Azure Cloud Interview Questions and Answers – VNets , CDN and NSG (Network security Group)

Azure Interview Questions

Azure Cloud-Interview Questions and Answers


What is virtual machine?

A virtual machine is a computer software, typically called a hypervisor image, which behaves like an actual computer. VMware software allow users to create a computer within a computer is called virtual machine.

Virtualization is very scalable and flexible and allow to create numerous virtual computers in a single physical machine. Each virtual machine provides its own virtual hardware, including CPUs, memory, hard drives, network interfaces and other hardware components.

What is an Azure VNet ?

VNets is Microsoft Azure cloud Virtual Network (VNet) is a qualifying of your own (Customer) virtual network in the cloud. VNets is a logical isolated part of the Azure cloud dedicated to a customer account subscription.

Azure VNets allow users to build own infrastructure likes VM, Web-services, Application and provision and manage virtual private networks (VPNs) in Azure. Each VNet you create has its own IP subnet block.

Network security group allow users to secure of it VNets and hosted services within VNets. Systems are hosted within VNets can communicate to each other without any rule’s like Local area network and Vlan.

How to create VNet In Azure?

Below are list of tools create or configure a VNet

  • Azure portal
  • PowerShell
  • Azure CLI
  • A network configuration file (netcfg – for classic VNets only).

Network security Group (NSGs)

You can limit network traffic to resources in a virtual network using a network security group. A network security group contains a list of security rules that allow or deny inbound or outbound network traffic based on source or destination IP address, port, and protocol.

What is VNets Security in Azure?

VNets are isolated from one another in Azure cloud, Each Vent is default separate and have own set of properties. A VNet is a trust boundary for itself.

How to restrict inbound or outbound traffic flow to VNet-connected resources?

With help of deployment Network Security Groups (NSGs) to individual subnets within a VNet, NICs attached to a VNet, or both.

Can we deploy a dedicated firewall between VNet-connected resources?

You can deploy a firewall network virtual appliance from several vendors through the Azure Marketplace.

Can we configure DNS servers for a VNet?

We can specify DNS server IP addresses in the VNet settings. The setting is applied as the default DNS server(s) for all VMs in the VNet.

What is IaaS, PaaS and SaaS?

IaaS – Infrastructure as a Service – a set of infrastructure level capabilities such as an operating System, network connectivity, etc. that are delivered as pay for use services and can be used to Host applications. Example, Azure VM, VNET.

PaaS – Platform as a Service – is about abstracting developers from the underlying infrastructure to enable applications to quickly be composed. This is specifically for developers who are willing to build applications without worrying about management of hosting environment at all. Example, Azure Cloud services, Azure Web Apps, Storage, SQL Azure Database and so on.

SaaS – Software as a Service – applications that are delivered using a service delivery model where organizations can simply consume and use the application. Typically, an organization would pay for the use of the application or the application could be monetized through ad revenue. Example, Office 365, Gmail,, SharePoint online, CRM online and so on.

Definition of Public, Private and Hybrid cloud implementation with respect to Azure?

Public Cloud – All components of your application/ system are running in Azure only.

Private Cloud – You are running Azure services and features within on-premises data center OR you are using on premises data center for hosting your system or applications.

Hybrid Cloud – Combination of Public and Private. Some part or components of your application running on Azure where as some part of your application is running within on premises datacenter.

Azure connectivity Prospective?

Virtual Network Point-to-site

Connect to your Azure virtual networks from anywhere.

Point-to-Site VPN lets you connect to your virtual machines on Azure virtual networks from anywhere, whether you are on the road, traveling and while rooming around. You can securely connect to the virtual network just the way you use VPN clients to connect to your company’s corporate network.

Virtual Network Site-to-site – VPN Gateway

A site-to-site VPN allows you to create a secure connection between your on-premises site and your virtual network. We use industry standard IPsec VPN in Azure.

