Practice Test
True or False: You can use a private endpoint to provide secure and private IP address access to Azure Storage.
- True
- False
Answer: True
Explanation: Azure Private Link allows you to enable private access to your storage accounts from a Virtual Network (VNet).
Which Azure service does not support private endpoints?
- A) Azure Cosmos DB
- B) Azure Kubernetes Service
- C) Azure Functions
- D) Azure Virtual Machines
Answer: D) Azure Virtual Machines
Explanation: Private Endpoints are not supported by Azure Virtual Machines. They are typically used with PaaS services like Azure Cosmos DB, Azure Kubernetes Service, and Azure Functions.
With Azure Private Link, can you connect your virtual network to the service using Microsoft’s backbone network?
- A) Yes
- B) No
Answer: A) Yes
Explanation: Azure Private Link connects your virtual network to services in the Azure platform or your own services through Microsoft’s backbone network.
True or False: You cannot add multiple private endpoints to a single subnet.
- True
- False
Answer: False
Explanation: Multiple private endpoints can be added to a single subnet. They do not need to be in the same region as the subnet.
True or False: Private Endpoint can be assigned any IP from the subnet space.
- True
- False
Answer: True
Explanation: A private endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link.
Can private endpoints be created for a PaaS service in a different region than the VNet?
- A) Yes
- B) No
Answer: A) Yes
Explanation: The private endpoint and the VNet do not have to be in the same region.
Which DNS type should be used for private endpoints?
- A) Azure-provided DNS
- B) Private DNS zones
- C) Public DNS zones
- D) All of the above
Answer: B) Private DNS zones
Explanation: By default, Azure-provided DNS can be used but it is recommended to use private DNS zones for better control and flexibility.
Private endpoints provide which network connectivity to PaaS services?
- A) Internet-based
- B) On-premises network-based
- C) Private network-based
- D) Both A and B
Answer: C) Private network-based
Explanation: Private endpoints provide private network connectivity to Azure PaaS services and not Internet-based or On-premises network-based connectivity.
True or False: Azure Private Link supports mapping to a specific service instance.
- True
- False
Answer: True
Explanation: Azure Private Link indeed supports the mapping of a private endpoint to a specific instance of a PaaS service.
Can on-premises clients, connected via VPN or ExpressRoute, connect to a storage account via private endpoints?
- A) Yes
- B) No
Answer: A) Yes
Explanation: On-premises clients that connect to a VNet using VPN or ExpressRoute can connect to a storage account through the Private Endpoint.
True or False: Once an Azure private endpoint is created, it cannot be deleted.
- True
- False
Answer: False
Explanation: Azure Private Endpoint can be deleted the same way it’s created, through the Azure portal, Azure CLI, PowerShell, or the REST API.
Which of the following is not a step in creating a private endpoint in Azure?
- A) Select the service to which you want to connect
- B) Create a new Network Interface Card (NIC)
- C) Configure the IP settings for the private endpoint
- D) Enable automatic approval for the connection
Answer: B) Create a new Network Interface Card (NIC)
Explanation: Network Interface Card (NIC) is not part of the steps when creating a private endpoint. NICs are not used directly but are created and managed by Azure as part of the Private Endpoint.
True or False: Network policies like NSGs and UDRs apply to Private Endpoints.
- True
- False
Answer: False
Explanation: While NSGs and UDRs are standard network controls, they don’t apply to Private Endpoints because the inbound traffic is handled before these controls would be applied.
Is it mandatory to connect your private endpoint to a Virtual Network (VNet)?
- A) Yes
- B) No
Answer: A) Yes
Explanation: A Private Endpoint connects to an Azure service securely. It must be connected to a Virtual Network (VNet).
True or False: You can only use Private Link with Azure PaaS services.
- True
- False
Answer: False
Explanation: Besides Azure PaaS services, with Azure Private Link you can also access your own services in a private and secure manner.
Interview Questions
What is a Private Endpoint in Azure?
A Private Endpoint in Azure is a network interface that connects you privately and securely to a service powered by Azure Private Link. It provides a secure and direct connection to Microsoft’s services within a customer’s virtual network.
How are Private Endpoints and service endpoints different in Azure?
While both Private Endpoints and service endpoints in Azure offer private connectivity, they work differently. Service endpoints apply to an entire subnet and make the whole subnet private, while Private Endpoints are specific only to the resource.
How does Azure Private Endpoint provide secure connectivity?
Azure Private Endpoint provides secure connectivity by ensuring that access to the services is over a private network only. All the traffic between the client application in your own virtual network and the service traverses only over the Azure network.
What is the role of Private Link service with relation to Private Endpoint?
Azure Private Link service allows you to access and consume the services running in your own or partner’s Azure virtual network as a Private Endpoint. It enables you to share your network service privately with others in Azure.
Can a private endpoint’s data transfer occur across regions?
No, private endpoint data transfer can only occur within the same region. Private-endpoint-connected services do not accept connections from private endpoints in other regions.
Which protocols do private endpoints support?
Private Endpoints only support TCP. UDP is not currently supported.
What happens to my service once I enable a private endpoint to it in Azure?
Once a private endpoint is enabled to your service in Azure, all the traffic is directed to this private endpoint. The data transfer between your network and the service happens over the Azure backbone network, providing reliable and secure connectivity.
Can you connect to Azure SQL Database using Private Link?
Yes, you can connect to Azure SQL Database using Azure Private Link which improves security by avoiding exposure to the public internet.
Can Private Endpoints be used with services behind Azure Firewalls?
No, Private Endpoints cannot be used with services behind Azure Firewalls. NAT rules in Azure Firewall prevent the use of Private Endpoints effectively.
Can a virtual network-connected to an Azure private endpoint be peered with another network?
Yes, peering relationships can be established between networks connected to Azure private endpoints.
How can I monitor the Private Endpoint in Azure?
Azure provides built-in diagnostics settings in Private Endpoint to monitor the activity. Diagnostic logs and metrics can be stored in Log Analytics, Storage Account, or Event Hubs.
Can you use Azure Private Links and Azure ExpressRoute together?
Yes, in certain scenarios Azure Private Link and Azure ExpressRoute can be used together. Azure Private Link provides private access to services on the Azure platform while ExpressRoute provides private access to your infrastructure on Azure.
Can I assign a private endpoint to a different subscription than service resource?
Yes, a private endpoint can be in a different subscription than the service resource as long as both are under the same Azure Active Directory tenant.
Can Private Endpoints be used with Azure Load Balancer?
No, Private Endpoints cannot be used with Azure Load Balancer.
What is the use of Network Policy in Azure Private Endpoint?
Network policies like Network Security Groups (NSG) and Azure Firewall are used to restrict traffic towards the Azure Private Endpoint. They are applied on the network where the endpoint is located and not on subnet level.
extutorials.com