AZ-303 Exam - Question 215

Question

SIMULATION -Click to expand each objective. To connect to the Azure portal, type https://portal. azure. com in the browser address bar. When you are finished performing all the tasks, click the `˜Next' button. Note that you cannot return to the lab once you click the `˜Next' button. Scoring occur in the background while you complete the rest of the exam. Overview -The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e. g. , copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task. Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided. Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab. To start the lab -You may start the lab by clicking the Next button. You plan to create 100 Azure virtual machines on each of the following three virtual networks:- VNET1005a- VNET1005b- VNET1005cAll the network traffic between the three virtual networks will be routed through VNET1005a. You need to create the virtual networks, and then to ensure that all the Azure virtual machines can connect to other virtual machines by using their private IP address. The solutions must NOT require any virtual gateways and must minimize the number of peerings. What should you do from the Azure portal before you configure IP routing?

Examice · Accepted Answer

To create the virtual networks and enable connectivity between all virtual machines using private IPs without requiring virtual gateways and while minimizing the number of peerings, follow these steps from the Azure portal before configuring IP routing:

1. Create three virtual networks with the appropriate address spaces and subnets. Each virtual network should have its unique address space to ensure there is no overlap:
   - VNET1005a with address space 10.0.0.0/16 and a subnet with address range 10.0.0.0/24.
   - VNET1005b with address space 10.1.0.0/16 and a subnet with address range 10.1.0.0/24.
   - VNET1005c with address space 10.2.0.0/16 and a subnet with address range 10.2.0.0/24.

2. Next, create VNet peering connections:
   - Peer VNET1005a with VNET1005b.
   - Peer VNET1005a with VNET1005c.

This way, all network traffic between the three virtual networks will be routed through VNET1005a, fulfilling the requirement of managing traffic without virtual gateways. Ensure to enable the options 'Allow forwarded traffic' and 'Allow gateway transit' during the peering setup.

3. Validate and save the configurations.

Note: The suggestion to use the Classic deployment model is incorrect because virtual network peering requires the Resource Manager deployment model to function correctly.

Stevezzc · Answer

create Vnet peering of Vnet1005bVnet1005aVnet1005c and enable ip forwarding on the peering object. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#create-a-peering

Stephan99 · Answer

Create your 3 subnets vnetA, vnetB and vnetC
From vnetA, create a peering with VNETb using the Resource Manager Deployment Model
Ensure "Allow forwarded traffic from vnetA to vnetB" is enabled
Repeat steps 2 & 3, substituting vnetB for vnetC

robotcop · Answer

Not possible without virtual network appliance if want to enable IP forwarding.
look for this discussion

https://www.examtopics.com/discussions/microsoft/view/5605-exam-az-300-topic-1-question-61-discussion/

MichaelCWWong · Answer

The answer is missing the steps of creating Vnet peering of Vnet1005bVnet1005aVnet1005c with IP forwarding enabled

G_Z · Answer

Do not select Virtual networks (classic) if it appears in the list, as you cannot create a peering from a virtual network deployed through the classic deployment model. the instruction uses classic mode is not correct.

poplovic · Answer

(1) VNET peering bac 
(2) configure the peering connections to allow forwarded traffic.
(3) not in the scope: configure the VNA and route
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=cli#spoke-connectivity
Spoke connectivity
If you require connectivity between spokes, consider deploying an Azure Firewall or other network virtual appliance. Then create routes to forward traffic from the spoke to the firewall or network virtual appliance, which can then route to the second spoke. In this scenario, you must configure the peering connections to allow forwarded traffic.

nguyenhung1121990 · Answer

anyone is able to enable IP forwarding on the peering? I've never try it and did not find the object like this.

DNeo · Answer

before you start with vnet peering, you'd need the address range and subnets in each of them...that's the answer here.

donathon · Answer

Need 3 thing. 1. select Resource Manager as the deployment model. 2. Select allow traffic to remote virtual network. 3. Allow Traffic forwarded from remote virtual network.

AZ-303 Exam - Question 215

Discussion