ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-300 All Questions

View all questions & answers for the AZ-300 exam
Go to Exam

Exam AZ-300 topic 1 question 61 discussion

Actual exam question from Microsoft's AZ-300
Question #: 61
Topic #: 1
[All AZ-300 Questions]

SIMULATION -
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.






When you are finished performing all the tasks, click the "˜Next' button.
Note that you cannot return to the lab once you click the "˜Next' button. Scoring occur in the background while you complete the rest of the exam.

Overview -
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

To start the lab -
You may start the lab by clicking the Next button.
You plan to create 100 Azure virtual machines on each of the following three virtual networks:
- VNET1005a
- VNET1005b
- VNET1005c
All the network traffic between the three virtual networks will be routed through VNET1005a.
You need to create the virtual networks, and then to ensure that all the Azure virtual machines can connect to other virtual machines by using their private IP address. The solutions must NOT require any virtual gateways and must minimize the number of peerings.
What should you do from the Azure portal before you configuring IP routing?

Show Suggested Answer Hide Answer
Suggested Answer: See solution below.
Step 1: Click Create a resource in the portal.
Step 2: Enter Virtual network in the Search the Marketplace box at the top of the New pane that appears. Click Virtual network when it appears in the search results.
Step 3: Select Classic in the Select a deployment model box in the Virtual Network pane that appears, then click Create.
Step 4: Enter the following values on the Create virtual network (classic) pane and then click Create:

Name: VNET1005a -

Address space: 10.0.0.0/16 -

Subnet name: subnet0 -

Resource group: Create new -
Subnet address range: 10.0.0.0/24
Subscription and location: Select your subscription and location.
Step 5: Repeat steps 3-5 for VNET1005b (10.1.0.0/16, 10.1.0.0/24), and for VNET1005c 10.2.0.0/16, 10.2.0.0/24).
References:
https://docs.microsoft.com/en-us/azure/virtual-network/create-virtual-network-classic
by NS at Sept. 23, 2019, 2:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ekramy_Elnaggar
Highly Voted 5 years, 6 months ago
The question said: "before you configuring IP routing" , so it should be as follows: 1- Create the 3 VNETs ( if not done already ) 2- Create VNet Peering between VNET1005a & VNET1005b ( 2-way ) 3- on VNET1005b Peering, enable "Allow forwarded traffic from VNET1005a toVNET1005b" 4- Create VNet Peering between VNET1005a & VNET1005c ( 2-way ) 5- on VNET1005c Peering, enable "Allow forwarded traffic from VNET1005a to VNET1005c"
upvoted 110 times
dfrye
5 years, 4 months ago
Peerings are NOT transitive, so I believe we need to create peerings between all vnets. "solution must minimize the number of peerings" is here just to trick the student I think
upvoted 6 times
GreyHawken
5 years, 4 months ago
Don't think it matters they are not transitive. "All the network traffic between the three virtual networks will be routed through VNET1005a." C and B should never need to talk to each other aka no need for peerings between them.
upvoted 8 times
Strifelife
5 years, 4 months ago
You need to create the virtual networks, and then to ensure that all the Azure virtual machines can connect to other virtual machines by using their private IP address.
upvoted 1 times
...
...
keithtemplin
5 years, 1 month ago
I thought that too however it states all traffic must go through VNET1005a
upvoted 1 times
...
...
Andy001
5 years, 4 months ago
Thank you Ekramy_Elnaggar! This is the correct answer. According to the requirements, we should create a classic HUB-and-SPOKE topology with NVA as a router. Since the question is "What should you do before you configuring IP routing", then all we need is just to create 3 VNets, configure peering B <-> A <-> C, and allow forwarded traffic on peerings A->B and A->C
upvoted 11 times
jonnybugaloo
5 years ago
Correct. IP routing directing traffic from B to C will be possible when we create some NVA, which is not a step for this question.
upvoted 1 times
...
...
jmprbridge
4 years, 11 months ago
Related to this question, it should be enough, but after that, you should - Enable IP Forwarding on vNic that belongs to VM that will be at VNET1005a, to act as a router. - Create a route table with UDR for spoke vnets. - Create a Firewall Rule that allows icmpv4 on all VMs.
upvoted 2 times
...
praveen97
4 years, 11 months ago
Agree with Ekramy_Elnaggar.
upvoted 1 times
...
...
Benkyoujin
Highly Voted 5 years, 6 months ago
Peer with the hub and allow forwarded traffic and add UDRs. No gateway settings as the question explicitly says no VPN. Right?
upvoted 6 times
...
Himanshu27
Most Recent 4 years, 9 months ago
Guys, I have been able to prove this in lab this is possible. 1. 2 way peering between a-c and a-b with fwd enabled on both sides. 2. VMA working as NVA with IP FWD in enabled both in azure and at OS. 3. Route table with two routes with below details. a. Address Prefix Adress space of VNETC(traffic B 2 C) Next hop virtual appliance next hop address ip of NVA VM in VNETA b. same as (a) for traffic from C to B 4. on Subnets in B and C choose this route table. That is it, it works. Let me know if you find issues.
upvoted 1 times
...
samhouston
4 years, 9 months ago
vnet peering is non transitive unless you install a FW in a hub or any VA which can route the traffic. This is known feature/limitation of the vnet peering.
upvoted 1 times
...
Bart78
4 years, 9 months ago
create 3 VNETS but create the peering from C & B to A with Allow forwarded traffic from enabled on both peerings This will make sure traffic forwarded into the A subnet will be forwarded to C or B . Creating the peering from the A subnet won't allow you to create that forwarding because the peering is created from the wrong direction.
upvoted 1 times
...
nabylion
4 years, 10 months ago
The gateway transit setting requires there to be a gateway in one virtual network in the peering... so use peering, and don't consider transit as question asks to not create gateway...
upvoted 1 times
...
trazanet
4 years, 10 months ago
I believe 2 peerings only is the correct answer. No need to "allow forwarded traffic" because the forwarded traffic is not originated inside the vnet where the traffic is coming from. Router will do the routing task forwarding traffic from B to C and viceversa
upvoted 1 times
...
ercank
4 years, 10 months ago
I setup the whole architecture including routing tables but without 3 Peerings it is not working. When 3 peerings avaible I am testing NVA with traceroute and it is actually routing the traffic over NVA but when I disable the peering between VNET1005b&c it is failing to complete the loop. 2 peerings between VNET1005a to *b and *c looks enough but practically it is not working. May be the problem is at traceroute, it may not be correct tool. Do you have any suggestion how to test this setup with 2 peerings to see if it actually works or not?
upvoted 1 times
ercank
4 years, 10 months ago
