AZ-104 Question #567: Real Exam Question with Answer & Explanation

Submitted by asante_acc· Mar 4, 2026Design and Implement Azure Networking - specifically implementing hybrid network connectivity using ExpressRoute with Site-to-Site VPN coexistence (AZ-700 / AZ-104 Network domain)

Question

Drag and Drop Question You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the following table. VNET1 contains a virtual network gateway named VNG1 that uses policy-based routing and has a single Site-to-Site VPN connection to an on-premises datacenter. You need to Implement ExpressRoute. The solution must include a Site-to-Site VPN as a backup. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:

Explanation

To implement ExpressRoute with a Site-to-Site VPN backup, you must first delete the existing policy-based VPN gateway (VNG1) because policy-based gateways do not support coexistence with ExpressRoute - only route-based gateways do. After deleting VNG1, you deploy the ExpressRoute gateway into the existing GatewaySubnet, then create a route-based VPN gateway (which supports coexistence with ExpressRoute) in a new /27 subnet, and finally create an additional GatewaySubnet2 (/28) to support the coexistence configuration. The sequence ensures compatibility between ExpressRoute and the Site-to-Site VPN failover path.

Topics

#ExpressRoute#VPN Gateway#Hybrid Connectivity#Azure Networking

Community Discussion

No community discussion yet for this question.

Full AZ-104 Practice Browse All AZ-104 Questions