You plan to deploy Azure virtual network.
You need to design the subnets.
Which three types of resources require a dedicated subnet? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You plan to deploy Azure virtual network.
You need to design the subnets.
Which three types of resources require a dedicated subnet? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
The question requires identifying which resources need dedicated subnets. Azure Bastion requires its own subnet named AzureBastionSubnet. Azure Active Directory Domain Services also mandates a separate subnet for its deployment, as it creates domain controllers within that subnet. A VPN gateway must be in a dedicated subnet named GatewaySubnet. Therefore, the correct options are Azure Bastion, Azure Active Directory Domain Services, and VPN gateway.
yes..ADE is the correct answer.
all GW types and Bastion must have dedicated subnets
Nice answer. THanks
A. Azure Bastion = Name unique - AzureBastionSubnet D. Azure Application Gateway v2 = Name does not have to be unique, just the subnet E. VPN gateway = Name unique - GatewaySubnet
A,D, & E https://docs.microsoft.com/en-us/azure/bastion/bastion-overview#architecture https://docs.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub
Azure Active Directory Domain Services (Azure AD DS) managed domain is deployed into an Azure virtual network subnet. This virtual network subnet should only be used for the managed domain resources provided by the Azure platform.
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services#services-that-can-be-deployed-into-a-virtual-network ADE is correct.
Given explanation is correct
appeared on exam 5th Dec 2021
The answer is correct, looking at the MS documents under Network resource support evidence https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services#services-that-can-be-deployed-into-a-virtual-network
Network Application Gateway- WAF-Dedicated Subnet-YES VPN Gateway-Dedicated Subnet-YES Azure Firewall-Dedicated Subnet-YES Azure Bastion-Dedicated Subnet-YES Network Virtual Appliances-Dedicated Subnet-NO https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services#services-that-can-be-deployed-into-a-virtual-network
FYI The answers are correct but AADS also needs a separate subnet it won't allow stuff to be deployed in this specific subnet.
ADE Is a dedicated subnet required for Private Link service? No. Private Link service doesn't require a dedicated subnet https://docs.microsoft.com/en-us/azure/private-link/private-link-faq
ADE is correct according to this documentation. It shows which services required a dedicated subnet. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services#services-that-can-be-deployed-into-a-virtual-network
ADE is the correct answer. While you can Azure-AD & Azure Privatelink within a subnet, they do not require dedicated subnets.
ADE for sure ... B - ADS makes no reason at all
This question was on the exam on 18th Feb 2022.
Correct answers are A,D & E
Correct
ADE seems correct
ade correct answer
Appeared on exam 6/28/22
Aure Bastion, Azure Application Gateway, VNET Gateway and Azure Firewall need dedicated subnet
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services details "Services than can be deployed into a virtual network" not required.
On exam 1/6/2022
The Answers are correct! A. Azure Bastion D. Azure Application Gateway v2 E. VPN gateway
Appeared in exam on 17/01/2022
ADE are correct.
This link denotes that Azure AD DS services are deployed to a dedicated subnet. It's odd that the provided document link is not updated to reflect this. https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-networking
on exam 6/2/2022
ADE are correct
correct
It's correct
Given answers are correct.
Correct
C. Azure Private Link (❌ Does NOT require a dedicated subnet) Private Link does not require a dedicated subnet; it can be deployed in an existing subnet. However, a dedicated subnet is recommended in some cases for better isolation. ❌ D. Azure Application Gateway v2 (❌ Does NOT require a dedicated subnet) Can be deployed in an existing subnet, but it must have at least a /27 CIDR block. A dedicated subnet is recommended but not strictly required.
It's a bad question, AD DS also requires its own Subnet: https://learn.microsoft.com/en-us/entra/identity/domain-services/network-considerations "A managed domain must be deployed in its own subnet. Using an existing subnet, gateway subnet, or remote gateways settings in the virtual network peering is unsupported."