ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-301 All Questions

View all questions & answers for the AZ-301 exam
Go to Exam

Exam AZ-301 topic 6 question 34 discussion

Actual exam question from Microsoft's AZ-301
Question #: 34
Topic #: 6
[All AZ-301 Questions]

A partner manages on-premises and Azure environments. The partner deploys an on-premises solution that needs to use Azure services. The partner deploys a virtual appliance.
All network traffic that is directed to a specific subnet must flow through the virtual appliance.
You need to recommend solutions to manage network traffic.
Which two options should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Configure Azure Traffic Manager
  • B. Implement an Azure virtual network
  • C. Configure a routing table with forced tunneling
  • D. Implement Azure ExpressRoute
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
C: Forced tunneling lets you redirect or "force" all Internet-bound traffic back to your on-premises location via a Site-to-Site VPN tunnel for inspection and auditing.
This is a critical security requirement for most enterprise IT policies. Without forced tunneling, Internet-bound traffic from your VMs in Azure always traverses from
Azure network infrastructure directly out to the Internet, without the option to allow you to inspect or audit the traffic.
Forced tunneling in Azure is configured via virtual network user-defined routes.
D: ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. With
ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365.
Connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual cross-connection through a connectivity provider at a co- location facility. ExpressRoute connections do not go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, lower latencies, and higher security than typical connections over the Internet.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction
by marco1 at Jan. 29, 2020, 4:43 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Yanzhi
Highly Voted 5 years, 2 months ago
”Each correct answer presents a COMPLETE solution“, so answer is B) D)
upvoted 15 times
sourabh7257
4 years, 11 months ago
ExpressRoute does not look valid
upvoted 1 times
...
...
Shiven
Highly Voted 5 years, 1 month ago
Given Answers are correct: You need to ensure there is a connection between the on-premise setup and Azure. This can be established either via a Site-to-Site VPN connection or via ExpressRoute. You then need to configure forced tunneling to ensure the traffic flows via the virtual appliance.
upvoted 13 times
...
glam
Most Recent 4 years, 3 months ago
C. Configure a routing table with forced tunneling D. Implement Azure ExpressRoute
upvoted 1 times
...
azurecert2021
4 years, 4 months ago
given asnwer is correct as B is not going to be an option as the question says "partner deploys a virtual appliance". This means a VM has been deployed and it must have required the partner to create a VNET. That part is done. Now its about connecting and the only reasonable options are C & D below link BGP section has followign content to support express route. You can use user-defined routes for forcing traffic from the Express Route to, for example, a Network Virtual Appliance. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
upvoted 2 times
...
Jinder
4 years, 5 months ago
Answers will be B and C. They already added a NVA, and VNET is left to implement. And then the route definition will be required.
upvoted 2 times
...
sanketshah
4 years, 5 months ago
C and D are correct answer.
upvoted 3 times
...
Stbalo
4 years, 9 months ago
I will go with B & C since they already deployed Network Virtual Appliance (NVA).
upvoted 4 times
...
macco455
4 years, 9 months ago
Given answer is correct, if you don't use express route then there is no connection to the azure network from on prem as the question states now.
upvoted 2 times
...
GV13
4 years, 9 months ago
Given answer is correct
upvoted 2 times
...
aMaineCloud
4 years, 11 months ago
I'd pick B but the partner already deployed a virtual appliance which means there's already a VNET existing. C and D look valid but they are not compatible but also the questions says - You need to recommend SOLUTIONS to manage network traffic. Doesn't explicitly say each solution needs to work together. The questions further says - Which two OPTIONS should you recommend. Hence correct answers are C, D.
upvoted 4 times
...
Dragon
4 years, 11 months ago
Does not make sense to manage network traffic you will implement express route???
upvoted 1 times
dl84512
4 years, 11 months ago
Doesn't make sense to me either. It says "Each correct answer presents a complete solution." How does just having ExpressRoute by itself be able to route traffic?
upvoted 1 times
...
...
DeveshSolanki
5 years ago
given answer is correct.
upvoted 3 times
sourabh7257
4 years, 11 months ago
explain why given answer is correct.
upvoted 2 times
Yannor
4 years, 11 months ago
A and B can be discarded, since A makes no sense here and B should already be created since we already have a network appliance. Without more info, C and D are correct.
upvoted 2 times
...
...
...
akamal
5 years ago
The question is asking about suggestion two ways of managing network traffic and the only two available options are : Network traffic Routing table
upvoted 3 times
...
2cool2touch
5 years ago
B is not going to be an option as the question says "partner deploys a virtual appliance". This means a VM has been deployed and it must have required the partner to create a VNET. That part is done. Now its about connecting and the only reasonable options are C & D although it doesnt make sense how just forced tunneling can connect you without either ExpressRoute or VPN
upvoted 7 times
...
P0d
5 years ago
If we are using Express route so we don't need forced tunneling. Forced tunneling good at Site-to-site VPN. I think answer should be B.D
upvoted 2 times
...
Rajuuu
5 years, 1 month ago
Answer should be B and D… No specific reason to use ExpressRoute when an alternative Virtual Network APN is available.
upvoted 1 times
...
Rajuuu
5 years, 2 months ago
B and C is also a correct ..In fact , B. using VPN is more cost effect than using express route.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel