serverless container service that allows you to run containers directly on Azure without managing virtual machines or learning container orchestration. It's ideal for simple, single-container applications or tasks.
What is Azure Container Registry (ACR)? (revisited)
  • Azure Container Registry (ACR) is a managed Docker container registry service based on the open-source Docker Registry 2.0. It's used to store and manage your private Docker container images and related artifacts.
When would you use AKS vs. ACI?
  • AKS: For complex, multi-container applications that require orchestration, scaling, and management features like load balancing, service discovery, and rolling updates.
  • ACI: For simple, single-container applications or tasks that don't require orchestration, offering a faster and simpler way to run containers serverlessly.
What is Azure Data Factory? (revisited)
  • Azure Data Factory is a cloud-based ETL (Extract, Transform, Load) and data integration service. It allows you to create, schedule, and orchestrate data pipelines that move and transform data from various sources to destinations.
What is Azure Databricks? (revisited)
  • Azure Databricks is a managed Apache Spark-based analytics service. It provides a collaborative platform for data science, data engineering, and machine learning workflows, enabling high-performance processing of large datasets.
What is Azure Synapse Analytics? (revisited)
  • Azure Synapse Analytics is an integrated analytics service that brings together enterprise data warehousing, data integration, and big data analytics. It allows you to query data using serverless or provisioned resources at scale.
What is the difference between Azure Data Lake Storage Gen2 and Azure Blob Storage?
  • Azure Data Lake Storage Gen2 is built on Azure Blob Storage and provides a set of capabilities dedicated to big data analytics. It includes a hierarchical namespace, which allows for efficient folder and file management, and is optimized for analytical workloads. Blob Storage is a general-purpose object storage service.
What is Azure Machine Learning? (revisited)
  • Azure Machine Learning is a cloud-based environment you can use to train, deploy, automate, and manage machine learning models, all at scale. It provides tools and services for the entire ML lifecycle.
What are Azure Cognitive Services? (revisited)
  • Azure Cognitive Services are cloud-based AI services that provide developers with pre-trained models to easily add intelligent features to their applications without requiring deep AI or data science expertise. Categories include Vision, Speech, Language, Web Search, and Decision.
What is Azure IoT Hub?
  • Azure IoT Hub is a managed service that acts as a central message hub for bi-directional communication between your Internet of Things (IoT) application and the devices it manages. It allows you to securely connect, manage, and monitor millions of IoT devices.
What is Azure Sphere?
  • Azure Sphere is a secured, high-level application platform with built-in communication and security features for internet-connected devices. It includes a secured microcontroller, a custom Linux-based operating system, and a cloud-based security service.
What is Azure Active Directory B2C?
  • Azure Active Directory B2C is a customer identity access management (CIAM) solution that enables you to customize and control how customers sign up, sign in, and manage their profiles when using your applications. It supports millions of users and integrates with social identity providers.
What is Azure AD B2B?
  • Azure Active Directory B2B (Business-to-Business) collaboration allows you to securely share your applications and services with guest users from any organization, while maintaining control over your corporate data. Guest users can sign in with their own identities.
What is Azure Front Door? (revisited)
  • Azure Front Door is a global, scalable entry point that uses the Microsoft global edge network to create fast, secure, and highly scalable web applications. It provides Layer 7 load balancing, dynamic site acceleration, SSL offloading, and Web Application Firewall (WAF) capabilities.
What is the difference between Azure Front Door and Azure Application Gateway?
  • Azure Front Door: A global service operating at the edge of the Microsoft network. Provides global load balancing, WAF, and CDN capabilities. Best for geographically distributed applications.
  • Azure Application Gateway: A regional service providing Layer 7 load balancing and WAF within a specific Azure region. Best for load balancing traffic to backend pools within a VNet in a single region.
What is Azure Traffic Manager? (revisited)
  • Azure Traffic Manager is a DNS-based traffic load balancer. It distributes traffic to application endpoints in different geographic locations based on chosen routing methods. It works at the DNS level, directing clients to the appropriate endpoint.
What is the difference between Azure Load Balancer, Application Gateway, Front Door, and Traffic Manager?
  • Azure Load Balancer: Regional, Layer 4 (TCP/UDP) load balancing.
  • Azure Application Gateway: Regional, Layer 7 (HTTP/HTTPS) load balancing, WAF.
  • Azure Traffic Manager: Global, DNS-based traffic routing (not a proxy).
  • Azure Front Door: Global, Layer 7 (HTTP/HTTPS) load balancing, WAF, CDN, dynamic site acceleration.
What is Azure Private Link? (revisited)
  • Azure Private Link enables you to access Azure PaaS Services (for example, Azure Storage and Azure Cosmos DB) and Azure hosted customer-owned/partner services over a private endpoint in your virtual network. Traffic between your virtual network and the service traverses the Microsoft backbone network, eliminating the need for public internet access.
What is Azure Service Endpoint?
  • Service Endpoints provide secure and direct connectivity to Azure services over an optimized route on the Azure backbone network. They extend your VNet identity to the Azure service. While they keep traffic on the Azure network, they still use public IP addresses for the service endpoint itself. Private Link is the newer and generally preferred method for private access.
What is Azure Lighthouse? (revisited)
  • Azure Lighthouse enables cross-tenant management, allowing service providers or internal IT teams to manage Azure resources for multiple customers or subscriptions from a single management plane.
What is Azure Arc?
  • Azure Arc is a set of technologies that extends Azure management and services to any infrastructure. It allows you to manage servers (physical or virtual, on-premises or in other clouds), Kubernetes clusters, and data services (SQL Managed Instance, PostgreSQL Hyperscale) as if they were running in Azure.
What is the Azure Well-Architected Framework?
  • The Azure Well-Architected Framework is a set of guiding tenets used to establish a quality framework for cloud workloads. It consists of five pillars: Cost Optimization, Operational Excellence, Performance Efficiency, Reliability, and Security.
Explain the five pillars of the Azure Well-Architected Framework.
  • Cost Optimization: Managing costs to maximize the value delivered.
  • Operational Excellence: Building and running systems that deliver business value and continually improving processes and procedures.
  • Performance Efficiency: The ability of a workload to scale to meet the demands placed on it by users in an efficient manner.
  • Reliability: The ability of a system to respond to failures and continue to function in a healthy state.
  • Security: Protecting applications and data from threats.
What is Azure Security Center? (final revisit)
  • Microsoft Defender for Cloud (formerly Azure Security Center) is a cloud security posture management (CSPM) and cloud workload protection (CWP) solution. It provides visibility into your security posture, strengthens the security of your cloud resources, and provides threat detection capabilities.
What is Azure Sentinel? (final revisit)
  • Microsoft Sentinel (formerly Azure Sentinel) is a scalable, cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. It collects security data from various sources, detects threats using analytics and AI, investigates incidents, and automates responses.
What is Azure Firewall? (final revisit)
  • Azure Firewall is a managed, cloud-based network security service that provides stateful firewall capabilities at the VNet level. It offers advanced features like FQDN filtering, network threat intelligence, and central management. It's generally used for perimeter protection of your VNet.
What is Azure DDoS Protection? (final revisit)
  • Azure DDoS Protection safeguards your Azure applications from Distributed Denial of Service (DDoS) attacks. It provides enhanced DDoS mitigation capabilities beyond the basic level that is automatically included with every Azure subscription.
What is Azure Policy? (final revisit)
  • Azure Policy is a service that helps you manage and prevent IT issues through policy definitions that enforce rules and effects on your resources. Policies can enforce requirements like only allowing specific VM sizes, requiring tagging, or ensuring encryption is enabled.
What is Azure Blueprints? (final revisit)
  • Azure Blueprints is a service that enables you to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. It's a way to package Azure Policy, RBAC assignments, Resource Manager templates, and Resource Groups into a single deployable unit.
What is Azure Automation? (final revisit)
  • Azure Automation is a cloud-based automation and configuration management service that supports consistent management across your Azure and non-Azure environments. It includes process automation (runbooks), configuration management (DSC), update management, and shared resources like credentials and variables.
What is the purpose of a Just-In-Time (JIT) VM access in Microsoft Defender for Cloud?
  • Just-In-Time (JIT) VM access is a feature in Microsoft Defender for Cloud that reduces your VM's exposure to network attacks by creating security rules that deny access to your VMs by default. You only open ports for a limited, specified time when needed, and Defender for Cloud automatically manages the NSG rules.
What is Azure Active Directory PIM (Privileged Identity Management)?
  • Azure AD Privileged Identity Management (PIM) is a service that allows you to manage, control, and monitor access to important resources in Azure AD, Azure, and other Microsoft Online Services like Microsoft 365 or Intune. It helps you minimize the number of people who have access to sensitive information or resources by activating eligible roles on demand.
What is Managed Identity in Azure?
  • Managed Identities for Azure resources provide an identity for applications to use when connecting to resources that support Azure AD authentication, without needing to manage secrets. Azure automatically manages the lifecycle of the identity. There are two types: System-assigned (tied to a specific resource) and User-assigned (managed independently).
What is Azure Service Principal?
  • A service principal is a security identity used by user-created apps, services, and automation tools to access specific Azure resources. It's essentially a non-human identity that can be assigned roles and permissions via RBAC. Managed Identities are a type of service principal.
What is Azure Lighthouse? (final revisit)
  • Azure Lighthouse enables cross-tenant management, allowing service providers or internal IT teams to manage Azure resources for multiple customers or subscriptions from a single management plane.
What is Azure Arc? (final revisit)
  • Azure Arc is a set of technologies that extends Azure management and services to any infrastructure. It allows you to manage servers (physical or virtual, on-premises or in other clouds), Kubernetes clusters, and data services (SQL Managed Instance, PostgreSQL Hyperscale) as if they were running in Azure.
What is the Azure Well-Architected Framework? (final revisit)
  • The Azure Well-Architected Framework is a set of guiding tenets used to establish a quality framework for cloud workloads. It consists of five pillars: Cost Optimization, Operational Excellence, Performance Efficiency, Reliability, and Security.
Explain the five pillars of the Azure Well-Architected Framework. (final revisit)
  • Cost Optimization: Managing costs to maximize the value delivered.
  • Operational Excellence: Building and running systems that deliver business value and continually improving processes and procedures.
  • Performance Efficiency: The ability of a workload to scale to meet the demands placed on it by users in an efficient manner.
  • Reliability: The ability of a system to respond to failures and continue to function in a healthy state.
  • Security: Protecting applications and data from threats.
What is Azure Resource Health?
  • Azure Resource Health provides information about the health of your individual Azure resources, such as a specific virtual machine or SQL Database. It helps you diagnose and get support for service problems that affect your resources.
What is Azure Service Health? (final revisit)
  • Azure Service Health is a dashboard that informs you about the health of the Azure services and regions you use. It provides personalized alerts about service outages, planned maintenance, and other health advisories that may affect your resources.
What is the purpose of an Azure Load Balancer Health Probe?
  • A health probe is used by Azure Load Balancer to monitor the health of the backend instances (VMs, container instances) in a backend pool. If an instance fails the health probe, the Load Balancer stops sending new connections to that instance until it becomes healthy again.
What is the difference between a Public Load Balancer and an Internal Load Balancer?
  • Public Load Balancer: Provides outbound connections to the internet for VMs within the VNet and inbound connections from the internet to the backend pool. Has a public IP address.
  • Internal Load Balancer: Distributes traffic to resources within a VNet. Used for load balancing internal traffic. Has a private IP address.
What is Azure Managed Disks?
  • Azure Managed Disks are block-level storage volumes that are managed by Azure and used with Azure Virtual Machines. Azure handles the storage accounts and associated complexities, allowing you to focus on your VMs. You specify the disk type (Standard HDD, Standard SSD, Premium SSD, Ultra Disk) and size, and Azure manages the rest.
What is the difference between Managed Disks and Unmanaged Disks?
  • Managed Disks: Azure handles the storage accounts for you. Simpler to manage, improved availability and scalability. Recommended.
  • Unmanaged Disks: You manage the storage accounts where the VHD files for your disks are stored. Requires more manual effort for management, scaling, and ensuring high availability. Older technology.
What is an Azure Snapshot?
  • An Azure Snapshot is a read-only, point-in-time copy of a managed disk. Snapshots are stored in standard storage by default and can be used to create a new managed disk. They are incremental, storing only the changes since the last snapshot.
What is Azure Files Sync? (revisited)
  • Azure File Sync is a service that centralizes your organization's file shares in Azure Files while keeping the flexibility, performance, and compatibility of an on-premises file server. It synchronizes files between your on-premises Windows servers and Azure File Shares.
What is Azure Migrate? (final revisit)
  • Azure Migrate is a hub for migration, modernization, and innovation in Azure. It provides a centralized console to discover, assess, and migrate on-premises workloads (servers, databases, web apps, data) to Azure.
What is the purpose of a Network Virtual Appliance (NVA) in Azure?
  • A Network Virtual Appliance (NVA) is a third-party appliance (like a firewall, WAN optimizer, or application delivery controller) deployed as a VM in your Azure VNet. You can route traffic through an NVA using User Defined Routes (UDRs) to enforce security policies or provide specific network functions.
What are User Defined Routes (UDRs)?
  • User Defined Routes (UDRs) are custom route tables that you can create and associate with subnets in your Azure VNet. UDRs override the default system routes and allow you to control the flow of network traffic, for example, by directing traffic through an NVA.
What is Azure Bicep?
  • Azure Bicep is a declarative language used to deploy Azure resources. It's a domain-specific language (DSL) designed to provide a more concise and readable alternative to ARM Templates (JSON). Bicep code is compiled into ARM Templates for deployment.
What is Infrastructure as Code (IaC)? (revisited)
  • Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. In Azure, this is typically done using ARM Templates, Bicep, or third-party tools like Terraform.
What is Azure Lighthouse? (final revisit)
  • Azure Lighthouse enables cross-tenant management, allowing service providers or internal IT teams to manage Azure resources for multiple customers or subscriptions from a single management plane.
What is Azure Arc? (final revisit)
  • Azure Arc is a set of technologies that extends Azure management and services to any infrastructure. It allows you to manage servers (physical or virtual, on-premises or in other clouds), Kubernetes clusters, and data services (SQL Managed Instance, PostgreSQL Hyperscale) as if they were running in Azure.
What is the Azure Well-Architected Framework? (final revisit)
  • The Azure Well-Architected Framework is a set of guiding tenets used to establish a quality framework for cloud workloads. It consists of five pillars: Cost Optimization, Operational Excellence, Performance Efficiency, Reliability, and Security.
Explain the five pillars of the Azure Well-Architected Framework. (final revisit)
  • Cost Optimization: Managing costs to maximize the value delivered.
  • Operational Excellence: Building and running systems that deliver business value and continually improving processes and procedures.
  • Performance Efficiency: The ability of a workload to scale to meet the demands placed on it by users in an efficient manner.
  • Reliability: The ability of a system to respond to failures and continue to function in a healthy state.
  • Security: Protecting applications and data from threats.