Exam AZ-104 topic 5 question 136 discussion

Azure Bastion and VNet peering can be used together. When VNet peering is configured, you don't have to deploy Azure Bastion in each peered VNet. This means if you have an Azure Bastion host configured in one virtual network (VNet), it can be used to connect to VMs deployed in a peered VNet without deploying an additional bastion host. For more information about VNet peering, see About virtual network peering. Azure Bastion works with the following types of peering: Virtual network peering: Connect virtual networks within the same Azure region. Global virtual network peering: Connecting virtual networks across Azure regions. Answer is A

Answer is A. We required only one Bastion. https://learn.microsoft.com/en-us/azure/bastion/vnet-peering Azure Bastion works with the following types of peering: Virtual network peering: Connect virtual networks within the same Azure region. Global virtual network peering: Connecting virtual networks across Azure regions.

Given that the virtual networks are peered, for a single region like US East, you might only need one Bastion host. But you will need multiple Bastion hosts for different regions: So, if you have: US East Region: One Bastion host for the peered networks in this region. UK South Region: One Bastion host for the peered networks in this region. Asia East Region: One Bastion host for the peered networks in this region. Correct Answer Considering Peering within Regions: B. 3

A is correct

I took the exam on 9/13/24, I scored 858 and selected option A. I studied only through the ET for 3 weeks. All the questions were in the ET, except one that is probably new.

Then answer is A. Tested in my environment(I can use a Germany central bastion to connect a virtual machine located in southeast asia). if all vnet is peered. then bastion can can connect to any region with microsoft backbone network.

Since the virtual networks are peered, you can deploy a single Bastion host per region to cover all virtual networks in that region. Given the locations in the table (US East, UK South, Asia East), you would need one Bastion host per region, totaling three Bastion hosts. Option B: 3

On the exam on 17.07.2024, Selected Answer: A; thanks to hfk2020

If you have multiple VNets within the same region, use VNet peering to allow a single Bastion instance in that region to access VMs across those peered VNets.

Answer - 1 · Azure Bastion and VNet peering can be used together. · When VNet peering is configured, you don’t have to deploy Azure Bastion in each peered VNet. This means if you have an Azure Bastion host configured in one virtual network (VNet), it can be used to connect to VMs deployed in a peered VNet without deploying an additional bastion host.

answer is A: 1, key point is all the vnets are peered and bastion works as Virtual network peering: Connect virtual networks within the same Azure region. Global virtual network peering: Connecting virtual networks across Azure regions.

Azure Bastion is a regional service, meaning it needs to be deployed in each Azure region where you want to use it. VNet peering across regions does not extend Bastion access to other regions.

Azure Bastion and Virtual Network peering can be used together. Reference: https://learn.microsoft.com/en-us/azure/bastion/vnet-peering

Azure Bastion and VNet peering can be used together. When VNet peering is configured, you don't have to deploy Azure Bastion in each peered VNet. This means if you have an Azure Bastion host configured in one virtual network (VNet), it can be used to connect to VMs deployed in a peered VNet without deploying an additional bastion host. For more information about VNet peering,

A is correct

This is a tricky question because the answer depends also from the bastion capacity/sky and concurrent connection. When you configure Azure Bastion using the Basic SKU, two instances are created. If you use the Standard SKU, you can specify the number of instances (with a minimum of two instances). This is called host scaling. Each instance can support 20 concurrent RDP connections and 40 concurrent SSH connections for medium workloads. So... 10Vnet x 9VM = 90/20 concurrent sessions = 4,5/2 bastion instances = 2,25 = 3 this should be the minimum number. https://learn.microsoft.com/en-us/azure/bastion/configuration-settings#instance

Does Azure Bastion support Virtual WAN? Yes, you can use Azure Bastion for Virtual WAN deployments. However, deploying Azure Bastion within a Virtual WAN hub isn't supported. You can deploy Azure Bastion in a spoke virtual network and use the IP-based connection feature to connect to virtual machines deployed across a different virtual network via the Virtual WAN hub. If the Azure Virtual WAN hub will be integrated with Azure Firewall as a Secured Virtual Hub, the AzureBastionSubnet must reside within a Virtual Network where the default 0.0.0.0/0 route propagation is disabled at the virtual network connection level.