nerdexam
ExamsAZ-305Questions#188
MicrosoftMicrosoft

AZ-305 · Question #188

AZ-305 Question #188: Real Exam Question with Answer & Explanation

For on-premises connectivity to a Private Endpoint, DNS resolution must route private endpoint queries through Azure's private DNS infrastructure. The correct architecture requires a DNS forwarder VM (VM1) in Azure that forwards the private zone domain (contoso.com or the private

Submitted by anjalisingh· Mar 6, 2026Design and implement private access to Azure services - specifically configuring DNS for Private Endpoints with on-premises connectivity (AZ-700 / AZ-305 Networking domain)

Question

Hotspot Question You have the Azure resources shown in the following table. You need to design a solution that provides on-premises network connectivity to SQLDB1 through PE1. How should you configure name resolution? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:

Explanation

For on-premises connectivity to a Private Endpoint, DNS resolution must route private endpoint queries through Azure's private DNS infrastructure. The correct architecture requires a DNS forwarder VM (VM1) in Azure that forwards the private zone domain (contoso.com or the privatelink zone) to Azure's magic IP 168.63.129.16, which can resolve Private DNS Zone records - on-premises resolvers cannot reach 168.63.129.16 directly. On-premises DNS must then forward the relevant domain to VM1 (the conditional forwarder in Azure), completing the resolution chain: on-premises → VM1 → 168.63.129.16 → Private DNS Zone → PE1's private IP.

Topics

#Private Endpoint#Azure Private DNS#Hybrid DNS Resolution#Azure Networking

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full AZ-305 PracticeBrowse All AZ-305 Questions