Exam AZ-700 topic 2 question 9 discussion

The answer is correct. However, this is a better reference: https://docs.microsoft.com/en-us/azure/firewall/tutorial-hybrid-ps

Answer is correct -AllowGatewayTransit Select Use this virtual network's gateway or Route Server: - If you have a virtual network gateway attached to this virtual network and want to allow traffic from the peered virtual network to flow through the gateway. -UseremoteGateways Select Use the remote virtual network gateway or Route Server: - If you want to allow traffic from this virtual network to flow through a virtual network gateway attached to the virtual network you're peering with. Box1: Hub told spoke to use hub's VPN gateway to reach on-premise network Box2: Spoke told hub to use hub's VPN gateway to reach on-premise network https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering

Answer is correct, please check the Powershell Sample command in this link https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit

# Peer hub to spoke Add-AzVirtualNetworkPeering -Name HubtoSpoke -VirtualNetwork $VNetHub -RemoteVirtualNetworkId $VNetSpoke.Id -AllowGatewayTransit # Peer spoke to hub Add-AzVirtualNetworkPeering -Name SpoketoHub -VirtualNetwork $VNetSpoke -RemoteVirtualNetworkId $VNetHub.Id -AllowForwardedTraffic -UseRemoteGateways

Given answer is correct AT Hub side, we AllowGatewayTransit AT Spoke side, we need UseRemoteGateway

Confusing because the second part could be either allowforwarded or useremotegateways. Seems to be missing one of the options. # Peer spoke to hub Add-AzVirtualNetworkPeering -Name SpoketoHub -VirtualNetwork $VNetSpoke -RemoteVirtualNetworkId $VNetHub.Id -AllowForwardedTraffic -UseRemoteGateways

Given answer is correct. In the hub, we need to enable AllowGatewayTransit and in the spoke we need to enable UseRemoteGateway

I think the answer should be reversed, as per the docu https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=cli#virtual-network-peering%20%20%20Previous%20QuestionsNext%20Questions - Configure the peering connection in the hub to allow gateway transit. - Configure the peering connection in each spoke to use remote gateways.

In exam 04jan23

Make sure to set AllowGatewayTransit when peering VNet-Hub to VNet-Spoke and UseRemoteGateways when peering VNet-Spoke to VNet-Hub. https://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-ps

Allow forwarded traffic does not apply here, Allow forwarded traffic is so you can have a network appliance (NVA) in the hub that routes traffic between two spokes. When the NVA goes to forward the traffic from spoke 1 into spoke 2, this setting needs to be enabled or else Azure SDN will drop the traffic. Details on https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke#spoke-connectivity

It will help to remember that the hub needs to know the remote networks available from on-prem (-UseRemoteGateways) whereas a spoke network which will be connected to the hub is where you'll need to worry about making it transitive so that traffic can route through (-AllowGatewayTransit) -AllowForwardedTraffic does not get used at all but let's move FORWARD onto the next question now that we've got this one memorized.

The answers are correct.

on test April 10 2022

on exam 6/2/2022

on exam 28/1/2022

Seems correct... I find the article below better. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit#ps-same