ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 5 question 4 discussion

Actual exam question from Microsoft's AZ-104
Question #: 4
Topic #: 5
[All AZ-104 Questions]

You have an Azure subscription that contains the resources shown in the following table.

LB1 is configured as shown in the following table.

You plan to create new inbound NAT rules that meet the following requirements:
✑ Provide Remote Desktop access to VM1 from the internet by using port 3389.
✑ Provide Remote Desktop access to VM2 from the internet by using port 3389.
What should you create on LB1 before you can create the new inbound NAT rules?

  • A. a frontend IP address
  • B. a load balancing rule
  • C. a health probe
  • D. a backend pool
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Steve1983 at June 30, 2021, 7:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Mercator
Highly Voted 3 years, 8 months ago
I think the answer is correct. Key is port 3389 from the internet for both VMs. If we want to connect to two different machines on the same port we need to have two different frontend IPs for the port forwarding.
upvoted 77 times
lebowski
2 years, 7 months ago
That's right, you need to know the specific IP address of the VM, otherwise, you will randomly access any VM in the LB. It is A
upvoted 7 times
...
...
Vlako
Highly Voted 3 years, 9 months ago
This does not make sense. On existing LB, you can create NAT rule right away. The frontend IP address is already there. Imho maybe B is right, you need to set the load balancing rule for port 3389.
upvoted 46 times
KhaledMaster
3 years, 5 months ago
I dont agree, to add "Inbound NAT rule" inside the LB, you just need the rontend IP address and port. the answer is right. https://docs.microsoft.com/en-us/azure/load-balancer/components#inbound-nat-rules
upvoted 3 times
...
Vlako
3 years, 9 months ago
The more I think about it, it makes more sense. You need additional load balancing rule for 3389, PLEASE prove me wrong :)
upvoted 2 times
rawrkadia
3 years, 9 months ago
You aren't load balancing 3389. If you create a load balancing rule for 3389 you'd end up with RDP connections alternating between the two. The question is specifically asking about NAT rules, you need two here: one per VM on different ports. Read: https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-portal I labbed this. Load balancer requires a public IP to be assigned with deployment. NAT rules only require a backend pool (you map them to a specific NIC on a specific VM in the pool). The question already has everything required to create one, so either Microsoft has a provably wrong question or this was garbled in translation. Please lab things like this, azure pass only requires an email and gives you 30 days and 100 bucks of credit, you can lab stuff left and right and not use 10% of it.
upvoted 13 times
a3432e2
11 months, 3 weeks ago
I stand corrected in my earlier comment selecting A as the answer. The correct answer is "D" a backend pool. "In this section, you create a multiple instance inbound NAT rule to the backend pool of the load balancer." This is for multiple VMs. https://learn.microsoft.com/en-us/azure/load-balancer/tutorial-nat-rule-multi-instance-portal
upvoted 1 times
...
AubinBakana
3 years, 7 months ago
Hi! Just found out about Azure Pass from you here. Where do you get an Azure pass promo code?
upvoted 1 times
...
...
d0bermannn
3 years, 9 months ago
you are right, and rule we need is NAT rule: https://docs.microsoft.com/en-us/powershell/module/az.network/add-azloadbalancerinboundnatruleconfig?view=azps-6.2.0
upvoted 1 times
...
...
J4U
3 years, 8 months ago
Correct. This page makes it clear. We need to create 2 inbound NAT port-forwarding rule in load balancer using the frontend IP and backend VM. Answer is B. https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-portal
upvoted 3 times
J4U
3 years, 8 months ago
I recall this update. I go with the front end IP address as all other requirements given in this link. LB rule is already in place as given in the article. May be MS is referring the public IP address SKU from basic to standard. I go with the frontend IP address.
upvoted 2 times
...
...
helpaws
3 years, 4 months ago
That is correct. You can follow this link to setup load balancing rule for both VMs. For example, you can use port 33891 for 3389 on VM1 and 33892 for 3389 on VM2. So to RDS to VM1, you can type in public IP of load balancer with port 33891 and it will NAT you to 3389 of VM1. link: https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-portal
upvoted 2 times
...
Load full discussion...
...
GarrethM
Most Recent 1 month, 1 week ago
Selected Answer: A
A. a frontend IP address: Inbound NAT rules require a frontend IP address, which is the public IP address used to access the VMs from the internet. LB1 already has a LoadBalancerFrontEnd, but you need to ensure it's configured for the correct IP address and protocol. B. a load balancing rule: Load balancing rules distribute traffic across a backend pool. Inbound NAT rules forward traffic to a specific VM. C. a health probe: Health probes monitor the health of VMs in a backend pool. Inbound NAT rules don't use health probes. D. a backend pool: Backend pools are used with load balancing rules, not inbound NAT rules. Conclusion: Before creating inbound NAT rules, you need to ensure that LB1 has a frontend IP address configured. Therefore, the correct answer is A. a frontend IP address.
upvoted 1 times
...
lolovitch
1 month, 3 weeks ago
Selected Answer: A
