Interview questions for Azure

1. Is it possible to host the VM in another region and connect to a different region?

Yes, you need to set up the interconnectivity while creation the V-net (Virtual Network) to V-net (Virtual Network) connection between both the regions.

2. One of your clients escalated that his VM has been rebooted without intimating to him and you need to know logs who has rebooted the VM, how can get the details?

In that case, Activity logs will help, as any activity happens in VMs through the portal, you will get log alerts store in the activity logs, so you will go to activity logs and found that who has rebooted the VM and can share with clients after manager approval.

3. In your organization, you have some client who doesn’t want to give the subscription access, but they have given the PowerShell access, how you create the Storage account using PowerShell?

New-AzureRmStorageAccount -ResourceGroupName azure4you -Name azureint234 -SkuNameStandard_LRS -Location ‘East Us’

4. How to tag the resources using a command?

You should use the below command lets to tag the resources.
Set-AzureRmResourceGroup -Name “Azure4you.com” -Tag @{Department=”IT”}

5. What is the difference between Premium Storage Account and Standard Storage Account?

Premium Storage Accounts are backed by SSD Disk which provided resilience and better performance where standard Storage Accounts are backed by HDD (magnetic Disk) and Provides the maximum IOPS up to 500.

6. What is the difference between Managed Disk and Unmanaged Disk?

Managed Disk: In Managed disk storage accounts creation/Management done on the backend. It will help you with the scalability of storage accounts and backed by Standard/premium Tires.
Unmanaged Disk: Unmanaged disks are the disk in which you will create the storage accounts. Create the disk and Managed it by you and you need to make sure you can’t exceed the Storage limit up 20K IOPS while adding many disks which may throttle the VMs performance.

7. What is Site to Site VPN?

Azure Site to Site VPN will help you to connect to On-Premises Network to Azure Virtual Network Over an IPsec/IKE (IKEV1/IKEV2) VPN tunnel. Basically, this connection required a VPN device which a public-facing IP Address assigned to it.

8. Can an organization have more than one Azure Directory?

Yes, an organization is entitled to more than one Azure Directory.

9. What are the roles and responsibilities of an Azure Administrator?

security, and storage. Azure administrators are likewise expected to manage storage solutions for VM virtual hard disks, database files, user data, and application data.

10. Who utilizes an Azure Active Directory?

Azure AD is mainly intended for:
• IT Admins: IT Admins use Azure AD in order to regulate access to apps and app resources, as per the business requirements. They also use Azure AD to automate client provisioning between your current Windows Server AD and your cloud applications, which includes Microsoft 365 as well. Along with this, Azure AD also provides powerful tools to automatically help ensure user identities and credentials and to meet your access governance demands.
• App Developers: An Application Developer uses Azure AD as a guidelines-based methodology for adding a single sign-on (SSO) to your application, permitting it to work with a client’s pre-existing credentials. It also gives APIs that can help you construct a customized application experience utilizing existing organizational data.
• Online subscribers of Microsoft 365, Office 365, Azure, or Dynamics CRM: Online subscribers are already using Azure AD because it is provided with the Microsoft 365, Office 365, Azure, and Dynamics CRM online subscription. You can use it to control access to your integrated cloud applications.

11. Define Azure Virtual Machines?

Azure Virtual Machines are on-request computing resources or virtual machines that are offered by Microsoft Azure. We can normally utilize a VM as assistance when needed and shut down the system when not being used. These Virtual Machines are classified under the Infrastructure as a service (IaaS) bracket in Azure. With Azure Virtual Machines, we get more direction over the environment to modify the development environment or hosting.

The services offered by NSG help us allow or deny the explicit port to communicate with our services inside the subscription or outside of the subscription. It has rules that are:
• Inbound Rule: This rule determines the traffic approaching from the internet to VMs or particular services or VMs.
• Outboard Rules: This rule determines the traffic moving to the internet from your VMs or particular services or VMs.

13. How small and how large can VNets and subnets be?

The smallest supported IPv4 subnet is /29, and the largest is /2 (using CIDR subnet definitions). IPv6 subnets must be exactly /64 in size.
Can I connect to the internet from a VM in a VNet?
Yes. All VMs and Cloud Services role instances deployed within a VNet can connect to the Internet.

14.  A customer has Prod, Dev, and Test environments. How to implement a solution that each environment can’t connect to each other?

In that case, you can separate the environments while creating the different subnets for Prod, Dev, Test environments and apply the NSG on each subnet with specific deny rule which will not allow connecting to those environments.

15. What are the tools you will use to create the Vnets?

You can use the below tools to configure the Azure Vnets.
• Azure portal
• PowerShell
• Azure CLI

16. What is Azure AD Multi-Factor Authentication?

Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan.
Azure AD Multi-Factor Authentication works by requiring two or more of the following authentication methods:
• Something you know, typically a password.
• Something you have, such as a trusted device that is not easily duplicated, like a phone or hardware key.
• Something you are – biometrics like a fingerprint or face scan.

17. Your customer has configured the policy-based routing but due to the issue, he wants to change to route based configuration in Azure VPN, how you can deliver the solution?

Basically, the customer can’t change them or update their routing method directly as that is not supported by MS Azure. He must create the New connection use the method to route based on the new connection.
• First, you need to delete the Route based connection
• Delete the Gateway
• Then you will recreate the connection using Azure Portal, CLI or PowerShell.

18. What is Azure Active Directory?

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in:
External resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.
Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization.