Correct Answer: C and E

Answer in proper order: E, C

C and E is right

Answer E,C P2S client doesn't have fixed IPs. Policy based on combinations of prefixes from both networks to define how traffic is encrypted/decrypted through IPsec tunnels.

Answer is E & C When you create the virtual network gateway for a VPN gateway configuration, you must specify a VPN type. The VPN type that you choose depends on the connection topology that you want to create. For example, a P2S connection requires a RouteBased VPN type. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings. If you want to use a PolicyBased VPN type, you must use the Basic SKU. PolicyBased VPNs (previously called Static Routing) are not supported on any other SKU. PolicyBased Basic VPN Gateway does not support Point-to-Site connectivity. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-skus-legacy.

C. Create a route-based virtual network gateway D. Add a connection to GW1

Answer is C and E ( Order does not matter as this is not drag and drop question) The policy type VNG does not support Point to Site VPN . You cant have 2 VNG in the same VNET . So the existing policy-based VNG must be deleted so you can create a route based VPN

Policy-based virtual network gateways are typically used with certain firewall devices and support a specific type of VPN configuration. They do not support point-to-site connections. Wouldnt we need a point-to-site connection from an on-premises computer to VNet1, and so we will need to use a route-based virtual network gateway instead. So C and D

OpenAI "To configure a point-to-site connection from an on-premises computer to VNet1, you need to perform the following two actions: D. Add a connection to GW1: You need to add a point-to-site connection to GW1. This will allow the on-premises computer to connect to VNet1 via GW1. C. Create a route-based virtual network gateway: You need to create a route-based virtual network gateway to ensure that the point-to-site connection can be established from the on-premises computer to VNet1. Therefore, the correct answers are D and C. The other options are not required for setting up a point-to-site connection from an on-premises computer to VNet1. A. Adding a service endpoint to VNet1 is used for enabling the traffic from the subnet to use the service provided by Azure services privately. B. Resetting GW1 is not required for this task. E. Deleting GW1 would remove the virtual network gateway, which is not required. F. Adding a public IP address space to VNet1 would not be required for a point-to-site connection."

CE --VPN types-- When you create the virtual network gateway for a VPN gateway configuration, you must specify a VPN type. The VPN type that you choose depends on the connection topology that you want to create. For example, a P2S connection requires a RouteBased VPN type.

"you would use VPN type RouteBased because P2S requires a RouteBased VPN type." https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#vpntype

E then C. point to site is only supported by route-based vpn gateway.

or establishing point-to- site connectivity, you need a route-based VPN type

Correct Answer: C and E

came in today's exam 25/6/2022

Yep Delete Existing GW and create New route-based GW When you create the virtual network gateway for a VPN gateway configuration, you must specify a VPN type. The VPN type that you choose depends on the connection topology that you want to create. For example, a P2S connection requires a RouteBased VPN type. A VPN type can also depend on the hardware that you're using. S2S configurations require a VPN device. Some VPN devices only support a certain VPN type PolicyBased VPNs can only be used on the Basic gateway SKU. This VPN type is not compatible with other gateway SKUs.

C and E is correct