ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-103 All Questions

View all questions & answers for the AZ-103 exam
Go to Exam

Exam AZ-103 topic 4 question 52 discussion

Actual exam question from Microsoft's AZ-103
Question #: 52
Topic #: 4
[All AZ-103 Questions]

HOTSPOT -
You have an on-premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
You need to create a site-to-site VPN. The solution must ensure that is a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: 4 -
Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET.
The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below.


Box 2: 2 -
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections.

Box 3: 2 -
Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
by weinzij at March 12, 2020, 1:28 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
certificatores
Highly Voted 5 years, 3 months ago
1 -1 -2 It should be 1 Virtual network gateway (in active/stand-by mode as they can tolerate 2 minutes interruption), so one Azure IP as well. And 2 Local network Gateways. The IPs for these 2 local network gateways are not Azure IP, they are VPN device IPs. so answers is: 1-1-2
upvoted 46 times
FrancisFerreira
5 years, 3 months ago
Why 2 local network gateways? On Azure, you would need only 1. You will need 2 on your onprem env.
upvoted 1 times
FrancisFerreira
5 years, 3 months ago
Nevermind. It is 1, 1, 2. Found my own mistake.
upvoted 3 times
macco455
5 years ago
The local network gateways corresponding to your VPN devices must have unique public IP addresses in the "GatewayIpAddress" property. Thus this would require 1 Public IP per LNG thus rendering certificatores and FrancisFerreira wrong for the first part which would be 3 Public iPs, 1 for each LNG and 1 for the active instance
upvoted 1 times
billyshah
4 years, 10 months ago
We are not counting public IP from on-prem side as part of this question. LGW are only allocated with the on-prem public IP and are not Azure Public IP. Hence - 1,1,2
upvoted 1 times
...
...
...
...
Bl4ck
4 years, 10 months ago
Correct, see https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal#LocalNetworkGateway When creating the Local Network gateway in Azure it says: "IP address: This is the public IP address of the VPN device that you want Azure to connect to." So the IP's of the local gateway are not Azure Public IP's and the question is about what resources you need in Azure.
upvoted 2 times
...
nitazure
4 years, 5 months ago
referring doc this ans is correct
upvoted 1 times
...
NotMeAnyWay
2 years, 11 months ago
2 IPs, 1 VPN Gateway, 2 Local Network Gateways. Here's Why: 1. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#multiple-on-premises-vpn-devices 2. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways **This a Multiple On-Premis Device setup** 1. The MS docs specify: for every on-premis VPN device you need a Local Network Gateway. As there are two on-premis VPN devices you need two Az Local Network Gateways. 2. The MS docs also says for every Local Network Gateway you need a unique Public IP address. Therefore 2x Local Network Gateways = 2x Pubic IPs. ("The local network gateways corresponding to your VPN devices must have unique public IP addresses in the "GatewayIpAddress" property.") 3. There is only one vNET in the question, a vNET can have only one VPN Gateway, but it can have multiple connections. Therefore only 1 Az VPN Gateway required.
upvoted 1 times
...
...
weinzij
Highly Voted 5 years, 3 months ago
2 2 2 Just Azure IP addresses are counted
upvoted 30 times
...
MatAlves
Most Recent 1 year, 4 months ago
"Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections. The switch over will cause a brief interruption. For planned maintenance, the connectivity should be restored within 10 to 15 seconds. For unplanned issues, the connection recovery is longer, about 1 to 3 minutes in the worst case. " 1- LG 1- Only 1 ip in AZURE 2 - 2 LNG but NOT AZURE ip required.
upvoted 1 times
MatAlves
1 year, 4 months ago
1-> VNG* (not LG) 1-> Only 1 ip in AZURE 2 ->2 LNG but NOT AZURE ip required.
upvoted 1 times
...
...
stillface
2 years, 9 months ago
Box 1: 4 - 2 IPs for the on premises gateway and 2 IPs for Azure VPN Gateway - they are 2 instances - 1 for the active and 1 for passive instance Box 2: 1 - Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections. So, you need only 1 Azure VPN GW Box 3: 2 - There is 2 devices OnPrem, so you need 2 IPs.
upvoted 2 times
...
tkt7744
4 years ago
Active standby may take upto 3 minutes to recover.....need active/active in this case. Answer is correct
upvoted 2 times
...
I
4 years, 4 months ago
Given answer is correct.
upvoted 1 times
...
Hardikm007
4 years, 5 months ago
4-2-2 is correct. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell
upvoted 1 times
...
Thi
4 years, 8 months ago
2:2:2 as question is about for azure side not for on prem
upvoted 1 times
takethisplease247
4 years, 7 months ago
Try this: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable We can using a simple scheme - 2 on-prem GW + 1 azure vpn GW (active/passive mode because as MS says "For unplanned issues, the connection recovery will be longer, about 1 minute to 1 and a half minutes in the worst case"). So, why can't we use 1,1,2?
upvoted 3 times
...
...
arshadnazir
4 years, 8 months ago
1, 1, 2
upvoted 1 times
...
IsaacTeh
4 years, 8 months ago
1 - need one vpn gateway 2 - with two public ip address assigned to two server for HA purpose. solution to solve single point of failure. 1 - local gateway from on-prem side to form the tunnel.
upvoted 1 times
...
jjkidd72
4 years, 10 months ago
If On-Prem not counted here, it should be 2-2-2.
upvoted 1 times
...
hstorm
4 years, 10 months ago
In azure you will have to create 1: Virtual Gateway consisting of an active and a passive node sharing 1: Public IP that has to be created... The above 1: Virtual Gateway will be configured to connect to 2:Local Gateways that has to be created in Azure but offcourse resides on-prem... Answer must be 1,1,2 https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#multiple-on-premises-vpn-devices
upvoted 3 times
...
Gizdagyerek
4 years, 11 months ago
The answer is without any doubt 1 1 2. As a few folks already explained it.... C'on guys, it's not that hard!
upvoted 4 times
paulosrsf
4 years, 11 months ago
The question states that ''..ensure that if a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails...''. If it is considering a failure on Azure VPN Gateway, we need to have two of them. So, 2-2-2. Two VPN Gateways, two IPs, two local gateways.
upvoted 2 times
Atilgen
4 years, 11 months ago
You need to create multiple S2S VPN connections from your VPN devices to Azure. When you connect multiple VPN devices from the same on-premises network to Azure, you need to create one local network gateway for each VPN device, and one connection from your Azure VPN gateway to each local network gateway.
upvoted 2 times
...
_syamantak
4 years, 11 months ago
No @paulsrsf . Each Azure VPN Gateway has two instances. If configured in Active-Passive way, only one gateway should be enough. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#multiple-on-premises-vpn-devices so Answer should be : 1 Public IP at Azure side (which can failover to the passive instance.) 1 VPN gateway 2 LN Gateway
upvoted 5 times
_syamantak
4 years, 10 months ago
For those who are counting two PIPs for LNGs. Please refer - https://docs.microsoft.com/en-gb/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#lng ""You give the local network gateway a name, the public IP address of the on-premises VPN device, and specify the address prefixes that are located on the on-premises location. " So these IPs actually belong to On-Prem VPN Devices 1PIP, 2 LNG, 1 VPN Gateway is the answer
upvoted 3 times
...
...
...
...
Fala_Fel
4 years, 11 months ago
1 1 2 important that the question specifies "required in Azure" Looking through the comments I'm going for Virtual Network Gateways (in Azure) - 1 (will have active and standby) Local Network Gateways (in Azure) - 2 (to point to the 2 OnPrem VPNs) The main disagreement is how many Public IP's that particular solution would need. People that go for 3 IP's are thinking the LNG needs Public IP's in Azure, which I reckon it doesn't, you just enter in the On Prem Public IP in Azure. So Azure itself only needs 1 Public IP Local Network Gateways on the azure side just need to specify "the public IP address of the VPN device that you want Azure to connect to" https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
upvoted 6 times
...
Ausias18
4 years, 11 months ago
The answer is: 2, 2, 2 it is just asking for public IPs in Azure
upvoted 1 times
...
kopper2019
5 years ago
I've configure this for a Customer using an A/A VPN Gateway and: VNG uses 2 public IPs. each for each active VM thst makes the Virtual Network Gateway J can have 2 VNG since each VNG is attached with one vNet and 2 local network gateways since each LNG needs the public onpremises IPs so: 2 Public IPs will be generated for VNG 1 VNG 2 Local Network Gateways
upvoted 1 times
kopper2019
5 years ago
If I read this Active Active is not required https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections. The switch over will cause a brief interruption. For planned maintenance, the connectivity should be restored within 10 to 15 seconds. For unplanned issues, the connection recovery will be longer, about 1 minute to 1 and a half minutes in the worst case. For P2S VPN client connections to the gateway, the P2S connections will be disconnected and the users will need to reconnect from the client machines. so it would be 1 1 2
upvoted 3 times
kopper2019
5 years ago
important I thinking about PIP generated in Azure which is only one if you count the PIP from VPN onpremises that would be 3 and the answer would be: 3 1 2 but not sure if the answer wants me to take into account the PIP from the VPNs on premises
upvoted 1 times
Sten111
5 years ago
The question says 'in Azure' so I dont think the on prem VPN PIP would be counted in this case
upvoted 2 times
...
LTTAM
4 years, 12 months ago
The scenario specifically says "... in AZURE." So it only wants the answers on the AZURE end. So it would be one (1) PIP and one (1) VPN GW. The wording can either make or break your answers for the exam.
upvoted 1 times
...
...
Hanuman
5 years ago
Correct
upvoted 1 times
...
...
...
jacyang
5 years ago
1 2 2 should be right answer. 1 Public IP for 2 active-standby GWs; 2 Local network gateways for two on-perm VPNs;
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel