Azure is a cloud computing platform and service created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. As such, Azure has become a popular choice for organizations looking to take advantage of the scalability, reliability, and security offered by cloud computing. If you are preparing for an interview for an Azure-related role, it is likely that you will be asked a variety of technical questions about the platform. In this article, we will provide an overview of some of the top Azure interview questions that you may be asked, including questions about Azure services, architecture, security, and more.
You might be interested in Top 50 VMware Interview questions and answers of 2023.
Top 22 Microsoft Azure Interview Questions and Answers
The following are top 22 Microsoft Azure Interview questions and answers for 2023 that can help you to crack your Microsoft Azure Administrator interview.
1. What is Public, Private, and Hybrid cloud implementation with respect to Azure?
Public Cloud refers to when all components of an application or system are running on a cloud platform such as Azure.
Private Cloud: refers to when Azure services and features are used within an on-premises data center or when an on-premises data center is used to host an application or system.
Hybrid Cloud: refers to a combination of both public and private cloud, where some components of an application run on a cloud platform such as Azure and other components run on an on-premises data center.
Examples:
- A hospital management system running on Azure Web Apps and using a SQL Azure Database would be a Public Cloud implementation.
- A hospital management system running on a VM within an organization’s premises and using a SQL Server installed on a VM within the same premises would be a Private Cloud implementation.
- A hospital management system running on Azure Web Apps and using a SQL Server installed on a VM within an organization’s premises would be a Hybrid Cloud implementation.
Top of Form
Azure Services – Compute
This section highlights common questions about important azure services –
1. Cloud services
2. Azure Web Apps
3. Azure Virtual Machines
4. Difference between Cloud Services and Web Apps
2. What is Azure cloud service?
Azure Cloud Service is a service offered by Azure that is specifically designed for hosting web applications, background processing applications, and virtual machines for IaaS workloads. A Cloud Service in Azure is a container that holds applications and runs them. Web applications in Cloud Service are referred to as “Web Role” and background processing applications are referred to as “Worker Role”.
Each Cloud Service created in Azure provides a unique DNS name, such as “YourCloudServiceName.cloudapp.net”, that is used to access the web application over the internet. An Azure subscription can include multiple Cloud Services and each Cloud Service can contain multiple roles. Each role can run multiple instances (virtual machines) where the actual application is executed.
To develop an application for Cloud Service, Azure SDK is needed, which can be used to create a Cloud Service project in tools such as Visual Studio for .net or Eclipse for Java.
In-depth exploration:
A Cloud Service can include roles or standalone virtual machines. When web/worker roles are deployed in a Cloud Service, it becomes a PaaS offering. When virtual machines are created within a Cloud Service using the management portal, PowerShell, CLI, REST API, or Azure SDK, it becomes an IaaS offering.
3. What is the purpose of a cloud service configuration file (.cscfg)?
The .cscfg file is a configuration file that is used in every Cloud Service project. It is used to store information such as:
- The number of role instances to deploy for each role in the Cloud Service project
- The thumbprint of certificates used if any
- User-defined configuration settings This file enables changes in the production environment without causing downtime for the application.
In-depth exploration:
When changes are made to a web configuration file while a web application is running and active in IIS, the App Pool is restarted, and current user sessions are lost. For example, if a web application is hosted in IIS as a “desktop application”, saving the web.config file is similar to closing and reopening the desktop application. Therefore, if a configuration setting such as an Azure storage connection string is stored in the web.config file and the primary key of the storage account is regenerated for security reasons, the web.config file must be updated.
However, updating the web.config file will cause the App Pool to restart, resulting in application downtime. To avoid this, configuration settings can be stored in a file that is external to the application binaries and deployment package, so changes to it will not affect the running application. This is known as the External Configuration Store Design Pattern and the cloud service configuration file is the implementation of this pattern. The .cscfg file settings can be modified from the Azure portal, avoiding the need to redeploy the entire application.
This is the benefit of the cloud configuration file over the web.config file, as it is not bound to the application and changes made to it do not result in app pool restarts.
4. How to achieve zero downtime in cloud service deployments during upgrades and all hardware failures?
To achieve near-zero downtime, it is recommended to run at least 2 instances of each role within a Cloud Service. By having 2 or more instances running for a role, the deployment is automatically distributed across different fault and upgrade domains. This helps to ensure that if one instance experiences an issue, the others can take over and keep the application running.
In-depth exploration
A Fault Domain is a physical unit of failure. It is a set of hardware components such as computers and switches that share a single point of failure. A single point of failure is a part of a system that, if it fails, will cause the entire system to stop working.
Azure data centers are divided into multiple sections, which are treated as fault domains. These sections are designed in such a way that a failure in one fault domain is unlikely to affect any other fault domain. When deploying a service, the Azure Fabric Controller automatically locates the roles in at least two different fault domains to prevent a failure in one domain from affecting all instances of a service. This is why Azure recommends running at least 2 instances of each role so that Azure Fabric can place the application role instances in more than one fault domain to avoid failure.
Upgrade Domain is a logical unit of grouping role instances and does not exist physically. When there are 2 instances of a role running, each instance is treated as a different Upgrade Domain. This means when an upgrade of the guest OS, host OS or application update needs to be performed, only one Upgrade Domain-based instance is updated while the other Upgrade Domain-based instance continues to serve user requests. Once the upgrade of the first instance is completed, the second Upgrade Domain-based instance is updated, and so on. This way, at any point during the upgrade, at least one instance is alive and serving user requests, preventing downtime of the application.
5. What is the difference between Cloud Service “Role Instance VM” and “Cloud Service VM”?
The following table highlights important points about the difference between “Role Instance VM” and “Cloud Service VM”
In-depth exploration
- PaaS (Platform as a Service) means that you only focus on the application and data, while the cloud computing platform takes care of the rest. In the case of role instance VMs, users only deploy their application, and the underlying cloud platform manages the rest. IaaS (Infrastructure as a Service) means that the cloud platform only provides virtualization support and the rest is the user’s responsibility.
- Changes made to a VM in PaaS are not persistent. For example, if a text file is created on the C drive and the cloud service role is recycled due to hardware failure, the new VM allocated to the role instance will not have that text file. In IaaS, changes made to a VM are persistent.
- VM provisioned in role instances already have all prerequisites installed and configured for running an application. However, in the case of IaaS VM, you only get the VM with the OS, and the user is responsible for installing and configuring everything else, such as the .NET framework and IIS, for running a web application.
- Vertical scalability in PaaS means increasing the capacity of an existing VM, which requires redeploying the application and creating a new VM. However, the size of the role instance VM cannot be changed from the portal. In IaaS, the VM size can be directly changed from the portal.
- As role instances are a PaaS offering, and VM management is done by the cloud platform, horizontal scalability is unlimited, and the user does not have to create VMs in advance to support scalability. In IaaS, horizontal scalability is limited by the number of pre-configured VMs, and the user will have to create VMs with the same configuration.
6. What are the benefits, and advantages of cloud computing?
– Scalability
– Agility
– High Availability
– Pay as you go
– Moving from Capex to Opex
– Fault Tolerance
– High Response Time
– High Bandwidth
– Low Latency
Scalability refers to the ability of an application to handle a growing amount of work without degrading performance. There are two types of scalability: vertical scaling, which increases the capacity of existing hardware, and horizontal scaling, which increases the number of machines without increasing capacity.
Agility refers to the ability of a system to evolve as business changes. High availability refers to the amount of time an application is available to its users, and how well it can withstand common downtime scenarios.
Pay as you go is a benefit of cloud computing where users only pay for the resources they use, and billing is done on a per-minute basis.
Moving from Capex (Capital Expenditure) to Opex (Operational Expenditure) means shifting from investing in hardware to paying for operational costs on a monthly or yearly basis.
Fault tolerance is the ability of a system to continue operating at full capacity and fully functional in the event of failure of some of its components.
Microsoft Azure uses various replication and redundancy strategies to make its services and applications fault tolerant.
7. What is Microsoft Azure
Cloud computing is a concept that involves delivering computing services—including servers, storage, databases, networking, software, analytics, and intelligence—over the Internet (“the cloud”) to offer faster innovation, flexible resources, and economies of scale.
Microsoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers.
8. What is IaaS, PaaS and SaaS?
IaaS, PaaS, and SaaS are three categories of cloud computing services that organizations can use to develop and deploy applications.
IaaS, or Infrastructure as a Service, provides virtualized computing resources such as servers, storage, and networks as a pay-per-use service. Azure VM and VNET are examples of IaaS services.
PaaS, or Platform as a Service, abstracts developers from the underlying infrastructure, allowing them to build, test, and deploy applications without worrying about managing the hosting environment. Azure Cloud Services, Azure Web Apps, Storage, and SQL Azure Database are examples of PaaS services.
SaaS, or Software as a Service, is a fully-managed service that delivers applications over the internet, typically on a subscription basis. Examples of SaaS services include Office 365, Gmail, Salesforce.com, SharePoint Online, and CRM online.
In summary, IaaS, PaaS, and SaaS are three different types of cloud computing services. IaaS provides infrastructure services such as virtual machines and networking, PaaS provides a platform for developers to build and run applications without managing the underlying infrastructure, and SaaS provides ready-to-use applications that can be consumed by users. These services progressively abstract the management responsibilities of the user, with SaaS having the least amount of management required.
9. What is the best practice for achieving the High availability of applications running on Azure VM having web tier and DB tier?
To achieve high availability in Azure IaaS VMs, it is recommended to use Availability Sets with at least 2 instances of VMs and implement redundancy at both the web tier and DB tier.
For example, in a setup with an ASP.NET MVC web application and a SQL Server DB on Azure IaaS VMs, it is recommended to run the web application and database on separate VMs and add them to different Availability Sets. Azure’s platform will automatically place these VMs in different Fault and Update domains for added redundancy. Additionally, configuring a Load Balancer for the endpoint port used by the web application (usually port 80 for HTTP or 443 for HTTPS) and using a mechanism such as Log Shipping or Mirroring to keep data in sync between the DB VMs can further improve availability.
SQL Server Always On is also a highly recommended approach for HA at the DB tier if cost is not a concern.
10. What are the different types of Azure blobs and the differences between them?
Azure storage has two types of blob – Block, and Page.
11. What is the way to implement Caching/Session Management mechanism in Azure?
Azure Redis Cache is a commonly used caching mechanism in Azure that is available as a Platform as a Service (PaaS) option. It is an open-source, third-party service provider that does not require the creation of VMs or the configuration of infrastructure components. Redis Cache is more expensive than the SQL Server option but offers its own security layer, scalability, and high-availability options. It is available in three main offerings/tiers: Basic, Standard, and Premium. It is recommended for use in cloud-first applications rather than hybrid workloads/applications.
12. What is Azure Resource Manager (ARM) and what are the benefits of ARM over Classic services (Cloud Services)
Azure Resource Manager (ARM) is a deployment methodology used to deploy and manage Azure resources in a consistent and organized way. It allows for the deployment, management, and monitoring of all resources as a group, rather than individually. ARM is also template-driven, declarative, and idempotent, which makes it easy to repeatedly deploy your solution throughout the development lifecycle.
Additionally, it allows for the definition of dependencies between resources, so they are deployed in the correct order. ARM also has native integration with Role-Based Access Control (RBAC) for access control and allows for the application of tags to resources for the logical organization. Furthermore, it provides a way to track rolled-up costs for an entire group or a group of resources with the same tag.
13. What is Log Analytics (Operational Management Suite)?
Azure Log Analytics (formerly known as “Operational Insights”) is a service that provides a single dashboard for monitoring and analyzing logs from various sources, including IIS, storage, and infrastructure. It can also be used for on-premise, AWS, and OpenStack infrastructure, as well as traditional Windows and Linux virtual infrastructure in Azure. Log Analytics also allows for generating Power BI data sources and can be used for security and threat management. It is a paid service with three pricing tiers: Free, Standard, and Premium. It enables searching logs across infrastructure from a single dashboard and allows for exporting results.
14. What are the various ways by which an on-premises VM can be migrated to Azure?
One way to migrate an on-premises VM to Azure is to move the OS and data disks to Azure storage, and then provision a new VM using those disks. The method for doing this will depend on the virtualization platform used to host the original VM. For example, if the VM is on Hyper-V, the VHD file can be obtained directly, but if it is on a different platform, the disks may need to be converted to VHD format before uploading to Azure storage. Once the disk files are in Azure, a new VM can be created using them.
15. What is the difference between Table Storage and SQL Azure Table?
People may have trouble understanding the concept that “schema is not enforced on table storage.” To help clarify, a diagram can be useful in illustrating this scenario
In table storage, data is not required to conform to a specific schema, which means that records can have different formats. This is illustrated in the above diagram where the third record stores the date and time in a different format than the first two records. This flexibility is what is meant by “no schema enforced on the data.”
16. What is the difference between SQL Server on Azure VM and Azure SQL Database?
17. An application front end is hosted on Azure but due to security reasons, the customer wants the database to be hosted on-premises within his office building. What are the different ways to handle this connectivity scenario in Azure?
When connecting a single on-premises database machine to an Azure-hosted application, an Azure Virtual Network (VNET) based “Point-to-Site” connection may be an appropriate choice. This type of connection is ideal for creating a VPN link between a limited number of on-premises resources and Azure resources.
18. What are the other VNET options for achieving connectivity with on-premise and Azure resources?
Cross-premises connectivity can be achieved through various options such as Site-to-Site and Express Routes. Site-to-Site is a good option for connecting a large number of resources. However, using Site-to-Site or Point-to-Site connectivity may result in network latency as these features use the public infrastructure of the internet. To overcome this issue, Express Route can be used as it offers a dedicated leased line-based solution that reduces latency.
19. What is the option to connect to the premises Database in case a user is not willing to open up VNET-based connectivity?
When connecting to a database that is hosted on-premises, one solution is to create and host a WCF (Windows Communication Foundation) service on the same premises. This service can provide CRUD operations for the on-premises database. To allow an Azure-hosted web application to access this database, the Service Bus Relay feature can be used to invoke the on-premises WCF service. This approach eliminates the need for VPN connectivity and the use of Azure VNETs.
20. On-premises applications running a few windows services, and console applications to handle certain tasks. What should be the approach for migration of such applications to Azure?
There are several ways to migrate on-premises console applications and windows services to Azure:
- Azure VM: This is a virtual machine running in Azure, current on-premises console applications and windows services can be configured on this VM and it will function the way it did on-premises. However, managing the VM will be the responsibility of the user.
- Worker Role: If the current windows service is written in C# or any other Azure cloud service-supported programming language, it can be easily converted into a Worker role for processing. Being a PaaS offering, the user will not have to manage the role instance VM. However, scheduling may be tricky if that is a requirement for the background application being migrated.
- Web Jobs: This can run in the background and has scheduling capability as well. Web Jobs run in the context of API App service, meaning it runs on the same instance on which the web application or API app is running. This saves cost as compared to Worker Role and it can scale as per the App Service plan in which the web app or API app is running.
- Azure Functions: If you are looking for a Micro-service based architecture (loosely coupled application in all respects) then Azure functions is another way of doing it. Although it may not be cost-effective as web jobs, it follows the “Single Responsibility Principle” providing the true nature of loosely coupled applications.
21. What is the difference between the Storage queue and the Service Bus queue?
When comparing storage queues and Service Bus Queues, there are several key differences to consider.
- FIFO ordering: Storage queues do not provide a guarantee about the FIFO nature of messages, meaning the order in which messages are added to the queue may not be the same order in which they are received. On the other hand, Service Bus Queues provide FIFO ordering guarantees if “Message Sessions” are used.
- Message Sessions: By adding messages with a SessionID, an affinity is created and the order in which messages were added will be the same order in which they are received.
- Message Delivery Model:
- Storage Queue – At Least Once: Storage Queue uses “GetMessage” method and after processing calls “DeleteMessage” method. If any error is encountered during the processing of the message before calling the delete a message, then the message will reappear in the queue after the default time period of invisibility.
- Service Bus Queue – At Most Once: The “ReceiveAndDelete” method is used and the message is immediately marked as complete and deleted.
- Service Bus Queue – At Least Once: PeekLock method is used and the message gets locked, then “Complete” method can be called on the same message which marks the message for delete operation. If any error occurs while processing the message, it can re-appear again for the receive operation after the expiry of the lock period.
- Service Bus Queue – Exactly Once: Service Bus Queue supports automatic duplicate detection of messages based on MessageId, if the queue is created with duplication detection as true, then if 2 messages with the same MessageId are added to the queue, one of them automatically will get ignored.
Overall, Service Bus Queue provides more flexibility in terms of ordering and message delivery models but requires more configuration and management. Storage queues are more straightforward but may not provide the same level of guarantee.
22. What is the difference between Azure AD and Windows Server AD?
Conclusion
In conclusion, Microsoft Azure is a versatile and powerful cloud computing platform that offers a wide range of services for businesses and organizations of all sizes. Preparing for an interview on Azure can be challenging, but by familiarizing yourself with the most common interview questions and understanding their answers, you can increase your chances of success.
The top 22 Azure interview questions and answers outlined in this article cover a range of topics, including Azure services, pricing, security, and more. By reviewing these questions and their answers, you can gain a deeper understanding of Azure and be better prepared for your upcoming interview.