ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-103 All Questions

View all questions & answers for the AZ-103 exam
Go to Exam

Exam AZ-103 topic 4 question 9 discussion

Actual exam question from Microsoft's AZ-103
Question #: 9
Topic #: 4
[All AZ-103 Questions]

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using
Azure ExpressRoute.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Create a gateway subnet.
  • B. Create a VPN gateway that uses the Basic SKU.
  • C. Create a connection.
  • D. Create a local site VPN gateway.
  • E. Create a VPN gateway that uses the VpnGw1 SKU.
Show Suggested Answer Hide Answer
Suggested Answer: ABC 🗳️
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
by Aunehwet79 at March 9, 2020, 6:50 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Aunehwet79
Highly Voted 5 years, 3 months ago
Hold up - this is a trick question. For an Express Route Connection, VNET 1 must already be configured with a gateway subnet so we don't need another one. VNet1 connects to your on-premises network via ExpressRoute so... - Create a local site VPN Gateway - Create a VPN Gateway that uses VpnGwl SKU - Create a Connection Does that sound right?
upvoted 75 times
Milk
5 years, 1 month ago
Yup, that sounds about right. atleast at a higher level. The link the solution provided in the answer - [once scrolled down], shows "Sku- vpngw1", the [diagram] also shows Site-to-Site vpn . ----Diagram of S2S: [VPN-Gateway] >> [VPN Tunnel] >> [On-Prem Site] --------Express Route: [Client Network] >> [Partner Edge / primary & Secondary ExpressRouteCcircuit] >> MS-Edge [[ O365,Dynamics, Azure public IPs] + Azure Private peering to VNs]] if The Questions says: " Oh look, we have a [mofoking] Express-route [ to access O365, apps, azure VNs] but we about to implement a S2S Vpn big-dawg..." , what should we do daddy? ( Humor to prevent me from falling asleep). [ CDE ] - According to the S2S diagram ~ higher level if you remember the Sku-vpngw1 specs [ ABC ] - not really, since there's an express route... there should already be a subnet... unless you need to create a new subnet, the basic-SKU might not be "hefty" enough for an on-prem building... might need to elaborate more...on like numbers
upvoted 9 times
lavermil
4 years, 11 months ago
CDE is correct. See the following link to prove this. https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager
upvoted 1 times
...
...
...
jall
Highly Voted 5 years, 3 months ago
For a site2site VPN, you need a local GW, a gateway subnet, a VPN GW, and a connection between local an VPN GW. However, when an ExpressRoute is used, the VNET must already have a gateway subnet, so is not needed. Basic SKU is not a valid option since VPN Gateway for ExpressRoute needs BGP routing Answer should be: C. Create a connection D. Create a local site VPN E. Create a VPN Gateway that uses VpnGw1 SKU https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways#gwsub https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#planningtable https://docs.microsoft.com/en-us/azure/expressroute/site-to-site-vpn-over-microsoft-peering#termination
upvoted 39 times
praveen97
4 years, 11 months ago
Agree with jall. Answer is CDE
upvoted 2 times
...
...
JayBee65
Most Recent 4 years ago
B is clearly wrong, since "he GatewaySku is only supported for VpnGw1, VpnGw2, VpnGw3, Standard, and HighPerformance VPN gateways. ExpressRoute-VPN Gateway coexist configurations are not supported on the Basic SKU" - from https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager
upvoted 1 times
...
BuckLee
4 years, 6 months ago
from this article below it is CDE: "Basic SKU gateway is not supported. You must use a non-Basic SKU gateway for both the ExpressRoute gateway and the VPN gateway." https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager#:~:text=Limits%20and%20limitations,-Transit%20routing%20is&text=You%20cannot%20route%20(via%20Azure,gateway%20and%20the%20VPN%20gateway.
upvoted 1 times
...
samrevuri
4 years, 7 months ago
CDE is the correct answer
