exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 4 question 124 discussion

Actual exam question from Microsoft's AZ-305
Question #: 124
Topic #: 4
[All AZ-305 Questions]

HOTSPOT
-

You have an Azure subscription that contains the resources shown in the following table.



VNet1, VNet2, and VNet3 each has multiple virtual machines connected. The virtual machines use the Azure DNS service for name resolution.

You need to recommend an Azure Monitor log routing solution that meets the following requirements:

• Ensures that the logs collected from the virtual machines and sent to Workspace1 are routed over the Microsoft backbone network
• Minimizes administrative effort

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

Show Suggested Answer Hide Answer
Suggested Answer:

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
cris_exam
Highly Voted 8 months ago
Box1: 1 AMPLS Box2: 2 PEs I tested this and used 1 AMPLS and 2 PEs. As long as the DNS settings are correct and the PEs resolve for each VM fine without overlapping IPs, with just 1 AMPLS you can make this work to as many VNETs you want. The key idea here is to have the proper DNS private zone settings configured and of course VMs to have network connectivity to the PE.
upvoted 17 times
...
varinder82
Highly Voted 8 months, 2 weeks ago
Final Answer: 1. 2 2. 2
upvoted 8 times
ValB
4 weeks ago
Giving a "final answer" without any explanation is not enough.
upvoted 3 times
...
...
SeMo0o0o0o
Most Recent 2 weeks, 6 days ago
WRONG 1 AMPLS 2 Private Endpoints (1 PE for VNet1 & VNet2 "peered", 1 PE for VNet3 "isolated")
upvoted 1 times
...
Thanveer
3 weeks, 1 day ago
Box1: 2 AMPLS https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design#peered-networks Box2: 2 PEs https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design#isolated-networks
upvoted 1 times
...
ValB
4 weeks ago
Conform to https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design Peered vnets need only one AMPLS and 1 private end point. Non peered vnets need each an AMPLS and a private endpoint. So the answer seems to be: box 1: 2 (one for the vnet1+2, one for vnet3) box 2: 2 (one for the vnet1+2, one for vnet3)
upvoted 1 times
...
_punky_
1 month, 1 week ago
AMPLS: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design#guiding-principle-avoid-dns-overrides-by-using-a-single-ampls Isolated: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design#guiding-principle-avoid-dns-overrides-by-using-a-single-ampls From the 2nd link for me it's clear that you need to deploy 2 AMPLS and 2 endpoints
upvoted 1 times
OscarFRItz
1 month ago
I beg to differ. From the same link: Guiding principle: Avoid DNS overrides by using a single AMPLS --> 1 AMPLS Peered networks Network peering is used in various topologies, other than hub and spoke. Such networks can share each other's IP addresses, and most likely share the same DNS. In such cases, create a single private link on a network that's accessible to your other networks. Avoid creating multiple private endpoints and AMPLS objects because ultimately only the last one set in the DNS applies. Isolated networks If your networks aren't peered, you must also separate their DNS to use private links. After that's done, create a separate private endpoint for each network, and a separate AMPLS object. Your AMPLS objects can link to the same workspaces/components or to different ones. 1 PE for VNET1+2, 1 PE for VNET3= 2 PEs
upvoted 1 times
...
...
Teerawee
2 months, 3 weeks ago
Minimum number of Azure Monitor Private Link Scope (AMPLS) objects: 1 You can use a single Azure Monitor Private Link Scope to connect multiple VNets to a Log Analytics workspace. This minimizes administrative overhead. Minimum number of private endpoints: 3 Each VNet (VNet1, VNet2, and VNet3) will need a private endpoint to communicate securely with the Log Analytics workspace via the Microsoft backbone. Therefore, 3 private endpoints are necessary, one for each VNet.
upvoted 2 times
...
23169fd
5 months, 1 week ago
My answer is 1 AMPLS and 2 PEs: Azure Monitor Private Link Scope (AMPLS): You only need one AMPLS object to associate with the Log Analytics workspace (Workspace1) and create private endpoints within that scope. Private endpoints: You need one private endpoint for each VNet (VNet1, VNet2, VNet3) to ensure that traffic from the virtual machines in those VNets to the Log Analytics workspace is routed over the Microsoft backbone network.
upvoted 3 times
...
jayek
6 months ago
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design#:~:text=Peered%20networks,to%20different%20ones.
upvoted 3 times
...
ubdubdoo
7 months, 4 weeks ago
If your VNets share the same DNS configuration, you should use a single AMPLS for all of them
upvoted 2 times
...
Kbueno
8 months, 2 weeks ago
It should be AMPLS 2 and Private endpoint 2 (because the peering with vnet1 and vnet2)
upvoted 4 times
...
Frank_2022
9 months ago
box 1, AMPLS object should be: 2 One for VNet1 and VNet 2, since they are peered. And one for VNet3. It isolated from VNet1 and VNet2. Here is explanation: Peered networks Network peering is used in various topologies, other than hub and spoke. Such networks can share each other's IP addresses, and most likely share the same DNS. In such cases, create a single private link on a network that's accessible to your other networks. Avoid creating multiple private endpoints and AMPLS objects because ultimately only the last one set in the DNS applies. Isolated networks If your networks aren't peered, you must also separate their DNS to use private links. After that's done, create a separate private endpoint for each network, and a separate AMPLS object. Your AMPLS objects can link to the same workspaces/components or to different ones. Link from MS Learn: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design
upvoted 5 times
PRACKY
8 months, 3 weeks ago
we have to consider this fact that VNet3 is connected to private DNS contoso.com As per MS documentation , Isolated networks: If your networks aren't peered, you must also separate their DNS to use private links So based on that I think AMPLS object should be: 1. Please counter this reason.
upvoted 1 times
cris_exam
8 months ago
I agree with Pracky, 1 AMPLS presence is enough to satisfy this design and then 2 PEs, 1PE for VNET 1 & 2 (since they are peered) and 1PE for VNET 3. Key point here is that as long as the FQDN resolves to the proper private IP of the PE it should work fine. So separate DNS settings for VNET1&2 and VNET3 for this to work, and only 1 AMPLS required configured with Workspace1.
upvoted 3 times
...
...
...
Crossfader2208
9 months ago
given answer is correct.
upvoted 1 times
...
DH333
9 months ago
Shouldn't the answer be 2 AMPLS -2 Private Endpoint?? Because of the isolated VNET3, for that another AMPLS and a Private Endpoint is necessary https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design
upvoted 4 times
rumino
8 months, 4 weeks ago
Network peering is used in various topologies, other than hub and spoke. Such networks can share each other's IP addresses, and most likely share the same DNS. In such cases, create a single private link on a network that's accessible to your other networks. Avoid creating multiple private endpoints and AMPLS objects because ultimately only the last one set in the DNS applies. So I'd agree that we need two private link connections thus 2 Link Scopes and 2 Endpoits
upvoted 2 times
chair123
8 months, 3 weeks ago
i agree with you. but don't know how to confirm!
upvoted 2 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...