ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 6 question 19 discussion

Actual exam question from Microsoft's AZ-303
Question #: 19
Topic #: 6
[All AZ-303 Questions]

You have an Azure subscription named Subscription1 that contains two Azure networks named VNet1 and VNet2. VNet1 contains a VPN gateway named
VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1.
On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1.
You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2.
You need to ensure that you can connect Client1 to VNet2.
What should you do?

  • A. Select Allow gateway transit on VNet1.
  • B. Download and re-install the VPN client configuration package on Client1.
  • C. Enable BGP on VPNGW1.
  • D. Select Allow gateway transit on VNet2.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Point-to-Site certificate authentication connections require the following prerequisites:
✑ A Dynamic VPN gateway.
✑ The public key (.cer file) for a root certificate, which is uploaded to Azure. This key is considered a trusted certificate and is used for authentication.
✑ A client certificate generated from the root certificate, and installed on each client computer that will connect. This certificate is used for client authentication.
✑ A VPN client configuration package must be generated and installed on every client computer that connects. The client configuration package configures the native VPN client that's already on the operating system with the necessary information to connect to the VNet.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
by Yiannisthe7th at July 3, 2021, 6:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Tripp_F
Highly Voted 3 years, 11 months ago
The correct answer is B: Download and re-install the VPN client configuration package on Client1. This must be done because of the network configuration change (peering enabled).
upvoted 8 times
...
syu31svc
Most Recent 3 years, 9 months ago
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again in order for the changes to be applied to the client B is the answer
upvoted 2 times
...
Yiannisthe7th
3 years, 11 months ago
D is correct, "Clients using Windows can access directly peered VNets, but the VPN client must be downloaded again if any changes are made to VNet peering or the network topology."
upvoted 2 times
souvik123
3 years, 11 months ago
Guess you meant B from the description provided.
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel