Answer: Microsoft Azure is a public cloud computing platform with physical data centers worldwide. It offers various services, including computing, analytics, storage, and networking. With Azure services, users can build, manage, and deploy applications efficiently.
Azure was originally introduced in 2008 as Project Red Dog, rebranded as Windows Azure in 2010, and then renamed to Microsoft Azure in 2014 to reflect its expanded capabilities beyond Windows.
Answer: Azure Offers A Wide Range Of Services, Including Computing, Storage, Databases, Networking, Migration, AI, Machine Learning, And More.
Answer: An Azure Subscription is an agreement between the customer and Azure.
The subscription allows customers to access Azure services, with billing based on consumption, known as Pay-As-You-Go.
Answer: In Azure, Pay-As-You-Go is a billing model where customers are charged based on their actual usage of resources and services. Instead of committing to a fixed monthly or yearly fee, customers pay only for the resources they use, such as computing, storage, and networking.
This model is ideal for businesses that need flexibility. It allows them to scale resources up or down based on demand and manage costs effectively.
Key Features of Pay-As-You-Go:
No Upfront Costs: Users don’t need to make an initial investment, as charges are based on consumption.
Flexible Scaling: Easily adjust resources to meet workload needs
Billed Monthly: Costs are typically calculated and billed monthly based on usage.
Also Read: Azure Certification Training
Answer: An Azure Resource Group is a logical container with related resources for an Azure solution.
It allows you to manage and organize resources efficiently.
Generally, we add resources sharing the same lifecycle to the same resource group so you can quickly deploy, update, and delete them.
If the Resource Group is deleted, then all resources within that Resource Group are automatically deleted.
Also Read: Azure Book Guides
Answer: Azure Resource Locks are very beneficial when you want to prevent accidental deletion and modifications in Azure environment
You can apply Azure Locks at Azure subscription, Resource Group, or individual Resource level.
There are two types of Azure locks: read-only lock and delete lock
Read-Only: - This Lock means authorized users can only read the resource, but they cannot delete or modify the resource. This lock prevents modification and deletion
Delete: - This Lock means authorized users can read and modify a resource, but they can't delete it. This lock prevents deletion only
Also Read: Get Azure Dumps
Answer: Azure Role-Based Access Control (Azure RBAC) is a system that provides fine-grained access to Azure resources.
Using Azure RBAC, you can segregate duties within your team and grant users only the access they need to perform their jobs.
In Azure Role-Based Access Control (RBAC), Job roles are there
Job Roles are predefined sets of permissions
RBAC allows you to grant specific permissions to users or groups at a particular scope
List of RBAC Job Roles
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Answer: The Scopes at which Role-Based Access Control (RBAC) can be assigned are
Answer: Azure Policy is a service that helps you enforce organizational standards and assess compliance at scale.
An example of Azure Policy is ensuring your team deploys Azure resources only to allowed regions.
Answer: Regions are physical locations around the world where Azure data centers are located.
Also Read: Online Azure Tutorial Videos
Answer: Azure Geography is a region grouping representing a distinct geographic area, typically a continent or part of a continent.
Geographies are designed to help organizations comply with regional data residency, sovereignty, and compliance requirements.
Geography contains multiple Regions and ensures data is kept within that geographic boundary.
Answer: Mircosoft Entra ID is Microsoft’s cloud-based identity and access management service.
It provides authentication and authorization services for users, groups, and applications.
Answer: Multi-factor authentication (MFA) requires an additional authentication factor, adding a layer of security beyond usernames and passwords, which enhances security in Mircosoft Entra ID.
Answer: Microsoft Entra ID comes with a default domain in the format of something.onmicrosoft.com
Custom domains can be added to the Mircosoft Entra ID by verifying domain ownership.
Answer: A User is an individual account, while a group is a collection of user accounts
Answer: In Microsoft Entra ID, if another administrator or non-administrator needs to manage Microsoft Entra ID, you assign them a Microsoft Entra ID role that provides the permissions they need. For example, you can assign roles to allow adding or changing users, resetting user password
The Top Role in Microsoft Entra ID is Global Admin
Global Admin Can manage all aspects of Microsoft Entra ID
List of Entra ID Roles
https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference
Answer: Entra ID Connect syncs on-premises AD with Microsoft Entra ID, enabling a unified identity across cloud and on-premises environments.
Answer : Owner: Full access to all resources, including delegating access to others.
Contributor: Can create and manage all types of Azure resources but cannot grant access to others.
Reader: Can view existing Azure resources but cannot make any changes
Answer: The principle of least privilege means users should have the minimum level of access necessary to perform their job functions. This reduces the risk of unauthorized access to sensitive data.
Answer: When we have Multiple Subscription, we can create Management Groups
Management Groups are containers that are used to organize subscriptions
You can apply RBAC Roles and Azure Policies on the management group
Answer: Directly changing the VNet of an Azure VM is not supported. However, the VM can be redeployed in a different VNet by creating a new VM with the same configurations.
Changing subnets within the same VNet is possible but it will require a restart of VM
Answer: Entra ID Roles control permission for managing Entra ID, while RBAC roles control permissions for managing Azure resources.
Answer: Azure Virtual Machines is an Infrastructure as a Service (IaaS) offering that allows you to create and manage virtual machines in the cloud.
You have full control over the operating system and can install and run any software on the VM.
An Azure virtual machine gives you the flexibility of virtualization without the need to buy and maintain the physical hardware that runs it.
However, you still need to maintain the virtual machine by performing tasks such as configuring, patching, and installing the software that runs on it.
Azure VMs allow you to choose from a wide range of configurations, including various sizes, operating systems (such as Windows or Linux)
Answer: IaaS means Azure is responsible for the underlying infrastructure (i.e. Compute, Storage, Networking, and Virtualization), but the customer is responsible for managing the operating system, critical patches on the operating system, and installation of applications on the operating system example of IaaS is Virtual Machine (VM).
Answer: Boot Diagnostics is enabled by default while creating a VM.
It gives an idea of the boot status of the VM.
It helps to diagnose boot failure if the VM gets into a non-bootable state.
Boot diagnostics enables a user to observe the state of their VM as it is booting up by collecting serial log information and screenshots.
Answer: Azure Virtual Machine (VM) sizes are designed to provide a wide range of options for hosting your servers and their workloads in the cloud.
Sizes are categorized into different families and types, each optimized for specific purposes.
Users can choose the most suitable VM size based on their requirements, such as CPU, memory, storage,
Answer: General-purpose VM sizes provide a balanced CPU-to-memory ratio. They are ideal for testing and development, small to medium databases, and low-to-medium-traffic web servers.
Compute-optimized VM sizes have a high CPU-to-memory ratio. These sizes suit medium-traffic web servers, network appliances, batch processes, and application servers.
Memory-optimized VM sizes offer a high memory-to-CPU ratio that is great for relational database servers, medium to large caches, and in-memory analytics.
Storage-optimized virtual machine (VM) sizes offer high disk throughput and IO and are ideal for Big Data, SQL, and NoSQL databases, data warehousing, and large databases.
GPU-optimized VM sizes are specialized virtual machines available with single, multiple, or fractional GPUs. They are designed for compute-intensive, graphics-intensive workloads.
Azure High-Performance Compute VMs are optimized for various HPC workloads such as rendering, weather simulation, and financial risk analysis.
Answer: When an Azure VM is in a "Stopped" state, the operating system is powered off, but the underlying compute resources (such as CPU and memory) are still allocated and reserved for that VM; since compute resources are still allocated, You continue to incur costs for the VM.
"Stopped (Deallocated)" is a different state that indicates the VM has been powered off, and all its compute resources (CPU, memory, etc.) have been released back to Azure. Since compute resources are released, you no longer incur costs for VM.
Answer: Auto-Shutdown will automatically move the VM to Stopped-Deallocated at the scheduled time.
This will lead to savings in VM Costs.
Answer: VM sizes can be adjusted in the Azure portal by stopping the VM and selecting a new size.
Answer: A virtual network is a representation of your own network in the cloud
You can create your own Isolated Network in Azure Cloud
Key scenarios that you can accomplish with a virtual network include:
Communication of Azure resources with the internet.
Communication between Azure resources.
Communication with on-premises resources.
Answer: Recommended Azure VNET Range
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
Answer: A Subnet is a range of IP addresses in the VNET. You can divide a VNET into multiple subnets
A subnet is part of VNET
Answer: Azure reserves the first four addresses and the last address, for a total of five IP addresses within each subnet.
For example, the IP address range of 192.168.0.0/24 has the following reserved addresses:
192.168.0.0: Network address.
192.168.0.1: Reserved by Azure for the default gateway.
192.168.0.2, 192.168.0.3: Reserved by Azure to map the Azure DNS IP addresses to the virtual network space.
192.168.0.255: Network broadcast address.
Answer: Public IPs allow internet access, while Private IPs are internal and used within VNets.
Answer: By default 2 VNET cannot communicate with each other
To enable communication between them we need to create Peering between 2 VNET
We can peer between VNET in same Region known as local Peering or Different Region known as Global Peering
Both VNET Address Space should be different
No downtime is required while creating peering
Answer: Availability Zones are isolated locations within a region, designed to provide high availability and fault tolerance.
Availability Zones is a datacenter
The Number of Availability Zone in that Region will be 3
Each Availability Zone has separate power, network and cooling
All Availability Zone are connected to each other with high speed fiber and have less than 2ms latency
If one Availability Zone fails it does not impact other Zone
Answer: With Availability Set Azure ensure that the VM are created across Different physical rack and Host in same Data Center
Answer: Fault Domains prevent single points of hardware failure, while Update Domains allow updates without disrupting VMs in an Availability Set.
Answer: Proximity Placement Groups ensure low-latency, high-performance communication by placing VMs close to each other.
Answer: Availability Zones protect against entire data center failures, while Availability Sets protect against hardware failures within a single data center.
Answer: Azure managed disks are block-level storage volumes that are managed by Azure and used with Azure Virtual Machines.
Managed disks are like physical disks in an on-premises server, but they're virtualized.
With managed disks, all you have to do is specify the disk size, specify the disk type, and provision the disk. After you provision the disk, Azure handles the rest.
The available types of managed disks are ultra-disks, premium solid-state drives (SSDs), standard SSDs, and standard hard disk drives (HDDs)
Answer: OS Disk stores the operating system, Data Disk stores application data, and Temporary Disk is used for paging purpose.
Answer: NSG is a firewall that is used to filter traffic
NSG consists of firewall rules that control inbound and outbound traffic to Azure resources.
NSG can be attached to the Subnet of the VM or it can be attached to the NIC of the VM, or both
When NSG is attached to a subnet, then the NSG rules are applied to all the Virtual Machines in that subnet.
Answer: Azure Cost Management helps organizations monitor, control, and optimize their spending on Azure resources. Here are key ways to manage Azure costs effectively:
Define budgets for subscriptions, resource groups, or specific resources and set alerts to notify you when spending approaches or exceeds limits.
Identify underutilized or idle resources (like virtual machines, storage, etc.) and resize, stop, or delete them to reduce costs.
Pre-purchase reserved instances or savings plans for services like virtual machines or databases at a discounted rate over a 1- or 3-year term.
Use Azure Hybrid Benefit and Apply existing on-premises licenses for Windows Server and SQL Server to Azure workloads to save on licensing costs.
Use Spot Virtual Machines for those workloads which can handle interruptions
Answer: Virtual machine scale sets provide high availability and ability to handle increase and decrease in demand
You can automatically increase (Scale out) or decrease (Scale in) VM
Depending on Metric like CPU or Schedule
You can also use your custom Image
You need to set minimum and maximum VM count for auto scaling to happen
Answer:
Basic Load Balancer (Free):
Standard Load Balancer (Chargeable):
Gateway Load Balancer (Chargeable):
Answer: Azure Load Balancer distributes incoming network traffic across multiple Virtual Machines to ensure high availability.
The Load balancer and Virtual Machines must be in same Region.
The Load balancer can load balance traffic among Virtual Machines in same VNET only.
Answer: Application Gateway is a layer 7 load balancer that manages HTTPS traffic with features like SSL termination and WAF.
