Lalit Rawat
05
DecTop 20 Azure Administrator Interview Questions and Answers
Print
22 min read
25 Oct 2023
44.2K Views
What is Azure Virtual Machine?
Azure Virtual Machines are on-demand computing resources or virtual machines offering Microsoft Azure. We can typically use a VM as a service when required and shut down the system when not in use. The Azure Virtual Machines are listed under the Infrastructure as a service (IaaS) category in Azure. With Azure Virtual Machines we get more control over the environment to customize the development environment or hosting.
We need to create some of the resources such as networks, disks, etc, for the virtual machines. These resources can be injected into the different resource groups. by using the Microsoft Azure Virtual Machines, cloud users will have a variety of options available to deploy virtual machines using the Azure GUI portal, Powershell, using the portal's cloud shell. We can get the list of all our deployed VMs in the Azure portal itself. And before deploying the VMs using any method like Powershell or GUI, users should have enough knowledge about the different characteristics of VMs in the cloud.
Any azure virtual machine can be created using Azure CLI, Azure portal, REST APIs, Azure PowerShell, etc. If you feel lost in the world of Azure don't waste time without progress. It's time for a change! Join our Microsoft Azure Certification, where we'll guide you on an exciting journey to master (Topic Name) efficiently and on schedule.
You have received an email from your company security team that a couple of VMs are exposed to the internet, how to prevent that public access without interruption of any service?
In that case, you need to create the NSG and associate your VMs if there is no NSG. Now, block the port 80/443 and allow only specific ports of azure which will fix the issue.
Click on the VMs
Click on the networking tab
Click on the NSG
Then create the Outbound deny rule for the internet.
You have a couple of VMs of 4 Core and 16GB. You need to upgrade VMs to 8 Core and 32 GB Ram since they are not performing well. So, what are the steps you will take?
You will go to specific VMs and perform the below steps.
-
First, take approval from the Application Owner for downtime because it will automatically reboot the VM.
-
Go to each VM and Click on the Size
-
Select the VM instance Size of 8 core 32 GB Ram VMs.
-
Once you will select the specific Size, it will automatically start upgrading the instance.
-
After that, you need to verify all the settings of the VMs and hand them over to the application Owner if the activity is completed successfully.
-
You have a couple of VMs running in Azure environments and you need to enable the Availability set, how to do that?
No. It’s not possible to enable the AV set in running systems there is a limitation to it, if you want to enable the same then you need to recreate the VMs and Add the Availability set to it.
Is it possible to enable the NSG in Vnetsinceyou doesn’t want to enable it on the VMs level?
It’s not possible to enable the NSG in Vents but certainly, you can associate with Subnets which will help you to reduce the manageability of your NSG.
What is NSG and How can you create the NSG?
NSG is nothing but its services will help you to allow or deny the specific port to communicate to your services within subscription or outside of the subscription. It’ has inbound and outbound rules.
Inbound Rule: It defines the traffic coming from the internet to VMs or specific services or VMs.
Outboard Rules: It defines the traffic going to the internet from your VMs or specific services or VMs.
You need to follow the steps to create the NSG and Associate it with VMs.
In All Services Search the NSG.
Provide the Name, Location, and Resource Group
Click on the NSG and create the NSG.
Is it possible to host the VM in another region and connect to a different region?
Yes, you need to set up the interconnectivity while creating the V-net (Virtual Network) to V-net (Virtual Network) connection between both regions.
One of your clients escalated that his VM has been rebooted without intimating to him and you need to know logs who has rebooted the VM, and how can get the details.
In that case, Activity logs will help, as any activity happens in VMs through the portal, you will get log alerts stored in the activity logs, so you will go to activity logs and found that who has rebooted the VM and can share with clients after manager approval.
In your organization, you have some client who doesn't want to give the subscription access, but they have given the PowerShell access, how do you create the Storage account using PowerShell?
New-AzureRmStorageAccount -ResourceGroupName azure4you -Name azureint234 -SkuNameStandard_LRS -Location 'East Us'
How to tag the resources using a command?
You should use the below command lets to tag the resources.
Set-AzureRmResourceGroup -Name "Azure4you.com" -Tag @{Department="IT"}
What is the difference between Premium Storage Account and Standard Storage Account?
Premium Storage Accounts are backed by SSD Disk which provided resilience and better performance whereas standard Storage Accounts are backed by HDD (magnetic Disk) and Provide the maximum IOPS up to 500.
What is the difference between Managed Disk and an Unmanaged Disk?
Managed Disk: In Managed disk storage accounts creation/Management done on the backend. It will help you with the scalability of storage accounts and is backed by Standard/premium Tires.
Unmanaged Disk: Unmanaged disks are the disk in which you will create the storage accounts. Create the disk and Managed it by yourself and you need to make sure you can’t exceed the Storage limit of up 20K IOPS while adding many disks which may throttle the VM's performance.
What is Site to Site VPN?
As per the official docs:
A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it.
Azure Site to Site VPN will help you to connect to On-Premises Network to Azure Virtual Network Over an IPsec/IKE (IKEV1/IKEV2) VPN tunnel. Basically, this connection required a VPN device which a public-facing IP Address assigned to it.
A customer has Prod, Dev, and Test environments. How do implement a solution that each environment can’t connect to each other?
In that case, you can separate the environments while creating the different subnets for Prod, Dev, and Test environments and apply the NSG on each subnet with a specific deny rule which will not allow connecting to those environments.
What are the tools you will use to create the Vnets?
You can use the below tools to configure the Azure Vnets.
Azure portal
PowerShell
Azure CLI
Your customer has configured the policy-based routing but due to the issue, he wants to change to route based configuration in Azure VPN, how you can deliver the solution?
Basically, the customer can’t change them or update their routing method directly as that is not supported by MS Azure. He must create the New connection and use the method to route based on the new connection.
First, you need to delete the Route based connection
Delete the Gateway
Then you will recreate the connection using Azure Portal, CLI, or PowerShell.
How to configure the static public IP address VPN gateway?
Basically, it’s not supported by Microsoft and when you create the VPN gateway at that time dynamic IP address will automatically configure and that will change only when you will delete or recreate the VPN gateway.
What protocols are supported by the Application gateway?
It supports the HTTP, HTTPS, HTTP/2, and WebSocket
What is Azure Active Directory?
Azure AD is a cloud-based identity and access management service which will help to access the Azure resources like Azure subscriptions, Other Applications. You can integrate Azure AD to O365, SharePoint Online, etc.
Azure active directory comes with certain advantages i.e. having secured adaptive access along with the multi-factor authentication and Conditional Access policies, Seamless user experience with single sign-on, seamless & passwordless user portal, and unified identity management (UIM) that connect all the internal and external users to all apps and devices and allow them to access the resources with ease. Simplified Identity Governance with provisioning, access packages, and access reviews.
What is Azure Backup and what are the benefits of Azure Backup?
Azure Backup is a cloud-based solution that will help you to take the backup of the Azure VM, PaaS SQLDB, file service, web apps, etc.
It provides a hybrid solution to take the backup.
Storage will be managed automatically using Azure storage accounts and it doesn’t require any local storage like on-premises.
You can transfer the unlimited data and this data is stored in encrypted format in Azure storage accounts.
Summary
I hope the above questions and answers will help you in your Azure Administrator Interview. All the above interview Questions have been taken from our newly released eBook Azure Administrator Interview Questions and Answers. You can also consider doing our azure training from Dot Net Tricks to upskill your career.
This eBook has been written to make you confident in Azure Administrator with a solid foundation. Also, this will help you to use Azure Administrator in your real project.
Take our free skill tests to evaluate your skill!
In less than 5 minutes, with our skill test, you can identify your knowledge gaps and strengths.