So we are interoperable with most VPN devices. Setting up a virtual network is free of charge. However, we do charge for the VPN gateway that connects to on-premises and other virtual networks in Azure. This charge is based on the amount of time that gateway is provisioned and available.


An ExpressRoute lets you create private connections between Azure datacenters and infrastructure that’s on your premises or in a co-location environment.

ExpressRoute connections do not go over the public Internet, and offer more reliability, faster speeds, lower latencies and higher security than typical connections over the Internet.

VNets Peering

Virtual network peering enables you to seamlessly connect two Azure virtual networks. Once peered, the virtual networks appear as one, for connectivity purposes.

The traffic between virtual machines in the peered virtual networks is routed through the Microsoft backbone infrastructure, much like traffic is routed between virtual machines in the same virtual network, through private IP addresses only. Azure supports:

  • VNet peering – Connecting VNets within the same Azure region
  • Global VNet peering – Connecting VNets across Azure regions

Azure CDN – Content Delivery Network

Azure Content Delivery Network (CDN) is a global CDN solution for delivering high-bandwidth content. It can be hosted in Azure or any other location. CDN Mainly uses caching to improve website and download performance, reduce load times, save bandwidth and speed responsiveness.

CDNs store cached content on edge servers in point-of-presence (POP) close locations to end users to minimize latency and Performance.

The benefits of using Azure CDN to deliver web site assets include:

  • Better performance and improved user experience for end users, especially when using applications in which multiple round-trips are required to load content.
  • Large scaling to better handle instantaneous high loads, such as the start of a product launch event.
  • Distribution of user requests and serving of content directly from edge servers so that less traffic is sent to the origin server.

What is a Web Role?

Web Role is a Cloud Service role in Azure that is configured and customized to run web applications developed on programming languages / technologies that are supported by Internet Information Services (IIS), such as ASP.NET, PHP, Windows Communication Foundation and Fast CGI.

What is a Worker Role?

Worker Role is any role in Azure that runs applications and services level tasks, which generally do not require IIS. In Worker Roles, IIS is not installed by default.

They are mainly used to perform supporting background processes along with Web Roles and do tasks such as automatically compressing uploaded images, run scripts when something changes in database, get new messages from queue and process and more.

What is Azure Cool Blob Storage?

Azure Blob Storage offers low cost massively scalable object storage for unstructured data. Blob Storage stores hundreds to billions of objects in hot, cool, or archive tiers, depending on how often data access is needed. Store any type of unstructured data—images, videos, audio, documents, backup, archival data and more—easily and cost-effectively. Massively scalable object storage for unstructured data.

  • Azure storage offers three storage tiers for Blob object storage.
  • Azure hot storage tier is optimized for storing data that is accessed frequently.
  • Azure cool storage tier is optimized for storing data that is infrequently accessed and stored for at least 30 days.
  • Azure archive storage tier is optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency.

Azure Service Level Agreement (SLA)?

The Azure Compute SLA guarantees that, when you deploy two or more role instances for every role, access to your cloud service will be maintained at least 99.95 percent of the time. Also, detection and corrective action will be initiated 99.9 percent of the time when a role instance’s process is not running.

What is Break-fix issues in MS Azure?

Break fix issues are representing to technical problems in Microsoft Azure Cloud services encountering while using Azure services.

Break-fix is a technical term refers to work involved in supporting a technology when it fails in the normal course of its function, which requires intervention by a support organization to be restored it working order.

Name of services that used to manage resources in MS Azure

  • Application Insights
  • Azure Portal
  • Azure Resource manager
  • Log Analytics 

What is Azure Monitor

Azure Monitor is a powerful cloud monitoring tool can be use to monitor Azure and on-premises resources and application.with Azure Monitor you can monitor everything you need like availability, performance and usage of your web applications, whether they are hosted on Azure or on-premises.You Can Track live metrics streams, requests and response times and events.Also Fire alerts and send notifications or call automated solutions.

Author: Ronnie Singh

Your Feedback is Valuable for us. Pls do comments.