nerdexam
ExamsAZ-801Questions#59
MicrosoftMicrosoft

AZ-801 · Question #59

AZ-801 Question #59: Real Exam Question with Answer & Explanation

The correct answer is D: Update the routing information on the on-premises routers.. Since BGP is disabled for the Site-to-Site VPN and a new subnet was added to the Azure VNet, you must manually update the routing information on the on-premises routers to advertise the new Azure subnet's address space.

Monitor and troubleshoot Windows Server environments

Question

You have a Site-to-Site VPN between an on-premises network and an Azure VPN gateway. BGP is disabled for the Site-to-Site VPN. You have an Azure virtual network named Vnet1 that contains a subnet named Subnet1. Subnet1 contains a virtual machine named Server1. You can connect to Server1 from the on-premises network. You extend the address space of Vnet1. You add a subnet named Subnet2 to Vnet1. Subnet2 uses the extended address space. You deploy an Azure virtual machine named Server2 to Subnet2. You cannot connect to Server2 from the on-premises network. Server1 can connect to Server2. You need to ensure that you can connect to Subnet2 from the on-premises network. What should you do?

Options

  • AAdd an additional Site-to-Site VPN between the on-premises network and Vnet1.
  • BAdd a private endpoint to Subnet2.
  • CTo Subnet2, add a route table that contains a user-defined route.
  • DUpdate the routing information on the on-premises routers.

Explanation

Since BGP is disabled for the Site-to-Site VPN and a new subnet was added to the Azure VNet, you must manually update the routing information on the on-premises routers to advertise the new Azure subnet's address space.

Common mistakes.

  • A. Adding an additional Site-to-Site VPN is unnecessary and would complicate the network architecture; a single VPN gateway can route to multiple subnets within its VNet.
  • B. Adding a private endpoint is for privately accessing Azure services over a private IP address from a VNet, not for enabling general connectivity from on-premises to a new Azure subnet.
  • C. Adding a route table to Subnet2 might be necessary for outbound traffic from Subnet2 or for overriding default Azure routing, but it does not address the issue of the on-premises network not knowing how to reach Subnet2.

Concept tested. Site-to-Site VPN static routing

Reference. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-connections

Topics

#Site-to-Site VPN#Static Routing#Hybrid Networking#On-premises Routers

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full AZ-801 PracticeBrowse All AZ-801 Questions