ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 5 question 74 discussion

Actual exam question from Microsoft's AZ-303
Question #: 74
Topic #: 5
[All AZ-303 Questions]

HOTSPOT -
You have an on-premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
You need to create a site-to-site VPN. The solution must ensure that if a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: 4 -
Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET.
The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below.


Box 2: 2 -
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections.

Box 3: 2 -
Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
by snobrega at Jan. 3, 2021, 2:18 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Aghora
Highly Voted 4 years, 6 months ago
"What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required IN AZURE?" 2 IPS in Azure and 2 on prem - so only 2 In azure 2 Gateways in azure 2 local in azure
upvoted 47 times
...
snobrega
Highly Voted 4 years, 7 months ago
1 - 1 - 2 ?? https://www.examtopics.com/exams/microsoft/az-300/view/15/
upvoted 45 times
heamgu
4 years, 3 months ago
Answer is 4 - 2 - 2 Please read this: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#:~:text=Dual-redundancy,the%20above
upvoted 7 times
medi01
3 years, 11 months ago
You need to create multiple S2S VPN connections from your VPN devices to Azure. When you connect multiple VPN devices from the same on-premises network to Azure, you need to create one local network gateway for each VPN device, and one connection from your Azure VPN gateway to each local network gateway. The local network gateways corresponding to your VPN devices must have unique public IP addresses in the "GatewayIpAddress" property.
upvoted 1 times
...
...
[Removed]
3 years, 8 months ago
You're correct: 1 - 1 - 2 IS THE ANSWER
upvoted 2 times
...
...
Itboss
Most Recent 3 years, 6 months ago
1 - 1 - 2 firstly the question is about how many in Azure , ignore all on-prem counts 1 VNET , you can only have 1 VPN Gateway in a VNET, which will be on active/standby , sharing 1 public IP between the active/standby gateway 2 Local Network gateways in azure to represent the 2 VPN devices on-prem
upvoted 1 times
...
ArunTG
3 years, 6 months ago
2:2:2 - clearly asked ON AZURE end only not for the entire solution. In this configuration, each Azure gateway instance will have a unique public IP address, and each will establish an IPsec/IKE S2S VPN tunnel to your on-premises VPN device specified in your local network gateway and connection. Note that both VPN tunnels are actually part of the same connection. You will still need to configure your on-premises VPN device to accept or establish two S2S VPN tunnels to those two Azure VPN gateway public IP addresses.
upvoted 1 times
...
rabindra_barik
3 years, 7 months ago
Even though 4, 2, 2 is correct, when Azure VNET connected S-2-S , another VNET is on standby . hence, minimum; can be 3,1,2
upvoted 1 times
...
DerekKey
3 years, 9 months ago
2 IP - when you configure VNG you must provide 2 addresses 1 VNG - Active-Active 2 LNG - "The data center contains two VPN devices"
upvoted 7 times
...
euve
3 years, 9 months ago
2-1-2 is the right answer: - 2 Public IP Addresses required for a VPN gateway active-active (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell#1-create-the-public-ip-addresses-and-gateway-ip-configurations) - 1 Virtual Network Gateway in active-active mode ( https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell#1-create-the-public-ip-addresses-and-gateway-ip-configurations) - 2 Local Network Gateways (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell#1-create-the-public-ip-addresses-and-gateway-ip-configurations)
upvoted 10 times
euve
3 years, 9 months ago
sorry, I fix the links: - 2 Public IP Addresses (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell#1-create-the-public-ip-addresses-and-gateway-ip-configurations) - 1 Virtual Network Gateway in active-active, with two configurations created on previous step (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell#2-create-the-vpn-gateway-with-active-active-configuration) - 2 Local Network Gateways (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell#1-create-the-second-local-network-gateway-for-site5)
upvoted 3 times
...
...
chupacabra
3 years, 9 months ago
The answer should be 2/2/4. If you do active/active, you'll need 4 LNGs since it's a mesh network. 2 LNG per VNG since 2 VPN devices on prem. Since the wording change for VNGs to now be about 1 to 3 minutes it's safe to assume that you'll need to go with active/active to accomplish the 2-minute requirement and that will result with: 2 PIPs in Azure for the 2 VNGs. 2 VNGs 4 LNGs.
upvoted 1 times
...
student22
3 years, 9 months ago
2-1-2 ---
upvoted 3 times
...
Madball
3 years, 11 months ago
I think the answer is 2-1-2 If you read this guide. https://docs.microsoft.com/en-us/azure/vpn-gateway/active-active-portal You create a single virtual network gateway, with 2 public IP addresses and 2 local network gateway.
upvoted 6 times
...
tteesstt
3 years, 11 months ago
Active-Standby. For unplanned issues, the connection recovery will be longer, about 1 to 3 minutes in the worst case. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#about-vpn-gateway-redundancy Active-Standby can cause interruption up to 3 minutes, so we need Active-Active. 2 IPs - 1 for each instance of VPN instance. 1 VPN GW - VPN GW Active-Active mode creates two instances. (though you only see 1 VPN GW in Azure) 2 Local GWs - 1 for each on-prem VPN device
upvoted 4 times
...
mooni
4 years ago
Answer should be 2-1-2 as you need to create only one VPN GW in azure the other will be created automatically does not matter if you select active-active mode is enabled or disabled.
upvoted 4 times
...
anupam77
4 years, 1 month ago
I must say - Correct Answer given. PIP = 2 PIP for Local Network Gateway + 2 PIP for VN Gateway Instances = 4 //The local network gateways corresponding to your VPN devices must have unique public IP addresses in the "GatewayIpAddress" property. VNG = 2 (Active-Active) LNG = 2 Reason - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#dual-redundancy-active-active-vpn-gateways-for-both-azure-and-on-premises-networks Reason for VNG = 2:- "For planned maintenance, the connectivity should be restored within 10 to 15 seconds. For unplanned issues, the connection recovery will be longer, about 1 to 3 minutes in the worst case" As per question, it should be less than 2 minutes. Hence need VNG : Active-Active Reason for PIP = 4:- "The local network gateways corresponding to your VPN devices must have unique public IP addresses in the "GatewayIpAddress" property"
upvoted 2 times
tita_tovenaar
4 years ago
you misread the documentation for the last part. At the on-prem side you need unique IPs for your local gateways. If you look at the text under Active-Active, it is clear that there are only 2 PIP addresses needed at Azure side -one for each VPN gateway. So final answer is 2-2-2
upvoted 4 times
chupacabra
3 years, 9 months ago
If you do active/active, you'll need 4 LNGs since it's a mesh network. 2 LNG per VNG since 2 VPN devices on prem. Since the wording change for VNGs to now be about 1 to 3 minutes it's safe to assume that you'll need to go with active/active to accomplish the 2-minute requirement and that will result with: 2 PIPs in Azure for the 2 VNGs. 2 VNGs 4 LNGs.
upvoted 1 times
...
...
...
SteveChai
4 years, 1 month ago
same question in AZ-104, keyword: required in Azure only. So, the correct answer should be 2 public IP addresses 1 virtual network gateways 1 local network gateways If the question mention about Azure on onPremise. then, it will be 4,2,2
upvoted 5 times
...
PengPai6
4 years, 2 months ago
I think the ans should be:1-1-2
upvoted 1 times
...
Jasper666
4 years, 3 months ago
Think it's 4-2-2 because a local gateway network and public ip's of the on-premise endpoints must be supplied in the vpn config in Azure.
upvoted 1 times
...
Beitran
4 years, 3 months ago
"For unplanned issues, the connection recovery will be longer, about 1 to 3 minutes in the worst case." So active/active is required -> 2-2-2
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel