ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 5 question 16 discussion

Actual exam question from Microsoft's AZ-304
Question #: 16
Topic #: 5
[All AZ-304 Questions]

DRAG DROP -
You are designing a network connectivity strategy for a new Azure subscription. You identify the following requirements:
✑ The Azure virtual machines on a subnet named Subnet1 must be accessible only from the computers in your London office.
Engineers require access to the Azure virtual machines on a subnet named Subnet2 over the Internet on a specific TCP/IP management port.

✑ The Azure virtual machines in the West Europe Azure region must be able to communicate on all ports to the Azure virtual machines in the North Europe Azure region.
✑ Azure virtual machines on Subnet1 and Subnet2 have public IP addresses.
You need to recommend which components must be used to meet the requirements. The solution must minimize costs and administrative effort whenever possible.
What should you include in the recommendation? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
by AustinY at March 17, 2021, 9:44 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Jindrich
Highly Voted 4 years, 2 months ago
Question 1: NSG. Because as stated in the description, all VMs already have Public IPs so VPN would be useless. What do you think?
upvoted 47 times
prashantjoge
4 years, 2 months ago
Sorry. I take back... it says it should be accessible only from the london office. So the answer seems correct
upvoted 9 times
BigDaddyAus
4 years, 1 month ago
If the London office has a static public IP then NSG would do the trick, however given that this is not stated the Microsoft answer is most likely VPN
upvoted 9 times
4tune
4 years, 1 month ago
the recommendation but minimize cost. Expressroute is more expensive so we go with site to site vpn
upvoted 1 times
...
BoxGhost
3 years, 9 months ago
Also in the second box it specifically says "over the internet", which is not stated in box 1. So I would agree with the given answers.
upvoted 2 times
...
Load full discussion...
...
...
prashantjoge
4 years, 2 months ago
Now that you mentioned it NSG makes sense. cheaper & lesser administrative effort
upvoted 6 times
...
crazyaboutazure
3 years, 11 months ago
yep correct
upvoted 2 times
...
...
demonite
Highly Voted 4 years, 1 month ago
Answers are correct
upvoted 25 times
...
sapien45
Most Recent 3 years ago
NSG, NSG and VNet Peer
upvoted 3 times
...
Azure_daemon
3 years ago
given answers are correct
upvoted 1 times
...
cloudera
3 years, 2 months ago
I would pick NSG, NSG and Networking Peering. I see no reason why VPN for #1. Too complex and doesn't serve extra purpose looking at the question.
upvoted 2 times
...
cfsxtuv33
3 years, 4 months ago
Wow, so far, I see 3 questions on the az-500 that I had on the az-304, including this one.
upvoted 2 times
...
ishin999
3 years, 5 months ago
Box 1: NSG ....S2S is far more complex admin wise.... depends of course in the London office having Internet access!!
upvoted 2 times
...
Azurefox79
3 years, 6 months ago
a S2S VPN would not work for first answer as that would not prevent them from being access via internet. You need an NSG for that NSG, NSG and VNet Peer
upvoted 4 times
...
chrisloup
3 years, 8 months ago
First answer should be NSG. all vms already have public ip. without NSG or firewall, anyone already have access to it globally. so a nsg to restrict ingress to the london office is all that is cost effective and needed.
upvoted 1 times
...
syu31svc
3 years, 8 months ago
Given answer is correct A site-to-site VPN connection can be used to connect on-premise infrastructure onto Azure "specific TCP/IP management port" so this would mean NSG for sure "West Europe Azure region must be able to communicate on all ports in the North Europe Azure region" -> VNet Peering fits the bill
upvoted 4 times
...
lawry
3 years, 8 months ago
The answer is correct. For 1, it is a classic scenario for on-premises computers accessing the Azure services. For 2, since it is TCP/IP, we need Layer4, so NSG is one of the means For 3, Azure to Azure, Vnet peering is enough.
upvoted 5 times
...
nkv
3 years, 8 months ago
came in exam on 20-sep-21, I passed, I choose given one
upvoted 5 times
...
Ykh
3 years, 9 months ago
Site to Site VPN is correct for first box but why not express route? Any comments?
upvoted 1 times
JoelQ
3 years, 8 months ago
ER is more expensive
upvoted 1 times
...
...
murongqing
3 years, 9 months ago
Box1 - NSG. vms have public ips so they possibly accessed by anyone else. the least cost and admin effort is NSG
upvoted 2 times
...
Ykh
3 years, 10 months ago
Justification given by cfsxtuv33 for first box- site to site VPN, seems most appropriate to me.
upvoted 1 times
...
cfsxtuv33
3 years, 10 months ago
Box 1: Site to Site...NSG is for VNet to VNet communication and site to site VPN would be for the London office to communicate to an Azure Vnet. Box 2: NSG Box3: Peering
upvoted 3 times
...
[Removed]
3 years, 10 months ago
Correct Answer is NSG-NSG-Peering.
upvoted 5 times
subbu3071988
3 years, 8 months ago
Correct Answer is S2S-NSG-Peering. Dynamic Public IP addresses can be assigned in VPN
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel