Author: zeusexam

How DNS WorksTo properly understand the various DNS services and features available in Azure, it is first necessary to understand how the domain name system works. In particular, it is important to understand the different roles played by recursive and authoritative DNS servers, and how a DNS query is routed to the correct DNS name…

Skill 4.3: Configure name resolution and load balancing Humans work with names, but computers prefer IP addresses. Fundamentally, DNS is about mapping names to IP addresses, making name-based rather than IP-based networking possible. Simplifying somewhat, a client makes a DNS query containing a domain name and receives a response containing the IP address for that…

Configure private endpoints for Azure servicesPrivate endpoints take the concept of service endpoints one step further. In the same scenario of a VM in subnet0 trying to communicate with a storage account, in addition to using a pri- vate IP address as the source IP address, the destination IP address will also be private. Private…

Configure service endpoints for Azure servicesBy default in Azure, PaaS services are accessible using a public endpoint that resolves to a public IP address. When a VM in a subnet accesses this service, for example a storage account, the network and routing from the VM translates the source IP to the IP of the VNet…

Deploy and configure Azure Bastion ServiceGenerally, you connect to remote virtual machines with either RDP or SSH. To do so, you either need to assign a public IP address (with the RDP/SSH port exposed) to the VM to which you are trying to connect, or you need to provision an additional jump server, assign a…

Create and configure an application security groupApplication security groups (ASGs) are separate objects that you create in your Azure subscrip- tion. You can think of an ASG like a group object in an identity system–members of the group have the permissions and access that are assigned to the group. ASGs work in a similar way—…

Associate NSG to a subnet or network interface NSGs are used to define the rules for how traffic is filtered for your IaaS deployments in Azure. You’ve learned how to create NSG resources and define the NSG rules. However, these NSGs, by themselves, are not effective until they are associated with a resource in Azure….

Create an NSG using the Azure portalTo create an NSG using the Azure portal, follow these steps: FIGURE 4-24 Creating a network security group using the Azure portal FIGURE 4-25 The NSG Overview blade, showing the inbound and outbound security rules FIGURE 4-26 Adding an inbound rule to allow HTTP traffic

Default rules All NSGs have a set of default rules. You cannot add to, edit, or delete these default rules. However, since they have the lowest possible priority, they can be overridden by other rules you create. The default rules allow and disallow traffic as follows: Table 4-5 shows the default inbound rules for each…