Skill 3.3 - Configure VMs

Questions and Answers

What is the significance of selecting a customer-managed key for Azure VM disks?

Once selected, you cannot switch back to a platform-managed key.

Explain the difference between Service-managed keys and Customer-Managed Keys in Azure Key Vault.

Service-managed keys are convenient with low overhead, while Customer-Managed Keys offer full control over the keys.

What is the purpose of Service-managed keys in customer-controlled hardware (host your own key - HYOK) in Azure Key Vault?

To allow managing keys in a proprietary repository.

Describe the characteristics of an Azure VM under the 'Compute Optimized' category.

Ideal for CPU-intensive workloads in medium-scale environments.

In which scenario would you choose a 'Memory Optimized' Azure VM?

When you need higher memory compared to CPU.

What type of workload is best suited for an Azure VM categorized as 'Storage Optimized'?

Large transactional databases and Big Data scenarios.

Explain the purpose of General Purpose Azure VMs.

Suitable for small to medium-scale development environments.

What level of control do Customer-Managed Keys provide in Azure Key Vault?

Full control over the keys, including support for bringing your own key or generating new ones.

Why is it important to carefully consider the choice between customer-managed and platform-managed encryption keys for Azure VM disks?

Because once a choice is made, it is irreversible.

What are the implications of managing keys in a proprietary repository using 'Service-managed keys in customer-controlled hardware' in Azure Key Vault?

The setup is complex and not widely supported across Azure services.

What is the purpose of Accelerated Networking in Azure VMs?

Improves VM networking performance by bypassing the virtual switch between the host VM and the physical switch

How does Azure Disk Encryption secure Azure VMs?

Utilizes BitLocker to encrypt both OS and data disks

What are Network Security Groups (NSGs) used for in Azure?

Act as networking filters with security rules controlling inbound and outbound traffic

Explain the role of Application Security Groups (ASGs) in Azure.

Enable defining network security policies based on workloads, allowing for grouping virtual machines and securing applications based on trusted segments of your network

How can you troubleshoot connectivity or application access issues in Azure VMs?

Redeploying the VM

What is the purpose of Placement Groups in Azure?

Allow creating scale sets of up to 1,000 instances

Explain the benefits of having multiple network interfaces in Azure VMs.

Enables functions like network and security functions, network isolation, and bandwidth isolation

How does changing VM sizes post-deployment work in Azure?

Relatively straightforward, but the new size must be supported on the current hardware cluster

What are the different source types when creating a new managed disk in Azure?

Snapshot, Storage Blob, or None

How does Azure utilize Virtual Machine Scale Sets?

Enable scaling VMs up/down and in/out based on demand, with features like load balancers and availability sets