Azure Interview Questions and Answers

1. What is Cloud Computing?

Cloud computing is a term referred to storing and accessing data over the internet. It doesn't store
any data on the hard disk of your personal computer. In cloud computing, you are allowed accessing
data from a remote server.

2. What is Microsoft Azure?

Azure is a cloud computing platform which was launched by Microsoft in Feb 2010. It is a highly
flexible cloud platform that offers development, data storage, service hosting, and service
management.

3. Explain the Importance of the role and how many types of roles are available in Windows
Azure?

Roles are a very important concept in Windows Azure, and learning them is the base for further
programming.

Three types of roles in Windows Azure are:

 Web Role: It is used to deploy website by using langue which is supported by the IIS platform
customized to run the web apps.
 Worker Role: It helps you to execute the process that runs in the background by
 VM Role: It helps you to schedule the windows services and task.

4. What is Azure Virtual Machine?

Azure Virtual Machines are on-demand computing resources or virtual machines offering of Microsoft
Azure. We can typically use a VM as a service when required and shut down the system when not in
use. The Azure Virtual Machines are listed under Infrastructure as a service (IaaS) category in Azure.
With Azure Virtual Machines we get more control over the environment to customize the
development environment or hosting.
5. You have received an email from your company security team that a couple of VMs are
exposed to the internet, how to prevent that public access without interruption of any service?

In that case, you need to create the NSG and associate your VMs if there is no NSG. Now, block the
port 80/443 and allow only specific ports of azure which will fix the issue.
 Click on the VMs
 Click on the networking tab
 Click on the NSG
 Then create the Outbound deny rule for the internet.
6. You have a couple of VMs of 4 Core and 16GB. You need to upgrade VMs to 8 Core and 32
GB Ram since they are not performing well. So, what are the steps you will take?

You will go to specific VMs and perform the below steps.

 First, take approval from the Application Owner for downtime because it will automatically
reboot the VM.
 Go to each VM and Click on the Size
 Select the VM instance Size of 8 core 32 GB Ram VMs.
 Once you will select the specific Size, it will automatically start upgrading the instance.
 After that, you need to verify all the setting of the VMs and handover to application Owner if
activity completed successfully.
7. You have a couple of VMs running in Azure environments and you need to enable the
Availability set, how to do that?

No. It’s not possible to enable the AV set in running systems there is a limitation to it, if you want to
enable the same then you need to recreate the VMs and Add the Availability set to it.
8. Is it possible to enable the NSG in Vnet since you doesn’t want to enable it on VMs level?

It’s not possible to enable the NSG in Vnets but certainly, you can associate with Subnets which will
help you to reduce the manageability of your NSG.
9. What is NSG and How can you create the NSG?

NSG is nothing but its services will help you to allow or deny the specific port to communicate to your
services within subscription or outside of the subscription. It’ has inbound and outbound rules.
Inbound Rule: It defines the traffic coming from the internet to VMs or specific services or VMs.
Outboard Rules: It defines the traffic going to the internet from your VMs or specific services or VMs.
You need to follow steps to create the NSG and Associate to VMs.
 In All Services Search the NSG.
 Provide the Name, Location and Resource Group
 Click on the NSG and create the NSG.

10. Is it possible to host the VM in another region and connect to a different region?

Yes, you need to set up the interconnectivity while creation the V-net (Virtual Network) to V-net
(Virtual Network) connection between both the regions.

11. One of your clients escalated that his VM has been rebooted without intimating to him and
you need to know logs who has rebooted the VM, how can get the details.

In that case, Activity logs will help, as any activity happens in VMs through the portal, you will get a
log alerts store in the activity logs, so you will go to activity logs and found that who has rebooted the
VM and can share with clients after manager approval.
12. In your organization, you have some client who doesn't want to give the subscription
access, but they have given the PowerShell access, how you create the Storage account using
PowerShell?

New-AzureRmStorageAccount -ResourceGroupName azure4you -Name azureint234 -

SkuNameStandard_LRS -Location 'East Us'

13. How to tag the resources using a command?

You should use the below command lets to tag the resources.
Set-AzureRmResourceGroup -Name "Azure4you.com" -Tag @{Department="IT"}

14. What is the difference between Premium Storage Account and Standard Storage Account?

Premium Storage Accounts are backed by SSD Disk which provided the resilience and better
performance where standard Storage Accounts are backed by HDD (magnetic Disk) and Provides the
maximum IOPS up to 500.

15. What is the difference between Managed Disk and Unmanaged Disk?

Managed Disk: In Managed disk storage accounts creation/Management done on the backend. It will
help you on the scalability of storage accounts and backed by Standard/premium Tires.

Unmanaged Disk: Unmanaged disk are the disk which you will create the storage accounts. Create
the disk and Managed by you and you need to make sure you can’t exceed the Storage limit up 20K
IOPS while adding many disks which may throttled the VMs performance.

16. What is Site to Site VPN?

Azure Site to Site VPN will help you to connect to On-Premises Network to Azure Virtual Network
Over an IPsec/IKE (IKEV1/IKEV2) VPN tunnel. Basically, this connection required a VPN device which
public facing IP Address assigned to it.

17. A customer has Prod, Dev and Test environments. How to implement a solution that each
environment can’t connect to each other?

In that case, you can separate the environments while creating the different subnets for Prod, Dev,
Test environments and apply the NSG on each subnet with specific deny rule which will not allow
connecting to those environments.

