ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 3 question 14 discussion

Actual exam question from Microsoft's AZ-500
Question #: 14
Topic #: 3
[All AZ-500 Questions]

DRAG DROP -
You have an Azure subscription that contains the virtual networks shown in the following table.

The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network.
You plan to deploy an Azure firewall to HubVNet.
You create the following two routing tables:
✑ RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next hop address
✑ RT2: Disables BGP route propagation and defines the private IP address of the Azure firewall as the default gateway
You need to ensure that traffic between SpokeVNetSubnet0 and the on-premises network flows through the Azure firewall.
To which subnet should you associate each route table? To answer, drag the appropriate subnets to the correct route tables. Each subnet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal#create-the-routes
by gcpbrig01 at March 14, 2021, 6:06 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rsharma007
Highly Voted 3 years, 8 months ago
VNET peering is enabled on Spoke VNET and BGP route propagation is enabled on gateway subnet. So Spoke VNET will use the VPN gateway for BGP routes by default. To prevent this and use Azure FW , we need to disable BGP route propagation for Spoke VNET's Routing table and use Azure FW as the default GW(0.0.0.0/0). To provide bidirectional routing, Gateway subnet will need to use Azure FW for SpokeVNET subnets. In addition Azure FW subnet should have routes for spokeVNET and gateway subnet.
upvoted 34 times
7cc5495
7 months, 1 week ago
y cual seria la respuesta entonces
upvoted 1 times
...
chikorita
2 years, 2 months ago
did not fully understand but atleast made me somewhat confident with your answer
upvoted 5 times
...
JohnBentass
2 years, 4 months ago
Good explanation
upvoted 1 times
...
ARDNK
3 years, 1 month ago
when I read this, my head is spinning . (just for laugh)
upvoted 21 times
Hillary_Innocent
2 years, 5 months ago
same here i am not even getting the context of it, every statement is confusing and cant relate to the previous statement lol
upvoted 6 times
...
...
Load full discussion...
...
gcpbrig01
Highly Voted 4 years, 1 month ago
suggested answer is correct. RT2 - To route the spoke subnet traffic through the hub firewall, you can use a User Defined route (UDR) that points to the firewall with the Virtual network gateway route propagation option disabled. RT1 - Configure a UDR on the hub gateway subnet that points to the firewall IP address as the next hop to the spoke networks. https://docs.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal#prerequisites
upvoted 21 times
mung
2 years, 4 months ago
Agree with the answer but if route propagation options is disabled on the GatewaySubnet it won't work.
upvoted 1 times
...
...
Nhadipour
Most Recent 2 months, 2 weeks ago
RT1 → SpokeVNetSubnet0 RT2 → GatewaySubnet
upvoted 1 times
...
faisal12
1 year, 3 months ago
Traffic flow for RT2 will initiate from SPOKEVNET and will shaped as: On-Cloud Azure Environment = SPOKEVNET > Azure FW (Default GW) > HUBVNET > site-2-site vpn > On-premise
upvoted 1 times
...
epomatti
1 year, 3 months ago
This question should not be part of AZ-500...
upvoted 2 times
pentium75
8 months, 4 weeks ago
Yeah, it's more networking than security.
upvoted 1 times
...
...
wardy1983
1 year, 5 months ago
RT1 - Configure a UDR on the hub gateway subnet that points to the firewall IP address as the next hop to the spoke networks. RT2 - To route the spoke subnet traffic through the hub firewall, you can use a User Defined route (UDR) that points to the firewall with the Virtual network gateway route propagation option disabled
upvoted 1 times
...
tweleve
1 year, 6 months ago
in exam 13 Oct
upvoted 5 times
...
Paul_white
1 year, 12 months ago
i WAS JUST READING THE QUESTION AND IT WAS LIKE I WAS READING A DIFFERENT LANGUAGE :(
upvoted 7 times
...
majstor86
2 years, 1 month ago
RT1: Gateway subnet RT2: SpokeVNetSubnet0
upvoted 7 times
...
ligu
2 years, 2 months ago
Answers are correct
upvoted 1 times
...
arseyam
2 years, 6 months ago
Route propagation shouldn't be disabled on the GatewaySubnet. The gateway will not function with this setting disabled. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview#custom-routes
upvoted 2 times
...
TonytheTiger
3 years, 7 months ago
## Exam Question - 17 Sept 2021 ##
upvoted 3 times
...
francis6170
3 years, 7 months ago
Got this in the AZ-500 exam (Sept 2021)! A: GatewaySubnet, SpokeSubnet
upvoted 1 times
...
SecurityAnalyst
3 years, 7 months ago
# IN EXAM - 31/8/2021
upvoted 2 times
...
Socgen1
3 years, 7 months ago
In exam on 31/08/2021 - given answer are correct
upvoted 3 times
...
kumax
3 years, 10 months ago
On exam, May 2021.
upvoted 4 times
...
Cisna
3 years, 11 months ago
In exam 02/05/2021
upvoted 11 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago