Exam AZ-104 topic 5 question 69 discussion

Correct Answer: C and E

Answer in proper order: E, C

A. Add a service endpoint to VNet1: Service endpoints secure access to Azure services, not for point-to-site VPNs. B. Reset GW1: Resetting GW1 will not enable point-to-site VPN functionality. C. Create a route-based virtual network gateway: Correct. Policy-based gateways do not support point-to-site VPNs. You need a route-based gateway for P2S. D. Add a connection to GW1: You cannot add a point-to-site connection to a policy-based gateway. E. Delete GW1: Deleting GW1 without replacing it with a route-based gateway will not enable point-to-site VPN. F. Add a public IP address space to VNet1: This is not required for point-to-site VPNs.

Answer is E and C Azure do not support Point-to-Site connections with Policy-Based Gateways, supports point-to-site connections ONLY with a Route-Based Virtual Network Gateway. Since GW1 is Policy-Based, first we need to Delete the GW1 first and then create route-based virtual network gateway.

E & C When you configure a point-to-site VPN connection, you must use a route-based VPN type for your gateway. Policy-based VPN type for point-to-site VPN connection is not supported by Azure. If you create a policy-based VPN type as your gateway, you need to delete it and deploy a route-based VPN gateway instead. Hence, the correct answers are: E before C

C & E are correct

C and E is right

Answer E,C P2S client doesn't have fixed IPs. Policy based on combinations of prefixes from both networks to define how traffic is encrypted/decrypted through IPsec tunnels.

Answer is E & C When you create the virtual network gateway for a VPN gateway configuration, you must specify a VPN type. The VPN type that you choose depends on the connection topology that you want to create. For example, a P2S connection requires a RouteBased VPN type. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings. If you want to use a PolicyBased VPN type, you must use the Basic SKU. PolicyBased VPNs (previously called Static Routing) are not supported on any other SKU. PolicyBased Basic VPN Gateway does not support Point-to-Site connectivity. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-skus-legacy.

C. Create a route-based virtual network gateway D. Add a connection to GW1

Answer is C and E ( Order does not matter as this is not drag and drop question) The policy type VNG does not support Point to Site VPN . You cant have 2 VNG in the same VNET . So the existing policy-based VNG must be deleted so you can create a route based VPN

Policy-based virtual network gateways are typically used with certain firewall devices and support a specific type of VPN configuration. They do not support point-to-site connections. Wouldnt we need a point-to-site connection from an on-premises computer to VNet1, and so we will need to use a route-based virtual network gateway instead. So C and D

OpenAI "To configure a point-to-site connection from an on-premises computer to VNet1, you need to perform the following two actions: D. Add a connection to GW1: You need to add a point-to-site connection to GW1. This will allow the on-premises computer to connect to VNet1 via GW1. C. Create a route-based virtual network gateway: You need to create a route-based virtual network gateway to ensure that the point-to-site connection can be established from the on-premises computer to VNet1. Therefore, the correct answers are D and C. The other options are not required for setting up a point-to-site connection from an on-premises computer to VNet1. A. Adding a service endpoint to VNet1 is used for enabling the traffic from the subnet to use the service provided by Azure services privately. B. Resetting GW1 is not required for this task. E. Deleting GW1 would remove the virtual network gateway, which is not required. F. Adding a public IP address space to VNet1 would not be required for a point-to-site connection."

CE --VPN types-- When you create the virtual network gateway for a VPN gateway configuration, you must specify a VPN type. The VPN type that you choose depends on the connection topology that you want to create. For example, a P2S connection requires a RouteBased VPN type.

"you would use VPN type RouteBased because P2S requires a RouteBased VPN type." https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#vpntype

E then C. point to site is only supported by route-based vpn gateway.

or establishing point-to- site connectivity, you need a route-based VPN type