Exam AZ-305 All QuestionsBrowse all questions from this exam
Go to Exam
Question 258

HOTSPOT

-

You have an Azure subscription that contains the resources shown in the following table.

VNet1, VNet2, and VNet3 each has multiple virtual machines connected. The virtual machines use the Azure DNS service for name resolution.

You need to recommend an Azure Monitor log routing solution that meets the following requirements:

• Ensures that the logs collected from the virtual machines and sent to Workspace1 are routed over the Microsoft backbone network

• Minimizes administrative effort

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

    Correct Answer:

Discussion
cris_exam

Box1: 1 AMPLS Box2: 2 PEs I tested this and used 1 AMPLS and 2 PEs. As long as the DNS settings are correct and the PEs resolve for each VM fine without overlapping IPs, with just 1 AMPLS you can make this work to as many VNETs you want. The key idea here is to have the proper DNS private zone settings configured and of course VMs to have network connectivity to the PE.

varinder82

Final Answer: 1. 2 2. 2

Kbueno

It should be AMPLS 2 and Private endpoint 2 (because the peering with vnet1 and vnet2)

Frank_2022

box 1, AMPLS object should be: 2 One for VNet1 and VNet 2, since they are peered. And one for VNet3. It isolated from VNet1 and VNet2. Here is explanation: Peered networks Network peering is used in various topologies, other than hub and spoke. Such networks can share each other's IP addresses, and most likely share the same DNS. In such cases, create a single private link on a network that's accessible to your other networks. Avoid creating multiple private endpoints and AMPLS objects because ultimately only the last one set in the DNS applies. Isolated networks If your networks aren't peered, you must also separate their DNS to use private links. After that's done, create a separate private endpoint for each network, and a separate AMPLS object. Your AMPLS objects can link to the same workspaces/components or to different ones. Link from MS Learn: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design

PRACKY

we have to consider this fact that VNet3 is connected to private DNS contoso.com As per MS documentation , Isolated networks: If your networks aren't peered, you must also separate their DNS to use private links So based on that I think AMPLS object should be: 1. Please counter this reason.

cris_exam

I agree with Pracky, 1 AMPLS presence is enough to satisfy this design and then 2 PEs, 1PE for VNET 1 & 2 (since they are peered) and 1PE for VNET 3. Key point here is that as long as the FQDN resolves to the proper private IP of the PE it should work fine. So separate DNS settings for VNET1&2 and VNET3 for this to work, and only 1 AMPLS required configured with Workspace1.

DH333

Shouldn't the answer be 2 AMPLS -2 Private Endpoint?? Because of the isolated VNET3, for that another AMPLS and a Private Endpoint is necessary https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design

rumino

Network peering is used in various topologies, other than hub and spoke. Such networks can share each other's IP addresses, and most likely share the same DNS. In such cases, create a single private link on a network that's accessible to your other networks. Avoid creating multiple private endpoints and AMPLS objects because ultimately only the last one set in the DNS applies. So I'd agree that we need two private link connections thus 2 Link Scopes and 2 Endpoits

chair123

i agree with you. but don't know how to confirm!

jayek

https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design#:~:text=Peered%20networks,to%20different%20ones.

ubdubdoo

If your VNets share the same DNS configuration, you should use a single AMPLS for all of them

23169fd

My answer is 1 AMPLS and 2 PEs: Azure Monitor Private Link Scope (AMPLS): You only need one AMPLS object to associate with the Log Analytics workspace (Workspace1) and create private endpoints within that scope. Private endpoints: You need one private endpoint for each VNet (VNet1, VNet2, VNet3) to ensure that traffic from the virtual machines in those VNets to the Log Analytics workspace is routed over the Microsoft backbone network.

Crossfader2208

given answer is correct.