AZ-500 · Question #15
AZ-500 Question #15: Real Exam Question with Answer & Explanation
The correct answer is A: Yes. Explanation Creating a site-to-site VPN between the Azure virtual network (hosting the HDInsight cluster) and the on-premises network is a valid solution because it establishes secure network connectivity, allowing the HDInsight cluster to communicate with on-premises Active Dire
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a hybrid configuration of Azure Active Directory (AzureAD). You have an Azure HDInsight cluster on a virtual network. You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials. You need to configure the environment to support the planned authentication. Solution: You create a site-to-site VPN between the virtual network and the on-premises network. Does this meet the goal?
Options
- AYes
- BNo
Explanation
Explanation
Creating a site-to-site VPN between the Azure virtual network (hosting the HDInsight cluster) and the on-premises network is a valid solution because it establishes secure network connectivity, allowing the HDInsight cluster to communicate with on-premises Active Directory Domain Controllers for authentication. This network-level connectivity is a fundamental requirement for enabling on-premises credential authentication in a hybrid Azure AD scenario, as the cluster must be able to reach domain controllers to validate user credentials via Kerberos or LDAP protocols. There are no distractors in this question since it is a Yes/No solution-based question rather than a multiple-choice format with alternatives.
Memory Tip: Think of it as building a "bridge" - before HDInsight can talk to on-premises AD, you need a physical network path between the two environments. A site-to-site VPN is that bridge. Without it, the cluster has no route to reach the domain controllers, making authentication impossible. Remember: Network connectivity first, authentication second - if the cluster can't "see" your AD servers, it can't authenticate against them.
Topics
Community Discussion
No community discussion yet for this question.