Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 5 question 66 discussion

Actual exam question from Microsoft's AZ-104
Question #: 66
Topic #: 5
[All AZ-104 Questions]

HOTSPOT -
You have an on-premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
You need to create a site-to-site VPN. The solution must ensure that if a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: 4 -
Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET.
The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below.


Box 2: 2 -
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections.

Box 3: 2 -
Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
by Devgela at May 3, 2021, 4:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
mlantonis
Highly Voted 3 years, 6 months ago
Correct Answer: The questions asks how many are required in Azure, so the on-premise ones should not be counted. Box 1: 2 2 public IP addresses in the on-premises data center, and 2 public IP addresses in the VNET for the active-active. The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below. Box 2: 1 Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections. Box 3: 1 Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks
upvoted 128 times
Woshian
2 years, 7 months ago
”The solution must ensure that if a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes. “ How does this be considered ?
upvoted 3 times
...
yangxs
2 years, 9 months ago
I totally agree with you that "The questions asks how many are required in Azure, so the on-premise ones should not be counted." Base on this box 3 should be 0 since it is not in Azure, but there is no such choice. They should make the question/answer more clear.
upvoted 1 times
Ashfaque_9x
1 year, 11 months ago
Local Network Gateway in S2S VPN is created at the Azure end.
upvoted 5 times
...
...
Harshul
3 years, 5 months ago
It Should be 4-2-1
upvoted 1 times
Harshul
3 years, 5 months ago
Sorry, It Should be 4-1-2
upvoted 7 times
alex_p
3 years, 1 month ago
Agree with you. FOR IP Addresses: 2 for the VPN gateways and 2 for the local network gateways which are also configured in Azure - 2+2! FOR VPN Gateways: 1 only - You specify inside the VPN Gateway that it is ACTIVE-ACTIVE FOR LOCAL VPN Gateways: 2 - The local Gateways must be confired separately. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
upvoted 7 times
jeffdoc
3 years ago
For the IP ADDRESS part, it mentions number of IPs "required in Azure". That would only mean 2 (one for each VPN gateway). The other 2 public IPs on the on-prem/local gateways won't be required (as resources) on Azure per se although part of the configuration.
upvoted 1 times
...
Load full discussion...
...
...
...
darsy2001
3 years, 5 months ago
you are mixing active-active with active-standby in your explanation
upvoted 3 times
ConanBarb
1 year, 9 months ago
Yes, but actually there are two configurations to talk about. The Azure VPN GW config and the on-prem VPN Devices config. You can have Azure GW config in A-A (requiring 1 GW Vnet and 2 PIPs), and the on-prem VPN Devices in Active-Passive (requiring only one public ip and thus 1 Local Network Gateway) Active-Passive for on-prem could have explained why Mlantonis answers 1 on box 3. But doesnät rhyme with his own motivation " active-active VPN gateways for both Azure and on-premises network"
upvoted 2 times
...
...
Load full discussion...
...
Darkren4eveR
Highly Voted 3 years, 6 months ago
2 2 2 Appear in the Microsoft Exam Test Prep
upvoted 122 times
Josh219
4 days, 2 hours ago
correct answer
upvoted 1 times
...
albertozgz
3 years, 1 month ago
" longer than two minutes", Thus, we dont need Active - Active, we are in "Multiple on-premises VPN devices", thus 2-2-2 is the correct
upvoted 5 times
rigonet
3 years ago
As you can read at https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable: "For planned maintenance, the connectivity should be restored within 10 to 15 seconds. For unplanned issues, the connection recovery will be longer, about 1 to 3 minutes in the worst case." So, with active/passive the connection recovery can take up to 3 minutes. We need and active/active scenario. · 2 Public IPs · 2 Virtual Gateways · 2 Local Gateways
upvoted 8 times
Hyrydar
2 years, 1 month ago
Hey fellow study buddies, there can be only ONE virtual network gateway in a Virtual network. But when you create one, it spuns two instances in an active-standby configuration.
upvoted 11 times
...
...
...
joergsi
2 years, 10 months ago
How could this be, if I have 2 times 2 Gateways I would need 4 public IP-Addresses, correct?
upvoted 2 times
tyohaina
2 years ago
But not in Azure. The question specifies, how many of these are required in AZURE.
upvoted 10 times
skydivex
1 year, 9 months ago
with that logic, how do you explain "local network gateways required in Azure"? When local network gateway refers to the on-premise network..... the correct answer is 4-2-2..... you need 4 public IP to setup redundant S2S VPN.
upvoted 5 times
ConanBarb
1 year, 9 months ago
The "local network gateway" IS an azure resource (the on-prem VPN thing is called "VPN Device" in Microsoft Azure terminology) (Hence correct answer is: 2-1-2) You can try to create a "Local NW GW" yourself in Portal "Create a local network gateway to represent the on-premises site that you want to connect to a virtual network. The local network gateway specifies the public IP address of the VPN device and IP address ranges located on the on-premises site. Later, create a VPN gateway connection between the virtual network gateway for the virtual network, and the local network gateway for the on-premises site." And if you try to create a VPN Gateway Standard in Active-Active mode you will see that only one VNet is required. The A-A config takes care of the rest. Hence the following _in Azure_: 2 Public IPs (assuming Active-Active, which comes from <2 minutes requirement) 1 VNet (see config of VPN GW in Azure) 2 Local Gateways (as you have 2 "VPN Devices" on-prem)
upvoted 15 times
holytoni
1 year, 7 months ago
Yes you're right. 1 x virtual network gateway resource in azure always represents two actual virtual gateways. In an active active solution both are up at the same time. In active passive only one. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell#step-2---create-the-vpn-gateway-for-testvnet1-with-active-active-mode Therefore the right solution is 2-1-2.
upvoted 4 times
...
...
...
...
...
magichappens
2 years, 9 months ago
I also got these answers in my exam prep but I don´t get it. As you only need to deploy one virtual network gateway instance this is very misleading. You even can´t deploy more that one per virtual network if I am not mistaken.
upvoted 2 times
magichappens
2 years, 9 months ago
Just got the question again in MeasureUp and this time they changed it. So correct answer is: - 2 Public IP´s - 2 Local network gateways - 1 Virtual network gateway And that finally makes sense to me. However I am struggling with MeasureUp question quality as this is misleading exam preperations.
upvoted 15 times
...
...
Load full discussion...
...
Josh219
Most Recent 4 days, 2 hours ago
Public IP Addresses: 2 Public IP Addresses: One for each VPN gateway to ensure redundancy. Virtual Network Gateways: 2 Virtual Network Gateways: One active and one standby to provide failover capability. Local Network Gateways: 2 Local Network Gateways: One for each on-premises VPN device to ensure redundancy.
upvoted 1 times
...
SeMo0o0o0o
1 month, 4 weeks ago
WRONG 2 1 2
upvoted 1 times
cristian_bulfei
1 month, 2 weeks ago
1 1 2 its not an active-active connection, dont need 2 IP's, the same IP can be switch from instance to instance, during the 2 minutes interruption.
upvoted 1 times
...
...
Pcservices
2 months, 1 week ago
Public IP Addresses: 2 Virtual Network Gateways: 1 Local Network Gateways: 2 This setup ensures that in the case of a failure of either a single Azure VPN gateway instance or a single on-premises VPN device, the site-to-site VPN connection can remain operational with minimal downtime (less than two minutes).
upvoted 1 times
...
adilkhan
4 months, 2 weeks ago
2,2,2 Public IP Addresses: For high availability, you need two public IP addresses to associate with two VPN gateways. Virtual Network Gateways: For redundancy, you need two virtual network gateways in an active-active configuration. Local Network Gateways: For high availability, you need to configure two local network gateways, one for each on-premises VPN device. Given this configuration, the mini
upvoted 1 times
...
learnazureportal
5 months, 1 week ago
I go for 2-2-1 2 public IP addresses (one for each Azure VPN gateway) 2 Virtual network gateways (for active-active configuration) 1 Local network gateway (representing your on-premises data center network)
upvoted 1 times
...
WeepingMaplte
6 months, 2 weeks ago
4,2,2 if you follow the instructions: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell
upvoted 1 times
WeepingMaplte
6 months, 2 weeks ago
Sorry it is 2,2,2. Virtual Gateway is 2. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell#1-create-the-public-ip-addresses-and-gateway-ip-configurations
upvoted 1 times
...
...
tashakori
8 months, 1 week ago
2 2 2 Is right answer
upvoted 1 times
...
MatAlves
9 months, 3 weeks ago
"A virtual network can have two virtual network gateways; one VPN gateway and one ExpressRoute gateway" You can only have ONE VNG (which will need to be in active-standby mode) 1 - Azure IP for the VNG 2 - LGs with non-azure ip addresses.
upvoted 1 times
...
Alandt
10 months, 3 weeks ago
GitHub Copilot public IP addresses: 2 Explanation: You need two public IP addresses in Azure, one for each VPN gateway instance. virtual network gateways: 1 Explanation: You only need one virtual network gateway in Azure. This gateway will have two instances for redundancy. local network gateways: 2 Explanation: You need two local network gateways in Azure, one for each on-premises VPN device.
upvoted 1 times
...
Azused
11 months, 1 week ago
In an Azure VPN gateway we can create connections with on-premises by active - active Hence the answer is 4 PIP, 1 Azure Virtual Network Gateway, 2 Local network gateway "Here you create and set up the Azure VPN gateway in an active-active configuration, and create two local network gateways and two connections for your two on-premises VPN devices as described above. The result is a full mesh connectivity of 4 IPsec tunnels between your Azure virtual network and your on-premises network." https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
upvoted 1 times
Azused
11 months, 1 week ago
*2 PIP
upvoted 1 times
...
...
clg003
11 months, 1 week ago
2 2 2 SInce they want them up in less than 2 minutes it has to be active active bec all active passive setups can be down for 3 minutes. Since there are two on prem VPN devices you need to go with Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
upvoted 1 times
...
SgtDumitru
1 year ago
2 public IP addresses for the Azure virtual network gateways (active and standby). Each virtual network gateway requires a unique public IP address. 2 Azure virtual network gateways in the same virtual network (VNet1). One gateway will be the active gateway, and the other will be the standby gateway. 2 on-premises VPN devices (routers or VPN appliances). Configure two local network gateways in Azure, each representing one on-premises VPN device. Associate the corresponding local network gateway with the active or standby virtual network gateway.
upvoted 2 times
...
DWILK
1 year, 1 month ago
Why can't you just deploy a zone redundant IP for the Azure VPN gateway and also make the Azure VPN gateway zone redundant?
upvoted 1 times
...
sardonique
1 year, 2 months ago
Mlantonis where are you! we need your wisdom!
upvoted 5 times
...
oopspruu
1 year, 3 months ago
Correct answer should be 2 - 1 - 2 The question is asking about resources to create in "Azure". The public IP for On-prem VPN devices is not an azure resource. So 2 Public IPs in Azure, 1 Virtual Network Gateway (You are only allowed 2 total per vNET: 1 VPN, 1 ExpressRoute. You cannot have 2 of same type), 2 Local Gateways in Azure to represent both VPN devices on-prem.
upvoted 5 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel