ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-103 All Questions

View all questions & answers for the AZ-103 exam
Go to Exam

Exam AZ-103 topic 4 question 20 discussion

Actual exam question from Microsoft's AZ-103
Question #: 20
Topic #: 4
[All AZ-103 Questions]

You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1.
You need to ensure that you can configure a point-to-site connection from VNet1 to an on-premises computer.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Reset GW1.
  • B. Create a route-based virtual network gateway.
  • C. Delete GW1.
  • D. Add a public IP address space to VNet1.
  • E. Add a connection to GW1.
  • F. Add a service endpoint to VNet1.
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
B: A VPN gateway is used when creating a VPN connection to your on-premises network.
Route-based VPN devices use any-to-any (wildcard) traffic selectors, and let routing/forwarding tables direct traffic to different IPsec tunnels. It is typically built on router platforms where each IPsec tunnel is modeled as a network interface or VTI (virtual tunnel interface).
C: Policy-based VPN devices use the combinations of prefixes from both networks to define how traffic is encrypted/decrypted through IPsec tunnels. It is typically built on firewall devices that perform packet filtering. IPsec tunnel encryption and decryption are added to the packet filtering and processing engine.
Incorrect Answers:
D: Point-to-Site connections do not require a VPN device or a public-facing IP address.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/create-routebased-vpn-gateway-portal https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps
by jall at March 9, 2020, 4:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jall
Highly Voted 5 years, 2 months ago
It seem correct. "We do not support Point-to-Site for static routing VPN gateways or PolicyBased VPN gateways." https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal#can-i-have-site-to-site-and-point-to-site-configurations-coexist-for-the-same-virtual-network
upvoted 26 times
praveen97
4 years, 10 months ago
Agree with Jall.
upvoted 3 times
...
NickyDee
4 years, 4 months ago
Agreed. B+C
upvoted 1 times
...
...
Cloudyuga
Highly Voted 4 years, 12 months ago
Answer is right. Microsoft recommends :- Choose a route-based gateway if you intend to use point-to-site, inter-virtual network, or multiple site-to-site connections; if you are creating a VPN type gateway to coexist with an ExpressRoute gateway; or if you need to use IKEv2. Policy-based gateways support only IKEv1
upvoted 6 times
...
Shades
Most Recent 4 years, 10 months ago
For Point to site, you need to have Route based VPN Type for your gateway (Policy based will not work) , You dont need Public IP for Vnet , Public IP would be there on VPN Gateway, you dont need VPN device at client end All you need to set this up is 1) Route Based VPN Gateway 2) A public key (.cer ) root certificated uploaded in azure 3) Client cert installed on each client 4) Client VPN config. You have to specify the IP range of the client machines in the VPN Gateway, configure the tunnel , set the authentication. More details here: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
upvoted 6 times
...
chan4u
4 years, 10 months ago
Given answer is correct.
upvoted 4 times
...
JK2
4 years, 10 months ago
Yes indeed, B & C are correct.
upvoted 5 times
...
nfett
4 years, 11 months ago
documentation provided shows answer is correct.
upvoted 2 times
...
nick_name
5 years, 1 month ago
Public IP address: This setting specifies the public IP address object that gets associated to the VPN gateway. The public IP address is dynamically assigned to this object when the VPN gateway is created. The only time the Public IP address changes is when the gateway is deleted and re-created. It doesn't change across resizing, resetting, or other internal maintenance/upgrades of your VPN gateway. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago