ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-720 All Questions

View all questions & answers for the AZ-720 exam
Go to Exam

Exam AZ-720 topic 5 question 53 discussion

Actual exam question from Microsoft's AZ-720
Question #: 14
Topic #: 5
[All AZ-720 Questions]

A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.

Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.

You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.

You discover that FlowLog1 is not reporting outbound flow traffic.

You need to resolve the issue with FlowLog1.

What should you do?

  • A. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.
  • B. Configure FlowLog1 for version 2.
  • C. Create the storage account for FlowLog1 as a premium page blob.
  • D. Enable FlowLog1 in a network security group associated with the subnet of VM1.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Kanoniermalri at March 14, 2023, 12:39 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
terawatt
1 year, 11 months ago
Selected Answer: D
If FastPath is enabled, traffic can bypass the ExpressRoute gateway. That's why enabling FlowLog1 in a network security group (NSG) associated with the subnet of VM1 is recommended (D). By doing so, you can ensure that outbound flows to virtual machines are captured, even if traffic bypasses the ExpressRoute gateway due to FastPath. This will be crucial for successful troubleshooting and resolving of the reported connectivity issues.
upvoted 1 times
...
cris_exam
2 years, 2 months ago
Selected Answer: D
D is the answer. "We don't recommend that you log flows on an Azure ExpressRoute gateway subnet because traffic can bypass that type of gateway (for example, FastPath). If an NSG is linked to an ExpressRoute gateway subnet and NSG flow logs are enabled, then outbound flows to virtual machines might not be captured. Such flows must be captured at the subnet or NIC of the VM." https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#network-security-group-on-an-expressroute-gateway-subnet
upvoted 1 times
...
MarshalLaw
2 years, 2 months ago
Selected Answer: D
I agree with feeeb due to the link explanation.
upvoted 1 times
...
feeeb
2 years, 2 months ago
Answer is D - https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#network-security-group-on-an-expressroute-gateway-subnet
upvoted 1 times
...
Kanoniermalri
2 years, 3 months ago
Selected Answer: C
incorrect, I go with C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel