ExpertThis question is part of a case study — click to read the full scenario(Case 51)
CASE STUDY (Questions 51-55)
Contoso Financial is a global investment bank.
Current Infrastructure:
- On-premises datacenters in New York, London, and Tokyo.
- Azure regions used: US East, Europe West, Japan East.
- Each on-premises datacenter is connected to its local Azure region via a 10 Gbps ExpressRoute circuit.
- Azure architecture uses a Hub-and-Spoke topology in each region.
Business Requirements:
- The network architecture must support global failover. If the US East region fails, the New York datacenter must be able to route traffic to the Europe West Azure region.
- All outbound internet traffic from Azure VMs must be inspected by a centralized firewall.
- Azure PaaS services (SQL, Storage) must not be accessible from the public internet.
- Network management overhead must be minimized as the company plans to add 50 more spoke VNets per region next year.
Question 1 of 5:
To meet the global failover requirement, the New York datacenter must be able to communicate with the Europe West Azure region if US East fails.
Which ExpressRoute feature or architecture should you implement?
AZ-305 · Question 53 · Domain 4.4: Design network solutions
CASE STUDY (Questions 51-55)
Contoso Financial is a global investment bank.
Current Infrastructure:
- On-premises datacenters in New York, London, and Tokyo.
- Azure regions used: US East, Europe West, Japan East.
- Each on-premises datacenter is connected to its local Azure region via a 10 Gbps ExpressRoute circuit.
- Azure architecture uses a Hub-and-Spoke topology in each region.
Business Requirements:
- The network architecture must support global failover. If the US East region fails, the New York datacenter must be able to route traffic to the Europe West Azure region.
- All outbound internet traffic from Azure VMs must be inspected by a centralized firewall.
- Azure PaaS services (SQL, Storage) must not be accessible from the public internet.
- Network management overhead must be minimized as the company plans to add 50 more spoke VNets per region next year.
Question 3 of 5:
To meet the requirement that Azure PaaS services (SQL, Storage) must not be accessible from the public internet, you need to design the connectivity model.
Crucially, on-premises applications in New York must be able to connect directly to the Azure SQL Databases over the ExpressRoute circuit using private IP addresses.
Which solution should you implement?
CASE STUDY (Questions 51-55)
Contoso Financial is a global investment bank.
Current Infrastructure:
- On-premises datacenters in New York, London, and Tokyo.
- Azure regions used: US East, Europe West, Japan East.
- Each on-premises datacenter is connected to its local Azure region via a 10 Gbps ExpressRoute circuit.
- Azure architecture uses a Hub-and-Spoke topology in each region.
Business Requirements:
- The network architecture must support global failover. If the US East region fails, the New York datacenter must be able to route traffic to the Europe West Azure region.
- All outbound internet traffic from Azure VMs must be inspected by a centralized firewall.
- Azure PaaS services (SQL, Storage) must not be accessible from the public internet.
- Network management overhead must be minimized as the company plans to add 50 more spoke VNets per region next year.
Question 3 of 5:
To meet the requirement that Azure PaaS services (SQL, Storage) must not be accessible from the public internet, you need to design the connectivity model.
Crucially, on-premises applications in New York must be able to connect directly to the Azure SQL Databases over the ExpressRoute circuit using private IP addresses.
Which solution should you implement?
Answer options:
Service Endpoints
Azure Private Link (Private Endpoints)
ExpressRoute Microsoft Peering
Azure Firewall Application Rules
How to approach this question
Full Answer
Common mistakes
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 3
55 questions · hints · full answers · grading