sorry guys for the incovenience but I redeployed the same setup this time it worked. So prevously shared below answer is correct: 1- Create the 3 VNETs ( if not done already ) 2- Create VNet Peering between VNET1005a & VNET1005b ( 2-way ) 3- on VNET1005b Peering, enable "Allow forwarded traffic from VNET1005a toVNET1005b" 4- Create VNet Peering between VNET1005a & VNET1005c ( 2-way ) 5- on VNET1005c Peering, enable "Allow forwarded traffic from VNET1005a to VNET1005c"
upvoted 3 times
...
...
bamboo
4 years, 11 months ago
1- Create the 3 VNETs ( if not done already ) 2- Create VNet Peering between VNET1005a & VNET1005b ( 2-way ) 3- on VNET1005b Peering, enable "Allow forwarded traffic from VNET1005a toVNET1005b" 4- Create VNet Peering between VNET1005a & VNET1005c ( 2-way ) 5- on VNET1005c Peering, enable "Allow forwarded traffic from VNET1005a to VNET1005c"
upvoted 2 times
...
X_L
4 years, 11 months ago
Either 6 peerings (3 pairs), or a hub and spoke config with 4 peerings and a NVA deployed in the Hub VNet
upvoted 1 times
...
SumanCert
4 years, 11 months ago
Connection Monitor allows you to monitor connectivity and latency between a VM and another network resource. Packet Capture enables you to capture all traffic on a VM in your virtual network. Ref: https://docs.microsoft.com/en-us/azure/network-watcher/frequently-asked-questions
upvoted 1 times
...
JCase
5 years ago
Read this, it's this very question "Allow forwarded Traffic" topic here: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering
upvoted 1 times
...
denkes
5 years ago
I tried it out. I' ve setup 3 Vnets including peerings a><b* and a><c* including forward traffic a>b and a>c after that I deployed a vm into each vnet. *(e.g. a><b means "a to b" and "b to a") Result: Vnet1 + subnet: 10.1.0.0, with a vm1 ip 10.1.0.4 Vnet2 + subnet: 10.2.0.0, with a vm2 ip 10.2.0.4 Vnet3 + subnet: 10.3.0.0, with a vm3 ip 10.3.0.4 Than went to vm2 Blade > Settings Connect > Link "Test your Connection" > Tab Outbound and tried to connect to vm3 (10.3.0.4) via port 22. Connection Error: "Network connectivity blocked by security group rule: DefaultRule_DenyAllOutBound". Follow the link below the error. There I switch to the NSG of Vnet2 and added an outbound rule: port: "any" source: "virtual network" to "any". After that tried to reconnect and the request went through. ==> Conclusion: No user defined routing tables (UDR) nor Virtual Appliance with forwarding were required. Try it you self.
upvoted 1 times
...
denkes
5 years ago
I tried it out. I' ve setup 3 Vnets including peerings a><b* and a><c* including forward traffic a>b and a>c after that I deployed a vm into each vnet. *(e.g. a><b means "a to b" and "b to a") Result: Vnet1 + subnet: 10.1.0.0, with a vm1 ip 10.1.0.4 Vnet2 + subnet: 10.2.0.0, with a vm2 ip 10.2.0.4 Vnet3 + subnet: 10.3.0.0, with a vm3 ip 10.3.0.4 Than went to vm2 Blade > Settings Connect > Link "Test your Connection" > Tab Outbound and tried to connect to vm3 (10.3.0.4) via port 22. Connection Error: "Network connectivity blocked by security group rule: DefaultRule_DenyAllOutBound". Follow the link below the error. There I switch to the NSG of Vnet2 and added an outbound rule: port: "any" source: "virtual network" to "any". After that tried to reconnect and the request went through. ==> Conclusion: No user defined routing tables (UDR) nor Virtual Appliance with forwarding were required. Try it you self.
upvoted 4 times
ercank
4 years, 11 months ago
I did myself as well. Test your connection indeed throws the same error you got but it is meaningless. Even I create a new rule to overwrite it but again it failed as it supposed to be. Anyway I agree with above comments that 2 peerings with traffic forwarding reuquired before NVA stage but NVA is a must to accomplish this routing to happen.
upvoted 1 times
...
...
daniel840829
5 years ago
b&a c&a 2 peerings both need to enable forwarded traffic create route table Rule 1: dest:VNET1005b ip range, next hop:VNET, vnet:VNET1005a Rule 2: dest:VNET1005c ip range, next hop:VNET, vnet:VNET1005a apply this route table to b and c
upvoted 2 times
kondapaturi
5 years ago
Rule 1 and 2 are nor clear, please give more steps
upvoted 1 times
...
...
samco
5 years, 1 month ago
in Addition to Sun_mon instruction you will need to add a VM in VNET1005a and enable IP-Forwarding on it's NIC, since this VM will Acct as a router
upvoted 2 times
...
TYT
5 years, 2 months ago
Assumptions: VNETS already present. 1. Create Peering between A <-> B 2. Make sure to allow VNET access as enabled A to B and B to A 3. As traffic needs to flow through A, you have to allow forwarded traffic from A to B. Repeat the same steps to create peering between A <-> C You don't need any peering between B <-> C because traffic can flow through A. However, creating a Peering between B <-> C doesn't harm as far as I know. If the assumption is wrong that VNETs exist, create three VNETs with non-overlapping addresses and create subnets.
upvoted 1 times
Sun_mon
5 years, 2 months ago
The question said: "before you configuring IP routing" , so it should be as follows: 1- Create the 3 VNETs ( if not done already ) 2- Create VNet Peering between VNET1005a & VNET1005b ( 2-way ) 3- on VNET1005b Peering, enable "Allow forwarded traffic from VNET1005a toVNET1005b" 4- Create VNet Peering between VNET1005a & VNET1005c ( 2-way ) 5- on VNET1005c Peering, enable "Allow forwarded traffic from VNET1005a to VNET1005c"
upvoted 8 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel