Exam AZ-104 All QuestionsBrowse all questions from this exam
Go to Exam
Question 532

You deploy Azure virtual machines to three Azure regions

Each region contains a virtual network. Each virtual network contains multiple subnets peered in a full mesh topology.

Each subnet contains a network security group (NSG) that has defined rules.

A user reports that he cannot use port 33000 to connect from a virtual machine in one region to a virtual machine in another region.

Which two options can you use to diagnose the issue? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

    Correct Answer: B, D

    To diagnose connectivity issues between virtual machines across Azure regions, particularly when port 33000 is involved, you can use both IP flow verify and Connection troubleshoot. IP flow verify helps check if traffic is being allowed or denied based on network security group (NSG) rules, providing insight into whether a specific rule is blocking the traffic. Connection troubleshoot provides the capability to test direct TCP connections between virtual machines, helping identify whether the issue lies within the NSGs, firewall rules, or any other network configuration. Together, these tools provide a comprehensive approach to diagnosing connectivity issues in a complex network environment.

Discussion
zellckOptions: BD

BD is the answer. https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and a remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.

zellck

https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-connectivity-overview The connection troubleshoot feature of Network Watcher provides the capability to check a direct TCP connection from a virtual machine to a virtual machine (VM), fully qualified domain name (FQDN), URI, or IPv4 address. Network scenarios are complex, they're implemented using network security groups, firewalls, user-defined routes, and resources provided by Azure. Complex configurations make troubleshooting connectivity issues challenging. Network Watcher helps reduce the amount of time to find and detect connectivity issues. The results returned can provide insights into whether a connectivity issue is due to a platform or a user configuration issue. Connectivity can be checked with PowerShell, Azure CLI, and REST API.

zellck

Got this in Feb 2023 exam.

NJTH

Exactly the same question was on todays exam. (7th April 2023)

Karpovsky2222Options: BD

The correct answer is B and D

1475

Whats the reference

omgMerrickOptions: BD

Answer is correct, B & D. The IP flow verify (B) and connection troubleshoot (D) options can be used to diagnose the issue reported by the user. IP flow verify is a feature of Azure Network Watcher that you can use to verify if a packet is allowed or denied to or from a virtual machine based on the security group rules defined on the subnet. By using IP flow verify, you can determine if a rule is blocking traffic to port 33000 from one virtual machine to another in different regions. Connection troubleshoot is another feature of Azure Network Watcher that provides a simple and easy-to-use solution for troubleshooting connectivity issues between virtual machines. With connection troubleshoot, you can determine if the network security groups (NSGs) or firewall rules are blocking traffic to port 33000, and identify the exact rule that is causing the issue.

kamlauOptions: BD

Azure Monitor Network Insights provides sth like dashboard and access to the diagnostics toolkit only, which cannot perform troubleshooting as IP flow verify and connection troubleshoot. Thus, I think the ans is B & D

vbohr899

Cleared Exam today 26 Feb, This question was there in exam.

RealSJ

You used BD as the answer ?

CyberKelevOptions: BD

B. IP flow verify and D. Connection troubleshoot are the two options that can be used to diagnose the issue.

kamlauOptions: BD

Azure Monitor Network Insights provides sth like dashboard and access to the diagnostics toolkit only, which cannot perform troubleshooting as IP flow verify and connection troubleshoot. Thus, I think the ans is B & D

Ashfaque_9xOptions: BD

Correct Answers B. IP flow verify D. Connection troubleshoot

a6bd45eOptions: BD

ChatGPT4 says B&D

CfernandesOptions: BC

It can't be D at this point because it asks, "What two options can you use to diagnose the problem?" Not to solve. Solution: B/C

Amir1909

B and E

SgtDumitruOptions: BD

B: Check connectivity to/from a VM; D: Check connection between VMs;

HillahOptions: BC

Azure Monitor Network Insights can help troubleshoot the mesh by showing the network topology...then IP flow helps see where exactly the problem is...my thoughts

vishalguOptions: AD

Ans:- AD Expla: A. Azure Virtual Network Manager: It allows you to view the topology of your virtual network, and can help you diagnose issues with virtual network peering. D. Connection troubleshoot: It is a feature of Azure Network Watcher that allows you to troubleshoot and diagnose connectivity issues between virtual machines within a virtual network or across virtual networks. It can help you identify if the issue is with the NSG rules or with the virtual network peering.