Deepen your understanding of Azure networking with this quiz focusing on virtual networks, subnets, and peering concepts. Ideal for learners aiming to grasp key networking components, secure network design, and connectivity strategies within cloud environments.
Which component in Azure networking allows you to create logically isolated networks within the cloud platform?
Explanation: A Virtual Network (VNet) enables you to create private, logically isolated networks in the cloud. Virtual Switch (vSwitch) is a term more commonly used in virtualization platforms, not cloud networking. Public DNS Zone manages DNS records and does not provide network isolation. Cloud Gateway is related to connectivity, not the creation of isolated networks.
When you create a subnet inside a VNet, which of the following must you specify?
Explanation: Every subnet in a VNet must have a unique IP address range that falls within the VNet's address space. Assigning a security group is optional and handled separately. Peering connections are for linking VNets, not setting up subnets. An internet gateway is an external connectivity feature, not a subnet requirement.
If no custom routes are defined, how do virtual machines inside the same subnet communicate with each other?
Explanation: By default, all resources within the same subnet can communicate with each other without extra configuration due to the default routing. No explicit internet gateway is necessary for internal subnet traffic. Peering is used between VNets, not for communication within a subnet. The statement about being isolated is incorrect in this context.
Which scenario prevents successful VNet peering between two VNets?
Explanation: VNets with overlapping address spaces cannot be peered because address conflicts would occur, making routing ambiguous. Having multiple subnets in a VNet does not prevent peering. VNets in different regions can still be peered using global peering features. DNS server settings are independent of peering eligibility.
What happens to traffic between resources in peered VNets by default?
Explanation: By default, VNet peering enables resources to communicate over a private network without routing data through the public internet. No external VPN appliance is needed for peering traffic. Traffic may not be encrypted by default unless encryption is explicitly enabled. User-defined routes are optional and not required for basic peering communication.
Which two Azure resources can a network security group (NSG) be directly associated with?
Explanation: A network security group (NSG) can be applied to subnets and network interfaces to control inbound and outbound traffic. A VNet and cloud gateway are high-level or connectivity resources, not direct targets for NSG association. Public IP, DNS zone, routing table, and VM disk are not valid for NSG assignment.
If you define a subnet with the address range 10.0.0.0/29, how many usable IP addresses does it provide?
Explanation: A /29 subnet provides 8 IP addresses, but 3 are reserved for network protocols, so only 5 can be used by resources. The option '8' is wrong because it overlooks reserved addresses. '6' and '4' do not properly calculate the available IPs after reservation.
Which method allows private communication between two virtual networks in the same or different regions?
Explanation: VNet peering is the designed method for enabling private connectivity between two VNets regardless of region. Public NAT gateways provide outbound internet access, not private connectivity. Load balancer frontends are for traffic distribution, not network joining. Blob endpoints relate to storage, not network communication.
Why might you place front-end web servers and back-end database servers in separate subnets within a VNet?
Explanation: Separating resources into subnets allows you to apply specific security policies using network security groups. Splitting subnets does not inherently increase data transfer speed. DNS suffix assignments are unrelated to subnetting decisions for security. Subdividing does not reduce the overall VNet address space.
Which CIDR block can be used as a valid address space when creating a new VNet?
Explanation: 10.1.0.0/16 is a valid private address space as defined by RFC 1918. 250.10.0.0/16 is not a valid address range due to invalid octet values. 192.168.500.0/24 is incorrect because 500 exceeds the valid range for an octet (0-255). 172.32.0.0/8 is outside the designated private address range (172.16.0.0 - 172.31.255.255).