Microsoft Azure

Top 30 Microsoft Azure interview questions and answers

February 9, 2021 by Kurt Ellzey

Azure. Until relatively recently, this word was associated primarily with gemstones and the sky on a cloudless day. Cloudless is a little ironic, since nowadays it is the name of one of Microsoft’s largest offerings — the Microsoft Azure Cloud Computing system. Second only in scale to Amazon Web Services, it is extremely likely that something you use on a daily basis is powered by this extremely large back-end platform. 

It is no small secret that Microsoft has been pushing heavily on Software-as-a-Service and Infrastructure-as-a-Service platforms, but it can be a hard sell in some industries that prefer to keep everything on site, pay once and that’s it. As a result, trying to ask management to move to a subscription-based model when it is always “just come with the box” can be an extremely bitter pill to swallow. Still, being able to rely upon systems with constantly-maintained high availability is hard to argue against, especially given the initial investment required to even begin mirroring such a setup. 

In order to be able to create and manage an organization’s Azure setup, we need to find the right people. And that brings us to the topic at hand today: 30 of the top interview questions and answers for Microsoft Azure. 

1. But what is cloud computing?

If you have ever used Google’s Stadia, Xbox’s Project xCloud, Playstation’s PS Now, Netflix or any of a hundred other services, you will have some idea of what cloud computing is. 

As a core concept, cloud computing is having something run far away and have the results available where you are. Scales can change radically depending on what exactly is being run, as in some cases, it can take the equivalent of hundreds or thousands of consumer-grade systems just to crank through all of the data being thrown at it. Amazon Web Services (AWS), Microsoft Azure and Google Cloud are by far the largest publicly available vendors in this space, and together they power a considerable amount of the web today. 

2. What are all of these aaS things?

It can be very difficult at times to tell the difference between all of the different “X-as-a-Service” elements that have been created over the past several years. When it comes to Azure, however, there are three that we can reference: Infrastructure as a Service, Platform as a Service and Software as a Service

Infrastructure-as-a-Service (IaaS) is having someone else manage the hardware, specifically. Azure would take care of the physical equipment and associated required connections of the hardware that lives offsite, and your organization would handle the software and licensing that lives on those boxes. This could be used for example if your organization wanted to temporarily lease out access to a test environment, but didn’t need expensive hardware long-term.

Platform-as-a-Service (PaaS) takes the Infrastructure-as-a-Service concept, adds on the operating systems and introduces other functions such as high availability. Azure would handle all of the day-to-day functions of managing the systems, leaving your organization free to deploy whatever you require on top of it. This could be used if your organization is developing a very large-scale application and wanted to focus only on that, and leave the rest of the maintenance to other people.

Software-as-a-Service (SaaS) adds on a final level of management on the host’s side where they handle everything, and provides your organization access to a particular application. This would be something like Exchange Online or Office 365, or another sort of hosted application where all your organization needs to worry about is the subscription fee. Everything else is managed by Azure directly. 

3. What sorts of web applications can run on Azure?

Azure supports multiple types of web applications, including various flavors of .NET, node.js, PHP, Python, Java and more. 

4. What are three of the main products on Azure?

Azure Compute handles running virtual machines (VMs) and web applications. Azure Storage can handle up to 500 TB of file storage per storage account, and each Azure subscription can have up to 200 storage accounts. Azure Service Fabric runs very large-scale services along the lines of Skype, Azure SQL and parts of Azure itself.

5. What are the two basic roles that exist within Azure Web Services?

Web roles, which run web applications written in languages like .NET, PHP and others and handle IIS-related elements. Worker roles, on the other hand, run web and standalone applications that do not require IIS.

6. If you are a user administrator, can you adjust the permissions of the Azure subscription?

With very few exceptions, Azure roles and Azure AD roles do not have a lot of overlap: they each have their own particular areas of access. So unless you are specifically a global administrator in Azure AD and obtain the “Access Management for Azure Resources” permission in the Azure portal, each section will be in their own silo. 

7. What is Azure Role-Based Access Control (RBAC)?

Azure RBAC and Active Directory Groups both use RBAC concepts. Both allow you to create groups with particular permissions and then assign users to those groups for ease of administration.

8. What is a fault domain?

A fault domain is a set of hardware that shares a single point of failure like a VM host, rack, a switch or a particular power source. In the event of an entire rack just blowing up, you would have member servers or operations spread across multiple racks to be able to deal with this kind of failure. Fault domains are supported in Windows Server 2016 and beyond. 

9. What are update domains?

Update domains are sets of servers that can be placed into maintenance mode at the same time. For example, if you had a five-node cluster, you could place each member into a separate update domain; during maintenance, each one could be rebooted in turn to have its updates applied, yet not impact availability.

10. What are Network Security Groups?

The easiest thing to liken Network Security Groups to would be an Access Control List. This allows for the filtering of traffic and requests for resources to particular servers. For example, if you only wanted to allow access to a database server from a pair of application servers, you could do that.

11. How are Active Directory Domain Services (Standard ADDS), Azure Active Directory (Azure AD) and Azure Active Directory Domain Services (Azure ADDS) different?

Standard ADDS has supported Kerberos, LDAP and NTLM authentication for a very long time now, as does Azure ADDS. Since Azure AD is designed more for the web however, it primarily supports web-based authentication methods including OAuth 2.0, SAML 2.0 and Open ID. Additionally, a critical feature that Standard AD has that makes it extremely versatile for use in organizations are Group Policies (which allow for management of large numbers of users and computers simultaneously), while Azure AD does not have GPO support. 

All three of these can work together to form a single large entity, with Standard ADDS synchronizing up to Azure AD via the use of Azure AD Connect. Once this has been completed, Azure AD synchronizes automatically with Azure ADDS. 

12. What are the default password lockout settings for Azure Active Directory Domain Services (Azure ADDS)?

By default, if an account has five bad logins in two minutes, the account is locked out for 30 minutes. This can be adjusted in multiple ways with fine-grained password policies (FGPPs). 

13. What is Redis? 

Redis is an incredibly large-scale, memory-intensive database application capable of enormous numbers of requests per second at very low latency. The Azure Cache for Redis is a full implementation of Redis that can be accessed by any application either inside or outside of Azure. It also can be used either by itself or in conjunction with other database solutions such as Azure SQL or Cosmos DB. 

14. What is an availability set? If we want to add additional VMs to this after they are built, can we do this?

An availability set is essentially a cluster without a cluster. More specifically, they are a set of VMs that do the same job that must always be available.

To make certain of this, when VMs are a member of an availability set, they are placed on different hosts, in different racks, attached to different storage on different switches. This is done in an attempt to minimize (as much as possible) the number of systems impacted by a single outage. 

Unfortunately, VMs can only be added to an availability set at creation time. Therefore, while you can add more new VMs to an availability set, you cannot add more existing VMs to an availability set. 

15. What is an Azure Virtual Network?

Azure Virtual Network (VNet) allows the creation of standalone closed networks, as well as connecting up to local networks and the rest of the internet. While you can create whatever IP ranges you wish for your VNet internal functions, it is recommended that you select an IP range that will not interfere with anything else you already use, just in case they ever become connected. 

16. What are the pricing models on Azure?

As you would expect, pricing changes depending on what you are doing on Azure. As a result, if you purchase processing power, you are charged by the hour. If you purchase storage, you are charged by the GB per month and so on. 

17. What are the specs for individual Azure VMs?

Azure virtual machines can be made to nearly any size based on use case, so you normally want to size to meet your current needs and adjust as required later on. At the time of writing, the maximum available specs can go up to 24 vCPUs, 448 GB Memory, three TB of SSD, four GPUs and 96 GB VRAM. 

18. How is data secured on the back end?

Data is encrypted in transit and at rest. Azure disk encryption, which encrypts entire disks, uses both Windows BitLocker and Linux DM-Crypt.

19. What are managed disks?

Managed disks are portions of block-level storage that are virtualized so that they are not tied to particular hardware drives. In this way, they can be moved around without having to ever talk to the individual components, which reduces the amount of potential data loss.

20. What is data warehousing?

Data warehousing compiles together data from many different sources into a single large searchable index. Think of it like everything that goes into calculating a credit rating, but for every digital entity on the planet.

21. Do we need to use a CDN when using Azure?

A CDN, or a Content Delivery Network, is oftentimes used when a particular service has a large amount of user-facing media that needs to be delivered extremely quickly. In some cases, such as video streaming, these files will be cached at various points globally. This allows users to be able to access files with far lower latency from a location that may be just down the street, versus trying to talk to a data center halfway around the world. 

Therefore, to answer this question, it depends entirely on the organization’s use case. If you are running something similar to Netflix, then yes, absolutely. If you are running a storefront, possibly not.

22. We are currently a VMWare shop, but are thinking of moving to Azure. Can we port any of our systems up? 

It may be surprising that Microsoft Azure not only supports more hypervisors than just Microsoft Hyper-V, but also that it is officially supported both on the Azure and on VMWare sides. With the current levels of integration, you can vMotion a virtual machine up to Azure, the same as you normally would once everything is configured properly.

23. I am not a big fan of PowerShell. Is it required for managing Azure?

While it is not required to use PowerShell to manage Azure, various cmdlets and scripts can radically reduce the amount of time to perform tasks.

24. Would there be a way to make it so that when users sign into On-Site Active Directory, they are also automatically signed into Azure AD?

With Azure AD Sync, Single Sign-On can be enabled to allow pass-through authentication, allowing users to log in once and navigate anywhere that they are permitted.

25. What is Azure Resource Manager and the Azure Traffic Manager? 

Azure Resource Manager is a dashboard application that allows you to quickly create and deploy templates based around particular usage cases. The Azure Traffic Manager, on the other hand, is a load balancer that allows you to route requests in the most effective manner, based on load, geography and other factors.

26. We have a project coming up that will be generating an enormous amount of data. We were thinking of using Azure for Storage, but can it also assist with analyzing it?

Yes! Based around the data warehousing concept, Azure also has a number of different products for Analytics, such as Azure Synapse. 

27. Does Azure have any sort of monitoring capability? Logging, alerting and so on?

Azure Monitor brings multiple different performance metrics into a single-pane-of-glass solution in order to track how various services are being handled, along with monitoring VM health.

28. If a piece of hardware powering our Azure setup fails, what happens?

If a piece of hardware fails and brings a VM down, Azure moves the VM over to another host attached to the same storage. Because the host may not be able to react quickly enough to a failure to keep the VM up through the migration, it is recommended to have more than one VM up if a service must remain running at all times.

29. We need to sign an Azure Service-Level Agreement (SLA). What does this do?

Service-Level Agreements (SLAs) determine how available a particular service will be. This means that for X number of days or months, there is a specified amount of time that your subscribed services are permitted to be completely unavailable. As the SLA itself is a legal contract, there can be severe repercussions if the contract is broken from Microsoft’s side. 

The exact amount of time that an Azure SLA allows is based entirely on use case, but we can go through a quick example here in regards to virtual machine availability. According to Microsoft’s SLA for virtual machines: “For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.99% of the time.”

In order to understand what this actually means in a real-world time scenario, 99.99% uptime over the course of a year means that a particular service that is considered “highly available” and will have, at most, 52.6 minutes of downtime per year. That averages out to between four and five minutes per month. 

“Five 9s” has been considered a gold standard for a considerable amount of time, meaning that they are allowed five minutes of downtime for the entire year. However, some vendors claim that they are able to go far above and beyond that. 

30. Our organization does not like the idea of having all of our internal information on the open web, but we still want to use the cloud for hosting/distribution. Is this possible?

There are three basic layers of cloud computing: public cloud, private cloud and hybrid cloud. A public cloud would be something where everything exists on the web. It may not necessarily all be accessible without proper authorization such as an account or password, but it can be retrieved anywhere with an active web connection.

A private cloud exists where the organization requires total control of the data being passed across the wire. Usually, this means that the only place that resources can be accessed is directly at the organization’s locations, although exceptions can occasionally be implemented with remote access methods such as VPNs.

A hybrid cloud mixes the use of these two elements. Similarly to how a DMZ can separate a publicly accessible network from a private one in a typical organization’s environment, a hybrid cloud allows for some information to be secured to just the organization, while allowing other information to be accessible to the public at large.

Conclusion

Cloud services are not for everyone, or for every use case. However, for a highly mobile organization or for applications that require tremendous amounts of processing power and storage, it is hard to beat the value and Microsoft has tried very hard to make a compelling case to use Azure. 

 

Sources

Cloud Computing Services, Microsoft Azure

Top cloud providers in 2021: AWS, Microsoft Azure, and Google Cloud, hybrid, SaaS players, ZDNet

What is IaaS?, Microsoft Azure

AWS vs Azure vs Google Cloud: What’s the best cloud platform for enterprise?, ComputerWorld

Service-level agreements, Microsoft Azure

SLA for Virtual Machines, Microsoft Azure

Ensuring 5 Nines Uptime (99.999%) of System Availability for Critical Applications Stratus Uptime Meter, Stratus

The Different Types of Cloud Computing and How They Differ, vXchnge

Fault domain awareness, Microsoft Azure

Azure Fault and Update Domains, ThatLazyAdmin

Network security groups, Microsoft

Active Directory, Azure Active Directory and Azure AD Domain Services Explained, Travis Roberts (YouTube)

Troubleshoot account lockout problems with an Azure Active Directory Domain Services managed domain, Microsoft

What is Azure Virtual Network?, Microsoft

Classic subscription administrator roles, Azure roles, and Azure AD roles, Microsoft

Introduction to Redis, Redis

Azure Cache for Redis, Microsoft

Azure Cache for Redis, Microsoft Azure

Tutorial: Create and deploy highly available virtual machines with Azure PowerShell, Microsoft

Change the availability set for a VM, Microsoft

Previous generations of virtual machine sizes, Microsoft

NCv3-series, Microsoft

Moving your VMware resources to Azure is easier than ever, Microsoft Azure

How to migrate and run VMware in Azure – Demo Tutorial, Microsoft Mechanics (YouTube)

How to migrate VMware VMs to Azure IaaS, Microsoft Mechanics (YouTube)

3 reasons why Azure’s infrastructure is secure, Microsoft Azure

Azure encryption overview, Microsoft

Get started with Azure PowerShell, Microsoft

Introduction to Azure managed disks, Microsoft

What is Azure role-based access control (Azure RBAC)?, Microsoft

What is Azure Resource Manager?, Microsoft

What is Traffic Manager?, Microsoft

Azure Monitor overview, Microsoft

Find out when your virtual machine hardware is degraded with Scheduled Events, Microsoft Azure

Microsoft Azure – Fault Tolerance Pitfalls and Resolutions in the Cloud, Microsoft

Posted: February 9, 2021
Articles Author
Kurt Ellzey
View Profile

Kurt Ellzey has worked in IT for the past 12 years, with a specialization in Information Security. During that time, he has covered a broad swath of IT tasks from system administration to application development and beyond. He has contributed to a book published in 2013 entitled “Security 3.0” which is currently available on Amazon and other retailers.


Notice: Undefined index: visitor_id12882 in /www/resourcesinfosecinstitute_601/public/wp-content/plugins/infosec-user-info/infosec-user-info.php on line 117