ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-300 All Questions

View all questions & answers for the AZ-300 exam
Go to Exam

Exam AZ-300 topic 1 question 66 discussion

Actual exam question from Microsoft's AZ-300
Question #: 66
Topic #: 1
[All AZ-300 Questions]

SIMULATION -
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.






When you are finished performing all the tasks, click the "˜Next' button.
Note that you cannot return to the lab once you click the "˜Next' button. Scoring occur in the background while you complete the rest of the exam.

Overview -
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

To start the lab -
You may start the lab by clicking the Next button.
You plan to connect a virtual network named VNET1017 to your on-premises network by using both an Azure ExpressRoute and a site-to-site VPN connection.
You need to prepare the Azure environment for the planned deployment. The solutions must maximize the IP address space available to Azure virtual machines.
What should you do from the Azure portal before you create the ExpressRoute and the VPN gateway?

Show Suggested Answer Hide Answer
Suggested Answer: See explanation below.
We need to create a Gateway subnet
Step 1:
Go to More Services > Virtual Networks
Step 2:
Then click on the VNET1017, and click on subnets. Then click on gateway subnet.
Step 3:
In the next window define the subnet for the gateway and click OK

It is recommended to use /28 or /27 for gateway subnet.
As we want to maximize the IP address space we should use /27.
References:
https://blogs.technet.microsoft.com/canitpro/2017/06/28/step-by-step-configuring-a-site-to-site-vpn-gateway-between-azure-and-on-premise/
by bizie at Sept. 23, 2019, 12:26 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Oz
Highly Voted 5 years, 7 months ago
MS recommends /27 or /28 for the Gateway subnet. Reference: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-add-gateway-portal-resource-manager The solution needs to maximize addresses available to VMs, then it should be /28 for Gateway subnet, i.e. less space for gateways more for VMs.
upvoted 21 times
...
Jake__
Highly Voted 5 years, 7 months ago
I think you read the referenced wrong or it changed. MS states to use /27 or larger (Meaning more IP, and lower cider notation ex: /24 is larger than /27) Reference: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-add-gateway-portal-resource-manager "We recommend creating a gateway subnet with a /27 or larger (/26, /25, etc.). Then, click OK to save the values and create the gateway subnet."
upvoted 15 times
FailureIsnotAnOption
5 years, 4 months ago
THIS IS CORRECT. SEE URL
upvoted 5 times
...
praveen97
4 years, 11 months ago
Agree with Jake.
upvoted 2 times
...
macco455
4 years, 10 months ago
Is this Jake from state farm!!!
upvoted 2 times
...
...
ergauravtaneja
Most Recent 4 years, 8 months ago
/28 can be used as well https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
upvoted 1 times
...
KCjoe
4 years, 10 months ago
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq "So, while you can create a gateway subnet as small as /29, we recommend that you create a gateway subnet of /27 or larger (/27, /26, /25 etc.). " Recommended smallest range should be /27
upvoted 2 times
...
Gjferweb
5 years, 1 month ago
the question is some what vague, if you need to maximize vms address space should be /29, if gtw address space /27. Azure reserve 5 ips so /29 you get 3 devices, /28 11 and /27 27 devices. /29 is not recommended but tue question do´nt ask for recomendation, it state maximize so /29 could be an answer. :-(
upvoted 1 times
jcmoranp
5 years ago
3 IPs is not enough, you need 4, 2 for VPN GW and 2 for ER GW.
upvoted 1 times
...
...
milind8451
5 years, 1 month ago
MS recommends /27 or larger though /28 and /29 are also possible but not recommended so will use /27 here.
upvoted 1 times
...
TYT
5 years, 1 month ago
Create a gateway subnet of /27 or larger (preferred) to work for both.
upvoted 1 times
...
joilec435
5 years, 1 month ago
Specify a subnet address range in CIDR notation which falls within the virtual network’s address space: 10.3.0.0/16. If the gateway is an ExpressRoute type and you plan on creating a VPN gateway to coexist with it, the prefix of the CIDR notation must be 27 or smaller.
upvoted 1 times
...
htchen829
5 years, 2 months ago
I believe /27 is correct, as mentioned in Question, you need to have ExpressRoute and VPN gateway. --------------------------------------------------------------------------------------- When you are planning your gateway subnet size, refer to the documentation for the configuration that you are planning to create. For example, the ExpressRoute/VPN Gateway coexist configuration requires a larger gateway subnet than most other configurations. Additionally, you may want to make sure your gateway subnet contains enough IP addresses to accommodate possible future additional configurations. While you can create a gateway subnet as small as /29, we recommend that you create a gateway subnet of /27 or larger (/27, /26 etc.) if you have the available address space to do so. This will accommodate most configurations.
upvoted 3 times
...
Liohei
5 years, 2 months ago
The smallest gateway subnet which can contain BOTH ExpressRoute gateway and VPN gateway is /27. Only VPN gateway - /29 (not recommended though) Only ExpressRoute gateway - /28 Both - /27
upvoted 7 times
...
Daren
5 years, 3 months ago
Agree with /27. Normally we should use /27 or /28 for the GateWay Subnet. But since coexistence is planned => MS recommends us to use /27 or a lower prefix such as /26, /25. Considering that we should maximize the IPs available, we will use /27.
upvoted 2 times
...
Happiman
5 years, 3 months ago
To maximize subnet space, it should be /29. "While you can create a gateway subnet as small as /29, we recommend that you create a gateway subnet of /27 or larger (/27, /26 etc.) if you have the available address space to do so. This will accommodate most configurations." https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways
upvoted 1 times
starnb
5 years, 3 months ago
I would say /27 would be more appropriate answer as this is VPN and Express Route configuration that requires larger address space than most. So /29 would be the least /27 would the the best given ExpressRoute is in configuration and you want to maximise VM address space in that scenario.
upvoted 3 times
...
...
DanielRO
5 years, 3 months ago
/28 to maximize the ip address range for vms.
upvoted 1 times
Russel
5 years, 3 months ago
It should be /27. The gateway subnet must be /27 or a shorter prefix, (such as /26, /25), or you will receive an error message when you add the ExpressRoute virtual network gateway.
upvoted 8 times
...
...
Jt909
5 years, 3 months ago
/27 If coexsitng gateways are planned. Source: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager
upvoted 6 times
...
kavvaru
5 years, 5 months ago
The goal is to maximize address space for the VM's ie, minimize the address space for the gateway subnet as VM's cannot exist in the gateway subnet. If recommended is to use /27 or /28 for the gateway subnet, taking into account to minimize the address range for gateway subnet, you should use /28 as it is even smaller range than /27 enabling more addresses for the VM if needs be in the other subnets.
upvoted 9 times
bolbol
5 years, 5 months ago
Agreed, MS says that it's recommended to create the GW Subnet in /27 or /28. so /28 will maximize the number of IP for VMs: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal#VNetGateway
upvoted 7 times
...
...
Ekramy_Elnaggar
5 years, 6 months ago
Create Gateway Subnet "GatewaySubnet" with CIDR /27
upvoted 9 times
...
SomeITGuy
5 years, 6 months ago
/27 According to step 3 in the page below: "Important!: The Gateway Subnet must be /27 or a shorter prefix (such as /26 or /25)." https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager#new
upvoted 5 times
Musk
5 years, 6 months ago
I'll go with /27 based on this article
upvoted 4 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel