ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-720 All Questions

View all questions & answers for the AZ-720 exam
Go to Exam

Exam AZ-720 topic 5 question 47 discussion

Actual exam question from Microsoft's AZ-720
Question #: 8
Topic #: 5
[All AZ-720 Questions]

A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.
You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1.
What should you do?

  • A. Enable the public endpoint for the FlowLog1 storage account.
  • B. Configure the FlowTimeoutInMinutes property on VNet1 to a non-null value.
  • C. Enable FlowLog1 in a network security group associated with the network interface of VM1.
  • D. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Jgjxgjm at Feb. 15, 2023, 10:53 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
terawatt
1 year, 11 months ago
Selected Answer: C
C. Enable FlowLog1 in a network security group associated with the network interface of VM1. When FastPath is enabled, traffic from on-premises networks bypasses the Azure gateway and goes directly to VMs in your VNet. This means that flow logs on the gateway will not capture this traffic, which is why you are not seeing outbound traffic in the flow logs for the gateway. In order to capture traffic information for VM1 (including the issues users are experiencing when connecting to VM1 from on-premises), you need to enable flow logging on the network security group (NSG) associated with VM1's network interface. This will capture traffic information for VM1, including any inbound and outbound traffic.
upvoted 1 times
...
MarshalLaw
2 years, 2 months ago
From what I read from another site: When FastPath is enabled on an ExpressRoute gateway, network traffic between your on-premises network and your virtual network bypasses the gateway and goes directly to virtual machines in the virtual network. Therefore, if you want to capture outbound flow traffic from VM1, you need to enable flow logging on an NSG associated with the subnet of VM1.
upvoted 4 times
...
Gina12345
2 years, 3 months ago
A. Enable the public endpoint for the FlowLog1 storage account. The issue here is that FlowLog1 is not reporting outbound flow traffic, which means that the logs are not being sent to the storage account. To resolve this, we need to ensure that the storage account can be accessed from the virtual network associated with the NSG. To achieve this, we can enable the public endpoint for the storage account, which allows traffic to be sent to the storage account over the public internet. Once this is done, FlowLog1 should start reporting outbound flow traffic.
upvoted 1 times
...
Jgjxgjm
2 years, 4 months ago
I think C is incorrect. Because NSG cannot be attached with NIC.
upvoted 1 times
Jgjxgjm
2 years, 4 months ago
Perhaps, it may be attached with NIC...
upvoted 1 times
...
cris_exam
2 years, 2 months ago
NSGs can be attached to both Subnets and NICs
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel