InterviewLesson 10 of 10

Interview Preparation

Focused Azure networking interview kit with beginner, intermediate, and scenario-based questions. Scenario responses are emphasized because they are critical in architecture and DevOps interviews.

Beginner Questions

Core Concepts

What is a VNet in Azure?

A logically isolated private network in Azure used to connect and secure resources.

What is the difference between private and public IP?

Private IP is internal and non-internet-routable. Public IP is internet-routable.

Why do we use subnets?

To segment workloads and apply targeted routing/security controls.

What does an NSG do?

It filters traffic at subnet or NIC level based on allow/deny rules.

What is Azure DNS?

Managed DNS hosting service for authoritative public DNS zones in Azure.

Intermediate Questions

Design and Operations

When choose Application Gateway instead of Azure Load Balancer?

Choose Application Gateway for HTTP-aware routing, SSL offload, and WAF. Use Load Balancer for L4 TCP/UDP distribution.

How does VNet peering differ from VPN Gateway?

Peering is private Azure backbone VNet-to-VNet connectivity. VPN Gateway is encrypted tunnel, typically hybrid or VNet-to-VNet over gateway constructs.

What causes subnet IP exhaustion?

Undersized CIDR planning, high autoscale growth, and hidden consumers like private endpoints.

Front Door vs Traffic Manager?

Front Door is global HTTP/HTTPS reverse proxy at edge. Traffic Manager is DNS-based endpoint selection.

Why use private DNS zones with private endpoints?

To resolve service names to private IPs and keep traffic off public internet paths.

Scenario-based Questions (Very Important)

Architecture Scenarios

Design secure traffic flow for internet users accessing web app with private database.

Internet -> Front Door/App Gateway + WAF -> web subnet -> app subnet -> DB private endpoint in data subnet. Apply NSG allow-lists tier by tier, deny-by-default, and private DNS for DB resolution.

VM is reachable by ping internally but app port is unreachable from another subnet.

Likely NSG or guest firewall issue. Validate destination port rule priority and effective NSG. Confirm app process binds to correct interface/port and route path is correct.

Global users report high latency from one region only.

Check global routing policy in Front Door/Traffic Manager, backend health, and region-specific app gateway/LB health. Consider failover policy and regional scaling.

After enabling private endpoint for storage, app suddenly fails.

DNS likely still resolves to public endpoint. Validate private DNS zone records and VNet links, then flush DNS cache and retest connectivity path.

Company migrating to Azure requires low latency and compliance for ERP traffic.

Use ExpressRoute for private deterministic connectivity, segmented VNets/subnets, centralized firewall in hub, and strict route governance for regulated traffic paths.

Rapid Revision Checklist

Know all 4 traffic services and when to use each.
Be able to draw hub-and-spoke with NSG + firewall controls.
Understand private endpoint + private DNS dependency.
Have a clear troubleshooting sequence for connectivity incidents.
Explain trade-offs: cost, complexity, latency, and security.

Summary

Strong interview performance comes from clear traffic-flow reasoning. State assumptions, explain why one service is chosen over another, and always include troubleshooting thinking in your answer.

PreviousTroubleshooting Back to Course Home