Exam AZ-300 topic 2 question 9 discussion

Question implies the config of azure networks changed, so B. Other device works so gateway transit already is on.

Answer is B. SSTP is only supported on Windows. If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again in order for the changes to be applied to the client.

Windows clients can access VNet1, VNet2, and VNet4, but the VPN client must be downloaded again for any topology changes to take effect.

tricky question. For me the correct order is the follow: 1) Configure VPN gateway transit 2) Enable BGP on vpngtw1 3) download and reinstall the point-to-site package so that the point-to-site clients get the updated routes to the spoke virtual network. Second and third can swap (depends on p2s protocol) IKEv2 => second and third can swap (there is no order) SSTP => (like above) you *must* download and reinstall the p2s package after enabled BGP https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing In the question seems my first and second point it's already done because the sentence wants point up the changes in network topology, so the given answer is correct

Already confirmed the connectivity between on-perm network and VNET2. If "Allow gateway transit" is misconfigured, then on-perm and VNET2 won't work either.

Answer should be C. Point-to-Site doesn't really work without route-based/dynamic(BGP) type of VNet Gateway. Although B would be the next step here...

I would go for C reason: You verify that you can connect to VNET2. So i assume that allow gateway transit is already configured. Going to C: If there are no routes, that can route traffic fromp client to vnet 2. then there is the issue.

B is correct. Check the referenced site. Mentioned below. 'If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again in order for the changes to be applied to the client.'

Answer is CORRECT. Look at the order of the steps described in the question. If you number them you get the following: 1. There is a site-to-site VPN connection between your on-premises network and VNet1. 2. On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1. 3. You configure virtual network peering between VNet1 and VNet2. 4. You verify that you can connect to VNet2 from the on-premises network. 5. Client1 is unable to connect to VNet2. It is clear that there was a change on the topology of your network (step 3) and therefore you have to reinstall the VPN client for the point2site connection. In fact, the objective of the question is check if you are aware of that limitation.

This question appeared me in AZ-104 exam

The answer is correct. Since You made P2S first then you configured peering of vnet1 and vnet2 therefore, you need to re-download the P2S client and instal it to get access vnet 2

Given answer is correct

The answer is correct. Since You made P2S first then you configured peering of vnet1 and vnet2 therefore, you need to re-download the P2S client and instal it to get access vnet 2 ( Hope, in Vnet1 forward traffic is enabled and Vnet2 use remote gateway)

Well, at the link provided under the answer, here's an excerpt: "If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again in order for the changes to be applied to the client." That sounds a LOT like "B"

there is no correct answer, you can check the documentation below, since the routing is static (policy-based) https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about Can I have Site-to-Site and Point-to-Site configurations coexist for the same virtual network? Yes. For the Resource Manager deployment model, you must have a RouteBased VPN type for your gateway. For the classic deployment model, you need a dynamic gateway. We do not support Point-to-Site for static routing VPN gateways or PolicyBased VPN gateways.

For point-to-site connections Follow the steps in: Configure VPN gateway transit for virtual network peering. After virtual network peering is established or changed, download and reinstall the point-to-site package so that the point-to-site clients get the updated routes to the spoke virtual network. Courtsey = https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-troubleshoot-peering-issues

Agree with Benkyoujin Clients using Windows can access directly peered VNets, but the VPN client must be downloaded again if any changes are made to VNet peering or the network topology. Non-Windows clients can access directly peered VNets. Access is not transitive and is limited to only directly peered VNets.