nerdexam
ExamsAZ-104Questions#53
MicrosoftMicrosoft

AZ-104 · Question #53

AZ-104 Question #53: Real Exam Question with Answer & Explanation

To route inbound traffic from a VPN gateway through a Network Virtual Appliance (NVA), apply a User-Defined Route (UDR) to the GatewaySubnet specifying the VNet's address space as the destination and the NVA as the next hop.

Submitted by valeria.br· Mar 4, 2026Configure and manage virtual networking

Question

Hotspot Question You have an Azure subscription that contains a virtual network named VNet1. VNet1 uses an IP address space of 10.0.0.0/16 and contains the subnets in the following table: Subnet1 contains a virtual appliance named VM1 that operates as a router. You create a routing table named RT1. You need to route all inbound traffic from the VPN gateway to VNet1 through VM1. How should you configure RT1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:

Options

  • __typehotspot
  • variantdropdown

Explanation

To route inbound traffic from a VPN gateway through a Network Virtual Appliance (NVA), apply a User-Defined Route (UDR) to the GatewaySubnet specifying the VNet's address space as the destination and the NVA as the next hop.

Approach. 1. Address prefix: Select 10.0.0.0/16. The goal is to route all traffic destined for VNet1. Since VNet1's entire address space is 10.0.0.0/16, this is the destination prefix that needs to be intercepted. 2. Next hop type: Select Virtual appliance. The scenario explicitly states that traffic must be routed through VM1, which operates as a router. In Azure, a virtual machine performing routing functions is classified as a Network Virtual Appliance. 3. Assigned to: Select GatewaySubnet. Azure Route Tables dictate the path for traffic leaving the subnet they are associated with. To capture and redirect traffic as it enters the VNet from the VPN connection, the route table must be attached to the GatewaySubnet.

Common mistakes.

  • common_mistake. A common mistake is assigning the route table to the target subnets (e.g., Subnet1 and Subnet2). Because route tables only process outbound traffic from the subnet they are bound to, attaching the UDR to the destination subnets would do nothing to intercept the traffic as it arrives from the VPN gateway.

Concept tested. User-Defined Routes (UDRs), GatewaySubnet traffic routing, and Network Virtual Appliance (NVA) integration.

Reference. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

Topics

#Route Tables#User-Defined Routes#Network Virtual Appliance#VPN Gateway

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full AZ-104 PracticeBrowse All AZ-104 Questions