Answer: Azure Traffic Manager is a DNS-based traffic load balancer
Traffic Manager controls traffic distribution to ensure low-latency access and provide failover support
Traffic Manager uses DNS to direct client requests to the appropriate endpoint based on a traffic-routing method.
Answer: There are 6 Routing Methods
Weighted: – Client Traffic is load balanced across multiple endpoint, higher number means more weight, more traffic on that endpoint and equal weight mean load balance
Performance: – Client Traffic is sent to the lowest latency endpoint
Priority: – Client Traffic is sent to Primary endpoint. If that fails, traffic is redirected to secondary endpoint (DR scenario)
Geographic: – Client Traffic is sent to specific endpoint based on its geographic location
Multi value: – Client will be given multiple healthy endpoints and Client can send traffic to any endpoint
Subnet: – Client Traffic is sent to specific endpoint based on source Public IP Subnet
Answer: Route tables control how traffic is directed in a virtual network
A route table contains a set of rules, called routes
You can even create your own Route known as User Defined Route (UDR)
Answer: NAT (Network Address Translation) gateway is a service that provides outbound internet connectivity to a VM.
NAT Gateway is used in scenario where you do not want to provide individual Public IP to VM but you want outbound internet access from VM
NAT gateway do not support inbound connections coming from the internet to VM
Answer: A Storage Account provides Scalable, Durable storage for Blobs, Files, Tables, and Queues
You can store up to 500 TB of Data in Storage Account
The storage account provides a unique namespace for your Azure Storage data that’s accessible from anywhere in the world
Answer: Blob Storage is optimized for storing unstructured data such as documents, images and videos
Answer: Block blobs for documents, images and videos
Append blobs for logs
Page blobs for Disk
Answer: Azure offers different access tiers (hot, cool, cold, and archive), allowing you to optimize costs by choosing the correct tier based on how frequently you access your data.
Hot Tier: Designed for data that is accessed frequently.
Cool Tier: Suitable for data that is infrequently accessed but stored for at least 30 days.
Cold Tier: Suitable for data that is infrequently accessed but stored for at least 90 days.
Archive Tier: Best for data that is rarely accessed and stored for long periods.
Answer: Azure Storage ensures your data is protected through various redundancy options. Redundancy refers to duplicating your data across different locations, ensuring its availability even in the event of a disaster.
Here are the multiple redundancy types:
Locally Redundant Storage (LRS): This is the cheapest option. Data is replicated three times within a single data center.
Zone-Redundant Storage (ZRS): Data is replicated across three different availability zones within a single region.
Geo-Redundant Storage (GRS): Data is replicated across two regions. Three copies are stored in the primary region using LRS, and three more copies are stored in a secondary region using LRS.
The secondary Region is hundreds of miles away from the Primary Region, and it is Predefined as per Azure Region Pair
Read-Access Geo-Redundant Storage (RA-GRS): In addition to GRS, RA-GRS allows users to read data from the secondary region.
Geo-Zone-Redundant Storage (GZRS): Data is replicated across two regions. Three copies are stored in the primary region using ZRS, and three more copies are stored in a secondary region using LRS.
The secondary Region is hundreds of miles away from the Primary Region and is Predefined according to the Azure Region Pair.
Read-Access Geo-Zone-Redundant Storage (GZRS): In addition to GZRS, RA-GZRS allows users to read data from the secondary region.
GRS and GZRS provide disaster recovery capabilities if the entire primary region becomes unavailable due to an outage or natural disaster.
Answer: Azure Files provides cloud-based file shares, ideal for team collaboration. You can create shared folders and access them from anywhere, which is perfect for distributed teams.
Answer: Content Delivery Network (CDN) improves performance by caching content at edge locations globally and improves content load times.
Answer: Azure Backup is a cloud-based service that provides reliable backup and restore capabilities for your virtual machines in Azure.
It helps protect your critical data from accidental deletion, corruption, or ransom ware.
Using Azure backup you can perform complete VM Restore or File Level Restore.
Answer: In Azure Backup, there are three main types of redundancy?
Locally Redundant Storage (LRS) Stores three copies of backup within a single Azure region.
Zone-Redundant Storage (ZRS) stores three copies of backup across different availability zones within the same Azure region.
Geo-Redundant Storage (GRS) Stores three copies of backup in the primary region and three additional copies in a geographically secondary region.
Answer: Instant Restore allows restoring data from a backup snapshot instantly which helps in reducing restore time.
Soft Delete retains deleted backups for a configurable period, protecting against accidental deletions
Answer: Site Recovery offers disaster recovery by replicating resources between primary and secondary regions
Answer: Failover switches to a secondary location, while Failback returns services to the original primary location
Answer: Azure Monitor helps you understand how VM and applications are performing and proactively identify issues and helps in responding to critical situations that may affect them
Answer: ExpressRoute is a private, dedicated connection between Azure and on-premises infrastructure for faster, secure data transfer.
Answer: Site-to-Site VPN connects on-premises networks to Azure VNET over the internet, allowing secure communication between environments.
Answer: Azure Bastion provides secure RDP and SSH access to VMs without exposing them to the public internet.
Answer: Azure Migrate assesses and migrates on-premises servers, databases, and applications to Azure.
Answer: Azure migration involves Discovery, Assessment, Planning, Test Migration and Migration
Answer: To implement infrastructure as code for your Azure solutions, we can use Azure Resource Manager templates (ARM templates).
The template is a JavaScript Object Notation (JSON) file that defines the infrastructure as a Code
The template uses declarative syntax, which lets you state what you intend to deploy
You can also specify in which resource group those resources will be deployed.
Anyone on your team can run the code and deploy similar environments.
Answer: Scaling means adjusts resources with Vertical Scaling means resizing existing Virtual Machine.
Horizontal Scaling means adding or deleting Virtual Machines.
Answer: Reserved Instances provide discounts by committing to specific VMs for a 1- or 3-year term which reduces long-term costs.
Answer: Spot VMs use unused Azure capacity at reduced prices they are ideal for non-critical workloads.
Answer: Organizations need Azure support plans for technical support, guidance, and faster issue resolution based on their business requirements.
The main types are:
Basic: Free for general billing and subscription support.
Developer: For trial and non-production environments.
Standard: For production workloads with faster response times.
Professional Direct: For business-critical workloads with proactive guidance
Answer: Azure tags are labels (key-value pairs) that can be applied to Azure resources for better organization, tracking, and cost management. Tags help categorize resources by department, environment, or project and manage them effectively.
Answer: Azure is responsible for the underlying infrastructure (i.e., Compute, Storage, Networking, and Virtualization)
Azure is also responsible for managing the operating system, critical patches, and installation of applications on the operating System.
Customers focus on using the applications. e.g., Entra ID, Azure CDN, Azure Bastion
Answer: A public IP address allows Azure resources, like VMs or load balancers, to communicate with the internet.
Answer: NSG rules in Azure have a priority number between 100 and 4096. Lower numbers have higher priority and are processed first. This allows administrators to control the order of rule execution.
Answer:
Answer: A snapshot is a point-in-time backup of a disk in Azure. It’s used to quickly back up a virtual machine disk before performing changes, allowing for easy recovery if needed.
Answer: Azure is responsible for everything i.e Compute, Storage, Networking, Virtualization, Server, operating system updates, critical patches, application on that operating system and overall maintenance of server
Answer: Host caching temporarily stores frequently accessed data on the VM’s local storage to improve read/write performance. It’s commonly used for OS and data disks on VMs, with options like Read-only or Read/Write for better performance in scenarios like database applications.
Answer: An image is a copy of a VM (including its operating system, data disks, and applications) that can be used to create identical VMs. Unlike a snapshot, which is a disk backup, an image enables the deployment of multiple VMs with the same setup.
Answer: A private endpoint allows Azure resources to access services securely within a virtual network by assigning private IPs instead of exposing services publicly. It’s particularly useful for scenarios that require high security, like connecting to databases or storage accounts over a private network.
Answer: Password Hash Synchronization (PHS): Synchronizes on-premises passwords to Entra ID for seamless access and a single sign-on experience. Used when an organization wants a simple, cloud-based authentication method.
Pass-Through Authentication (PTA): Directly verifies passwords against the on-premises AD. Used when a higher level of security is needed or when policies require real-time authentication without storing passwords in the cloud
Answer: Site-to-Site VPN: Connects an on-premises network to an Azure VNet over an IPsec VPN. Useful for extending an organization’s private network to the cloud.
Point-to-Site VPN: Allows individual clients (like remote workers) to securely connect to an Azure VNet from their devices. Ideal for remote access to an organization's resources.
ExpressRoute: Provides a dedicated, private connection between on-premises and Azure, bypassing the public internet for high reliability and security. Commonly used for enterprises with strict data privacy requirements.
Answer: Azure limits, also known as quotas, are the maximum allowed resources or capacity an Azure subscription can consume for a specific service, such as the number of VMs, storage accounts, or network resources.
Limits help ensure fair resource allocation and can be increased for certain resources by contacting Azure support.
Answer: A location, or region, is required for a resource group because metadata for the resources within the group is stored in that region.
Additionally, specifying a location ensures that the resources in the group can be managed within the same Azure geography for compliance considerations
Answer: The SLA (Service Level Agreement) for Azure Virtual Machines is typically 99.9% uptime for single-instance VMs using premium storage and 99.95% for VMs in an availability set or 99.99% for VMs in an availability zone
Answer: IOPS (Input/Output Operations Per Second) is the measure of how many read/write operations a disk can handle per second, while throughput is the rate at which data is read or written, usually measured in MB/s.
Higher IOPS and throughput improve disk performance, especially for applications needing high data processing, like databases
Answer: The default OS disk size for Windows is 128 GB and for Linux VMs it is 30 GB in Azure . However, this can be increased after the VM is deployed.
Answer:
Public Load Balancer: This type of load balancer distributes incoming internet traffic across multiple VMs within a VNet for load balancing and high availability.
Internal Load Balancer: This distributes traffic within a private network (e.g., between tiers in a multi-tier application) without exposing resources to the Internet.
Answer: A storage endpoint is a URL that uniquely identifies each service within an Azure storage account, such as Blob, Queue, Table, or File storage.
Answer: Access Key: A shared key granting full administrative access to the storage account. Used for secure, high-level access but requires caution to avoid unauthorized use.
SAS (Shared Access Signature): Provides limited access to resources within a storage account for a specific time frame, allowing granular access without sharing the full access key.
Answer: Resources in Azure can be created through:
Azure Portal: User-friendly web interface.
Azure CLI: Command-line tool for scripting.
Azure PowerShell: Command-line tool integrated with PowerShell.
ARM Templates: JSON templates for deploying resources in a consistent, repeatable manner.
Azure SDKs: Programmatically using development kits for various programming languages.
Answer: AZCopy is a command-line utility designed to efficiently copy data to and from Azure Storage accounts.
It supports transferring files, blobs, and directories.
Answer: Blob Lifecycle Management helps automate the management of blob data by setting rules for data retention and deletion based on access patterns.
For example, it can automatically move blobs to cooler storage tiers or delete them after a specified time to optimize storage costs.
Answer: Azure Virtual Machines (VMs) are a type of infrastructure as a service (IaaS) offering that allows you to create and manage virtual machines in the cloud. You have full control over the operating system and can install and run any software on the VM.
Azure App Services, on the other hand, is a platform-as-a-service (PaaS) offering that allows you to build, deploy, and scale web applications without managing the underlying infrastructure. App Services abstract away the underlying infrastructure so you can focus on the application code.
Answer:
Answer:
Refer Below blog
https://attariclasses.in/blog/types-of-encryption-in-azure-a-comprehensive-guide
DATE
|
SCHEDULE
|
TIME
|
16th FEBRUARY
|
SAT & SUN (5 WEEKS)Upcoming Weekend Batch
|
8:00 AM to 12:00 PM (IST)
|
11th JANUARY
|
SAT & SUN (5 WEEKS)Batch Started
|
1:30 PM to 5:30 PM (IST)
|
24*7
|
Self Paced Learning Live
Recorded Lectures
|