ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-700 All Questions

View all questions & answers for the AZ-700 exam
Go to Exam

Exam AZ-700 topic 1 question 26 discussion

Actual exam question from Microsoft's AZ-700
Question #: 26
Topic #: 1
[All AZ-700 Questions]

Case Study -

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.


To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.


Overview -

Litware, Inc. is a financial company that has a main datacenter in Boston and 20 branch offices across the United States. Users have Android, iOS, and Windows 10 devices.


Existing Environment -


Hybrid Environment -

The on-premises network contains an Active Directory forest named litwareinc.com that syncs to an Azure Active Directory (Azure AD) tenant named litwareinc.com by using Azure AD Connect.

All offices connect to a virtual network named Vnet1 by using a Site-to-Site VPN connection.


Azure Environment -

Litware has an Azure subscription named Sub1 that is linked to the litwareinc.com Azure AD tenant. Sub1 contains resources in the East US Azure region as shown in the following table.



A diagram of the resource in the East US Azure region is shown in the Azure Network Diagram exhibit.

There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and Vnet3. Currently, Vnet2 and Vnet3 cannot communicate directly.


Azure Network Diagram -




Requirements -


Business Requirements -

Litware wants to minimize costs whenever possible, as long as all other requirements are met.


Virtual Networking Requirements -

Litware identifies the following virtual networking requirements:

• Direct the default route of 0.0.0.0/0 on Vnet2 and Vnet3 to the Boston datacenter over an ExpressRoute circuit.
• Ensure that the records in the cloud.litwareinc.com can be resolved from the on-premises locations.
• Automatically register the DNS names of Azure virtual machines to the cloud.litwareinc.com zone.
• Minimize the size of the subnets allocated to platform-managed services.
• Allow traffic from VMScaleSet1 to VMScaleSet2 on the TCP port 443 only.


Hybrid Networking Requirements -

Litware identifies the following hybrid networking requirements:

• Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely. Connections must be authenticated by Azure AD.
• Latency of the traffic between the Boston datacenter and all the virtual networks must be minimized.
• The Boston datacenter must connect to the Azure virtual networks by using an ExpressRoute FastPath connection.
• Traffic between Vnet2 and Vnet3 must be routed through Vnet1.


PaaS Networking Requirements -

Litware identifies the following networking requirements for platform as a service (PaaS):

• The storage1 account must be accessible from all on-premises locations without exposing the public endpoint of storage1.
• The storage2 account must be accessible from Vnet2 and Vnet3 without exposing the public endpoint of storage2.


You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.

Which two actions should you include in the solution? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A. On the peering from Vnet1, select Allow for Traffic forwarded from remote virtual network.
  • B. On the peerings from Vnet2 and Vnet3, select Allow for Traffic forwarded from remote virtual network.
  • C. On the peering from Vnet1, select Use the remote virtual network's gateway or Route Server.
  • D. On the peering from Vnet1, select Allow for Traffic to remote virtual network.
  • E. On the peerings from Vnet2 and Vnet3, select Use the remote virtual network's gateway or Route Server.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
by derp12352 at Aug. 15, 2023, 8:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
azure_dori
Highly Voted 1 year, 9 months ago
Selected Answer: BE
Here are my 2 cents about this question: 1. The correct answer is: BE. 2. The justification is as follows: - E IS obviously an answer because without it the requirements cannot be met. - D is NOT an answer, because: The case study says that "There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and Vnet3." This means that "Traffic to remote virtual network" is already allowed for Vnet1<...>Vnet2 and Vnet1<...>. - C is a total nonsense. - B IS an answer, because Vnet1 contains the VPN gateway that forwards the traffic between Vnet2 and Vnet3. - A is NOT an answer, because Vnet2 and Vnet3 don't have VPN gateways so they cannot forward traffic to Vnet1. Documentation: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering?tabs=peering-portal#create-a-peering https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
upvoted 12 times
...
Enarsi_Guru
Most Recent 3 weeks, 4 days ago
Selected Answer: BE
Too much yapping and yet the question is so simple
upvoted 1 times
...
1322d93
1 month ago
Selected Answer: AE
what do they mean 'remote virtual network'? On premises?
upvoted 1 times
...
Feliphus
5 months, 4 weeks ago
INHO, I propose this correct answer, you need A-D-E-F to allow the connection between Vnet2 and Vnet3. F is a new option to complete the answer - A. On the peering from Vnet1, select Allow for "Traffic forwarded" from remote virtual network. - D. On the peering from Vnet1, select Allow for "Traffic to" remote virtual network. - E. On the peerings from Vnet2 and Vnet3, select Use the "remote" virtual network's gateway or Route Server - F. On the peering from Vnet1, select Use "this" virtual network's Gateway or Route Server
upvoted 1 times
...
620b351
7 months, 3 weeks ago
The correct answer is A & E.
upvoted 2 times
...
Eddie_Sli
9 months, 2 weeks ago
AE is the correct answer
upvoted 3 times
...
SKachroo
1 year, 4 months ago
Selected Answer: AE
A: will allow vnet 2 and 3 to send data to vent 1
upvoted 3 times
...
Lazylinux
1 year, 6 months ago
Selected Answer: BE
Agreed BE What we need is traffic to go from vnet2&3 to on-prem and come from on-prem to vnet2&3 hence B address allowing traffic from on-prem to reach vnet 2 and 3 E address allowing traffic to flow from vnet2&3 to on-prem
upvoted 1 times
...
hogehogehoge
1 year, 6 months ago
I think this answer is correct. Because vnet1 transfer the traffic from vnet2 and vnet3 to Datacenter.
upvoted 2 times
...
bp_a_user
1 year, 7 months ago
The correct answer ist DE. " Select Allow gateway in 'vnet-1' to forward traffic to 'vnet-2' if you want vnet-2 to receive traffic from vnet-1's gateway/Route Server. vnet-1 must contain a gateway in order for this option to be enabled." " Select Enable 'vnet-1' to use 'vnet-2' remote gateway if you want vnet-1 to use vnet-2's gateway or Route Server. vnet-1 can only use a remote gateway or Route Server from one peering connection. vnet-2 has to have a gateway or Route Server in order for you to select this option. " from here https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering?tabs=peering-portal
upvoted 3 times
bp_a_user
1 year, 7 months ago
...and here a concrete example: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit
upvoted 1 times
bp_a_user
1 year, 7 months ago
BE i mean
upvoted 4 times
...
...
...
bp_a_user
1 year, 7 months ago
we have here a hub-spoke toplogy: why is no NAV/Firewall required?
upvoted 2 times
bp_a_user
1 year, 7 months ago
I mean NVA
upvoted 2 times
...
...
derp12352
1 year, 9 months ago
BE E is obvious. Vnet 2 and 3 need to use Vnet 1's virtual network gateway. A would allow Vnet1 to receive traffic from Vnet2 & Vnet3 that don't originate from those VNETs. Review the tooltips on the vnet peering page. It would read "This setting allows forwarded traffic from Vnet2/Vnet3 (traffic not originating from Vnet2/Vnet3) into Vnet1." You don't need that. What you do need to allow is the other way so we need B. Vnet2 and Vnet3 need to allow on premise traffic that comes over the peering connection from Vnet1.
upvoted 3 times
Feliphus
5 months, 4 weeks ago
IMHO You would B, if you would have another Vnets in cascade, for example, named Vnet2b or Vnet3b peered to Vnet2 or Vnet3 respectively
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago