20 Questions
What is the significance of selecting a customer-managed key for Azure VM disks?
Once selected, you cannot switch back to a platform-managed key.
Explain the difference between Service-managed keys and Customer-Managed Keys in Azure Key Vault.
Service-managed keys are convenient with low overhead, while Customer-Managed Keys offer full control over the keys.
What is the purpose of Service-managed keys in customer-controlled hardware (host your own key - HYOK) in Azure Key Vault?
To allow managing keys in a proprietary repository.
Describe the characteristics of an Azure VM under the 'Compute Optimized' category.
Ideal for CPU-intensive workloads in medium-scale environments.
In which scenario would you choose a 'Memory Optimized' Azure VM?
When you need higher memory compared to CPU.
What type of workload is best suited for an Azure VM categorized as 'Storage Optimized'?
Large transactional databases and Big Data scenarios.
Explain the purpose of General Purpose Azure VMs.
Suitable for small to medium-scale development environments.
What level of control do Customer-Managed Keys provide in Azure Key Vault?
Full control over the keys, including support for bringing your own key or generating new ones.
Why is it important to carefully consider the choice between customer-managed and platform-managed encryption keys for Azure VM disks?
Because once a choice is made, it is irreversible.
What are the implications of managing keys in a proprietary repository using 'Service-managed keys in customer-controlled hardware' in Azure Key Vault?
The setup is complex and not widely supported across Azure services.
What is the purpose of Accelerated Networking in Azure VMs?
Improves VM networking performance by bypassing the virtual switch between the host VM and the physical switch
How does Azure Disk Encryption secure Azure VMs?
Utilizes BitLocker to encrypt both OS and data disks
What are Network Security Groups (NSGs) used for in Azure?
Act as networking filters with security rules controlling inbound and outbound traffic
Explain the role of Application Security Groups (ASGs) in Azure.
Enable defining network security policies based on workloads, allowing for grouping virtual machines and securing applications based on trusted segments of your network
How can you troubleshoot connectivity or application access issues in Azure VMs?
Redeploying the VM
What is the purpose of Placement Groups in Azure?
Allow creating scale sets of up to 1,000 instances
Explain the benefits of having multiple network interfaces in Azure VMs.
Enables functions like network and security functions, network isolation, and bandwidth isolation
How does changing VM sizes post-deployment work in Azure?
Relatively straightforward, but the new size must be supported on the current hardware cluster
What are the different source types when creating a new managed disk in Azure?
Snapshot, Storage Blob, or None
How does Azure utilize Virtual Machine Scale Sets?
Enable scaling VMs up/down and in/out based on demand, with features like load balancers and availability sets
Test your knowledge of Azure Key Vault and encryption options for Azure Virtual Machine (VM) disks. Learn about customer-managed encryption keys (CMK) and the implications of selecting a customer-managed key over a platform-managed one. Explore different server-side encryption models like service-managed keys and customer-managed keys.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