upvoted 1 times
...
Thi
4 years, 7 months ago
C. Create a connection D. Create a local site VPN E. Create a VPN Gateway that uses VpnGw1 SKU
upvoted 1 times
...
Azure4Jahid
4 years, 8 months ago
It seems that Basic VPN Gateway also supports S2S VPN Connection. So Answer B is Correct. Ref: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsku A & C is also Correct. D is not correct as there is already express route is configured hence the Local SubNet Gateway is already exist.
upvoted 2 times
...
X_L
4 years, 9 months ago
Basic-tier Gateways do not support ExpressRoute coexistence; additionally, Virtual Gateway is already in place, deployed when ExpressRoute was setup. The answer is therefore C,D,E.
upvoted 2 times
...
Loma
4 years, 9 months ago
Hang on. VNET1 was already connected to on-premise by ExpressRoute. Then the question is about how to configure Vnet1 to connect to on-premise (AGAIN) using site-to-site VPN and minimize cost? Basic SKU is the cheapest Azure VPN GW (0.04$/hour). VPNGw1 (answer E) is $0.19/hour which is more expensive, and equal "Standard VNet Gateway" which is the cheapest SKU of ExpressRoute ($0.19/hour). All in all, my understanding of this question is, admin will get rid of Express Route, then use site-to-site VPN instead, as cheapest as possible. hence the answer is BCD (subnetgateway can be reused).
upvoted 2 times
...
Lains2019
4 years, 9 months ago
For a site to site VPN, you need a local gateway(D), a gateway subnet(A), a VPN gateway(E), and a connection(C) to connect the local gateway and the VPN gateway. That would be four answers in this question. However, the question states that VNet1 connects to your on-premises network by using Azure ExpressRoute. For an ExpressRoute connection, VNET1 must already be configured with a gateway subnet(A) so the answer should be C, D, E. https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager?toc=/azure/vpn-gateway/toc.json https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsku https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager?toc=/azure/vpn-gateway/toc.json
upvoted 1 times
...
bnair
4 years, 10 months ago
Answer is A,C,D,E (all four not just three) You need a gateway subnet (of the type VPN and not of type expressroute) You need a gateway (which is not of basic sku) You need a local gateway (with public IP) You need to initiate a connection. Basically if you are using expressroute as well as S2S IPsec tunneling, your VNET would have two gateways one of the type expressroute and other of the type VPN.
upvoted 1 times
bnair
4 years, 10 months ago
https://docs.microsoft.com/en-us/azure/vpn-gateway/design?toc=/azure/virtual-network/toc.json#V2V
upvoted 1 times
...
...
Kallandor
4 years, 10 months ago
According to this explanation (https://vceguide.com/which-three-actions-should-you-perform-228/), answers are CDE: For a site to site VPN, you need a local gateway, a gateway subnet, a VPN gateway, and a connection to connect the local gateway and the VPN gateway. That would be four answers in this question. However, the question-states that VNet1 connects to your on-premises network by using Azure ExpressRoute. For an ExpressRoute connection, VNET1 must already be configured with a gateway subnet so we don’t need another one.
upvoted 1 times
...
Ayexco
4 years, 10 months ago
How many gateway subnets can you create in a Vnet
upvoted 1 times
...
Ravihonnagiri
4 years, 11 months ago
Answers are right. You need a VPN gateway as VPN type will be expressroute if you are thinking of reusing expressroute vpn. Also, to minimize cost, you use basic sku. Connection as usual needed. So A,B,C is right
upvoted 3 times
...
CarrieJ
4 years, 11 months ago
It is so confusing!
upvoted 2 times
...
AzExam2020
4 years, 11 months ago
C,D,E Create local VPN, Create VPN GW1 Create connection
upvoted 1 times
kubinho
4 years, 9 months ago
How you will create VPN GW withou gateway subnet ?
upvoted 1 times
...
...
YPR
4 years, 11 months ago
I will also vote for C D E
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel