AZ-303 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-303 Exam - Question 227

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs).

A monitoring solution on a different network will need access to the VMs inside the scale set.

You need to define public access to the VMs.

Solution: Implement an Azure Load Balancer.

Does the solution meet the goal?

Show Answer
Correct Answer: A

Implementing an Azure Load Balancer can indeed provide public access to the VMs in the scale set. By configuring inbound NAT rules, each VM in the scale set can be accessed individually through the load balancer by assigning different ports for each VM. This allows the monitoring solution on a different network to access each VM as needed. Therefore, using an Azure Load Balancer meets the requirement of defining public access to the VMs.

Discussion

13 comments
Sign in to comment
DNeo
Mar 20, 2021

Load balancer supports both inbound and outbound scenarios. Assuming we use public load balancer here, inbound NAT will work and make this answer "YES". https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview#:~:text=A%20public%20load%20balancer%20can,internet%20traffic%20to%20your%20VMs.

pentium75
Jul 14, 2021

But the monitoring solution must access EACH individual VM. Not 'any of the VMs' by the Load Balancer's random choice.

Pinto
Jul 23, 2021

Let's entertain the fact that the monitoring solution (no mention of what it is) is there to only check the app logs and report on those and is not a critical app. The logs are written locally. The monitoring solution will connect to the LB IP every 1 second and it will be pointed to a specific VM. The monitoring solution picks the log entries after the last one it had read in earlier attempt. Round robin will ensure that every server gets connected unless it is down. If only the questions were not trying to test our imagination and guessing skills as well.

medi01
Aug 17, 2021

Besides, can't monitoring solution use different ports + NAT for accessing different VMs?

medi01
Aug 17, 2021

Besides, can't monitoring solution use different ports + NAT for accessing different VMs?

Pinto
Jul 23, 2021

Let's entertain the fact that the monitoring solution (no mention of what it is) is there to only check the app logs and report on those and is not a critical app. The logs are written locally. The monitoring solution will connect to the LB IP every 1 second and it will be pointed to a specific VM. The monitoring solution picks the log entries after the last one it had read in earlier attempt. Round robin will ensure that every server gets connected unless it is down. If only the questions were not trying to test our imagination and guessing skills as well.

medi01
Aug 17, 2021

Besides, can't monitoring solution use different ports + NAT for accessing different VMs?

medi01
Aug 17, 2021

Besides, can't monitoring solution use different ports + NAT for accessing different VMs?

altafpatel1984
Feb 12, 2022

Answer is A as per followinig: https://docs.microsoft.com/en-gb/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-networking#public-ipv4-per-virtual-machine

nfett
Jun 21, 2021

this copied from another az-300 thread. A Load Balancer would not make sense - the monitoring solution will need access to all the VM's inside the Scale Set, and not to one by one in a round-robin mode. Answer B should be correct.

snoopinator
Apr 22, 2021

If that monitoring solution need to access all the VMs as stated then a public LB won't work. It will give you access potentially to one at a time. I'd say NO.

Kraviecc
Jan 16, 2021

Correct

ukeboy
Jan 18, 2021

correct

paulot
Apr 22, 2021

Lots of IF here. However a public LB should enable access.

anupam77
Jun 21, 2021

Ans is A - Yes. See Link [Section : Public IPv4 per virtual machine] https://docs.microsoft.com/en-gb/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-networking#public-IPv4-per-virtual-machine In general, Azure scale set virtual machines do not require their own public IP addresses. For most scenarios, it is more economical and secure to associate a public IP address to a load balancer or to an individual virtual machine (also known as a jumpbox), which then routes incoming connections to scale set virtual machines as needed (for example, through inbound NAT rules).

tteesstt
Aug 21, 2021

You can define Inbound NAT rules/port forwarding on Azure Load Balancer. This enables access to each individual vm like this: xxx.yyy.zzz.www:50001 - vm1 xxx.yyy.zzz.www:50002 - vm2 xxx.yyy.zzz.www:50003 - vm3 ....

syu31svc
Aug 29, 2021

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-networking In general, Azure scale set virtual machines do not require their own public IP addresses. For most scenarios, it is more economical and secure to associate a public IP address to a load balancer or to an individual virtual machine (also known as a jumpbox), which then routes incoming connections to scale set virtual machines as needed (for example, through inbound NAT rules). I would say Yes

demonite
Apr 5, 2021

Answer is Yes with inbound NAT rules

Abhi1011
Apr 6, 2021

Is the correct answer "A" ?

Alasmindas
Apr 19, 2021

The question is not very clear. Considering a PUBLIC Load Balancer the answer should be YES.

AberdeenAngus
Jan 17, 2022

I'm going for No. I haven't tested it but I think 2 problems with the inbound NAT rule idea are: - the VM seems to have to exist to define the NAT rule in the LB, and with a scale set any VM might be deleted/created any time - I doubt if there are many monitoring tools out there which can be configured to use adhoc ports to connect to VMs which they're monitoring, I've never heard of one.