ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 3 question 25 discussion

Actual exam question from Microsoft's AZ-500
Question #: 25
Topic #: 3
[All AZ-500 Questions]

SIMULATION -
You need to configure network connectivity between a virtual network named VNET1 and a virtual network named VNET2. The solution must ensure that virtual machines connected to VNET1 can communicate with virtual machines connected to VNET2.
To complete this task, sign in to the Azure portal and modify the Azure resources.

Show Suggested Answer Hide Answer
Suggested Answer: See the explanation below.
You need to configure VNet Peering between the two networks. The questions states, ג€The solution must ensure that virtual machines connected to VNET1 can communicate with virtual machines connected to VNET2ג€. It doesn't say the VMs on VNET2 should be able to communicate with VMs on VNET1. Therefore, we need to configure the peering to allow just the one-way communication.
1. In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET1. Alternatively, browse to
Virtual Networks in the left navigation pane.
2. In the properties of VNET1, click on Peerings.
3. In the Peerings blade, click Add to add a new peering.
4. In the Name of the peering from VNET1 to remote virtual network box, enter a name such as VNET1-VNET2 (this is the name that the peering will be displayed as in VNET1)
5. In the Virtual Network box, select VNET2.
6. In the Name of the peering from remote virtual network to VNET1 box, enter a name such as VNET2-VNET1 (this is the name that the peering will be displayed as in VNET2).
There is an option Allow virtual network access from VNET to remote virtual network. This should be left as Enabled.
7. For the option Allow virtual network access from remote network to VNET1, click the slider button to Disabled.
8. Click the OK button to save the changes.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering
by realname007 at Nov. 10, 2020, 11:09 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MarioMK
Highly Voted 2 years, 5 months ago
To prevent communication to Vnet1 from Vnet2, the option "Traffic to remote virtual network" must be set to Block. A small popup will be shown saying the following: "Resources in Vnet2 cannot communicate to resources in the Vnet1"
upvoted 16 times
Zorag
2 years, 5 months ago
Awesome this does the trick
upvoted 3 times
...
Pasapugazh
1 year ago
This doesn't work for me and While setting the value to Block for "Traffic to remote virtual network" option in Vnet2 it is saying that the "Resources from Vnet1 can not communicate to the resources in Vnet2" but not from Vnet2 to Vnet1. Tried all the possible options in the peering but none has work worked. In the end creating a NSG in the Vnet1 to block the Vnet2 traffic does the work.
upvoted 1 times
...
...
sureshatt
Highly Voted 2 years, 7 months ago
Tested the following setting and I can ping from VNET1 to VNET2, but not from VNET2 to VNET1. **VNET1 - peering setting** Traffic to remote virtual network: Allow (default) Traffic forwarded from remote virtual network: Block traffic that originates from outside this virtual network Virtual network gateway or Route Server: None (default) **VNET2 - peering setting** Traffic to remote virtual network: Block all traffic to the remote virtual network Traffic forwarded from remote virtual network: Block traffic that originates from outside this virtual network Virtual network gateway or Route Server: None (default)
upvoted 12 times
eroms
2 years, 5 months ago
tested it and it failed. You need an NSG rule for this to work
upvoted 4 times
...
...
OrangeSG
Most Recent 9 months ago
Refer to Microsoft support reply: In general when Vnet are peered with each other, controlling access between them can be done by using Azure Network Security Groups which filter network traffic to and from Azure resources in an Azure virtual network. https://learn.microsoft.com/en-us/answers/questions/569509/vnet-one-way-traffic-route-help
upvoted 1 times
...
Disparate
9 months, 1 week ago
But. This is a lab. On exams actually there is not labs, correct?
upvoted 1 times
r_git
7 months, 1 week ago
Labs are back. A friend of mine took the exam this week. Labs were in it.
upvoted 3 times
...
...
Dinraj
9 months, 2 weeks ago
Question doesn't say that not to communicate from VNET2 to VNET1 then why should block that remote traffic to VNET1 from VNET2 I think question phrase is confusing
upvoted 3 times
...
Ivanvazovv
1 year, 2 months ago
The word "communicate" assumes traffic in both directions.
upvoted 5 times
madhatter
1 year, 1 month ago
Tricky but careful as it only states that VNET1 VMs must communicate to VNET2 VMs. Never says VNET 2 VMS must make communication to VNET1. Wording should state "start communications with VNET X" Implying the ability for one side to start communication with another side. The answer is correct in disabling the ability for VNET2 to contact VNET1. Bi-directional communication from VNET1 to VNET2 from VNET1 sessions is implied.
upvoted 1 times
...
...
COVID22
1 year, 2 months ago
Please in the simulation questions on the exam day, will the options for the answers be made available
upvoted 1 times
...
Joshing
1 year, 8 months ago
Tested this. Vnet1 - Traffic to remote virtual network: Allow Traffic forwarded from remote virtual network: Block Vnet2 - Traffic to remote virtual network: Block Traffic forwarded from remote virtual network: Block Vnet2 NSG - Inbound Security Rule - Port: Any, Protocol: Any, Source: {insert subnets}, Destination: VirtualNetwork, Action: Allow.
upvoted 5 times
...
imie
1 year, 10 months ago
in Exam 31 Dec 2021.
upvoted 2 times
Tash95
1 year, 7 months ago
Did you have to create an NSG for it to be given as OK, or was it enough with the VNet peering settings?
upvoted 2 times
...
haitao1234
1 year, 6 months ago
It seems Imie has replied in many simulation questions that he did simulation. so the question is: How many simulation do you have in your test?
upvoted 3 times
...
...
adamsca
1 year, 10 months ago
# Exam Question 12/10/2021
upvoted 2 times
...
JBS
2 years ago
This is working as required in the question. Ping is not a right way to test it as ICMP requires allow on both sender and receiver ends. Good way to test it is by doing RDP from VNET1 to VNET2 (this should be allowed) and RDP from VNET2 to VNET1 (this should not be allowed) **VNET1 - peering setting** Traffic to remote virtual network: Allow (default) Traffic forwarded from remote virtual network: Block traffic that originates from outside this virtual network Virtual network gateway or Route Server: None (default) **VNET2 - peering setting** Traffic to remote virtual network: Block all traffic to the remote virtual network Traffic forwarded from remote virtual network: Block traffic that originates from outside this virtual network Virtual network gateway or Route Server: None (default)
upvoted 2 times
...
Zorag
2 years, 5 months ago
The way I got this working is doing the below 1. Create a peering between the two VNETS allowing all traffic both sides. 2. Create an NSG and assign it to VNET1 on the subnet where the VMs exist. In my case this was Subnet1. 3. Create an inbound rule on the NSG denying all traffic from the address space on VNET2. 4. Once done you will be able to communicate from VNET1 to VNET2 but not VNET2 to VNET1.
upvoted 4 times
...
Fred64
2 years, 6 months ago
why in step 6 it is said to not activate bi directional communication?
upvoted 1 times
...
AZRA068
2 years, 9 months ago
In the step 7. For the option Allow virtual network access from remote network to VNET1, click the slider button to Disabled........This means that the VNET1 won't be included in the VirtualNetwork TAG used in the NSG default rules on each resource, so ok, traffic from VNET1 to VNET2 will be allowed on VNET1 side, but on VNET2 side it won't be allowed by default....so, it won't allow communication from VNET1 to VNET2 at all; you'll need an especific NSG rule in the resources on VNET2 to allow the traffic you need as the VNET1 is not included in the Virtual Networl TAG, just tested it.
upvoted 2 times
AZRA068
2 years, 9 months ago
...or set this configuration as ENABLED, so the VNET1 will be included in the VirtualNEtwork TAG on the VNET2 side also, so the default rules will allow the communication, and yes, also it will allow traffic from VNET2 to VNET1.
upvoted 3 times
gcpbrig01
2 years, 7 months ago
I am inclined to this option when you alow network access from remote network to VNET1. I strongly feel that without toggling this on, even traffic from vnet1 to vnet2 wont be allowed.
upvoted 1 times
...
...
...
Nnanna29
2 years, 11 months ago
The provided answer is correct as VMs in Vnet 1 can communicate with VMs in Vnet 2 and not bi-directional communication
upvoted 2 times
...
realname007
2 years, 11 months ago
anyone knows the updated answer for this using the current interface ?
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago