ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-103 All Questions

View all questions & answers for the AZ-103 exam
Go to Exam

Exam AZ-103 topic 4 question 54 discussion

Actual exam question from Microsoft's AZ-103
Question #: 54
Topic #: 4
[All AZ-103 Questions]

HOTSPOT -
Your company has offices in New York and Los Angeles.
You have an Azure subscription that contains an Azure virtual network named VNet1. Each office has a site-to-site VPN connection to VNet1.
Each network uses the address spaces shown in the following table.

You need to ensure that all Internet-bound traffic from VNet1 is routed through the New York office.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
by jall at March 9, 2020, 9:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
InsaneCreep
Highly Voted 5 years, 2 months ago
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm Forced tunneling must be associated with a VNet that has a route-based VPN gateway. You need to set a "default site" among the cross-premises local sites connected to the virtual network. Also, the on-premises VPN device must be configured using 0.0.0.0/0 as traffic selectors.
upvoted 28 times
TinyTrexArmz
4 years, 10 months ago
My question is, can you have a VPN without a Local Network Gateway? From what I can tell, the answer is yes. So while the question establishes that there is a VPN between Azure and both of the offices it says nothing about having the Local Network Gateway configured already. Shouldn't the first step be to create the LNG (New-AzLocalNetworkGateway) before you you run Set-AzVirtualNetworkGatewayDefaultSite to set the default?
upvoted 1 times
TinyTrexArmz
4 years, 10 months ago
I found the answer to my question, and the answer is no. You have to specify the LNG in the last step in creating a site to site connection. So you would have had to complete that step already. Ref: https://docs.microsoft.com/en-us/archive/blogs/canitpro/step-by-step-configuring-a-site-to-site-vpn-gateway-between-azure-and-on-premise
upvoted 2 times
...
...
...
certificatores
Highly Voted 5 years, 2 months ago
first box is correct second box is 0.0.0.0
upvoted 14 times
Thi
4 years, 7 months ago
agree first box is correct second box is 0.0.0.0
upvoted 1 times
...
...
I
Most Recent 4 years, 3 months ago
Given answers are right.
upvoted 1 times
...
Thi
4 years, 7 months ago
first box is correct second box is 0.0.0.0
upvoted 1 times
...
jjkidd72
4 years, 9 months ago
Default site / All 0's
upvoted 1 times
...
kate00
4 years, 11 months ago
The answer is correct. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
upvoted 3 times
...
msg1021
5 years, 1 month ago
Forced tunneling must be associated with a VNet that has a route-based VPN gateway. You need to set a "default site" among the cross-premises local sites connected to the virtual network. Also, the on-premises VPN device must be configured using 0.0.0.0/0 as traffic selectors. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm 0.0.0.0 is correct for second
upvoted 10 times
jd1
5 years ago
You're correct, per the link you provided, the Microsoft Answer is 0.0.0.0. It might be worth noting that Microsoft is unique in its definition of "Traffic Selector"; its not fully compatible with Juniper (to whom both would be right answers), Cisco (where there is no such thing -- they're just negotiated peramaters), and others.
upvoted 2 times
...
Hanuman
4 years, 11 months ago
correct
upvoted 1 times
...
aka_tom
4 years, 9 months ago
so in the first question, regarding the script, it is correct right?
upvoted 1 times
...
...
wilmatic81
5 years, 2 months ago
0.0.0.0 is correct for second box https://www.checkyourlogs.net/the-case-of-configuring-forced-tunneling-in-azure-to-route-virtual-machine-traffic-back-through-an-on-prem-firewall-azure-azuresiterecovery/
upvoted 4 times
...
sapien45
5 years, 2 months ago
Forced tunneling must be associated with a VNet that has a route-based VPN gateway. You need to set a "default site" among the cross-premises local sites connected to the virtual network. Also, the on-premises VPN device must be configured using 0.0.0.0/0 as traffic selectors.
upvoted 3 times
...
jall
5 years, 3 months ago
https://docs.microsoft.com/en-us/powershell/module/azurerm.network/set-azurermvirtualnetworkgatewaydefaultsite?view=azurermps-6.13.0#description
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel