Exam AZ-720 topic 2 question 19 discussion

my guess would be ABE

A. Configure the hashing algorithm to be the same on both gateways. - For a successful VPN tunnel, both ends of the tunnel should have the same settings including the hashing algorithm. If the hashing algorithms are not matching, it could cause connectivity issues. B. Configure the pre-shared key to be the same on the Azure VPN gateway and the on-premises VPN gateways. - The pre-shared key is used to authenticate the two ends of the VPN tunnel. If the keys don't match, it will cause connectivity problems. E. Reset the VPN connection. - Resetting the VPN connection can help clear any transient issues that might be causing connectivity problems. It is a non-disruptive action as it does not affect the underlying gateway and hence the other services using the gateway. This should be done after confirming correct configurations (i.e., pre-shared key and hashing algorithm). Option F, Reset the VPN gateway, should be avoided unless absolutely necessary as it can cause a temporary outage and affect all services using the gateway, not just the one experiencing issues.

I would go with ABE if I want to have NO downtime to the other services. But if it be OK to have some minimal downtime, then I could go with ABF. A - Make sure the hash encryption is the same and correct on both ends B - Make sure the IKE Passphrase is the same and correct on both VPNGW and onprem FW/device E - Reset just the faulty/affected connection F- This would restart the active instance on the VPN GW and trigger the maintenance process of the second one to take over - something like 1-5 mins downtime. Choosing E will not impact the other connections and it should solve the issue with no impact to the other already established connections - and if not, then I would Restart the VPNGW. Choosing F to RESET the VPN GW itself - that will affect all connections, hence creating downtime for the ones that work. Not sure what MS really wants here, it's a tricky one. Dunno really what I would pick at the exam haha :) but I tend to go with ABE.

https://learn.microsoft.com/en-us/azure/vpn-gateway/reset-gateway#reset-a-gateway Verify the following items before resetting your gateway: * The Internet IP addresses (VIPs) for both the Azure VPN gateway and the on-premises VPN gateway are configured correctly in both the Azure and the on-premises VPN policies. * The pre-shared key must be the same on both Azure and on-premises VPN gateways. *If you apply specific IPsec/IKE configuration, such as encryption, hashing algorithms, and PFS (Perfect Forward Secrecy), ensure both the Azure and on-premises VPN gateways have the same configurations.

When you reset the gateway, it reboots the gateway, and then reapplies the cross-premises configurations to it. So F is not answer. https://learn.microsoft.com/en-us/azure/vpn-gateway/reset-gateway