ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 5 question 66 discussion

Actual exam question from Microsoft's AZ-104
Question #: 66
Topic #: 5
[All AZ-104 Questions]

HOTSPOT -
You have an on-premises data center and an Azure subscription. The data center contains two VPN devices. The subscription contains an Azure virtual network named VNet1. VNet1 contains a gateway subnet.
You need to create a site-to-site VPN. The solution must ensure that if a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes.
What is the minimum number of public IP addresses, virtual network gateways, and local network gateways required in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: 4 -
Two public IP addresses in the on-premises data center, and two public IP addresses in the VNET.
The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below.


Box 2: 2 -
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections.

Box 3: 2 -
Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
by Devgela at May 3, 2021, 4:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mlantonis
Highly Voted 3 years, 9 months ago
Correct Answer: The questions asks how many are required in Azure, so the on-premise ones should not be counted. Box 1: 2 2 public IP addresses in the on-premises data center, and 2 public IP addresses in the VNET for the active-active. The most reliable option is to combine the active-active gateways on both your network and Azure, as shown in the diagram below. Box 2: 1 Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically, and resume the S2S VPN or VNet-to-VNet connections. Box 3: 1 Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks
upvoted 130 times
jodtzz
3 months, 1 week ago
Box 3's answer should be 2. "You create a separate local network gateway for each VPN device that you want to connect to. Some highly available connectivity designs specify multiple on-premises VPN devices." https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
upvoted 2 times
...
Woshian
2 years, 10 months ago
”The solution must ensure that if a single instance of an Azure VPN gateway fails, or a single on-premises VPN device fails, the failure will not cause an interruption that is longer than two minutes. “ How does this be considered ?
upvoted 3 times
...
yangxs
3 years ago
I totally agree with you that "The questions asks how many are required in Azure, so the on-premise ones should not be counted." Base on this box 3 should be 0 since it is not in Azure, but there is no such choice. They should make the question/answer more clear.
upvoted 1 times
Ashfaque_9x
2 years, 2 months ago
Local Network Gateway in S2S VPN is created at the Azure end.
upvoted 5 times
...
...
Harshul
3 years, 8 months ago
It Should be 4-2-1
upvoted 1 times
Harshul
3 years, 8 months ago
Sorry, It Should be 4-1-2
upvoted 7 times
alex_p
3 years, 5 months ago
Agree with you. FOR IP Addresses: 2 for the VPN gateways and 2 for the local network gateways which are also configured in Azure - 2+2! FOR VPN Gateways: 1 only - You specify inside the VPN Gateway that it is ACTIVE-ACTIVE FOR LOCAL VPN Gateways: 2 - The local Gateways must be confired separately. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
upvoted 7 times
jeffdoc
3 years, 4 months ago
For the IP ADDRESS part, it mentions number of IPs "required in Azure". That would only mean 2 (one for each VPN gateway). The other 2 public IPs on the on-prem/local gateways won't be required (as resources) on Azure per se although part of the configuration.
upvoted 1 times
...
Load full discussion...
...
...
...
Load full discussion...
...
Darkren4eveR
Highly Voted 3 years, 9 months ago
2 2 2 Appear in the Microsoft Exam Test Prep
upvoted 127 times
Josh219
3 months, 2 weeks ago
correct answer
upvoted 1 times
...
albertozgz
3 years, 4 months ago
" longer than two minutes", Thus, we dont need Active - Active, we are in "Multiple on-premises VPN devices", thus 2-2-2 is the correct
upvoted 5 times
rigonet
3 years, 4 months ago
As you can read at https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable: "For planned maintenance, the connectivity should be restored within 10 to 15 seconds. For unplanned issues, the connection recovery will be longer, about 1 to 3 minutes in the worst case." So, with active/passive the connection recovery can take up to 3 minutes. We need and active/active scenario. · 2 Public IPs · 2 Virtual Gateways · 2 Local Gateways
upvoted 8 times
Hyrydar
2 years, 4 months ago
Hey fellow study buddies, there can be only ONE virtual network gateway in a Virtual network. But when you create one, it spuns two instances in an active-standby configuration.
upvoted 12 times
...
...
...
joergsi
3 years, 2 months ago
How could this be, if I have 2 times 2 Gateways I would need 4 public IP-Addresses, correct?
upvoted 2 times
tyohaina
2 years, 4 months ago
But not in Azure. The question specifies, how many of these are required in AZURE.
upvoted 10 times
skydivex
2 years ago
with that logic, how do you explain "local network gateways required in Azure"? When local network gateway refers to the on-premise network..... the correct answer is 4-2-2..... you need 4 public IP to setup redundant S2S VPN.
upvoted 5 times
ConanBarb
2 years ago
The "local network gateway" IS an azure resource (the on-prem VPN thing is called "VPN Device" in Microsoft Azure terminology) (Hence correct answer is: 2-1-2) You can try to create a "Local NW GW" yourself in Portal "Create a local network gateway to represent the on-premises site that you want to connect to a virtual network. The local network gateway specifies the public IP address of the VPN device and IP address ranges located on the on-premises site. Later, create a VPN gateway connection between the virtual network gateway for the virtual network, and the local network gateway for the on-premises site." And if you try to create a VPN Gateway Standard in Active-Active mode you will see that only one VNet is required. The A-A config takes care of the rest. Hence the following _in Azure_: 2 Public IPs (assuming Active-Active, which comes from <2 minutes requirement) 1 VNet (see config of VPN GW in Azure) 2 Local Gateways (as you have 2 "VPN Devices" on-prem)
upvoted 17 times
efd324e
2 months, 4 weeks ago
Public IP Addresses: Two public IP addresses (one for each instance of the active-active VPN gateway). Virtual Network Gateways: One virtual network gateway configured in active-active mode. This gateway will have two instances for redundancy. Local Network Gateways: Two local network gateways (one for each on-premises VPN device). So, the minimum number of resources required in Azure are: Public IP addresses: 2. Virtual network gateways: 1 (configured in active-active mode). Local network gateways: 2. Source: CoPliot
upvoted 1 times
...
Load full discussion...
...
...
...
...
magichappens
3 years ago
I also got these answers in my exam prep but I don´t get it. As you only need to deploy one virtual network gateway instance this is very misleading. You even can´t deploy more that one per virtual network if I am not mistaken.
upvoted 2 times
magichappens
3 years ago
Just got the question again in MeasureUp and this time they changed it. So correct answer is: - 2 Public IP´s - 2 Local network gateways - 1 Virtual network gateway And that finally makes sense to me. However I am struggling with MeasureUp question quality as this is misleading exam preperations.
upvoted 15 times
...
...
Load full discussion...
...
Nathan12345
Most Recent 1 week, 5 days ago
At least 2 public IP addresses should be there. So, Box 1: 2 Box 2: 2 Box 3: 2
upvoted 1 times
...
Josh219
3 months, 2 weeks ago
Public IP Addresses: 2 Public IP Addresses: One for each VPN gateway to ensure redundancy. Virtual Network Gateways: 2 Virtual Network Gateways: One active and one standby to provide failover capability. Local Network Gateways: 2 Local Network Gateways: One for each on-premises VPN device to ensure redundancy.
upvoted 1 times
...
[Removed]
5 months, 1 week ago
WRONG 2 1 2
upvoted 2 times
cristian_bulfei
4 months, 3 weeks ago
1 1 2 its not an active-active connection, dont need 2 IP's, the same IP can be switch from instance to instance, during the 2 minutes interruption.
upvoted 1 times
...
...
Pcservices
5 months, 2 weeks ago
Public IP Addresses: 2 Virtual Network Gateways: 1 Local Network Gateways: 2 This setup ensures that in the case of a failure of either a single Azure VPN gateway instance or a single on-premises VPN device, the site-to-site VPN connection can remain operational with minimal downtime (less than two minutes).
upvoted 1 times
...
adilkhan
8 months ago
2,2,2 Public IP Addresses: For high availability, you need two public IP addresses to associate with two VPN gateways. Virtual Network Gateways: For redundancy, you need two virtual network gateways in an active-active configuration. Local Network Gateways: For high availability, you need to configure two local network gateways, one for each on-premises VPN device. Given this configuration, the mini
upvoted 1 times
...
learnazureportal
8 months, 2 weeks ago
I go for 2-2-1 2 public IP addresses (one for each Azure VPN gateway) 2 Virtual network gateways (for active-active configuration) 1 Local network gateway (representing your on-premises data center network)
upvoted 1 times
...
WeepingMaplte
9 months, 3 weeks ago
4,2,2 if you follow the instructions: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell
upvoted 1 times
WeepingMaplte
9 months, 3 weeks ago
Sorry it is 2,2,2. Virtual Gateway is 2. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell#1-create-the-public-ip-addresses-and-gateway-ip-configurations
upvoted 1 times
...
...
tashakori
11 months, 2 weeks ago
2 2 2 Is right answer
upvoted 1 times
...
MatAlves
1 year, 1 month ago
"A virtual network can have two virtual network gateways; one VPN gateway and one ExpressRoute gateway" You can only have ONE VNG (which will need to be in active-standby mode) 1 - Azure IP for the VNG 2 - LGs with non-azure ip addresses.
upvoted 1 times
...
Alandt
1 year, 2 months ago
GitHub Copilot public IP addresses: 2 Explanation: You need two public IP addresses in Azure, one for each VPN gateway instance. virtual network gateways: 1 Explanation: You only need one virtual network gateway in Azure. This gateway will have two instances for redundancy. local network gateways: 2 Explanation: You need two local network gateways in Azure, one for each on-premises VPN device.
upvoted 1 times
...
Azused
1 year, 2 months ago
In an Azure VPN gateway we can create connections with on-premises by active - active Hence the answer is 4 PIP, 1 Azure Virtual Network Gateway, 2 Local network gateway "Here you create and set up the Azure VPN gateway in an active-active configuration, and create two local network gateways and two connections for your two on-premises VPN devices as described above. The result is a full mesh connectivity of 4 IPsec tunnels between your Azure virtual network and your on-premises network." https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
upvoted 1 times
Azused
1 year, 2 months ago
*2 PIP
upvoted 1 times
...
...
clg003
1 year, 2 months ago
2 2 2 SInce they want them up in less than 2 minutes it has to be active active bec all active passive setups can be down for 3 minutes. Since there are two on prem VPN devices you need to go with Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
upvoted 1 times
...
SgtDumitru
1 year, 3 months ago
2 public IP addresses for the Azure virtual network gateways (active and standby). Each virtual network gateway requires a unique public IP address. 2 Azure virtual network gateways in the same virtual network (VNet1). One gateway will be the active gateway, and the other will be the standby gateway. 2 on-premises VPN devices (routers or VPN appliances). Configure two local network gateways in Azure, each representing one on-premises VPN device. Associate the corresponding local network gateway with the active or standby virtual network gateway.
upvoted 2 times
...
DWILK
1 year, 4 months ago
Why can't you just deploy a zone redundant IP for the Azure VPN gateway and also make the Azure VPN gateway zone redundant?
upvoted 1 times
...
sardonique
1 year, 5 months ago
Mlantonis where are you! we need your wisdom!
upvoted 5 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago