ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 5 question 4 discussion

Actual exam question from Microsoft's AZ-104
Question #: 4
Topic #: 5
[All AZ-104 Questions]

You have an Azure subscription that contains the resources shown in the following table.

LB1 is configured as shown in the following table.

You plan to create new inbound NAT rules that meet the following requirements:
✑ Provide Remote Desktop access to VM1 from the internet by using port 3389.
✑ Provide Remote Desktop access to VM2 from the internet by using port 3389.
What should you create on LB1 before you can create the new inbound NAT rules?

  • A. a frontend IP address
  • B. a load balancing rule
  • C. a health probe
  • D. a backend pool
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Steve1983 at June 30, 2021, 7:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Mercator
Highly Voted 3 years, 4 months ago
I think the answer is correct. Key is port 3389 from the internet for both VMs. If we want to connect to two different machines on the same port we need to have two different frontend IPs for the port forwarding.
upvoted 75 times
lebowski
2 years, 3 months ago
That's right, you need to know the specific IP address of the VM, otherwise, you will randomly access any VM in the LB. It is A
upvoted 7 times
...
...
Vlako
Highly Voted 3 years, 5 months ago
This does not make sense. On existing LB, you can create NAT rule right away. The frontend IP address is already there. Imho maybe B is right, you need to set the load balancing rule for port 3389.
upvoted 45 times
KhaledMaster
3 years, 1 month ago
I dont agree, to add "Inbound NAT rule" inside the LB, you just need the rontend IP address and port. the answer is right. https://docs.microsoft.com/en-us/azure/load-balancer/components#inbound-nat-rules
upvoted 3 times
...
Vlako
3 years, 5 months ago
The more I think about it, it makes more sense. You need additional load balancing rule for 3389, PLEASE prove me wrong :)
upvoted 2 times
d0bermannn
3 years, 5 months ago
you are right, and rule we need is NAT rule: https://docs.microsoft.com/en-us/powershell/module/az.network/add-azloadbalancerinboundnatruleconfig?view=azps-6.2.0
upvoted 1 times
...
rawrkadia
3 years, 5 months ago
You aren't load balancing 3389. If you create a load balancing rule for 3389 you'd end up with RDP connections alternating between the two. The question is specifically asking about NAT rules, you need two here: one per VM on different ports. Read: https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-portal I labbed this. Load balancer requires a public IP to be assigned with deployment. NAT rules only require a backend pool (you map them to a specific NIC on a specific VM in the pool). The question already has everything required to create one, so either Microsoft has a provably wrong question or this was garbled in translation. Please lab things like this, azure pass only requires an email and gives you 30 days and 100 bucks of credit, you can lab stuff left and right and not use 10% of it.
upvoted 12 times
a3432e2
7 months ago
I stand corrected in my earlier comment selecting A as the answer. The correct answer is "D" a backend pool. "In this section, you create a multiple instance inbound NAT rule to the backend pool of the load balancer." This is for multiple VMs. https://learn.microsoft.com/en-us/azure/load-balancer/tutorial-nat-rule-multi-instance-portal
upvoted 1 times
...
AubinBakana
3 years, 2 months ago
Hi! Just found out about Azure Pass from you here. Where do you get an Azure pass promo code?
upvoted 1 times
...
...
...
J4U
3 years, 4 months ago
Correct. This page makes it clear. We need to create 2 inbound NAT port-forwarding rule in load balancer using the frontend IP and backend VM. Answer is B. https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-portal
upvoted 3 times
J4U
3 years, 3 months ago
I recall this update. I go with the front end IP address as all other requirements given in this link. LB rule is already in place as given in the article. May be MS is referring the public IP address SKU from basic to standard. I go with the frontend IP address.
upvoted 2 times
...
...
helpaws
2 years, 11 months ago
That is correct. You can follow this link to setup load balancing rule for both VMs. For example, you can use port 33891 for 3389 on VM1 and 33892 for 3389 on VM2. So to RDS to VM1, you can type in public IP of load balancer with port 33891 and it will NAT you to 3389 of VM1. link: https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-portal
upvoted 2 times
...
Load full discussion...
...
1d07c8e
Most Recent 1 week, 1 day ago
Selected Answer: A
A front end IP address is needed for inbound NAT rules
upvoted 1 times
...
082c09e
2 weeks ago
Selected Answer: B
Load Balancing rule needs to be added. https://learn.microsoft.com/en-us/answers/questions/471151/acess-an-azure-vm-behind-the-azure-lb
upvoted 1 times
...
sca88
2 weeks, 3 days ago
Selected Answer: A
"Provide Remote Desktop access to VM1/VM2 FROM THE INTERNET by using port 3389" So the public port must be 3389 for both. The only way to achieve this is to add another public IP to the load balancer. So VM1 will be available on IP1 : 3389 and IP2 : 3389 for VM2
upvoted 1 times
...
Stunomatic
1 month, 1 week ago
there has to be a concept of port address translation. LB is already providing frontend ip but only 1 or else what is the point of LB
upvoted 1 times
...
GuessWhoops
1 month, 3 weeks ago
This question doesn't make sense. We already have all the resources setup in our LB configuration, the only thing needed is to create the Inbound NAT rule itself and setup the existing resources in its properties.
upvoted 2 times
...
SeMo0o0o0o
2 months, 2 weeks ago
Selected Answer: A
A is correct
upvoted 1 times
...
Sickcnt
3 months ago
Selected Answer: A
Cloud Network Architect here: Answer is "A" Reason is: Both VM1 and VM2 has to be on port 3389 We already have a Frontend Public IP created (that will be for one of the VMs forwarded on 3389 port) And we will need to create another Public IP to forward on also tcp 3389 port
upvoted 2 times
Sickcnt
3 months ago
B Loadbalancer rule: Not needed, an "inbound NAT rule" has its own NAT ruleset, loadbalancer rules are not needed there C Health Probe: We dont use Health Probes during NAT, we only use Health Probes during a loadbalancing rule (to know which unhealthy backends to take out of they are down from the loadbalancing rule) D Backend pool: This could be fine, "Inbound NAT rule" has two types "Backend pool" and "Azure Virtual machine" forwarding Currently the task requires an "Azure Virtual Machine" fowarding method, so we dont need "D" here
upvoted 1 times
...
...
Y2
5 months, 2 weeks ago
Selected Answer: B
B - create the inbound NAT rule not A -you do not need two frontend IP addresses to create inbound NAT rules for accessing multiple VMs using Remote Desktop Protocol (RDP) on the same load balancer. Not D - Backend pool has two VM's Not C- Health probe is not needed.
upvoted 1 times
...
MSExpertGER
6 months ago
The whole set of answers is nonsense. you can create this without doing anything before creating the NAT rule. Neither an additional IP address, nor extra backend pool. NAT rule doesnt need a health probe. WHen you create the NAT rule on the existing backendpool with VM1 and VM2, the endpoints for VM1 and VM2 will be: https://<Public-IP>:3389 (VM1) https://<Public-IP>3390 (VM2) not very nice of a solution, but does the trick. Propably nicer is to create a seperate Public IPv4, with a seperate Backend Pool dedicated to VM2 and a seperate NAT rule for both VMs
upvoted 1 times
...
a3432e2
7 months ago
Selected Answer: D
D. A backend pool (originally selected A) "In this section, you create a multiple instance inbound NAT rule to the backend pool of the load balancer." This is for multiple VMs. https://learn.microsoft.com/en-us/azure/load-balancer/tutorial-nat-rule-multi-instance-portal
upvoted 1 times
a3432e2
7 months ago
"A load balancing rule distributes incoming traffic that is sent to a selected IP address and port combination across a group of backend pool instances. ONLY BACKEND INSTANCES that the health probe CONSIDERS "Healthy" receive new traffic" We see above that the probe states "Unhealthy Threshold", therefore a new "backend pool" instance must be created in order for it to traverse. https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-tcp-idle-timeout?tabs=tcp-reset-idle-portal
upvoted 1 times
...
...
a3432e2
7 months ago
Answer: A https://learn.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-portal
upvoted 1 times
...
Jobalos009
8 months ago
Selected Answer: B
The answer is B because a LB has already (and just one) frontend IP adress
upvoted 1 times
...
op22233
8 months ago
Selected Answer: A
From ChatGpt: Before creating new inbound NAT rules on a load balancer, you typically need to create a frontend IP configuration. A frontend IP configuration defines the external IP address to which clients connect, and it also specifies the port for incoming traffic. This frontend IP configuration acts as the endpoint for the incoming traffic that will be load-balanced by the load balancer. Once you have created the frontend IP configuration, you can then proceed to create the inbound NAT rules, which specify how incoming traffic should be forwarded from the frontend IP to the backend pool of resources. In summary, the process typically involves: Creating a frontend IP configuration. Creating inbound NAT rules to specify how traffic should be forwarded from the frontend IP to the backend resources.
upvoted 3 times
...
mb0812
8 months ago
Although A is correct, but I guess another better option is to use the same frontend ip address and use a different frontend port for each VM. Example: for VM1: frontend ip= 68.219.118.100,fronend port: 4000,backend port=3389. so RDP using 68.219.118.100:4000 for VM1
upvoted 1 times
mb0812
8 months ago
for VM2: frontend ip= 68.219.118.100,fronend port: 4001,backend port=3389. so RDP using 68.219.118.100:4001 for VM2
upvoted 1 times
...
...
NikkoB
8 months, 2 weeks ago
Selected Answer: A
Answer is correct. When creating an Add Inbound NAT rule, the 4th item is to select a Front End IP address. It's required for the NAT rule. Some people are saying B. but a load balancing rule is totally different from a NAT rule. Inbound NAT rules are used to specify a backend resource to route traffic to. For example, configuring a specific load balancer port to send RDP traffic to a specific VM. Load-balancing rules are used to specify a pool of backend resources to route traffic to, balancing the load across each instance. A load balancing rule is not part of the required new Inbound NAT rule configuration. https://learn.microsoft.com/en-us/azure/load-balancer/inbound-nat-rules
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago