CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-104

Free AZ-104 Exam Braindumps (page: 40)

Page 39 of 132
PDF with 606 Questions

You deploy Azure virtual machines to three Azure regions.

Each region contains a virtual network. Each virtual network contains multiple subnets peered in a full mesh topology.

Each subnet contains a network security group (NSG) that has defined rules.

A user reports that he cannot use port 33000 to connect from a virtual machine in one region to a virtual machine in another region.

Which two options can you use to diagnose the issue? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

  1. effective security rules
  2. Azure Monitor Network Insights
  3. IP flow verify
  4. Azure Virtual Network Manager
  5. Connection troubleshoot

Answer(s): C,E

Explanation:

Troubleshoot virtual network peering issues

The virtual networks are in different regions

Troubleshoot a connectivity issue between two peered virtual networks
Use Connection Troubleshoot and IP flow verify from the source VM to the destination VM to determine whether there is an NSG or UDR that is causing interference in traffic flows.


Reference:

https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-troubleshoot-peering-issues



You have two Azure subscriptions named Sub1 and Sub2 that contain the virtual networks shown in the following table.



You need to ensure that VM1 and VM2 can communicate. The solution must minimize costs and administrative effort.

What should you use?

  1. a user-defined route (UDR)
  2. network peering
  3. Azure Route Server
  4. an Azure VPN gateway
  5. a network virtual appliance (NVA)

Answer(s): B

Explanation:

You can connect virtual networks to each other with virtual network peering. These virtual networks can be in the same region or different regions (also known as global virtual network peering). Once virtual networks are peered, resources in both virtual networks can communicate with each other over a low-latency, high-bandwidth connection using Microsoft backbone network.

Azure Virtual Network is free of charge. Every subscription can create up to 50 virtual networks across all regions.

Incorrect:
Not A: You create custom routes by either creating user-defined routes (UDRs) or exchanging BGP routes between your on-premises network gateway and an Azure virtual network gateway.

Not C:
Azure Route Server simplifies dynamic routing between your network virtual appliance (NVA) and your Azure virtual network. It allows you to exchange routing information directly through Border Gateway Protocol (BGP) routing protocol between any NVA that supports the BGP routing protocol and the Azure Software Defined Network (SDN) in the virtual network without the need to manually configure or maintain route tables. Azure Route Server is a fully managed service and is configured with high availability.

Not D:
Virtual network gateway compute costs
Each virtual network gateway has an hourly compute cost. The price is based on the gateway SKU that you specify when you create a virtual network gateway. The cost is for the gateway itself and is in addition to the data transfer that flows through the gateway. Cost of an active-active setup is the same as active-passive.

If you're sending traffic between virtual networks in different regions, the pricing is based on the region.

Not E:
Network virtual appliances: A network virtual appliance is a VM that performs a network function, such as a firewall or WAN optimization.


Reference:

https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks
https://azure.microsoft.com/en-us/pricing/details/virtual-network/
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways



View Related Case Study

You need to ensure that VM1 can communicate with VM4. The solution must minimize the administrative effort.

What should you do?

  1. Create an NSG and associate the NSG to VM1 and VM4.
  2. Establish peering between VNET1 and VNET3.
  3. Assign VM4 an IP address of 10.0.1.5/24.
  4. Create a user-defined route from VNET1 to VNET3.

Answer(s): B



View Related Case Study

HOTSPOT (Drag and Drop is not supported)
You need to meet the connection requirements for the New York office.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Create a virtual network gateway and a local network gateway.
Azure VPN gateway. The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN appliance. For more information, see Connect an on-premises network to a Microsoft Azure virtual network. The VPN gateway includes the following elements:
Virtual network gateway.A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing traffic from the on-premises network to the VNet.
Local network gateway.An abstraction of the on-premises VPN appliance. Network traffic from the cloudapplication to the on-premises network is routed through this gateway.
Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-premises VPN appliance to encrypt traffic.
Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements, described in the Recommendations section below.

Box 2: Configure a site-to-site VPN connection
On premises create a site-to-site connection for the virtual network gateway and the local network gateway.


Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection. Incorrect Answers:
Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection is private. Traffic does not go over the internet.


Reference:

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vpn






Post your Comments and Discuss Microsoft AZ-104 exam with other Community members:

AZ-104 Exam Discussions & Posts