Azure¶
108 cards β π’ 23 easy | π‘ 47 medium | π΄ 23 hard
π’ Easy (23)¶
1. What "Azure Functions" service is used for?
Show answer
Azure Functions is the serverless compute service of Azure.Remember: Azure Functions = AWS Lambda equivalent. Serverless compute, pay per execution. Consumption plan auto-scales to zero.
2. What is Azure Active Directory Privileged Identity Management (PIM)?
Show answer
Azure AD PIM is a service in Azure Active Directory that helps manage, control, and monitor access within an organization by providing just-in-time privileged access. PIM helps organizations mitigate security risks by limiting the time administrators and users have privileged access, reducing the window of vulnerability.Key Points:
Remember: PIM = just-in-time privileged access. Users request elevated roles for a time window, with approval workflows. Reduces standing admin access β a key Zero Trust principle.
3. What "Azure Container Instances" service is used for?
Show answer
Running containerized applications (without the need to provision virtual machines).Remember: Azure Cognitive Services = pre-built AI APIs for Vision, Speech, Language, and Decision. No ML expertise needed β just API calls.
4. What is Azure Portal?
Show answer
[Microsoft Docs](https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-fundamentals/what-is-microsoft-azure): "The Azure portal is a web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure subscription by using a graphical user interface."Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
5. What is Azure Marketplace?
Show answer
[Microsoft Docs](https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-fundamentals/what-is-microsoft-azure): "Azure marketplace helps connect users with Microsoft partners, independent software vendors, and startups that are offering their solutions and services, which are optimized to run on Azure."Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
6. What is Azure DevOps Pipeline, and how does it facilitate continuous integration and deployment (CI/CD)?
Show answer
Azure DevOps Pipeline is a continuous integration and continuous deployment (CI/CD) service that automates the build, test, and deployment phases of the application development lifecycle.Phases: It consists of build pipelines for compiling and testing code and release pipelines for deploying applications to various environments.
Remember: Azure DevOps = Boards (work tracking) + Repos (Git) + Pipelines (CI/CD) + Test Plans + Artifacts. The all-in-one DevOps platform from Microsoft.
7. What are the ARM template's sections ?
Show answer
[Microsoft Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/overview): The template has the following sections:Parameters - Provide values during deployment that allow the same template to be used with different environments.
Remember: ARM templates = Azure's CloudFormation. JSON/Bicep templates defining infrastructure as code. Bicep is the preferred modern syntax β it compiles to ARM JSON.
8. What "Azure Virtual Machine Scale Sets" service is used for?
Show answer
Scaling Linux or Windows virtual machines; it lets you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule.Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
9. What is Azure Active Directory?
Show answer
Azure AD is a cloud-based identity service. You can use it as a standalone service or integrate it with existing Active Directory service you already running.Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
10. What are Azure Private Link and Azure Private Endpoint, and how do they enhance network security?
Show answer
Azure Private Link: Azure Private Link allows access to Azure services (such as Azure Storage and Azure SQL Database) over a private network connection rather than the public internet.Purpose: It enhances network security by keeping traffic within the Microsoft Azure backbone network.
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
11. What is Azure Logic Apps, and how can it be used for workflow automation?
Show answer
Azure Logic Apps is a cloud service that enables the creation and automation of workflows to integrate systems, data, and applications.Workflow Automation:
* Connectivity: Logic Apps provide connectors to various services and systems, enabling seamless integration.
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
12. What is Azure Multi-Factor Authentication (MFA), and why is it important?
Show answer
Azure MFA is a security feature that requires users to verify their identity through multiple methods before gaining access to an application or resource.Importance: MFA adds an additional layer of security beyond passwords, reducing the risk of unauthorized access in case passwords are compromised.
Key Points:
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
13. What is Azure Policy Initiative, and how does it extend the capabilities of Azure Policy for governance?
Show answer
Azure Policy Initiative is a service that allows organizations to create sets of policies, called initiatives, to enforce and audit compliance with specific requirements or best practices across their Azure subscriptions.Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
14. What is Azure Information Protection, and how does it help in data classification and protection?
Show answer
Azure Information Protection is a cloud-based solution that helps organizations classify, label, and protect sensitive information.Integration with Microsoft 365: It integrates with Microsoft 365 applications to provide seamless data protection.
Data Classification and Protection:
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
15. What is Azure B2B and Azure B2C, and how do they differ?
Show answer
Azure B2B (Business-to-Business): Azure B2B is designed for enabling organizations to securely share their applications and services with guest users from other organizations.Use Case: Commonly used for collaboration scenarios where external partners or clients need access to certain resources.
Azure B2C (Business-to-Consumer):
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
16. What are the differences between Azure Automation State Configuration and Azure Update Management?
Show answer
Azure Automation State Configuration (DSC):Azure Automation State Configuration is a service that allows you to define, apply, and monitor configuration settings on Azure virtual machines.
It focuses on ensuring that VM configurations align with desired states defined in configuration scripts.
Azure Update Management:
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
17. What "Azure Batch" service is used for?
Show answer
Running parallel and high-performance computing applicationsRemember: Azure services follow a naming pattern: 'Azure + Service Name.' Most have equivalents in AWS and GCP β learn the mapping for multi-cloud fluency.
Gotcha: Azure portal UI changes frequently. Learn Azure CLI (az) and ARM/Bicep templates for reproducible, scriptable infrastructure management.
18. What is Azure Policy, and how does it help in enforcing compliance?
Show answer
Azure Policy is a service in Azure that enables you to create, assign, and manage policies to enforce rules and effects on resources in an Azure subscription.It helps ensure that resources deployed in Azure comply with organizational standards and service level agreements (SLAs).
How it Helps in Enforcing Compliance:
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
19. What is Azure Quantum and its potential applications?
Show answer
Azure Quantum is a cloud service by Microsoft that provides quantum computing capabilities to users.* Quantum Processing Units (QPU): It allows access to quantum processing units, enabling the execution of quantum algorithms.
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
20. What is Network Security Group (NSG) in Azure and how does it work?
Show answer
Azure Network Security Group (NSG) is a fundamental element of network security in Azure, allowing or denying inbound and outbound traffic to network interfaces, VMs, and subnets.How it Works:
* Rule-Based: NSGs operate based on rules that define allowed or denied traffic based on source, destination, protocol, and port.
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
21. What is Azure Disk Encryption, and why is it important?
Show answer
Azure Disk Encryption is a security feature that helps protect data at rest by encrypting the operating system and data disks of Azure virtual machines.Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
22. What "Azure Virtual Machines" service is used for?
Show answer
Azure VMs support Windows and Linux OS. They can be used for hosting web servers, applications, backups, Databases, they can also be used as jump server or azure self-hosted agent for building and deploying apps.Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
23. What is Managed Identity in Azure, and how does it enhance security?
Show answer
Managed Identity in Azure is a feature that allows applications to securely access Azure resources without the need for explicit credentials. It enhances security by eliminating the need to store sensitive information such as credentials in code or configuration files.Enhancements to Security:
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
π‘ Medium (47)¶
1. Describe the differences between Azure Service Bus and Azure Event Grid.
Show answer
Azure Service Bus:* Messaging Service: Azure Service Bus is a messaging service that facilitates communication between different components of applications or services.
* Queues and Topics: It supports both queues, for point-to-point communication, and topics, for publish-subscribe scenarios.
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
2. Explain the purpose of Azure Availability Zones.
Show answer
Azure Availability Zones:Remember: Availability Set = distributes VMs across fault domains (racks) and update domains. Availability Zone = physically separate datacenters. Zones > Sets for HA.
3. What is Azure Traffic Manager, and how does it work?
Show answer
Azure Traffic Manager: Azure Traffic Manager is a DNS-based traffic load balancer that enables the distribution of user traffic across multiple Azure services or global data centers. It enhances application availability, responsiveness, and resiliency by directing user requests to the most suitable endpoint based on routing methods and health probes.Remember: Traffic Manager is DNS-based (Layer 7), not a proxy. It returns the best endpoint IP; clients connect directly. Routing methods: Priority, Weighted, Performance, Geographic, Multivalue, Subnet.
4. Explain availability sets and availability zones
Show answer
An availability set is a logical grouping of VMs that allows Azure to understand how your application is built to provide redundancy and availability. It is recommended that two or more VMs are created within an availability set to provide for a highly available application and to meet theΒ 99.95% Azure SLA.Remember: Availability Set = distributes VMs across fault domains (racks) and update domains. Availability Zone = physically separate datacenters. Zones > Sets for HA.
5. Explain the concept of Azure Resource Groups.
Show answer
Azure Resource Groups are logical containers that hold related resources for an Azure solution. These resources can include virtual machines, storage accounts, virtual networks, and more. The main purpose of resource groups is to manage and organize resources, making it easier to deploy, monitor, and maintain solutions.Remember: resource group = logical container for Azure resources. Every resource must belong to exactly one group. Think 'folder for your cloud stuff.'
Gotcha: deleting a resource group deletes ALL resources inside it. Use resource locks to prevent accidental deletion.
6. How does Azure Cognitive Services enhance AI capabilities in applications?
Show answer
Azure Cognitive Services are a set of APIs and services provided by Microsoft to enable developers to incorporate AI capabilities into their applications without the need for extensive expertise in machine learning.Remember: Azure Cognitive Services = pre-built AI APIs for Vision, Speech, Language, and Decision. No ML expertise needed β just API calls.
7. Describe the difference between Azure Load Balancer and Application Gateway.
Show answer
Azure Load Balancer and Application Gateway are both networking services in Azure, but they serve different purposes.Azure Load Balancer:
* Purpose: Azure Load Balancer distributes network traffic across multiple servers to ensure that no single server is overwhelmed with too much traffic.<
Remember: Azure LB (Layer 4) vs. Application Gateway (Layer 7). LB for TCP/UDP, AppGW for HTTP/HTTPS with WAF, URL routing, and TLS termination.
8. Explain Azure Blob Storage lifecycle management.
Show answer
Azure Blob Storage lifecycle management is a policy-based mechanism to automatically manage the lifecycle of Blob Storage data. It helps optimize storage costs by transitioning and deleting data based on specified rules.Key Features:
Remember: Blob Storage = Azure's S3 equivalent. Three types: Block blobs (files), Append blobs (logs), Page blobs (disks).
9. Discuss the benefits and use cases of Azure Resource Graph.
Show answer
Azure Resource Graph is a service that allows you to explore and query Azure resources at scale using a query language. It provides a unified way to query and analyze resources across multiple subscriptions.Benefits:
* Fast and Scalable Queries:
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
10. Explain the role of Azure Functions in serverless automation and event-driven scenarios.
Show answer
Azure Functions is a serverless compute service that allows developers to run event-triggered functions without provisioning or managing servers. It supports a variety of programming languages, and functions can be triggered by various Azure services and external events.Role in Serverless Automation:
Remember: Azure Functions = AWS Lambda equivalent. Serverless compute, pay per execution. Consumption plan auto-scales to zero.
11. How does Azure Storage replication work, and what are the options available?
Show answer
Azure Storage replication is a mechanism to ensure data durability and availability by maintaining multiple copies of data across different physical locations. Azure Storage offers several replication options:Remember: Azure Cognitive Services = pre-built AI APIs for Vision, Speech, Language, and Decision. No ML expertise needed β just API calls.
12. What is the Azure Security Center? What are some of its features?
Show answer
It's a monitoring service that provides threat protection across all of the services in Azure.More specifically, it:
* Provides security recommendations based on your usage
* Monitors security settings and continuously all the services
* Analyzes and identifies potential inbound attacks
* Detects and blocks malware using machine learning
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
13. What's an Azure region?
Show answer
An Azure region is a set of datacenters deployed within an interval-defined and connected through a dedicated regional low-latency network.Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
14. Discuss the importance of Azure Blueprints in ensuring compliance in automated deployments.
Show answer
Azure Blueprints is a service in Azure that allows organizations to define a repeatable set of Azure resources and policies to help in deploying and managing environments with an emphasis on compliance and governance.Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
15. What "Durable Azure Function" are?
Show answer
[Microsoft Learn](https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-fundamentals/what-is-microsoft-azure): Durable Functions is an extension of Azure Functions that lets you write stateful functions in a serverless compute environment.Remember: Azure Functions = AWS Lambda equivalent. Serverless compute, pay per execution. Consumption plan auto-scales to zero.
16. How do you configure Single Sign-On (SSO) in Azure AD?
Show answer
Single Sign-On is a feature in Azure AD that enables users to access multiple applications with a single set of credentials.Configuration Steps:
* Azure AD Application Registration: Register each application in Azure AD that you want to enable for SSO.
Remember: Azure AD (now Entra ID) = identity provider for Azure. Users, groups, app registrations, conditional access, SSO.
17. What is Azure Policy?
Show answer
[Microsoft Learn](https://learn.microsoft.com/en-us/azure/governance/policy/overview): "Azure Policy helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, per-policy granularity.Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
18. What is the N-tier architecture?
Show answer
N-tier architecture divides an application into logical layers and physical tiers. Each layer has a specific responsibility. Tiers are physically separated, running on separate machines. An N-tier application can have a closed layer architecture or an open layer architecture. N-tier architectures are typically implemented as infrastructure-as-service (IaaS) applications, with each tier running on a separate set of VMsGotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
19. How does Azure Container Registry differ from Azure Container Instances?
Show answer
Azure Container Registry (ACR):Azure Container Registry is a managed Docker registry service that allows you to store, manage, and deploy container images.
Purpose: ACR is used for container image storage, ensuring secure and fast access to Docker images for deployment.
Azure Container Instances (ACI):
Remember: Azure Cognitive Services = pre-built AI APIs for Vision, Speech, Language, and Decision. No ML expertise needed β just API calls.
20. Differentiate between Azure Blob Storage and Azure Table Storage.
Show answer
Azure Blob Storage:* Data Type: Blob Storage is designed for storing large amounts of unstructured data, such as text or binary data.
* Usage: It is commonly used for storing and serving files, images, videos, and backups.
* Access Method: Accessed using HTTP/HTTPS through REST APIs.
Azure Table Storage:
Remember: Blob Storage = Azure's S3 equivalent. Three types: Block blobs (files), Append blobs (logs), Page blobs (disks).
21. Explain the concept of Azure DevOps Service Connections and their significance in automation workflows.
Show answer
Service Connections in Azure DevOps are configurations that securely link the platform to external services, such as Azure subscriptions, GitHub, or other CI/CD systems.Secure Authentication: Service Connections manage authentication and authorization details required for Azure DevOps to interact with external services.
Remember: Azure Cognitive Services = pre-built AI APIs for Vision, Speech, Language, and Decision. No ML expertise needed β just API calls.
Remember: Azure DevOps = Boards (work tracking) + Repos (Git) + Pipelines (CI/CD) + Test Plans + Artifacts. The all-in-one DevOps platform from Microsoft.
22. Explain Azure ExpressRoute and its use cases.
Show answer
Azure ExpressRoute is a dedicated, private connection between on-premises data centers and Azure, providing a more reliable and predictable connection than internet-based connections.Use Cases:
* Hybrid Cloud: Connect on-premises infrastructure to Azure, creating a hybrid cloud environment.
Remember: Azure Cognitive Services = pre-built AI APIs for Vision, Speech, Language, and Decision. No ML expertise needed β just API calls.
23. What is Azure VNet peering and how does it connect virtual networks?
Show answer
VNet peering enables connecting virtual networks. This means that you can route traffic between resources of the connected VNets privately through IPv4 addresses. Connecting VNets within the same region is known as regional VNet Peering, however connecting VNets across Azure regions is known as global VNet Peering.Remember: VNet = AWS VPC equivalent. Your private network in Azure with subnets, NSGs, and route tables.
24. How do you secure data in transit in Azure?
Show answer
Securing data in transit in Azure involves using encryption and secure communication protocols.SSL/TLS Encryption:
All communication to and from Azure services should use HTTPS (SSL/TLS) to encrypt data in transit.
Azure VPN Gateway:
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
25. Discuss the use cases and benefits of Azure Synapse Analytics (formerly SQL Data Warehouse).
Show answer
Integrated Analytics Service: Azure Synapse Analytics is an integrated analytics service that brings together big data and data warehousing.Formerly SQL Data Warehouse: It was formerly known as SQL Data Warehouse before being rebranded as Azure Synapse Analytics.
Use Cases:
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
26. What are the different types of Azure Storage and their use cases?
Show answer
* Azure Blob Storage: Ideal for storing large amounts of unstructured data, such as documents, images, and videos.* Azure Table Storage: Suited for semi-structured data, often used in scenarios requiring fast and flexible data storage.
* Azure Queue Storage: Provides scalable message queuing for building decoupled and distributed applications.
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
27. Explain the concept of Azure Arc and its role in hybrid cloud scenarios.
Show answer
Azure Arc is a set of services that extend Azure's management and services to any infrastructure, including on-premises, multi-cloud, and edge environments.Hybrid Cloud Management: It allows organizations to manage resources and deploy Azure services across a variety of environments.
Role in Hybrid Cloud:
Remember: Azure Cognitive Services = pre-built AI APIs for Vision, Speech, Language, and Decision. No ML expertise needed β just API calls.
28. Explain the use of Azure DevOps and its components.
Show answer
Azure DevOps is a comprehensive set of development tools and services for building, testing, deploying, and managing applications.Components:
* Azure Boards: Agile project management tools for planning, tracking, and discussing work across teams.
Remember: Azure Cognitive Services = pre-built AI APIs for Vision, Speech, Language, and Decision. No ML expertise needed β just API calls.
Remember: Azure DevOps = Boards (work tracking) + Repos (Git) + Pipelines (CI/CD) + Test Plans + Artifacts. The all-in-one DevOps platform from Microsoft.
29. How do you implement DDoS protection in Azure?
Show answer
Azure DDoS Protection:* Service: Azure DDoS Protection is a service that safeguards Azure applications from Distributed Denial of Service (DDoS) attacks.
* Automatic: Basic DDoS Protection is automatically applied to all Azure services at no additional cost.
Azure DDoS Protection Standard:
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
30. How does Azure DevTest Labs help in the development and testing process?
Show answer
Azure DevTest Labs is a service that enables developers and testers to quickly create and manage environments in Azure.Benefits:
* Cost Control: DevTest Labs allows administrators to set cost limits, ensuring that resources are used efficiently.
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
31. What Azure compute services are you familiar with?
Show answer
* Azure Virtual Machines* Azure Batch
* Azure Service Fabric
* Azure Container Instances
* Azure Virtual Machine Scale Sets
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
32. What are Azure Functions, and when would you use them?
Show answer
Azure Functions is a serverless compute service provided by Microsoft Azure, allowing you to run event-triggered functions without provisioning or managing servers.Use Cases: Azure Functions are ideal for scenarios where you need to execute code in response to events, such as HTTP requests, database changes, message queues, or timer-based triggers. They are suitable for microservices architectures, data processing, automation, and building lightweight APIs.
Remember: Azure Functions = AWS Lambda equivalent. Serverless compute, pay per execution. Consumption plan auto-scales to zero.
33. How do you integrate Azure DevOps with third-party tools for automation and collaboration?
Show answer
Service Hooks: Azure DevOps provides service hooks that enable integration with a wide range of external services and tools.Marketplace Extensions: The Azure DevOps Marketplace offers a variety of extensions and integrations for popular third-party tools and services.
Integration Steps:
Remember: Azure DevOps = Boards (work tracking) + Repos (Git) + Pipelines (CI/CD) + Test Plans + Artifacts. The all-in-one DevOps platform from Microsoft.
34. How does Azure DevOps facilitate release management, and what are release gates?
Show answer
Azure DevOps Release Management automates the deployment of applications through various environments, from development to production.Release Pipelines:
It utilizes release pipelines to define the stages and tasks involved in deploying an application release.
Release Gates:
Remember: Azure DevOps = Boards (work tracking) + Repos (Git) + Pipelines (CI/CD) + Test Plans + Artifacts. The all-in-one DevOps platform from Microsoft.
35. How does Azure Machine Learning support model training and deployment?
Show answer
Azure Machine Learning is a cloud-based service for building, training, and deploying machine learning models.End-to-End ML Lifecycle: It supports the entire machine learning lifecycle, from data preparation and model training to deployment and monitoring.
Model Training:
Remember: Azure Cognitive Services = pre-built AI APIs for Vision, Speech, Language, and Decision. No ML expertise needed β just API calls.
36. Explain the concept of OAuth and OpenID Connect in the context of Azure AD.
Show answer
OAuth:OAuth (Open Authorization) is an open standard for access delegation, allowing a user to grant third-party applications limited access to their resources without exposing credentials. In Azure AD, OAuth is used for authorization and token issuance.
OpenID Connect:
Remember: Azure AD (now Entra ID) = identity provider for Azure. Users, groups, app registrations, conditional access, SSO.
37. Discuss Azure Bastion and its advantages in securing remote access to Azure VMs.
Show answer
Azure Bastion is a fully managed platform service that provides secure and seamless Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Azure virtual machines directly from the Azure portal.Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
38. Explain the concept of Azure Blue-Green deployment.
Show answer
Azure Blue-Green Deployment is a deployment strategy that involves maintaining two identical environments, one serving as the "blue" environment (current production) and the other as the "green" environment (new version or update).Process:
Remember: Azure Cognitive Services = pre-built AI APIs for Vision, Speech, Language, and Decision. No ML expertise needed β just API calls.
39. Describe the scenarios where Azure File Storage is more appropriate than Azure Blob Storage.
Show answer
Azure File Storage and Azure Blob Storage serve different purposes, and the choice between them depends on the nature of the data and the usage scenarios:Azure File Storage: Suitable for scenarios where shared file access is required, such as:
Remember: Blob Storage = Azure's S3 equivalent. Three types: Block blobs (files), Append blobs (logs), Page blobs (disks).
40. Explain the Azure Firewall service and its features.
Show answer
Azure Firewall is a fully managed, cloud-based network security service that protects Azure Virtual Network resources.Features:
* Network Filtering: Azure Firewall filters both inbound and outbound traffic based on rules and FQDN filtering.
Remember: Azure Cognitive Services = pre-built AI APIs for Vision, Speech, Language, and Decision. No ML expertise needed β just API calls.
41. Describe the purpose of Azure Batch.
Show answer
Azure Batch is a cloud-based job scheduling service that enables the parallel processing of large volumes of data.Purpose: It is designed for running parallelizable, high-performance computing (HPC), and batch processing workloads efficiently in the cloud.
Key Features and Use Cases:
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
42. What is the Azure Resource Manager (ARM) and how does it differ from classic deployment?
Show answer
Azure Resource Manager (ARM) is the deployment and management service provided by Microsoft Azure for organizing and managing resources within a cloud environment. It allows you to deploy and manage resources in a declarative manner using JSON templates. ARM provides a consistent management layer that enables you to create, update, and delete resources in your Azure subscription.Remember: ARM templates = Azure's CloudFormation. JSON/Bicep templates defining infrastructure as code. Bicep is the preferred modern syntax β it compiles to ARM JSON.
43. How does Azure Sentinel contribute to security information and event management (SIEM)?
Show answer
Azure Sentinel is a cloud-native security information and event management (SIEM) solution provided by Microsoft Azure. It helps organizations collect, analyze, and respond to security events and incidents across their entire environment.Key Contributions to SIEM:
* Data Collection:
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
44. Explain the difference between Azure Virtual Machines and Azure App Services.
Show answer
Azure Virtual Machines (VMs):* Definition: Azure VMs are scalable, on-demand virtualized computing resources that allow the deployment of custom applications and services.
* Control: VMs provide full control over the operating system, applications, and runtime environment.
Remember: App Service = PaaS for web apps. Supports .NET, Java, Python, Node.js, PHP. Built-in CI/CD, custom domains, TLS, autoscaling.
45. Discuss the role of Azure Resource Manager (ARM) templates in infrastructure as code.
Show answer
ARM Templates in Infrastructure as Code (IaC): are JSON files that define the infrastructure and configuration of Azure resources in a declarative manner.Role in IaC:
* Automated Deployment: ARM templates enable the automated deployment of infrastructure, ensuring consistency and repeatability.
Remember: ARM templates = Azure's CloudFormation. JSON/Bicep templates defining infrastructure as code. Bicep is the preferred modern syntax β it compiles to ARM JSON.
46. How do you scale Azure Virtual Machines horizontally and vertically?
Show answer
Horizontal scaling, also known as scaling out, involves adding more instances of the application across multiple VMs.Use Cases: It is suitable for scenarios with varying workloads or increased demand, distributing the load across multiple VMs.
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
47. Describe Azure Security Center and its capabilities.
Show answer
Azure Security Center is a unified security management system that provides advanced threat protection across hybrid cloud workloads.Capabilities:
* Threat Protection: It continuously monitors and detects security threats, providing insights into potential vulnerabilities and attacks.
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
π΄ Hard (23)¶
1. How does Azure Key Vault manage and safeguard cryptographic keys and secrets?
Show answer
Azure Key Vault is a cloud service that allows the secure storage and management of sensitive information, such as cryptographic keys, secrets, and certificates.Centralized Key Management: It provides a centralized location for managing and safeguarding cryptographic assets used by cloud applications and services.
Key Management:
Remember: Key Vault = Azure's secrets manager. Stores keys, secrets, and certificates. Integrates with RBAC and managed identities for zero-secret deployments.
2. Explain what's Azure Resource Manager
Show answer
From [Azure docs](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview): "Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment."Remember: Azure Cognitive Services = pre-built AI APIs for Vision, Speech, Language, and Decision. No ML expertise needed β just API calls.
3. Explain the concept of Azure Confidential Computing and its implications for security.
Show answer
Azure Confidential Computing is a set of services and technologies designed to protect data during processing by keeping it encrypted in memory.Hardware-Based Security: It leverages hardware-based security features, such as Intel SGX (Software Guard Extensions), to create secure enclaves for processing sensitive data.
Implications for Security:
Remember: Azure Cognitive Services = pre-built AI APIs for Vision, Speech, Language, and Decision. No ML expertise needed β just API calls.
4. How do you use Azure PowerShell and Azure CLI for automation?
Show answer
Azure PowerShell is a module that provides cmdlets to manage Azure resources using PowerShell scripting.Usage:
* Installation: Install the Azure PowerShell module.
* Authentication: Connect to an Azure account using Connect-AzAccount.
* Cmdlets: Use cmdlets like New-AzResourceGroup or New-AzVM to create and manage resources.
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
5. Describe the principles of Infrastructure as Code (IaC) and how it is implemented in Azure.
Show answer
Declarative Configuration: IaC involves defining infrastructure configurations in a declarative manner using code, specifying the desired state of the infrastructure.Version Control: Infrastructure configurations are treated as code and stored in version control systems, enabling change tracking, collaboration, and rollbacks.
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
6. Describe the benefits and use cases of Azure Automation State Configuration (DSC).
Show answer
Azure Automation State Configuration is a cloud-based service that allows the configuration management of virtual and physical machines in Azure and on-premises environments.Puppet and Chef Integration: It leverages technologies like Puppet and Chef for configuration drift detection and automatic remediation.
Benefits and Use Cases:
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
7. Describe the process of implementing Just-In-Time (JIT) access in Azure Security Center.
Show answer
Just-In-Time (JIT) access in Azure Security Center is a feature that allows administrators to temporarily open inbound ports on Azure virtual machines for a specific period, reducing the exposure to potential security threats. The process involves the following steps:* Enable JIT Access:
* Access the Azure Security Center.
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
8. Discuss the role of Azure DevOps Repos in version control and source code management.
Show answer
Version Control System: Azure DevOps Repos is a version control system integrated into Azure DevOps that supports both Git and Team Foundation Version Control (TFVC).Source Code Management (SCM): It provides a centralized location to store and manage source code, enabling collaboration among development teams.
Role in Version Control:
Remember: Azure DevOps = Boards (work tracking) + Repos (Git) + Pipelines (CI/CD) + Test Plans + Artifacts. The all-in-one DevOps platform from Microsoft.
9. How does Azure Active Directory differ from on-premises Active Directory?
Show answer
Azure Active Directory (AAD):Cloud-Based: Azure AD is a cloud-based identity and access management service provided by Microsoft Azure.
Identity as a Service: It serves as a centralized identity platform for managing and authenticating users for Azure services and other integrated applications.
On-Premises Active Directory:
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
10. Discuss the advantages and disadvantages of using Azure Kubernetes Service (AKS) compared to Azure Service Fabric.
Show answer
Azure Kubernetes Service (AKS):* Advantages:
* Scalability: AKS provides robust scaling capabilities, making it suitable for applications with variable workloads.
* Ecosystem Support: It has broad community and industry support, with a vast ecosystem of tools and integrations.
Remember: AKS = Azure Kubernetes Service. Free control plane (you pay only for worker nodes). Integrates with Azure AD, ACR, and Azure Monitor.
11. Explain Azure Blueprints and their role in governance.
Show answer
Azure Blueprints are a service that allows organizations to define a repeatable set of Azure resources and policies to deploy and manage environments consistently.They play a key role in governance by ensuring that environments are configured according to organizational standards and compliance requirements.
Role in Governance:
Remember: Azure Cognitive Services = pre-built AI APIs for Vision, Speech, Language, and Decision. No ML expertise needed β just API calls.
12. Discuss Azure AD Connect and its role in identity synchronization.
Show answer
Azure AD Connect is a tool provided by Microsoft that facilitates the synchronization of on-premises Active Directory identities with Azure Active Directory. It ensures that identity information, including user accounts, groups, and attributes, is consistent between on-premises and Azure AD.Role in Identity Synchronization:
Remember: Azure AD (now Entra ID) = identity provider for Azure. Users, groups, app registrations, conditional access, SSO.
13. Discuss Azure Defender and its role in protecting cloud resources.
Show answer
Azure Defender is a cloud-native security solution provided by Microsoft that helps protect Azure resources from threats and vulnerabilities.Unified Security Center: It is part of Azure Security Center, a unified security management system for monitoring and responding to security threats.
