In my previous article, I talked about the approach to preparing for an Azure Interview and how most of the articles available online don’t talk about real-time questions, but rather have theoretical questions which nobody asks. If you haven’t seen my previous article, I highly recommend you go through the article using this link to get the reference.

Since I already covered the compute questions, let me share the networking and security questions here. Networking and security are the sections where everyone would expect you to excel because no deployment is successful without successful network planning. And I can’t iterate the importance of securing your network from the predators sitting to infiltrate your network and attack or hack your data.

Network and security questions:

Que: I have a windows virtual machine and I am unable to RDP to this machine; it fails. What can be the reason?
Ans: If you are trying to RDP to a virtual machine, you need to ensure you have RDP port (3389) open, you also need to ensure your machine IP is whitelisted in the NSG rules. Even if this doesn’t work, we can check for any Azure Policy that might be blocking this communication. For a detailed answer, you can check this link.

Que: What is Network Security Group and why do we need it?
Ans: Check this link to read about NSG

Que: What is Application Security Group and how it is different from NSG?
Ans: Check this link to read about ASG and the difference between both.

Que: What is a bastion service? And why should I use it?
Ans: Azure Bastion is a service that can be compared to Jump Server traditionally. You can refer this link to know more about bastion.

Que: I have a three-tier application (App, DB, and Web) and it is all hosted using on three different virtual machines in different VNETs. I have to set up the communication and it all happens using IP. How do I ensure this communication is secure?
Ans: We can set up virtual network peering between these different VNETs. The traffic between virtual machines in peered virtual networks is routed directly through the Microsoft backbone infrastructure, not through a gateway or over the public Internet. Refer to this link to know more about vnet peering.

Que: I have two VMs and two VNets. VM-A which is attached to VNetA and VM-B which is attached to VNetB. Can my application installed on VM-A communicate with the application installed on VM-B? Explain the reasoning.
Ans: Not by default, because communication between two different networks isn’t possible. But we can set up VNET peering as explained in the earlier answer. And that will help us establish network connectivity between these machines.

Scenario: If you have answered the above question correctly, you should know this scenario as well.
Que: I have three VMs and three VNets. VM-A connected to VNetA, VM-B connected to VNetB, and VM-C connected to VNetC. As part of my setup, I have vnet peering configured for VNetA to VNetB and VNet B to VNet C. My ask here is: Can my applications installed on VM-A communicate with the applications installed on VM-C?
Ans: This won’t be possible unless we set the “Traffic forwarded from remote virtual network” option to allow. Refer to the below image:

Que: What are route tables?
Ans: Use this link to read about Azure route tables.

Que: What is the difference between Azure Firewall and NSG.
Ans: Check this link to read about it.

Que: What are the key differences between Azure Application Gateway and Azure Load balancer?
Ans: Check this link to read about it.

Que: What are different load balancing options available in Azure? And in which scenario are you going to use which option?
Ans: Check this link to read about it.

Que: What is a private endpoint and service endpoint? What is the difference between these two?
Ans: Check this link to read about it.

Que: If I am deploying a new Azure resource, keeping security as the topmost priority. What would you recommend?
Ans: As part of any deployment we should ensure the resource can be only accessed by the intended audience. This can be ensured by the following:

  • Using the right access control with the help of IAM. Grant only required permission to the user.
  • Block public access to the resources with the help of IP whitelisting or private endpoint depending on the requirements.

Que: What is CDN?
Ans: Check this link to read about CDN.

Que: What are the different governance options available in Azure?
Ans: We can use Azure Policies, Azure Security Center, Azure access control, Azure locks.