18. What are the tools you will use to create the Vnets?

You can use the below tools to configure the Azure Vnets.
 Azure portal
  PowerShell
 Azure CLI

19. Your customer has configured the policy-based routing but due to the issue, he wants to
change to route based configuration in Azure VPN, how you can deliver the solution?

Basically, the customer can’t change them or update their routing method directly as that is not
supported by MS Azure. He must create the New connection use the method to route based on the
new connection.
 First, you need to delete the Route based connection
 Delete the Gateway
 Then you will recreate the connection using Azure Portal, CLI or PowerShell.

20. How to configure the static public IP address VPN gateway?

Basically, it’s not supported by Microsoft and when you create the VPN gateway at that time dynamic
IP address will automatically configure and that will change only when you will delete or recreate the
VPN gateway.

21. What protocols are supported by Application gateway?

It supports the HTTP, HTTPS, HTTP/2, and WebSocket

22. What is Azure Backup and what are the benefits of Azure Backup?

Azure Backup is a cloud-based solution which will help you to take the backup of the Azure VM, PaaS
SQLDB, file service, web apps etc.
 It provides a hybrid solution to take the backup.
 Storage will be managed automatically using Azure storage accounts and it doesn’t require any
local storage like on-premises.
 You can transfer the unlimited data and this data stored in encrypted format in Azure storage
accounts.
 One Word Answer

Q1: Assume that your manager consults you as an Azure Administrator to find a solution that
helps in distributing the different types of content to the customers globally with the highest
possible bandwidth. Which Azure solution will you suggest to your manager ?

Azure Content Delivery Network (CDN)

Q2: In one of your Azure related projects, you are consulted as an Azure administrator to
suggest an Azure solution that helps in creating Windows and Linux virtual machines from a
custom image that allows you to test your applications directly using your deployment
pipelines, with the ability to schedule the start and the shutdown of the virtual machines
automatically, minimizing the waste on the resources. Which Azure solution will you suggest in
order to achieve that ?

Azure DevTest Labs.

Q3: In one of your Azure related project tasks, you are requested to find an environment that
helps you to build a machine learning solutions using the previously existing machine learning
algorithms with the ability to test and deploy the project using the same tool. Which Azure
solution will you use ?

Azure Machine Learning Studio

Q4: Assume that the development team in your company consults you as an Azure
administrator to suggest an Azure solution that can be used to manage, scale, and orchestrate
the deployment of the container-based application that they have developed. Which Azure
solution will you suggest ?

Azure Kubernetes.

Q5: You have defined a number of Azure policies that aim to achieve a specific goal in your
Azure site. Which Azure solution will you use to organize these policies into one group and
makes it easier to manage it ?

Azure Initiative Definition.

Q6: You are planning to implement disaster recovery for your application that is hosted in
Azure. Which Azure concept will you consider to achieve that ?

Replicate your application in different Azure Regions.

Q7: If the development team of your company consults you to suggest an Azure service that
can be used to host the different parts of your web application. Which Azure service will you
suggest ?

Azure App Service.

Q8: As a proactive Azure administrator, which Azure tool will you use to deploy repeatable
resources to Azure in the most efficient way ?

Azure Resource Manager Templates.

Q9: You are planning to deploy several Azure Virtual machines to host your applications.
During the cost calculation phase, what are the two main factors that you will consider while
deploying your virtual machines to Azure with the least possible cost ?

The size of the virtual machine and the Azure region where we will deploy the virtual machine.

Q10: If you have an existing on-premises environment and you plan to move the whole
environment to Azure. Which tool you can use to estimate the cost of your on-premises
environment in Azure ?

Azure Total Cost of Ownership.

Q11: You are planning to build a policy to ensure that only the related team can deploy the
Virtual machines and configure them. Which Azure tool will you use to achieve that ?

Azure Role-Based Access Control.

Q12: You are planning to build a policy to ensure that the Virtual machine administration team
can deploy the Virtual machines with a specific size. Which Azure tool will you use to achieve
that ?

Azure Policies.

Q13: If you plan to prevent any user from deleting a specific Virtual Machine that you have
deployed. How could you achieve that ?

Using the Delete option of the Azure Locks.

Q14: Working as an Azure administrator, assume that you have deployed your applications to
Azure Virtual machines. How could you restrict the traffic into these Azure virtual machines to
be accepted only from specific sources ?

Azure Network Security Group (NSG).

Q15: You have defined a number of secrets and certificates to secure your Azure applications.
Where could you store and secure this critical information with the ability to import it from
your applications without the need to interact with the private key materials ?

Azure Key Vault.

Q16: How could you secure your applications in Azure against the attacks that overwhelm a
network resource by sending too many requests and makes the applications becomes slow or
unresponsive ?

Using Azure DDoS Protection.

Q17: Working as an Azure administrator, an engineer from the development team complains
that one of their virtual machines was shut down yesterday without notifying them. Where
should you look to identify who shut down that virtual machine ?

Look at the Azure Activity Logs.

Q18: If you plan to deploy one of your Azure virtual machines in a separate network segment.
How could you achieve that ?

Deploy the server to a separate virtual network (VNET).

Q19: In order to increase the availability of your company applications, you are requested to
find a solution that can be used to distribute the traffic to your backend Azure virtual machines
based on the attributes of the HTTP request received from the clients. Which Azure solution
will you use to achieve that ?

Azure Application Gateway.

Q20: Working as an Azure administrator, you are planning to configure an Azure solution that
can be used to detect the sensitive data in the emails and the documents and protect it using
labels. Which Azure solution can you use to achieve that ?

Microsoft Azure Information Protection