ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 5 question 16 discussion

Actual exam question from Microsoft's AZ-303
Question #: 16
Topic #: 5
[All AZ-303 Questions]

An app uses a virtual network with two subnets. One subnet is used for the application server. The other subnet is used for a database server. A network virtual appliance (NVA) is used as a firewall.
Traffic destined for one specific address prefix is routed to the NVA and then to an on-premises database server that stores sensitive data. A Border Gateway
Protocol (BGP) route is used for the traffic to the on-premises database server.
You need to recommend a method for creating the user-defined route.
Which two options should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. For the virtual network configuration, use a VPN.
  • B. For the next hop type, use a virtual network peering.
  • C. For the virtual network configuration, use Azure ExpressRoute.
  • D. For the next hop type, use a virtual network gateway.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
You can create custom, or user-defined, routes in Azure to override Azure's default system routes, or to add additional routes to a subnet's route table. You can specify the following next hop types when creating a user-defined route:
✑ Virtual appliance: A virtual appliance is a virtual machine that typically runs a network application, such as a firewall.
✑ Virtual network gateway: Specify when you want traffic destined for specific address prefixes routed to a virtual network gateway. The virtual network gateway must be created with type VPN. You cannot specify a virtual network gateway created as type ExpressRoute in a user-defined route because with
ExpressRoute, you must use BGP for custom routes.
✑ None: Specify when you want to drop traffic to an address prefix, rather than forwarding the traffic to a destination.
✑ Virtual network: Specify when you want to override the default routing within a virtual network.
✑ Internet: Specify when you want to explicitly route traffic destined to an address prefix to the Internet, or if you want traffic destined for Azure services with public IP addresses kept within the Azure backbone network.
Incorrect Answers:
B: You cannot specify VNet peering or VirtualNetworkServiceEndpoint as the next hop type in user-defined routes. Routes with the VNet peering or VirtualNetworkServiceEndpoint next hop types are only created by Azure, when you configure a virtual network peering, or a service endpoint.
C: You cannot specify a virtual network gateway created as type ExpressRoute in a user-defined route because with ExpressRoute, you must use BGP for custom routes.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
by Stevezzc at Jan. 5, 2021, 2:08 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Stevezzc
Highly Voted 4 years, 5 months ago
Correct answer.
upvoted 27 times
acasella
4 years, 1 month ago
Yes, but the reason is here: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview#optional-default-routes When you add a vpn gateway, a default route is added automatically and it uses BGP to propagate on-prem addresses. Correct answer is A,D.
upvoted 3 times
...
...
AmitRoy
Highly Voted 4 years, 5 months ago
When you configure a virtual network gateway, you configure a setting that specifies the gateway type. The gateway type determines how the virtual network gateway will be used and the actions that the gateway takes. The gateway type 'Vpn' specifies that the type of virtual network gateway created is a 'VPN gateway'. This distinguishes it from an ExpressRoute gateway, which uses a different gateway type. Option D does not specify what to use exactly. And it's mentioned as "Each correct answer presents a complete solution". I think A and C make much more sense. A specifies to use VPN GW and C - ExpressRoute. Any other thoughts?
upvoted 24 times
pullarao
4 years, 5 months ago
I am also thinking the same
upvoted 1 times
...
rdemontis
3 years, 11 months ago
Looking at the following document I think you are right: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
upvoted 1 times
...
levo017
4 years, 4 months ago
The problem with ExpressRoute is that it doesn't use Border Gateway Protocol (BGP), so it has to be VPN.
upvoted 2 times
Toshaas
4 years, 4 months ago
ExpressRoute does use BPG as far as I know: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-routing#bgp
upvoted 7 times
...
...
Babagaga
4 years, 4 months ago
"Each correct answer presents a complete solution" makes A & C the correct, as both support BGP
upvoted 12 times
pentium75
3 years, 11 months ago
"You cannot specify a virtual network gateway created as type ExpressRoute in a user-defined route" https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
upvoted 5 times
...
...
Load full discussion...
...
nd78
Most Recent 3 years, 5 months ago
on Exam today 21st Jan, 2022
upvoted 1 times
...
Inland
3 years, 5 months ago
Given answer is correct. https://azure.microsoft.com/en-us/blog/vnet-peering-and-vpn-gateways/
upvoted 1 times
...
Dpejic
3 years, 7 months ago
On exam today 22/11/21 Score 839
upvoted 2 times
...
tteesstt
3 years, 9 months ago
B is 100% out. If you want to use User-Defined Routes (which the question is asking us to use), you cannot specify ExpressRoute as the next hop type. That leaves us with A & D.
upvoted 1 times
...
syu31svc
3 years, 9 months ago
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview#border-gateway-protocol ExpressRoute: You must use BGP to advertise on-premises routes to the Microsoft Edge router. You cannot create user-defined routes to force traffic to the ExpressRoute virtual network gateway if you deploy a virtual network gateway deployed as type: ExpressRoute. You can use user-defined routes for forcing traffic from the Express Route to, for example, a Network Virtual Appliance. VPN: You can, optionally use BGP. A and C are correct options
upvoted 3 times
...
leo_az300
3 years, 10 months ago
C definitely is incorrect. Question is asking to create a custom user-defined router. As on-prem is using BGP, which means ExpressRouter is not an valid option. Both VPN and ExpressRouter are compatible with BGP. BUT, ExpressRouter has to use BGP NOT custom router on Azure site. You must use BGP to advertise on-premises routes to the Microsoft Edge router. You cannot create user-defined routes to force traffic to the ExpressRoute virtual network gateway if you deploy a virtual network gateway deployed as type: ExpressRoute.
upvoted 1 times
...
Red8aron
3 years, 10 months ago
If Border Gateway Protocol (BGP) route is used for the traffic to the on-premises its not supported by VPN connection you must use Express Route and virtual network gateway
upvoted 1 times
...
pj2001
3 years, 11 months ago
I would choose C and D. Next hop should be VNG and Use type ExpressRoute. The problem statement mentions BGP as well as NVA. you cannot create user-defined routes to force traffic to the ExpressRoute virtual network gateway if you deploy a virtual network gateway deployed as type: ExpressRoute. But you can use user-defined routes for forcing traffic from the Express Route to, for example, a Network Virtual Appliance. Ref - https://docs.microsoft.com/en-us/answers/questions/121629/udr-challange-in-expressroute-and-virtual-applianc.html
upvoted 2 times
tita_tovenaar
3 years, 11 months ago
i guess, technically, you're right. It is just 'against Microsoft' to choose Expressroute in a user-defined routing question. I would stick to A and D.
upvoted 1 times
...
...
hw121693
3 years, 11 months ago
User defined route from where to where?
upvoted 1 times
...
GreigFury
4 years, 1 month ago
The answer is Correct. Both VPN and ExpressRoute support BGP. Whilst ExpressRoute is the preferred approach, the answer is VPN because you cannot force traffic to Express via UDR. So the creation of the UDR would be for VPN.
upvoted 5 times
...
Alasmindas
4 years, 2 months ago
Given answer is correct - A and D. There are two types of routing we could use - when connecting between cloud to onprem. a) Static route and b) Dynamic route. Dynamic route always uses BGP protocol and Dynamic route could be established either through Express route or VPN (Site to Site to VPN). So A and D makes more sense
upvoted 2 times
...
Topgun17
4 years, 2 months ago
Ignore past comment: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-bgp-resource-manager-ps?toc=/azure/virtual-network/toc.json#enablebgp - Azure VPNGW supports BGP
upvoted 1 times
...
Topgun17
4 years, 2 months ago
A & C are correct - https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-linkvnet-arm ; ExpressRoute as VPN type needs BGP
upvoted 3 times
pentium75
3 years, 11 months ago
But "You cannot specify a virtual network gateway created as type ExpressRoute in a user-defined route", thus can't be C. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
upvoted 2 times
...
...
IDking
4 years, 2 months ago
"Which two options should you recommend?" This question is aiming at two options. That's why it results in A) VPN or C) Express Route as a standalone solution.
upvoted 2 times
...
paulxyz90
4 years, 3 months ago
AD makes sense to e. It says that a Border Gateway Protocol (BGP) route is used for the traffic to the on-premises database server (so that is how it is right now). You need to recommend a method for creating the user-defined route (that is how they want it to be) Your recommendation would have to be VPN w/ VNG as next hop because you can only use UDR with the VPN type. We can't recommend Express Route because while it will work with BGP as it does now - we won't be able use UDR.
upvoted 3 times
AK2020
4 years, 3 months ago
Make sense
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel