ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-700 All Questions

View all questions & answers for the AZ-700 exam
Go to Exam

Exam AZ-700 topic 3 question 40 discussion

Actual exam question from Microsoft's AZ-700
Question #: 40
Topic #: 3
[All AZ-700 Questions]

You have two Azure virtual networks in the East US Azure region as shown in the following table.



The virtual networks are peered to one another. Each virtual network contains four subnets.

You plan to deploy a virtual machine named VM1 that will inspect and route traffic between all the subnets on both the virtual networks.

What is the minimum number of IP addresses that you must assign to VM1?

  • A. 1
  • B. 2
  • C. 4
  • D. 8
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by _fvt at April 7, 2023, 12:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jonav94
Highly Voted 1 year, 9 months ago
Selected Answer: A
I think it must be 1, both vnets are peered so we don't need to add an IP from each vnet.
upvoted 8 times
galahad
1 year ago
I agree with jonav94 since both vnets are peered one IP on the VM should be good enough.
upvoted 1 times
...
...
Patel777
Most Recent 1 month ago
Selected Answer: B
Azure does not allow a VM with only one NIC in VNet1 to directly route/inspect traffic for VNet2, even if they're peered.
upvoted 1 times
...
evangelist
11 months, 3 weeks ago
Selected Answer: A
peered so one IP can access both networks
upvoted 3 times
...
Lazylinux
1 year, 5 months ago
Selected Answer: A
A is the answer This is really typical silly MS question nothing but confusing!! If vNET networks are period than both networks can communicate free with each other via th Microsoft Backbone NOT gateway and they only way to control resource access from one Vnet to another is via NSG. The only time you will need a Gateway is when you have on-Prem access requirements from Peered vNETS than ONLY one vNET can have gateway and other uses it as transit point to on-prem. Also all subnets within the same vNET can communicate free with each other So having 1 VM inspect and route traffic between all the subnets on both the virtual networks DOES NOT MAKE SENSE but anyway it requires 1 IP but if the vNETs were NOT peered than the VM acts as router and in that case 2 IPs
upvoted 4 times
y0eri
1 year ago
You can associate multiple NICs on a VM to multiple subnets, but those subnets must all reside in the same virtual network (vNet).
upvoted 1 times
...
cerifyme85
11 months, 1 week ago
Each VNEt has 4 subnet.. so i am guessing the only way to get the vnets in each subnet to talk to vnet2, when PEERED (no nsgs required), would mean to attach UDRs to all subnets in both vnets to go through the NVA vm1.. so it invalidates ur comments above.. But I do agree microsoft just looking for anyway trip you up in these questions
upvoted 1 times
...
...
Kipper_2022
1 year, 8 months ago
Selected Answer: A
agree with Jonav94
upvoted 1 times
...
_fvt
1 year, 10 months ago
Selected Answer: A
https://learn.microsoft.com/en-us/azure/firewall/firewall-faq#can-azure-firewall-forward-and-filter-network-traffic-between-subnets-in-the-same-virtual-network-or-peered-virtual-networks Can Azure Firewall forward and filter network traffic between subnets in the same virtual network or peered virtual networks? Yes. However, configuring the UDRs to redirect traffic between subnets in the same VNET requires additional attention. While using the VNET address range as a target prefix for the UDR is sufficient, this also routes all traffic from one machine to another machine in the same subnet through the Azure Firewall instance. To avoid this, include a route for the subnet in the UDR with a next hop type of VNET. Managing these routes might be cumbersome and prone to error. The recommended method for internal network segmentation is to use Network Security Groups, which don't require UDRs.
upvoted 4 times
MrBlueSky
1 year, 10 months ago
This link and answer are completely irrelevant to the question being asked. The question asks about setting up a VM to perform this traffic inspection, not an Azure Firewall. The VM would function as a Network Virtual Appliance (NVA). NVAs are frequently configured as Firewalls using third party OS (Barracuda, Palo Alto, Cisco, etc), but this doesn't make it an Azure Firewall. This should be easily doable with a single IP on the NIC attached to the VM that will be configured as an NVA. Answer = 1
upvoted 10 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel