AZ-303 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-303 Exam - Question 226

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs).

A monitoring solution on a different network will need access to the VMs inside the scale set.

You need to define public access to the VMs.

Solution: Deploy a standalone VM that has a public IP address to the virtual network.

Does the solution meet the goal?

Show Answer
Correct Answer: B

To provide access to the VMs in a scale set from a monitoring solution in a different network, assigning a public IP to just one standalone VM does not suffice. The standalone VM with a public IP would not inherently enable visibility or access to the entire scale set. What is needed is either direct public IPs for each VM in the scale set, or a load balancer with NAT rules that can direct traffic to those VMs. Therefore, deploying a standalone VM with a public IP does not meet the goal of providing sufficient access.

Discussion

12 comments
Sign in to comment
SyntaxError
Jan 2, 2021

https://www.examtopics.com/exams/microsoft/az-300/view/15/

malyaban
Mar 16, 2021

The answer should be NO here and the 3rd question answer should be Yes in this set. Deploying one VM with PIP does not solve anything as the monitoring solution is on a different vnet and it needs access to all the VMs in this vnet, whereas if all the VMs have PIPs then that monitoring solution will have access to all of them and the requirement will be met.

der3mi
Jan 26, 2022

what question are you referring to?

One111
Mar 28, 2021

It doesnt make sens.You setup scale set with private ip and six machines (to be isolated and get HA) and then you put it behind single VM with public IP? Absolutly no. Use Insights from Azure Monitor and Log Analitics agents to do monitoring. Also get Application Gateway\FrontDoor to provide public access to app on VMs in Scale Set.

aut0pil0t
Jul 6, 2021

No. This is only half a solution, not a complete solution.

tteesstt
Aug 31, 2021

The answer could be Yes given more context, otherwise No.

G_Z
Jan 18, 2021

A is correct answer. Azure Monitor for VMs stores its data in Azure Monitor Logs, which allows it to deliver powerful aggregation and filtering and to analyze data trends over time. You can view this data in a single VM from the virtual machine directly, or you can use Azure Monitor to deliver an aggregated view of multiple VMs.

syu31svc
Aug 29, 2021

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-networking In general, Azure scale set virtual machines do not require their own public IP addresses. For most scenarios, it is more economical and secure to associate a public IP address to a load balancer or to an individual virtual machine (also known as a jumpbox), which then routes incoming connections to scale set virtual machines as needed (for example, through inbound NAT rules). I would take Yes

BigDaddyAus
Mar 7, 2021

Question is not really clear, I presume here the VM with the public IP will also run the Log Analytics Gateway and the Monitoring solution is Azure Monitor (through Log Analytics). In this scenario then Yes the answer is correct. https://docs.microsoft.com/en-us/azure/azure-monitor/agents/gateway

Stephan99
Jan 10, 2021

Correct anser is no, Use Virtual machine scale set insights from Azure Monitor. Install Log Analytics agent on the virtual machine scale set. https://azure.microsoft.com/en-us/blog/virtual-machine-scale-set-insights-from-azure-monitor/ https://docs.microsoft.com/en-us/azure/azure-monitor/insights/vminsights-enable-overview#supported-operating-systems

xaccan
Jan 15, 2021

no it is A The new Machine will work as a Jump server.

saidov1981
May 14, 2021

This is valid if Bastion is used which is not specified in the question.

pentium75
Jul 14, 2021

But per the question you do not configure 'the new machine as a jump server'. You just install a VM with a public IP. That ALONE does surely not solve the problem.

saidov1981
May 14, 2021

This is valid if Bastion is used which is not specified in the question.

pentium75
Jul 14, 2021

But per the question you do not configure 'the new machine as a jump server'. You just install a VM with a public IP. That ALONE does surely not solve the problem.

JackFrag
Feb 3, 2021

VM with public IP should server the job. As public IP or routable IP is needed to allow "public access" . Hence answer should be A

pentium75
Jul 14, 2021

If you do nothing but add a VM with a public IP, how would the monitoring solution be able to access 'all the (other) VMs'? (There is nothing mentioned that you would install a gateway on that VM or something else.)

DNeo
Mar 20, 2021

the question is lacking details and correct answer is uncertain here

DonBoat
Dec 24, 2021

In general, Azure scale set virtual machines do not require their own public IP addresses. For most scenarios, it is more economical and secure to associate a public IP address to a load balancer or to an individual virtual machine (aka a jumpbox), which then routes incoming connections to scale set virtual machines as needed (for example, through inbound NAT rules).