Create and configure virtual networks and subnets

Practice Test

True or False: You can create and configure virtual networks and subnets using the Azure portal.

• True
• False

Answer: True

Explanation: The Azure portal provides an interface for creating and configuring virtual networks and subnets.

What are the primary purposes of virtual networks in Azure?

• A. Enable resources to communicate with each other
• B. Isolate resources from each other
• C. Provide a range of IP addresses to resources
• D. All of the above

Answer: D. All of the above

Explanation: Virtual networks serve to enable communication between resources, provide isolation for resources, and assign a range of IP addresses.

True or False: When creating a virtual network, it is required to create at least one subnet.

• True
• False

Answer: True

Explanation: While creating a virtual network, at least one subnet needs to be created to enable resources to communicate within the virtual network.

Can you associate multiple network security groups (NSGs) with a subnet in Azure?

• A. Yes
• B. No

Answer: B. No

Explanation: Only one network security group can be associated with a subnet in Azure.

Which command is used to create a new virtual network in Azure using Azure CLI?

• A. az network vnet create
• B. new-azvirtualnetwork
• C. az create vnet
• D. azure network vnet create

Answer: A. az network vnet create

Explanation: The ‘az network vnet create’ command is used to create a new virtual network in Azure using the Azure CLI.

True or False: IP addresses within a VNet subnet can overlap with IP addresses in another subnet on the same VNet.

• True
• False

Answer: False

Explanation: IP addresses within a VNet subnet must be unique and cannot overlap with IP addresses in another subnet on the same VNet.

What is the maximum number of subnets that you can create per virtual network in Azure?

• A. 256
• B. 1024
• C. 2048
• D. 4096

Answer: C. 2048

Explanation: The maximum number of subnets that can be created per virtual network in Azure is

You cannot add virtual machines to a subnet once it is created.

• A. True
• B. False

Answer: B. False

Explanation: Even after a subnet is created, you can add virtual machines to it.

True or False: A subnet can span multiple virtual networks.

• True
• False

Answer: False

Explanation: A subnet cannot span multiple virtual networks; it must reside within a single virtual network.

Which Azure service allows for the control of the flow of data for security and efficiency within a VNet?

• A. Azure Firewall
• B. Network Security Group
• C. ExpressRoute
• D. Virtual Network Gateway

Answer: B. Network Security Group

Explanation: Network Security Group provides security and controls the flow of data in a VNet by defining rules for incoming and outgoing traffic.

True or False: Azure automatically reserves the first and last IP address in each subnet.

• True
• False

Answer: True

Explanation: The first and last IP address of every subnet is reserved for protocol conformance.

In Azure, can we change the subnet’s address range after creating it?

• A. Yes
• B. No

Answer: B. No

Explanation: After creating a subnet in Azure, its address range cannot be changed.

A virtual network provides isolation at which level in Azure’s network model?

• A. Data link layer
• B. Network layer
• C. Transport Layer
• D. Application Layer

Answer: B. Network layer

Explanation: Azure provides isolation at the network layer by segregating parts of the Azure network through virtual networks.

What type of address space is used when creating a virtual network?

• A. IPv4
• B. IPv6
• C. Both
• D. None of the above

Answer: A. IPv4

Explanation: Currently, only IPv4 address space is supported when creating a virtual network in Azure.

True or False: Azure Virtual Network supports both TCP and UDP protocols.

• True
• False

Answer: True

Explanation: Azure Virtual Network supports both TCP and UDP protocols to provide network connectivity to resources.

Interview Questions

What is a virtual network in Microsoft Azure?

A virtual network in Azure is a logically isolated network on Azure which enables Azure resources to securely communicate with each other in the cloud.

What is a subnet within an Azure Virtual Network?

A subnet in Azure is a range of IP addresses in the VNet. You can divide a VNet into multiple subnets for organization and security. Each subnet is dedicated to a specific set of related services.

What is the purpose of Network Security Group in Azure Virtual Network?

Network Security Group (NSG) is used to filter network traffic to and from Azure resources in an Azure virtual network. It allows or denies traffic based on priority, protocol, source address and port, destination address and port, and access control.

How can you connect on-premises networks and Azure Virtual Networks?

On-premises networks can connect to Azure Virtual Networks through site-to-site (S2S) VPN, ExpressRoute, or Point-to-Site (P2S) VPN.

How do you create an Azure virtual network?

An Azure virtual network is created in the Azure portal, through Azure PowerShell, or the Azure CLI. It requires providing a name for the VNet, selecting a location (region), configuring the address range, and creating one or more subnets.

How does Azure assign IP addresses to resources in a VNet?

Azure assigns private IP addresses to resources from the address range that you specify when you create a VNet and its subnets. Azure manages IP address assignment and DNS within the VNet.

How do subnets enhance network security within Azure virtual networks?

Subnets provide enhanced security by segmenting the network, reducing the potential attack surface. Network Security Groups can be assigned to subnets, enabling rule-based access control for traffic entering or exiting the subnet, further enhancing security.

What is the Azure Load Balancer and how is it related to Azure Virtual Networks?

Azure Load Balancer is a network load balancer offering high availability by distributing incoming traffic among healthy service instances in cloud services or virtual machines in a VNet.

What is the role of user-defined routes in an Azure Virtual Network?

User-defined routes affect the flow of traffic within an Azure VNet. They are helpful in manually overriding Azure’s default system routes, or adding additional routes to a subnet’s route table.

Can you change the IP address space of a Virtual Network after it is created?

Yes, you can change the IP address spaces of a Virtual Network even after its creation, you can also add or remove IP addresses from the subnets.

How can you monitor network traffic in an Azure Virtual Network?

You can monitor network traffic in an Azure VNet using Azure Network Watcher. It provides tools for network troubleshooting and performance monitoring.

What is a VNet Peering in Azure?

VNet peering in Azure is the process that connects two Azure virtual networks, enabling them to communicate with each other directly using Azure backbone network.

How do you delete a subnet in Azure?

A subnet can be deleted from the Azure portal, Azure CLI, or Azure PowerShell, but it must not be in use by any resources. It can only be deleted if there are no resources, such as virtual machines or databases.

Can you connect Virtual Networks in the same Azure region?

Yes, you can connect Virtual Networks in the same Azure region using VNet peering.

What connectivity does Azure ExpressRoute provide?

Azure ExpressRoute allows you to create private connections between Azure datacenters and infrastructure on your on-premises or in a colocation environment. This connection is private and separate from the internet for increased reliability, speed, and security.