There is a huge spear in preparing & getting certified in niche domains like Microsoft Azure & other cloud technologies as there are tremendous job opportunities across organizations & geographies. If you are one of them & looking for a career transition or building a fresh career in Microsoft Azure Technologies like Microsoft Azure Architect, here is you can go through the top 20 Interview Questions to help you prepare for an interview for the role as an Azure Architect.
This article will not only help you to test your preparation on Azure Architect Skills but also gives a good insight into the kind of questions asked by companies and can be expected during the interviews.
Here are top 20 Microsoft Azure Architect Interview Questions and Answers
Q1. You have been appointed as an Architect to design and deliver a highly available and scalable blogging application on Azure. Which are the services that you will choose and why?
Azure VMSS: Provides automated scale in and scale out facility of VMs whenever the load reaches the defined threshold of incoming requests, compute utilization, or memory utilization.
Azure Application gateway: Provides load balancing to distribute traffic equally and SSL offloading.
Azure blob storage provides storage for static files like images, GIF, and other media files.
Q2. You need to architect an application that accepts any type of blob files from the end-user, where the end-user should be able to share the files by generating time-based sharing links with other users. Which service and features will you choose?
Answer: Azure Blob Storage with shared access signatures
Q3. You have been assigned the task to architect a serverless application on Azure, what would be your approach in defining the solution?
Azure Functions are individual functions in a function app, an event-driven serverless compute platform that can also solve complex orchestration problems. Build and debug locally without additional setup, deploy and operate at scale in the cloud and integrate services using triggers and bindings.
Q4. You need to provide temporary access to Cosmos DB to your application, which component of Cosmos DB you will use?
If you want to provide other users temporary access to your Azure Cosmos DB account, you can do so by using the read-write and read access URLs.
Read-Write – When you share the Read-Write URL with other users, they can view and modify the databases, collections, queries, and other resources associated with that specific account.
Read – When you share the read-only URL with other users, they can view the databases, collections, queries, and other resources associated with that specific account. For example, if you want to share the results of a query with your teammates who do not have access to the Azure portal or your Azure Cosmos DB account, you can provide them with this URL.
Q5. Help me with the use cases about choosing a VMSS over a VM.
- Ease of creation and management of multiple VMs
- Makes application highly available and resilient
- Allows applications to meet demand changes and scale automatically
- Works at large scale
Q6. How SQL server is different from SQL managed instance
SQL Server provides features such as Dynamic Data Masking, Always Encrypted, Row-Level Security, Query Store, and more. However, Azure SQL Database was built on a database scoped configuration model and has certain limitations compared to on-premises SQL Server.
Though there is certain limitation like it cannot provides scaling up or down (online), no server configuration settings, cannot support cross-database transactions.
SQL Server can be used as a hyper-scale model where it provides elastic jobs, hyperscale architecture, Query Performance Insights (QPI), etc.
SQL managed instance can scale automatically, can deploy multiple instances of SQL Managed Instance in instance pools (preview) that can share the resources and can directly be implemented in VNet.
Q7. What is a SQL pool and how does it affect Synapse Analytics formerly SQL Date warehouse?
Azure Synapse Analytics is an analytics service that brings together enterprise data warehousing and Big Data analytics. Dedicated SQL pool refers to the enterprise data warehousing features that are available in Azure Synapse Analytics.
A dedicated SQL pool represents a collection of analytic resources that are provisioned when using Synapse SQL. The size of a dedicated SQL pool (formerly SQL DW) is determined by Data Warehousing Units (DWU).
Once your dedicated SQL pool is created, you can import big data with simple PolyBase T-SQL queries, and then use the power of the distributed query engine to run high-performance analytics. As you integrate and analyze the data, a dedicated SQL pool (formerly SQL DW) will become the single version of truth your business can count on for faster and more robust insights.
Dedicated SQL pool (formerly SQL DW) stores data in relational tables with columnar storage. This format significantly reduces data storage costs and improves query performance. Once data is stored, you can run analytics on a massive scale. Compared to traditional database systems, analysis queries finish in seconds instead of minutes or hours instead of days.
Q8. How is Azure Data lake storage different from Azure blob storage?
Blob storage excels at non-text-based files – database backups, photos, videos, and audio files. Whereas data lake I feel is a bit better at large volumes of text data. One would choose the Data Lake Store if using text file data to be loaded into my data warehouse.
Q9. In Azure DevOps, what will be the best practice of using dynamic variables for build pipelines?
By linking Variable Group with the build pipelines. Variable Groups is used to store pipeline-based variables and can be linked with Azure Key Vault.
Q10. You are the security administrator of your company’s Azure account. You review security recommendations for multiple subscriptions and need to enforce strict compliance for them. What would you recommend?
Answer: Create an initiative with built-in and custom policies for recommendations and assign the initiative at the management group scope. To create a compliance mechanism for multiple subscriptions, you should create an initiative and assign it to a management group for better management.
Q11. Your organization is running an on-prem ticketing system to receive server monitoring alerts. Your manager asks you to configure Azure monitoring in such a way that you can receive Azure alerts in your on-prem ticketing system. You install the Azure security Center agent in all the on-prem servers and configure the Azure monitor to send alerts to the on-prem ticketing system. Will it solve the purpose? Why?
Q12. What feature of Application Gateway provides Web App protection from common exploits?
Answer: Web application firewall
Q13. What Azure CLI command is used to create a new Azure AD user?
Answer: az ad user create
Q14. What PowerShell cmdlet is used to encrypt a managed disk in Azure?
Q15. You are consulting for an organization that has Azure AD Premium P1 licenses. The organization does not currently have any Azure resources or an Azure AD tenant. You are helping to design an Azure-based solution for the organization. Which service could you include in your design?
Answer: Azure AD Conditional Access.
Q16. You are architecting a web application that will use the Azure App Service. You need to include a monitoring solution within the design that can help you to analyze the user behaviour and the most popular features of your website. Which two items do you include within your design to meet these needs?
Answer: Add application insights instrumentation.
Q17. You have SQL Server on an Azure virtual machine named SQL1. You need to automate the backup of the databases on SQL1 by using Automated Backup v2 for the virtual machines. The backups must meet the following requirements:
- Meet a recovery point objective (RPO) of 15 minutes.
- Retain the backups for 30 days.
- Encrypt the backups at rest.
What would you recommend as part of the backup solution?
Answer: An Azure storage account is used for storing Automated Backup files in blob storage. A container is created at this location to store all backup files. The backup file naming convention includes the date, time, and database GUID.
Q18. You have a web app named WebApp1 that uses an Azure App Service plan named Plan1. Plan1 uses the D1 pricing tier and has an instance count of 1. You need to ensure that all connections to WebApp1 use HTTPS. What would you do first?
Answer: Scale-up Plan1.
Q19. You want to optimize the Dockerfile with better readability and maintenance and have decided to use Multiple Stage Builds. What are the considerations for having Multiple Stage Builds?
Answer: I will look for adopting Container Modularity, avoid including Application Data, avoid any unnecessary packages and choose an Appropriate Base. Multi-stage builds is a new feature requiring Docker 17.05 or higher on the daemon and client. Multistage builds are useful to anyone who has struggled to optimize Dockerfiles while keeping them easy to read and maintain.
Q20. Your company – XYZ Inc. uses Azure DevOps for the build pipelines and deployment pipelines of Java-based projects. You need to recommend a technique for managing technical debt. Which two actions would you recommend?
Answer: Configuring pre-deployment approvals in the deployment pipeline as analysis should be at the pre-deployment stage. Integrate Azure DevOps and SonarQube. SonarQube assesses technical debt.