ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-103 All Questions

View all questions & answers for the AZ-103 exam
Go to Exam

Exam AZ-103 topic 4 question 47 discussion

Actual exam question from Microsoft's AZ-103
Question #: 47
Topic #: 4
[All AZ-103 Questions]

You have an Azure subscription named Subscription1 that contains two Azure virtual networks named VNet1 and VNet2. VNet1 contains a VPN gateway named
VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1.
On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1.
You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2.
You need to ensure that you can connect Client1 to VNet2.
What should you do?

  • A. Select Allow gateway transit on VNet2.
  • B. Enable BGP on VPNGW1.
  • C. Select Allow gateway transit on VNet1.
  • D. Download and re-install the VPN client configuration package on Client1.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
by jall at March 9, 2020, 8:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Exam103
Highly Voted 5 years, 3 months ago
Correct answer is D The problem states that you have created the point-to-site VPN before you configured peering. Clients using Windows can access directly peered VNets, but the VPN client must be downloaded again if any changes are made to VNet peering or the network topology. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
upvoted 29 times
certificatores
5 years, 3 months ago
where did you see "before" statement? how do you make sure, these actions are done in a lineer order? I did not see the question mentioning that.
upvoted 1 times
nazimb
5 years, 3 months ago
the question is sneaky, the peering was setup after teh point-to-site vpn was was setup, hence re-installing the VPN client is the corrrect answer
upvoted 2 times
...
...
FrancisFerreira
5 years, 3 months ago
Okay... But in this case, how is it that S2S works just fine?
upvoted 2 times
Shades
4 years, 11 months ago
S2S is working indicating that Gateway Transit is already set up. Only thing remains to to download & install the VPN client again
upvoted 1 times
MorningStar
4 years, 3 months ago
NO it is not implied .Gateway Transmit is used with allow remote gateway . These two are used together to grant access to resources that are not directly not in contact with azure ( here Vnet)
upvoted 1 times
...
...
...
...
c677212
Highly Voted 5 years, 2 months ago
this answer seems correct, since your on prem network can reach vnet2 means that "Allow Gateway transit" is already enabled.
upvoted 11 times
...
Gatospazialle
Most Recent 4 years, 5 months ago
Correct If we consider the statement - You verify that you can connect to VNet2 from the on-premises network - this clear A,B,C out of the scope, because we already have it ok with the S2S connection. So something is on Client1 that need to be fixed.
upvoted 2 times
...
hstorm
4 years, 10 months ago
Clients using Windows can access directly peered VNets, but the VPN client must be downloaded again if any changes are made to VNet peering or the network topology. Non-Windows clients can access directly peered VNets. Access is not transitive and is limited to only directly peered VNets.
upvoted 1 times
...
bnair
4 years, 10 months ago
This question is wrong; VPN gateway uses static routing (non BGP). So the access would be limited to vnet1 for S2S as well. Transit routing is possible only if you enable BGP. First you need to enable BGP, then reinstall client config.
upvoted 2 times
...
LTTAM
5 years ago
Folks, the answer is correct (D). Please read this link. The documentation states it - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing "Clients using Windows can access directly peered VNets, but the VPN client must be downloaded again if any changes are made to VNet peering or the network topology. Non-Windows clients can access directly peered VNets. Access is not transitive and is limited to only directly peered VNets."
upvoted 8 times
...
PM2
5 years ago
If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again in order for the changes to be applied to the client.
upvoted 2 times
...
Cloudyuga
5 years, 1 month ago
Answer C is correct..if there are any changes made in VPN at Azure VN ..need to reinstall VPN client on client side
upvoted 1 times
...
Navo27
5 years, 1 month ago
Static Routes are not supported for Point to Site connections For the Resource Manager deployment model, you must have a RouteBased VPN type for your gateway. For the classic deployment model, you need a dynamic gateway. We do not support Point-to-Site for static routing VPN gateways or PolicyBased VPN gateways. https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about
upvoted 3 times
...
P0d
5 years, 2 months ago
First I also though that it's a C but after c677212's answer everything goes ok. As explained in question that you can connect to VM2 from on premises which means you already have VP1 transit configured.
upvoted 2 times
...
mjq
5 years, 2 months ago
So is it C or D... have C but don't understand why re-installing client would solve anything.
upvoted 1 times
Sheru
5 years, 2 months ago
Bcz thats in the documentation https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing Specifically, this section. "Clients using Windows can access directly peered VNets, but the VPN client must be downloaded again if any changes are made to VNet peering or the network topology."
upvoted 4 times
Cloudyuga
5 years, 1 month ago
Yes ur correct Sheru..
upvoted 1 times
...
...
...
Nikunj
5 years, 2 months ago
The answer should be C: We want to traverse from : ClientVM -> VNET1 -> VNET2 For this, we need to, first of all, allow Gateway transit on Vnet1 which will traverse the request from ClientVM to VNET2 and vice-versa. Post that we can download the VPN client and connect to the VNET2. Official Documentation: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit
upvoted 1 times
...
Mdshah
5 years, 3 months ago
Correct answer is C Select Allow gateway transit on VNet1. Coz it uses peering not vpn gateway between vnets https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
upvoted 3 times
TinyTrexArmz
4 years, 10 months ago
For me, "You verify that you can connect to VNet2 from the on-premises network." tells you that it is not a network issue, but instead, the problem lies in the VPN side with this specific computer. It would be helpful if they told you just how you verified that you could connect to VNet2.
upvoted 1 times
...
...
jall
5 years, 3 months ago
Correct. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
upvoted 8 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel