The AZ-104 Microsoft Azure Administrator exam is a crucial one for professionals looking to substantiate their credentials in the Azure administration domain. Among the various topic areas that the examination covers, one of the key areas is ‘Configure networking settings.’ The networking aspect in Azure covers a wide range of services and features that enable users to set up and manage their networks effectively in the cloud.
Understanding Virtual Networking
The first step to network configuration in Azure is understanding Azure Virtual Networks (VNet). They play a crucial role by enabling Azure resources like VMs to establish secure, private connections with one another. Our ability to protect our VNet resources hinges on understanding network security groups (NSGs), their rules, and how they help enforce your network’s security environment.
Configuring Network Settings
Azure offers a host of settings to manage and configure VNet including:
- DNS servers: By default, Azure provides an internal DNS. However, you might require custom DNS settings which you can configure during the creation of a VNet or after it.
-
Subnets: Azure VNets can have one or more subnets to separate network segments within your VNet. For example:
az network vnet subnet create --name mySubnet --resource-group myResourceGroup --vnet-name myVNet --address-prefixes 10.0.0.0/24 - Network Security Group (NSGs): These contain a list of Access Control List (ACL) rules that permit or reject network traffic based on its source and destination, protocol, and port range. When creating a subnet, Azure automatically assigns it an NSG (`default`).
IP Addressing Conclusion
While managing Azure networks, be acquainted with the two types of IP addresses:
- Public IP addresses: These IPs enable Azure resources to communicate outbound to the Internet and public-facing Azure services.
- Private IP addresses: These IPs are used for communication between resources in a VNet, an on-premises network and a peered VNet.
Network Peering
When two VNets are connected directly through gateways and the connections between them are authorized alternatively, they can connect directly without the need for a gateway. This connection is referred to as VNet Peering. When creating a peering connection, you’ll be able to define the configurations between the virtual networks.
Understanding Tools for Network Troubleshooting
Azure provides several monitoring, diagnosing, and analysis tools for network troubleshooting:
- Network Performance Monitor: Helps identify the network connectivity issues.
- Network Watcher: Records and visualizes network traffic filtering and routing for diagnostic and visual confirmation of the configured network setup.
To pass the AZ-104 exam, candidates must be comfortable in configuring network settings in Azure. This includes the understanding of the concepts of VNets, subnets, IP addressing, NSGs, DNS settings, and use of Azure tools for troubleshooting. Moreover, hands-on practice can greatly help in understanding how to implement these concepts in a real world Azure environment. The provided examples and commands can serve as a starting point for your practice.
This detailed knowledge will not only help you with the AZ-104 exam, but also lay a firm foundation for your Azure Administration expertise. Be sure to leverage Microsoft’s own extensive Azure documentation for an in-depth understanding of the services and features.
Practice Test
True or False: Azure Firewall allows you to configure both inbound and outbound IP addresses.
- True
- False
Answer: True
Explanation: Azure Firewall supports both source and destination IP addresses with the functionality to apply inbound and outbound filtering policies.
How many types of Azure virtual networks are there?
- A. One
- B. Two
- C. Three
- D. Four
Answer: B. Two
Explanation: There are two types of Azure virtual networks: regional and global.
True or False: You cannot resize an Azure VPN Gateway after it’s been created.
- True
- False
Answer: False
Explanation: You can adjust the size of the Azure VPN Gateway in the Azure portal after the gateway has been created.
Which of the following is not a correct way to restrict network access in your Virtual Network?
- A. Network Security Group (NSG)
- B. Azure Firewall
- C. Azure ExpressRoute
- D. Azure Private Link
Answer: C. Azure ExpressRoute
Explanation: Azure ExpressRoute is a service that connects your on-premises infrastructure to Azure, it’s not used to restrict network access.
True or False: You can add multiple network interfaces to a VM in Azure.
- True
- False
Answer: True
Explanation: Each VM in Azure can have multiple attached network interface cards (NICs).
In Azure, you can use load balancers to manage traffic for which of the following?
- A. Virtual machines
- B. Kubernetes services
- C. Both A and B
- D. Neither A nor B
Answer: C. Both A and B
Explanation: Azure load balancers are used to distribute network traffic across a set of servers, which could include virtual machines or Kubernetes services.
True or False: You can configure Azure DNS private zones to resolve domain names in your virtual network.
- True
- False
Answer: True
Explanation: Azure DNS private zones provide secure and reliable name resolution for virtual machines within a single virtual network or across multiple virtual networks.
Which of the following can be used to ensure your Azure services remain available if a single data center goes offline?
- A. Availability zones
- B. Availability sets
- C. Azure traffic manager
- D. All the above
Answer: D. All the above
Explanation: All three options help in creating redundancy in your applications, which ensures your services remain available if a single data center fails.
True or False: You can create a VPN between your on-premises network and Azure Virtual Network.
- True
- False
Answer: True
Explanation: VPN gateways can be used to set up a secure site-to-site VPN connection between your on-premises network and your Azure Virtual Network.
Which of the following would you use to establish a dedicated, private connection to Azure?
- A. Azure ExpressRoute
- B. Azure VPN Gateway
- C. Azure Private Link
- D. Azure Traffic Manager
Answer: A. Azure ExpressRoute
Explanation: Azure ExpressRoute is a service that enables you to create private connections between Azure data centres and infrastructure on your premises or in a co-location environment.
Interview Questions
What is the role of a Network Security Group (NSG) in Azure?
A Network Security Group (NSG) in Azure is used to filter network traffic to and from Azure resources in an Azure virtual network. It includes a list of security rules that allow or deny network traffic to resources.
What is Azure VNet Peering?
Azure VNet Peering is a mechanism that connects two Azure virtual networks (VNets). With VNet Peering, the two connected networks appear as one for connectivity purposes.
How do you configure Azure VNet Peering?
Azure VNet Peering can be configured through the Azure portal by selecting peering under settings in the VNet, then adding a new peering by specifying the peering details and creating the peering.
What is Azure Load Balancer?
Azure Load Balancer is a high-performance and scalable structural feature in Microsoft Azure that can distribute network traffic among many servers.
What is Azure VPN Gateway?
Azure VPN Gateway connects your on-premises networks to Azure through Site-to-Site VPNs similar to how you would set up and connect to a remote branch office.
What are Network Watcher and its uses in Azure?
Network Watcher is a regional service in Azure that provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network.
How to create a virtual network in Azure?
A virtual network in Azure can be created by going to the Azure portal, clicking on “Create a resource”, searching for “Virtual network”, then providing the necessary details (name, address space, subscription, resource group, location, etc) and clicking “Create”.
How to Configure a Static IP Address for a VM in Azure?
To configure a static IP address for a VM in Azure, navigate to the VM to be configured, select the network interface, and then under settings, select IP configurations, choose the IP to be configured and switch assignment from Dynamic to Static.
What is Azure ExpressRoute?
Azure ExpressRoute allows you to extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider.
What are User-Defined Routes in Azure?
User-defined routes are custom routes in a route table that control where traffic is directed in Azure. It can be used to route traffic through a network virtual appliance for inspection, to the internet, or to a virtual network gateway.
Which protocol does Azure use to secure network traffic?
Azure uses the Internet Protocol Security (IPSec) protocol to secure network traffic.
How do you add a subnet to an Azure virtual network?
A subnet can be added to an Azure virtual network by going to the network menu in the Azure portal, selecting the network that needs a new subnet and clicking on subnets. Then select +subnet, provide the name and address range, and create the subnet.
What is Azure Application Gateway?
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications.
How do you configure Load Balancing rules in Azure Load Balancer?
To configure Load Balancing rules in Azure Load Balancer, go to the Azure portal, select Load Balancers, and choose the specific load balancer. In its settings, choose Load balancing rules, then select Add to create a new rule. Configure the required settings and save the rule.
What is the function of Azure Traffic Manager?
Azure Traffic Manager is a DNS-based traffic load balancer that distributes traffic optimally to services across global Azure regions while providing high availability, responsiveness, and fault tolerance.
extutorials.com