AZ-104 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-104 Exam - Question 532

You deploy Azure virtual machines to three Azure regions

Each region contains a virtual network. Each virtual network contains multiple subnets peered in a full mesh topology.

Each subnet contains a network security group (NSG) that has defined rules.

A user reports that he cannot use port 33000 to connect from a virtual machine in one region to a virtual machine in another region.

Which two options can you use to diagnose the issue? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Show Answer
Correct Answer: BCD

To diagnose connectivity issues between virtual machines across Azure regions, particularly when port 33000 is involved, you can use both IP flow verify and Connection troubleshoot. IP flow verify helps check if traffic is being allowed or denied based on network security group (NSG) rules, providing insight into whether a specific rule is blocking the traffic. Connection troubleshoot provides the capability to test direct TCP connections between virtual machines, helping identify whether the issue lies within the NSGs, firewall rules, or any other network configuration. Together, these tools provide a comprehensive approach to diagnosing connectivity issues in a complex network environment.

Discussion

15 comments
Sign in to comment
zellckOptions: BD
Feb 11, 2023

BD is the answer. https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and a remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.

zellck
Feb 11, 2023

https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-connectivity-overview The connection troubleshoot feature of Network Watcher provides the capability to check a direct TCP connection from a virtual machine to a virtual machine (VM), fully qualified domain name (FQDN), URI, or IPv4 address. Network scenarios are complex, they're implemented using network security groups, firewalls, user-defined routes, and resources provided by Azure. Complex configurations make troubleshooting connectivity issues challenging. Network Watcher helps reduce the amount of time to find and detect connectivity issues. The results returned can provide insights into whether a connectivity issue is due to a platform or a user configuration issue. Connectivity can be checked with PowerShell, Azure CLI, and REST API.

zellck
Feb 13, 2023

Got this in Feb 2023 exam.

NJTH
Apr 7, 2023

Exactly the same question was on todays exam. (7th April 2023)

Karpovsky2222Options: BD
Jan 16, 2023

The correct answer is B and D

1475
Jan 18, 2023

Whats the reference

kamlauOptions: BD
Jan 19, 2023

Azure Monitor Network Insights provides sth like dashboard and access to the diagnostics toolkit only, which cannot perform troubleshooting as IP flow verify and connection troubleshoot. Thus, I think the ans is B & D

omgMerrickOptions: BD
Feb 6, 2023

Answer is correct, B & D. The IP flow verify (B) and connection troubleshoot (D) options can be used to diagnose the issue reported by the user. IP flow verify is a feature of Azure Network Watcher that you can use to verify if a packet is allowed or denied to or from a virtual machine based on the security group rules defined on the subnet. By using IP flow verify, you can determine if a rule is blocking traffic to port 33000 from one virtual machine to another in different regions. Connection troubleshoot is another feature of Azure Network Watcher that provides a simple and easy-to-use solution for troubleshooting connectivity issues between virtual machines. With connection troubleshoot, you can determine if the network security groups (NSGs) or firewall rules are blocking traffic to port 33000, and identify the exact rule that is causing the issue.

vbohr899
Feb 27, 2023

Cleared Exam today 26 Feb, This question was there in exam.

RealSJ
Jun 10, 2023

You used BD as the answer ?

kamlauOptions: BD
Jan 19, 2023

Azure Monitor Network Insights provides sth like dashboard and access to the diagnostics toolkit only, which cannot perform troubleshooting as IP flow verify and connection troubleshoot. Thus, I think the ans is B & D

CyberKelevOptions: BD
Mar 3, 2023

B. IP flow verify and D. Connection troubleshoot are the two options that can be used to diagnose the issue.

Ashfaque_9xOptions: BD
Jan 20, 2023

Correct Answers B. IP flow verify D. Connection troubleshoot

vishalguOptions: AD
Jan 23, 2023

Ans:- AD Expla: A. Azure Virtual Network Manager: It allows you to view the topology of your virtual network, and can help you diagnose issues with virtual network peering. D. Connection troubleshoot: It is a feature of Azure Network Watcher that allows you to troubleshoot and diagnose connectivity issues between virtual machines within a virtual network or across virtual networks. It can help you identify if the issue is with the NSG rules or with the virtual network peering.

HillahOptions: BC
Oct 15, 2023

Azure Monitor Network Insights can help troubleshoot the mesh by showing the network topology...then IP flow helps see where exactly the problem is...my thoughts

SgtDumitruOptions: BD
Nov 26, 2023

B: Check connectivity to/from a VM; D: Check connection between VMs;

Amir1909
Mar 21, 2024

B and E

CfernandesOptions: BC
May 5, 2024

It can't be D at this point because it asks, "What two options can you use to diagnose the problem?" Not to solve. Solution: B/C

a6bd45eOptions: BD
Jul 15, 2024

ChatGPT4 says B&D