Top 20 Azure Administrator Interview Questions and Answers

1. What is Azure Virtual Machine?

   Azure Virtual Machines are on-demand computing resources or virtual machines offering of Microsoft Azure. We can typically use a VM as a service when required and shut down the system when not in use. The Azure Virtual Machines are listed under Infrastructure as a service (IaaS) category in Azure. With Azure Virtual Machines we get more control over the environment to customize the development environment or hosting.

2. You have received an email from your company security team that a couple of VMs are exposed to the internet, how toprevent that public access without interruption of any service?

   In that case, you need to create the NSG and associate your VMs if there is no NSG. Now, block the port 80/443 and allow only specific ports of azure which will fix the issue.
   • Click on the VMs
   • Click on the networking tab
   • Click on the NSG
   • Then create the Outbound deny rule for the internet.
   

3. You have a couple of VMs of 4 Core and 16GB. You need to upgrade VMs to 8 Core and 32 GB Ram since they are not performing well. So, what are the steps you will take?

   You will go to specific VMs and perform the below steps.
   • First, take approval from the Application Owner for downtime because it will automatically reboot the VM.
   • Go to each VM and Click on the Size
   • Select the VM instance Size of 8 core 32 GB Ram VMs.
   • Once you will select the specific Size, it will automatically start upgrading the instance.
   • After that, you need to verify all the setting of the VMs and handover to application Owner if activity completed successfully.
   

4. You have a couple of VMs running in Azure environments and you need to enable the Availability set, how to do that?

   No. It’s not possible to enable the AV set in running systems there is a limitation to it, if you want to enable the same then you need to recreate the VMs and Add the Availability set to it.

1. Is it possible to enable the NSG in Vnetsinceyou doesn’t want to enable it on VMs level?

   It’s not possible to enable the NSG in Vents but certainly, you can associate with Subnets which will help you to reduce the manageability of your NSG.

2. What is NSG and How can you create the NSG?

   NSG is nothing but its services will help you to allow or deny the specific port to communicate to your services within subscription or outside of the subscription. It’ has inbound and outbound rules.
   Inbound Rule: It defines the traffic coming from the internet to VMs or specific services or VMs.
   Outboard Rules: It defines the traffic going to the internet from your VMs or specific services or VMs.
   You need to follow steps to create the NSG and Associate to VMs.
   • In All Services Search the NSG.
   • Provide the Name, Location and Resource Group
   • Click on the NSG and create the NSG.

3. Is it possible to host the VM in another region and connect to a different region?

   Yes, you need to set up the interconnectivity while creation the V-net (Virtual Network) to V-net (Virtual Network) connection between both the regions.

4. One of your clients escalated that hisVM has been rebooted without intimating to him and you need to know logs who has rebooted the VM, how can get the details.

   In that case, Activity logs will help, as any activity happens in VMs through the portal, you will get a log alerts store in the activity logs, so you will go to activity logs and found that who has rebooted the VM and can share with clients after manager approval.
   

5. In your organization, you have some client who doesn't want to give the subscription access, but they have given the PowerShell access, how you create the Storage account using PowerShell?

   New-AzureRmStorageAccount -ResourceGroupName azure4you -Name azureint234 -SkuNameStandard_LRS -Location 'East Us'
   

6. How to tag the resources using a command?

   You should use the below command lets to tag the resources.
   Set-AzureRmResourceGroup -Name "Azure4you.com" -Tag @{Department="IT"}

7. What is the difference between Premium Storage Account and Standard Storage Account?

   Premium Storage Accounts are backed by SSD Disk which provided the resilience and better performance where standard Storage Accounts are backed by HDD (magnetic Disk) and Provides the maximum IOPS up to 500.

8. What is the difference between Managed Disk and Unmanaged Disk?

   Managed Disk: In Managed disk storage accounts creation/Management done on the backend. It will help you on the scalability of storage accounts and backed by Standard/premium Tires.
   Unmanaged Disk: Unmanaged disk are the disk which you will create the storage accounts. Create the disk and Managed by you and you need to make sure you can’t exceed the Storage limit up 20K IOPS while adding many disks which may throttled the VMs performance.
   

9. What is Site to Site VPN?

   Azure Site to Site VPN will help you to connect to On-Premises Network to Azure Virtual Network Over an IPsec/IKE (IKEV1/IKEV2) VPN tunnel. Basically, this connection required a VPN device which public facing IP Address assigned to it.
   

10. A customer has Prod, Dev and Test environments. How to implement a solution that each environment can’t connect to each other?

    In that case, you can separate the environments while creating the different subnets for Prod, Dev, Test environments and apply the NSG on each subnet with specific deny rule which will not allow connecting to those environments.

11. What are the tools you will use to create the Vnets?

    You can use the below tools to configure the Azure Vnets.
    • Azure portal
    • PowerShell
    • Azure CLI

12. Your customer has configured the policy-based routing but due to the issue, he wants to change to route based configuration in Azure VPN, how you can deliver the solution?

    Basically, the customer can’t change them or update their routing method directly as that is not supported by MS Azure. He must create the New connection use the method to route based on the new connection.
    • First, you need to delete the Route based connection
    • Delete the Gateway
    • Then you will recreate the connection using Azure Portal, CLI or PowerShell.

13. How to configure the static public IP address VPN gateway?

    Basically, it’s not supported by Microsoft and when you create the VPN gateway at that time dynamic IP address will automatically configure and that will change only when you will delete or recreate the VPN gateway.

14. What protocols are supported by Application gateway?

    It supports the HTTP, HTTPS, HTTP/2, and WebSocket

15. What is Azure Active Directory?

    Azure AD is cloud-based identity and access management services which will help to access the Azure resources like Azure subscription, Other Application. You can integrate Azure AD to O365, SharePoint Online, etc.

16. What is Azure Backup and what are the benefits of Azure Backup?

    Azure Backup is a cloud-based solution which will help you to take the backup of the Azure VM, PaaS SQLDB, file service, web apps etc.
    • It provides a hybrid solution to take the backup.
    • Storage will be managed automatically using Azure storage accounts and it doesn’t require any local storage like on-premises.
    • You can transfer the unlimited data and this data stored in encrypted format in Azure storage accounts.