Hey there, i just tested this one in the lab, and as i understand, we are just talking about NATING not load balancing a connection. So in reality i deployed a NAT rule without any of the suggested answer. i definied the public ip already used by the loadbalancer, and defined the front port range from 5000. VM1 is now connected with public_ip:5000 and vm2 with public_ip:5001. So from the scope of security to separate HTTP Service from the RDP Service, the answer A.
upvoted 1 times
...
faheemhamza
1 month, 3 weeks ago
Selected Answer: B
You need to have Load Balancing rule to listen on port apart from 80(As 80 is already in use) and add inbound NAT rule based on the front-end port to do the redirection to the VM u prefers on port 3389.
upvoted 1 times
...
cosmicT73
2 months, 4 weeks ago
Selected Answer: A
To provide Remote Desktop access to VM1 and VM2 from the internet using port 3389, you need to create **inbound NAT rules** on the load balancer (LB1). However, before you can create these NAT rules, you need to ensure that there is a frontend IP address configured on the load balancer that can be used for the NAT rules.
upvoted 1 times
...
dcaa904
3 months, 3 weeks ago
Selected Answer: B
Key steps: Create the load balancer: Access your cloud provider's console (e.g., Azure portal) and navigate to the load balancer creation section. Select "Public" as the load balancer type to allow external access. Define a frontend IP configuration with a public IP address. Create backend pool: Add your virtual machines that will handle HTTPS and RDP traffic to a backend pool. Configure inbound rules: HTTPS rule: Create a new load balancing rule. Set the protocol to TCP. Set the frontend port to 443. Set the backend port to 443. Associate the backend pool. RDP rule: Create another load balancing rule. Set the frontend port to 3389. Set the backend port to 3389.
upvoted 1 times
...
1d07c8e
4 months, 3 weeks ago
Selected Answer: A
A front end IP address is needed for inbound NAT rules
upvoted 2 times
...
082c09e
5 months ago
Selected Answer: B
Load Balancing rule needs to be added. https://learn.microsoft.com/en-us/answers/questions/471151/acess-an-azure-vm-behind-the-azure-lb
upvoted 1 times
...
sca88
5 months ago
Selected Answer: A
"Provide Remote Desktop access to VM1/VM2 FROM THE INTERNET by using port 3389" So the public port must be 3389 for both. The only way to achieve this is to add another public IP to the load balancer. So VM1 will be available on IP1 : 3389 and IP2 : 3389 for VM2
upvoted 2 times
...
Stunomatic
6 months ago
there has to be a concept of port address translation. LB is already providing frontend ip but only 1 or else what is the point of LB
upvoted 1 times
...
GuessWhoops
6 months, 1 week ago
This question doesn't make sense. We already have all the resources setup in our LB configuration, the only thing needed is to create the Inbound NAT rule itself and setup the existing resources in its properties.
upvoted 2 times
...
[Removed]
7 months, 1 week ago
Selected Answer: A
A is correct
upvoted 1 times
...
Sickcnt
7 months, 2 weeks ago
Selected Answer: A
Cloud Network Architect here: Answer is "A" Reason is: Both VM1 and VM2 has to be on port 3389 We already have a Frontend Public IP created (that will be for one of the VMs forwarded on 3389 port) And we will need to create another Public IP to forward on also tcp 3389 port
upvoted 5 times
Sickcnt
7 months, 2 weeks ago
B Loadbalancer rule: Not needed, an "inbound NAT rule" has its own NAT ruleset, loadbalancer rules are not needed there C Health Probe: We dont use Health Probes during NAT, we only use Health Probes during a loadbalancing rule (to know which unhealthy backends to take out of they are down from the loadbalancing rule) D Backend pool: This could be fine, "Inbound NAT rule" has two types "Backend pool" and "Azure Virtual machine" forwarding Currently the task requires an "Azure Virtual Machine" fowarding method, so we dont need "D" here
upvoted 2 times
...
...
Y2
10 months ago
Selected Answer: B
B - create the inbound NAT rule not A -you do not need two frontend IP addresses to create inbound NAT rules for accessing multiple VMs using Remote Desktop Protocol (RDP) on the same load balancer. Not D - Backend pool has two VM's Not C- Health probe is not needed.
upvoted 1 times
...
MSExpertGER
10 months, 2 weeks ago
The whole set of answers is nonsense. you can create this without doing anything before creating the NAT rule. Neither an additional IP address, nor extra backend pool. NAT rule doesnt need a health probe. WHen you create the NAT rule on the existing backendpool with VM1 and VM2, the endpoints for VM1 and VM2 will be: https://<Public-IP>:3389 (VM1) https://<Public-IP>3390 (VM2) not very nice of a solution, but does the trick. Propably nicer is to create a seperate Public IPv4, with a seperate Backend Pool dedicated to VM2 and a seperate NAT rule for both VMs
upvoted 1 times
...
a3432e2
11 months, 3 weeks ago
Selected Answer: D
D. A backend pool (originally selected A) "In this section, you create a multiple instance inbound NAT rule to the backend pool of the load balancer." This is for multiple VMs. https://learn.microsoft.com/en-us/azure/load-balancer/tutorial-nat-rule-multi-instance-portal
upvoted 1 times
a3432e2
11 months, 3 weeks ago
"A load balancing rule distributes incoming traffic that is sent to a selected IP address and port combination across a group of backend pool instances. ONLY BACKEND INSTANCES that the health probe CONSIDERS "Healthy" receive new traffic" We see above that the probe states "Unhealthy Threshold", therefore a new "backend pool" instance must be created in order for it to traverse. https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-tcp-idle-timeout?tabs=tcp-reset-idle-portal
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago