Technical Lab: Choose an Azure Load Balancer SKU and tier
Questionsβ
Question 1 β Multiple Choiceβ
A platform team needs to expose a set of virtual machines for incoming traffic from the public internet, with support for load balancing rules based on TCP/UDP ports and protocols. The environment requires that the associated public IP address be of Standard type. Which Azure Load Balancer SKU is mandatory in this scenario?
A) Basic, as the Basic SKU supports Standard public IPs when explicitly configured.
B) Standard, as only the Standard SKU is compatible with Standard type public IPs.
C) Basic, as TCP and UDP support is independent of the chosen SKU.
D) Standard, but only if the backend pool contains more than 50 instances.
Question 2 β Technical Scenarioβ
An architect is designing a high availability solution across two Azure regions. The requirement is that the load balancer be capable of directing traffic globally, prioritizing the region closest to the client, and serving as a single entry point for backends distributed across multiple regions.
Client (global)
|
v
[Azure Load Balancer β ???]
|
+---+---+
| |
Region A Region B
Which combination of SKU and tier meets this requirement?
A) Standard SKU, Regional tier, with two independent instances configured manually.
B) Basic SKU, Global tier, as the Global tier is available for both SKUs.
C) Standard SKU, Global tier, as only this tier allows load balancing across regions.
D) Standard SKU, Regional tier, with Traffic Manager configured as a mandatory additional layer.
Question 3 β True or Falseβ
An Azure Load Balancer with Basic SKU supports availability zones, provided the backend pool consists exclusively of virtual machines belonging to a single Availability Set.
Question 4 β Technical Scenarioβ
During an architecture review, an engineer identifies the following configuration snippet of an existing Load Balancer:
SKU: Basic
Backend Pool: 2 VMs (vm-prod-01, vm-prod-02)
Health Probe: HTTP, port 80
Load Balancing Rule: TCP 443
Inbound NAT Rule: enabled
The team needs to add support for contractual guaranteed SLA and enable diagnostics via Azure Monitor with detailed metrics. What should be done?
A) Enable diagnostics directly on the Basic SKU, as Azure Monitor supports both SKUs equally.
B) Migrate to Standard SKU, as only it offers contractual SLA and complete integration with Azure Monitor.
C) Add a second Basic Load Balancer in parallel to distribute load and obtain implicit SLA.
D) Change the Health Probe to TCP, as the metrics limitation is associated with the probe protocol, not the SKU.
Question 5 β Multiple Choiceβ
When comparing the Basic and Standard SKUs of Azure Load Balancer regarding default security behavior for incoming traffic, which statement correctly describes the difference between them?
A) Basic SKU blocks all incoming traffic by default; Standard SKU allows open traffic until a Network Security Group is associated.
B) Standard SKU blocks all incoming traffic by default; Basic SKU allows open traffic without requiring a Network Security Group.
C) Both SKUs allow incoming traffic open by default, but Standard requires additional authentication.
D) Both SKUs block traffic by default and require NSG to allow any incoming flow.
Answer Key and Explanationsβ
Answer Key β Question 1β
Answer: B
The Standard SKU of Azure Load Balancer is the only one compatible with Standard type public IPs. The Basic SKU can only be associated with Basic type public IPs, which are a previous generation with fewer features and no support for availability zones. Attempting to associate a Standard IP with a Basic Load Balancer results in validation error during provisioning. Alternative D is a plausible distractor because it correctly mixes the Standard SKU with a false condition: the backend pool size does not determine compatibility with the public IP type.
Answer Key β Question 2β
Answer: C
The Global tier of Azure Load Balancer, available exclusively on the Standard SKU, is the functionality that enables load balancing across regions with a single entry point. It acts as a layer above regional Standard Load Balancers, routing traffic based on geographical proximity. The Basic SKU does not support the Global tier under any circumstances, making B incorrect. Alternative D describes a valid architecture for geographical routing, but uses Traffic Manager as a substitute, which is not the same as a Load Balancer with Global tier: Traffic Manager operates at the DNS layer, not at the transport layer.
Answer Key β Question 3β
Answer: False
The Basic SKU of Azure Load Balancer does not offer support for availability zones. Zone redundancy is an exclusive feature of the Standard SKU. The condition described in the statement (backend pool in a single Availability Set) does not change this behavior: Availability Sets and Availability Zones are distinct high availability mechanisms, and the presence of an Availability Set does not enable zone support in the Basic SKU. Confusing these two concepts is a common mistake that this question seeks to expose.
Answer Key β Question 4β
Answer: B
The Basic SKU does not offer a contractual SLA published by Microsoft nor complete integration with Azure Monitor for multidimensional metrics. The Standard SKU, on the other hand, provides a 99.99% SLA and exposes detailed metrics such as packet count, bytes per rule, and health probe status directly in Azure Monitor. Migration from Basic to Standard requires recreation or upgrade of the resource, as SKUs are not interchangeable in-place. Alternatives A and D are distractors that divert attention to peripheral configurations (probe protocol, Monitor configuration) without addressing the structural limitation of the SKU.
Answer Key β Question 5β
Answer: B
The Standard SKU adopts a closed security posture by default: all incoming traffic is blocked until a Network Security Group is explicitly associated with the subnet or NIC of the backends. The Basic SKU operates oppositely: incoming traffic is allowed by default, without requiring NSG. This behavior difference is critical in security projects, as a migration from Basic to Standard without prior addition of NSGs can interrupt production services immediately after transition. Alternative C is a distractor that invents a non-existent authentication mechanism in the context of Load Balancer SKUs.