Role in Protecting Cloud Resources:
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
14. What's an Azure Resource Group?
Show answer
From [Azure docs](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal): "A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group."Remember: resource group = logical container for Azure resources. Every resource must belong to exactly one group. Think 'folder for your cloud stuff.'
Gotcha: deleting a resource group deletes ALL resources inside it. Use resource locks to prevent accidental deletion.
15. How do you implement Role-Based Access Control (RBAC) in Azure?
Show answer
* Define Roles: Identify the built-in or custom roles that align with the required access levels.* Assign Roles: Assign roles to Azure AD users, groups, or service principals based on their responsibilities.
* Scope Assignments: Specify the scope of the role assignment, which can be at the subscription, resource group, or resource level.
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
16. How do you set up and use Azure Log Analytics?
Show answer
Azure Log Analytics is a service that collects and analyzes telemetry data from various sources, providing insights into the performance and health of applications and resources. It can collect logs from Azure resources, virtual machines, on-premises systems, and custom logs.Setup and Usage:
* Create a Log Analytics Workspace:
Remember: Azure Monitor collects metrics and logs. Log Analytics uses KQL (Kusto Query Language) for analysis. Application Insights adds APM tracing for web apps.
17. Explain the role of Azure AD Identity Protection in detecting and mitigating security risks.
Show answer
Azure AD Identity Protection is a cloud-based service that helps organizations safeguard their identities from security risks. It plays a crucial role in detecting and mitigating security risks by employing the following mechanisms:Risk Detection:
Remember: Azure AD (now Entra ID) = identity provider for Azure. Users, groups, app registrations, conditional access, SSO.
18. How do you implement conditional access policies in Azure AD?
Show answer
Conditional Access Policies in Azure AD: Conditional Access Policies are rules that control access to applications and resources based on specific conditions, such as user location, device health, or multifactor authentication status.Implementation Steps:
* Access Azure Portal: Go to the Azure portal and navigate to Azure Active Directory.
Remember: Azure AD (now Entra ID) = identity provider for Azure. Users, groups, app registrations, conditional access, SSO.
19. Discuss the differences between Azure DNS and Azure Traffic Manager.
Show answer
Azure DNS:* Service: Azure DNS is a scalable and secure domain hosting service.
* Purpose: It translates human-readable domain names into IP addresses, serving as a DNS resolution service.
* Integration: Often used for hosting domain records for Azure services.
Azure Traffic Manager:
Remember: Traffic Manager is DNS-based (Layer 7), not a proxy. It returns the best endpoint IP; clients connect directly. Routing methods: Priority, Weighted, Performance, Geographic, Multivalue, Subnet.
20. Differentiate between Azure Virtual Network and Azure VPN Gateway.
Show answer
Azure Virtual Network (VNet):Azure Virtual Network is a network service that enables the creation of private, isolated, and securely connected networks in Azure. VNets allow the deployment of Azure resources, such as virtual machines, into a logically isolated network to ensure secure communication and control over IP addressing.
Remember: VNet = AWS VPC equivalent. Your private network in Azure with subnets, NSGs, and route tables.
21. Explain Azure Key Vault and its use cases.
Show answer
Azure Key Vault is a cloud service that enables the secure storage and management of sensitive information such as secrets, encryption keys, and certificates.Key Vault is used to safeguard and manage cryptographic keys and secrets used by cloud applications and services. Common use cases include storing database connection strings, API keys, and certificates securely.
Remember: Key Vault = Azure's secrets manager. Stores keys, secrets, and certificates. Integrates with RBAC and managed identities for zero-secret deployments.
22. How can Azure Policy be used to enforce security and compliance in an Azure environment?
Show answer
Azure Policy is a service in Azure that enables organizations to create, assign, and manage policies to enforce rules and settings across their resources. It plays a crucial role in enforcing security and compliance in an Azure environment by:* Policy Definition: Defining policies that specify rules and conditions for resource configurations.
Gotcha: Azure documentation and naming evolve rapidly (e.g., Azure AD -> Entra ID). Always verify service names and features against current docs.
23. Discuss the differences between Azure Monitor and Azure Security Center.
Show answer
Azure Monitor:Monitoring Service: Azure Monitor is primarily a monitoring service that provides a comprehensive solution for collecting, analyzing, and acting on telemetry data from Azure resources. It focuses on monitoring performance, availability, and usage metrics, providing insights into the health and performance of applications and resources.
Remember: Azure Monitor collects metrics and logs. Log Analytics uses KQL (Kusto Query Language) for analysis. Application Insights adds APM tracing for web apps.