ExpertThis question is part of a case study — click to read the full scenario(Case 51)
CASE STUDY (Questions 51-55)
Contoso Financial is a global investment bank.
Current Infrastructure:
- On-premises datacenters in New York, London, and Tokyo.
- Azure regions used: US East, Europe West, Japan East.
- Each on-premises datacenter is connected to its local Azure region via a 10 Gbps ExpressRoute circuit.
- Azure architecture uses a Hub-and-Spoke topology in each region.
Business Requirements:
- The network architecture must support global failover. If the US East region fails, the New York datacenter must be able to route traffic to the Europe West Azure region.
- All outbound internet traffic from Azure VMs must be inspected by a centralized firewall.
- Azure PaaS services (SQL, Storage) must not be accessible from the public internet.
- Network management overhead must be minimized as the company plans to add 50 more spoke VNets per region next year.
Question 1 of 5:
To meet the global failover requirement, the New York datacenter must be able to communicate with the Europe West Azure region if US East fails.
Which ExpressRoute feature or architecture should you implement?
AZ-305 · Question 55 · Domain 4.4: Design network solutions
CASE STUDY (Questions 51-55)
Contoso Financial is a global investment bank.
Current Infrastructure:
- On-premises datacenters in New York, London, and Tokyo.
- Azure regions used: US East, Europe West, Japan East.
- Each on-premises datacenter is connected to its local Azure region via a 10 Gbps ExpressRoute circuit.
- Azure architecture uses a Hub-and-Spoke topology in each region.
Business Requirements:
- The network architecture must support global failover. If the US East region fails, the New York datacenter must be able to route traffic to the Europe West Azure region.
- All outbound internet traffic from Azure VMs must be inspected by a centralized firewall.
- Azure PaaS services (SQL, Storage) must not be accessible from the public internet.
- Network management overhead must be minimized as the company plans to add 50 more spoke VNets per region next year.
Question 5 of 5:
Assuming the company stays with a traditional Hub-and-Spoke topology (not Virtual WAN), you must ensure that ALL outbound internet traffic from the Spoke VNets is forced through the Azure Firewall located in the Hub VNet.
Which THREE actions must you perform to configure this forced tunneling? (Select THREE)
CASE STUDY (Questions 51-55)
Contoso Financial is a global investment bank.
Current Infrastructure:
- On-premises datacenters in New York, London, and Tokyo.
- Azure regions used: US East, Europe West, Japan East.
- Each on-premises datacenter is connected to its local Azure region via a 10 Gbps ExpressRoute circuit.
- Azure architecture uses a Hub-and-Spoke topology in each region.
Business Requirements:
- The network architecture must support global failover. If the US East region fails, the New York datacenter must be able to route traffic to the Europe West Azure region.
- All outbound internet traffic from Azure VMs must be inspected by a centralized firewall.
- Azure PaaS services (SQL, Storage) must not be accessible from the public internet.
- Network management overhead must be minimized as the company plans to add 50 more spoke VNets per region next year.
Question 5 of 5:
Assuming the company stays with a traditional Hub-and-Spoke topology (not Virtual WAN), you must ensure that ALL outbound internet traffic from the Spoke VNets is forced through the Azure Firewall located in the Hub VNet.
Which THREE actions must you perform to configure this forced tunneling? (Select THREE)
Answer options:
Create a User Defined Route (UDR) with a destination prefix of 0.0.0.0/0.
Set the next hop type of the UDR to Internet.
Set the next hop type of the UDR to Virtual Appliance and specify the Azure Firewall's private IP.
Associate the Route Table containing the UDR to the subnets in the Spoke VNets.
Enable BGP route propagation on the Spoke VNet subnets.
Create a Network Security Group (NSG) rule denying outbound Internet.
How to approach this question
Full Answer
Common mistakes
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 3
55 questions · hints · full answers · grading