Exam AZ-300 topic 16 question 13 discussion

A. Create a VPN gateway that uses the VpnGw1 SKU. B. Create a connection. C. Create a local site VPN gateway. We need to Gateway subnet also but since already Vnet1 is connecting to OnPrem via ExpressRoute so gateway subnet would already be existing. My answer is ABC

Possible answers: A. Create a VPN gateway that uses the VpnGw1 SKU. B. Create a connection. C. Create a local site VPN gateway. D. Create a gateway subnet. E. Create a VPN gateway that uses the Basic SKU. So that ExpressRoute and a Site-To-Site VPN can co-exists we can't use the Basic SKUs and therefor need to choose the "VpnGw1" SKU. Quote: "Basic SKU gateway is not supported. You must use a non-Basic SKU gateway for both the ExpressRoute gateway and the VPN gateway." Source: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager This means A. and not E. Also we need a gateway subnet for sure (with a subnet mask of /27 or shorter prefix, such as /26 or /25). So D. is correct as well. According to this https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager#new (see Step 5.) we also need to create a "local site VPN gateway". This leads us to => A. C. and D.

I think the correct answer would be ABC See https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager. Basic SKU gateway is not supported. You must use a non-Basic SKU gateway for both the ExpressRoute gateway and the VPN gateway.

VPN Gateway and Expressroute GW can coexist in the same Gateway Subnet (for failover for example). We already have Vnet, GWSubnet, and Express route. If we assume we are using the existing resources for VPN, we would move to use existing subnet, configure the LNG,(GwPIP), Virtual Network Gateway- type VPN (which is same as VPN GW), and a connection answer should be: • A. Create a VPN gateway that uses the VpnGw1 SKU. (assume we are using VPN and Express route on same gateway subnet) • B. Create a connection. (assume the question Local VPN decide is ready for connection) • C. Create a local site VPN gateway. (this should be same as Local Network GW specifying information for Local site VPN to which connection will be established)

The only issue I see with not creating a new gateway subnet is that it is not specifically stated what the CIDR is for the current one. We can guess they went by MS best practices and used a /27 which would be sufficient for the expressroute and S2S VPN to coexist on. SO the test questions would add that important piece of info to it I would imagine. Just something to think about.

I think the correct answer is ABC https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager check on the limitations.

A, C, D https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager

I will go for ABC as well because gateway subnet already exists and we need the VpnGw1 SKU to support the express route.

Create a gateway subnet. Create a VPN gateway that uses the Basic SKU. Create a connection. References: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

Correcting my previous post: Answer is A B and C The question doesn't specify how much S2S tunnels or Throughput is needed, just specify about costs, but we have to pay attention about the express route, which uses BGP. BGP routes are only supported from VpnGw1 SKU. Also, since it's to minimize costs, we can consider using the same network subnet gateway already in use. The answer is A, B and C From the options offered: Create a VPN Gateway that uses VpnGw1 SKU - A (Supports BGP, requirement for VPN over Express Route circuits) Create a local site VPN gateway - C Create a VPN Connection - Site to site - B https://docs.microsoft.com/en-za/archive/blogs/canitpro/step-by-step-configuring-a-site-to-site-vpn-gateway-between-azure-and-on-premise https://docs.microsoft.com/pt-br/azure/vpn-gateway/vpn-gateway-about-vpngateways#gateway-skus https://docs.microsoft.com/pt-br/azure/expressroute/expressroute-howto-linkvnet-arm https://docs.microsoft.com/pt-br/azure/expressroute/site-to-site-vpn-over-microsoft-peering

The question doesn't specify how much S2S tunnels or Throughput is needed, just specify about costs, but we have to pay attention about the express route, which uses BGP. BGP routes are only supported from VpnGw1 SKU. Also, since it's to minimize costs, we can consider using the same network subnet gateway already in use. The answer is A, D and E From the options offered: Create a VPN Gateway that uses VpnGw1 SKU - A (Supports BGP, requirement for VPN over Express Route circuits) Create a local site VPN gateway - C Create a VPN Connection - Site to site - B VPN Gateway basics supports Site to site or vnet to vnet conections up to 10 tunnels https://docs.microsoft.com/en-za/archive/blogs/canitpro/step-by-step-configuring-a-site-to-site-vpn-gateway-between-azure-and-on-premise https://docs.microsoft.com/pt-br/azure/vpn-gateway/vpn-gateway-about-vpngateways#gateway-skus https://docs.microsoft.com/pt-br/azure/expressroute/expressroute-howto-linkvnet-arm https://docs.microsoft.com/pt-br/azure/expressroute/site-to-site-vpn-over-microsoft-peering

See also here: https://www.examtopics.com/discussions/microsoft/view/4580-exam-az-103-topic-11-question-8-discussion/ https://www.examtopics.com/discussions/microsoft/view/15903-exam-az-103-topic-4-question-9-discussion/

If Express Route was installed then it means we have already Gateway and Gateway subnet on VNET it's connected. So as it's basic VNET GW, for S2S connection we need VPNGW SKU, then we will need to create A:VPNGW sku, then C: Local gateway network and create a B: connection. So answer will be ABC

my answers is BCE (Basic GTW to minimize costs). GTW subnet must exist because of expressroute

AnujD s correct.answer is A,B,C. D is not correct as Express route and VPN GW will use same Gateway subnet. Basic SQU doesnt support Express route and VPN Gw coexistence

A, C, D