AZ-303 Exam - Question 222

Question

You have an Azure subscription that contains three virtual networks named VNet1, VNet2, and VNet3. VNet2 contains a virtual appliance named VM2 that operates as a router.

You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network.

You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3.

You need to provide connectivity between VNet1 and VNet3 through VNet2.

Which two configurations should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Examice · Accepted Answer

In order to provide connectivity between VNet1 and VNet3 through VNet2, you must allow forwarded traffic on the peering connections and create route tables and assign them to subnets. Allowing forwarded traffic ensures that packets can be routed between the VNets through the router in VNet2, and creating route tables allows you to define and manage how traffic gets routed between the VNets. These steps are crucial for internal VNet communication in a hub-spoke topology.

snobrega · Answer

A. On the peering connections, allow forwarded traffic
D. Create route tables and assign the table to subnets

SyntaxError · Answer

A and D
REF: https://www.examtopics.com/discussions/microsoft/view/6924-exam-az-300-topic-1-question-68-discussion/

Stevezzc · Answer

Answer is A and D.

seaman29 · Answer

AD is incorrect because there are no subnets in the task, vNets only.

nexnexnex · Answer

AD is correct, but question misses the statement that traffic should flow through the VM

rizabeer · Answer

AD is more likely the correct answer; as per this https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke. Check out the Spoke Connectivity under considerations. The conditions required above calls for that option. Although it should have been three options as C is also part of this solution, reference in the same article. 
ACD should be three option question

pkpp · Answer

C and E are correct.  A & D are optional steps to achieve the same as per the following link
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke

To allow gateway traffic to flow from spoke to hub and connect to remote networks, you must:
Configure the peering connection in the hub to allow gateway transit.
Configure the peering connection in each spoke to use remote gateways.
Configure all peering connections to allow forwarded traffic.

oshoparsi · Answer

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke#spoke-connectivity
AD is correct.
If you require connectivity between spokes, consider deploying Azure Firewall or an NVA for routing in the hub and using UDRs in the spoke to forward traffic to the hub.
In this scenario, you must configure the peering connections to allow forwarded traffic.
so you need to creat UDR to rout traffic to that NVA( vm2) and also you need to allow forwarded trafic on peering UI.
you don't need vpn gateway that is for the secnarios if you want your hub spok be able to talk with other rempte newtork through the vpn gateway. like vnet1 or vnet3 be able to send the traffic to on-prem or another vnet which ar enot conncted directly to the this hub( vnet2) by using the remote vpn gateway.

IsaacTeh · Answer

C and E
https://azure.microsoft.com/en-us/blog/create-a-transit-vnet-using-vnet-peering/

ashishg2105 · Answer

This question came in AZ104 and I Have passed last week.
Answer is A and D.

syu31svc · Answer

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=cli

Configure all peering connections to allow forwarded traffic

This would make A as one of the answers

Between route filter and route table, route table is the obvious choice

D is the other answer

Eitant · Answer

A. On the peering connections, allow forwarded traffic
D. Create route tables and assign the table to subnets

G_Z · Answer

Microsoft has changed the way. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit?toc=/azure/virtual-network/toc.json
C, E are the correct answers.

Aghora · Answer

A and D . are correct answers

there is no mention of VPN gateways from on prem or Vnet-Vnet gatways .

the answer should only consider azure Vnets which can be done by allow forwarding on peerings and user routing tables

Krsto · Answer

AE is correct answer. Check https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit

StarkStrange · Answer

ACE all three are required as per doc below.. look at Virtual Network Peering section.
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=cli

Anonymous · Answer

Check the “Allow gateway transit” option on the peering connections from the hub & check the “Use remote gateways” option on the peering connections from the spokes to the hub, to allow the traffic flow through the gateway in the hub.

qerem · Answer

A,D
If you require connectivity between spokes, consider deploying an Azure Firewall or other network virtual appliance and create routes to forward traffic from the spoke to the firewall / network virtual appliance, which can then route to the second spoke. In this scenario, you must configure the peering connections to allow forwarded traffic.

Pinto · Answer

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering

AmitRoy · Answer

A, D OR C,E

sqlbuddy123 · Answer

AD .. Check vnet peering .. https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=cli

AgentHunt · Answer

The requirement is not of a Hybrid Network, rather of a transit VNet. Ans C & E are correct.

https://azure.microsoft.com/en-us/blog/create-a-transit-vnet-using-vnet-peering/

guptavishal7982 · Answer

AC.
Not E as there is no VPN Gateway connectivity required.
Not D and B as configuration is only needed on VNET2.
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=cli#virtual-network-peering

shafqat · Answer

For sure A and D, there is no Gateway involved here as connectivity is between spokes.

SudhaRaj · Answer

A. On the peering connections, allow forwarded traffic
D. Create route tables and assign the table to subnets

Inland · Answer

The given answer is correct.
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=cli#spoke-connectivity
You can also configure spokes to use the hub gateway to communicate with remote networks. To allow gateway traffic to flow from spoke to hub and connect to remote networks, you must:

Configure the peering connection in the hub to allow gateway transit.
Configure the peering connection in each spoke to use remote gateways.
Configure all peering connections to allow forwarded traffic.

ExameHero · Answer

ExamTopics is the Best!!!

Choquito · Answer

C and E are the correct Answers,  Since VNET2 has an appliance that acts as a router when adding the peering rauter will be detected and will allow to select gateway transit in fist VNET peer and Remote gateways on the second VNET

AD3 · Answer

A D For sure. We do have setup hub & spoke. In the terraform we have spoke2hub allow_forward_traffic true and same for hub2spoke peering. However, the use_remote_gateways is true only in spoke2hub but it's false in hub2spoke peering resources.

AZ-303 Exam - Question 222

Discussion