ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 5 question 9 discussion

Actual exam question from Microsoft's AZ-104
Question #: 9
Topic #: 5
[All AZ-104 Questions]

You have an Azure subscription named Subscription1 that contains two Azure virtual networks named VNet1 and VNet2. VNet1 contains a VPN gateway named
VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1.
On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1.
You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2.
You need to ensure that you can connect Client1 to VNet2.
What should you do?

  • A. Download and re-install the VPN client configuration package on Client1.
  • B. Select Allow gateway transit on VNet1.
  • C. Select Allow gateway transit on VNet2.
  • D. Enable BGP on VPNGW1
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by niko2020 at Aug. 17, 2020, 9:26 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Coldriver
Highly Voted 4 years, 6 months ago
"If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again" I would go with `A` is the correct option as the S2S config has been changed AFTER the P2S client installation was performed. Installation of the client software package needs installing again post S2S config changes.
upvoted 102 times
bleepbl0p
4 years, 3 months ago
100% correct. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
upvoted 7 times
...
Sacs
4 years, 4 months ago
I agree, This is the exact verbiage from Microsoft: If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again in order for the changes to be applied to the client.
upvoted 8 times
...
Bl4ck
4 years, 6 months ago
I think this is correct: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing#multipeered
upvoted 7 times
...
...
mlantonis
Highly Voted 3 years, 9 months ago
Correct Answer: A If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again. Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
upvoted 58 times
...
[Removed]
Most Recent 5 months, 1 week ago
Selected Answer: A
A is correct
upvoted 2 times
...
hotspot02103
1 year, 2 months ago
That's the shitiest exam, total nonsense to memorise specifics and parameters which are changing year by year. You can easily google or consult official docs ad-hoc when you need it. The important is to know the base and how stuff works. Also MS is teaching you to draw diagrams as best practise, then you come to this question and try 5 mins to visualise the diagram in your mind because they don't include it, but just explain with words... Instead of 5 sentences one diagram will be 5 times more efficient and unambiguous
upvoted 9 times
...
Bur_Han
1 year, 11 months ago
A. Download and re-install the VPN client configuration package on Client1. B. Select Allow gateway transit on VNet1. C. Select Allow gateway transit on VNet2. D. Enable BGP on VPNGW1
upvoted 2 times
Bur_Han
1 year, 11 months ago
B. Select Allow gateway transit on VNet1. Explanation: The issue here is that Client1 is not able to connect to VNet2. This is because VNet2 is not connected to the VPN gateway and doesn't have a gateway of its own. To enable traffic from Client1 to VNet2, we need to enable gateway transit on VNet1. Gateway transit allows a virtual network to use the VPN gateway in another virtual network to access resources in that network. In this case, enabling gateway transit on VNet1 will allow Client1 to access resources in VNet2 using the VPN gateway in VNet1. Enabling gateway transit on VNet2 (option C) is not needed in this scenario because VNet2 doesn't have a VPN gateway. Enabling BGP on VPNGW1 (option D) is not required because the scenario mentions that static routing is being used. Downloading and re-installing the VPN client configuration package (option A) is not required as the point-to-site VPN connection from Client1 to VNet1 is already established and working. The issue is with accessing resources in VNet2, which can be resolved by enabling gateway transit on VNet1.
upvoted 1 times
Elecktrus
1 year, 7 months ago
Not, because the question says: You verify that you can connect to VNet2 from the on-premises network. So, if you have verified the connection, yo don't need allow gateway transit
upvoted 1 times
...
...
...
vbohr899
2 years ago
Cleared Exam today 26 Feb, This question was there in exam.
upvoted 4 times
...
CyberKelev
2 years ago
Selected Answer: C
The issue is that the point-to-site VPN connection from Client1 is not able to connect to VNet2. This is because virtual network peering in Azure does not propagate gateway transit. Therefore, the VPN gateway (VPNGW1) in VNet1 cannot be used to reach VNet2. To allow Client1 to connect to VNet2, we need to enable gateway transit on VNet2 so that the traffic from VNet1 can flow through VNet2 to reach Client1. Therefore, the correct answer is: C. Select Allow gateway transit on VNet2.
upvoted 1 times
...
EmnCours
2 years, 6 months ago
Selected Answer: A
Correct Answer: A
upvoted 2 times
...
Lazylinux
2 years, 8 months ago
Selected Answer: A
A is correct If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again and also ensure you use the same certificate and if other scenario i.e. new workstation Pt - Site vpn then download and install client and export certificate from other workstation that is already got working connection and import into new workstation
upvoted 4 times
...
dasEnder
2 years, 10 months ago
Selected Answer: A
Correct
upvoted 2 times
...
Dobby25
2 years, 11 months ago
Received this on my exam today 19/03/2022
upvoted 3 times
...
AubinBakana
3 years, 6 months ago
Answer is correct. The VPN client on the PC is no longer valid because the network topology has changed
upvoted 3 times
...
Adebowale
3 years, 6 months ago
100% correct
upvoted 2 times
...
McRowdy
3 years, 8 months ago
"A" is the correct answer. The trick here is "You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2.". - This tells us the network is actually connected fine, it is just the client (in this scenario the Win10 PC) that cannot connect to VNet2.
upvoted 3 times
...
sargis1177
3 years, 11 months ago
Actually in this case both A and B are correct answers
upvoted 3 times
JayBee65
3 years, 9 months ago
No B is not correct. "You verify that you can connect to VNet2 from the on-premises network" suggests gateway transit is already configured correctly, so B is not required.
upvoted 6 times
...
...
NeerajY
3 years, 11 months ago
Without allowing gateway transit, can client1 connect to vnet2 even after re-installing package?
upvoted 2 times
JayBee65
3 years, 9 months ago
"You verify that you can connect to VNet2 from the on-premises network" suggests it is already configured
upvoted 2 times
...
...
ZUMY
3 years, 11 months ago
A is correct
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago