ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-301 All Questions

View all questions & answers for the AZ-301 exam
Go to Exam

Exam AZ-301 topic 17 question 23 discussion

Actual exam question from Microsoft's AZ-301
Question #: 23
Topic #: 17
[All AZ-301 Questions]

HOTSPOT -
You have the network topology shown in the following exhibit.

You have a user-defined route that has a default route of 0.0.0.0/0 and the next hop set to the network virtual appliance.
You configure the Azure Storage account to use virtual network service endpoints.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
by chan76 at Aug. 1, 2019, 6:47 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PDR
Highly Voted 5 years, 5 months ago
1 -It is not stated that there is a service endpoint configured for key management service so default rule will be followed , which goes to the NVA so the answer is YES 2-It is stated that there is a service endpoint for the storage account so traffic will go to that not via the internet. Answer NO 3- This part is not too clear at first as the diagram doesn't really show boundaries so it is hard to know where the SQL database sits exactly but we know there is no service endpoint, so traffic will follow the default route. The default route is to the NVA which seems to connect to expressroute connection and not the internet - it seems like there is no internet gateway at all. So answer NO YES, NO, NO
upvoted 47 times
SilentH
5 years, 2 months ago
For #3 - very good point on the ExpressRoute. That right there is why VM1 won't have to go out to the Internet to access Azure SQL DB.
upvoted 1 times
...
maheshwary
4 years, 10 months ago
From Azure documentation: ----------------------------------------------------------------------------------------------------------------- Routes traffic specified by the address prefix to the Internet. The system default route specifies the 0.0.0.0/0 address prefix. If you don't override Azure's default routes, Azure routes traffic for any address not specified by an address range within a virtual network, to the Internet, with one exception. If the destination address is for one of Azure's services, Azure routes the traffic directly to the service over Azure's backbone network, rather than routing the traffic to the Internet. Traffic between Azure services does not traverse the Internet, regardless of which Azure region the virtual network exists in, or which Azure region an instance of the Azure service is deployed in. ---------------------------------------------------------------------------------------------------------------
upvoted 2 times
jivom
4 years, 10 months ago
So turning around this explanation, that also means that the moment you identify an UDR it will take precedence over both default routes that match that route, but also Azure's default of sending its service traffic over the backbone. A 0.0.0.0/0 route being present when you send traffic to an Azure IP means traffic will simply follow the destination of your route instead of going onto the backbone. YES NO NO is the correct assumption.
upvoted 1 times
...
...
...
sparkf1
Highly Voted 5 years, 8 months ago
Isn't it yes, no, yes? There is only one service endpoint on Storage Service which effected Azure File Share Service.
upvoted 13 times
...
David_986969
Most Recent 4 years, 8 months ago
Express route never goes through internet
upvoted 1 times
...
cloudycloud
4 years, 9 months ago
there is no KMS. there s a keyvault, with private endpoint capabilities and DNS integration. question outdated!
upvoted 1 times
...
[Removed]
4 years, 10 months ago
From VM1, traffic to Azure Key Management will be routed to the NVA: > Yes, because from the diagram we don't see a service endpoint being enabled for that service and the default system route got overriden. Therefor traffic to Azure Key Management will flow through the NVA. From VM1, traffic to the Azure File Share will be routed to the internet: > No, because we have an existing service endpoint which leads to additional routes with a Next Hop Type of "VirtualNetworkServiceEndpoint". From VM1, traffic to the Azure SQL DB will be routed to the internet: > No, because if the destination address is for one of Azure's services, Azure routes the traffic directly to the service over Azure's backbone network, rather than routing the traffic to the Internet https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
upvoted 4 times
...
Agan
5 years ago
repeated https://www.examtopics.com/exams/microsoft/az-301/view/106/
upvoted 2 times
...
6ppongi
5 years, 8 months ago
no,no,yes right? That's because It is described that Storage Service only have Service endpoint on Vnet.
upvoted 4 times
AzureGC
5 years, 6 months ago
No, No, Yes; Based on reading the content in the URL below, 0.0.0.0/0 sets up a default route to the internet. However, an Azure Service or Service Endpoint, overrides the default internet route, therefore Key Management Service and File Service endpoint stays w/in Azure and the SQL database is routed to the internet: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
upvoted 1 times
AzureGC
5 years, 6 months ago
Retracting my former answer....I think it is Yes, No, No, based on the orientation of the SQL service and service endpoint; The book answer, so to speak!
upvoted 10 times
...
...
...
chan76
5 years, 10 months ago
what i mean is no, yes, yes
upvoted 1 times
...
chan76
5 years, 10 months ago
why it is not no, no, yes
upvoted 1 times
tartar
4 years, 9 months ago
Yes No No
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel