Exam AZ-700 topic 3 question 11 discussion

Correct Answer: - YNN 1) NAT gateway can provide outbound connectivity for virtual machines from other availability zones different from itself. The virtual machine’s subnet needs to be configured to the NAT gateway resource to provide outbound connectivity. Additionally, multiple subnets can be configured to the same NAT gateway resource. While virtual machines in subnets from different availability zones can all be configured to a single zonal NAT gateway resource, this configuration doesn't provide the most effective method for ensuring zone-resiliency against zonal outages. 2) Subnet2 is not configured with NatGateway, refer exhibit 1, Nat Gateway is associated with only 1 subet. In exhibit 2 it shows that Subnet 1 is associated with that Nat Gateway. 3) In exhibit 1 it shows that NAT Gateway is configured with Public IP Prefix, and outbound connection can use any Public from that prefix. It is NOT neccessary to use same (one) Public IP.

NNN N - The nat gateway *could have been* created to support multiple zones, but it was not. A gateway supporting all zones does not show the zone in the location field. VM1 is located in a different zone and as a result, cannot use Natgateway1. N - Subnet2 is not configured to use Natgateway1. --- The screenshot of vnet1 shows that it is using Natgateway1. --- The screenshot of NATgateway1 shows a Subnet count of 1. --- If Subnet2 was configured to use the gateway, the Subnet count would be at least two. N - The gateway is using a public IP prefix (instead of a single public ip address) so communication will happen over various outbound addresses. I know we hear "tested in the lab" all the time. I actually did. I built two gateways... one in a zone, one without. I built a vnet and two subnets, one configured with the natgateway and one without.

YNN is correct

Appeared on Exam November - 2023

YNN 1- Y - Based on this From MS Zonal: You can place your NAT gateway resource in a specific zone for a region. When NAT gateway is deployed to a specific zone, it will provide outbound connectivity to the internet explicitly from that zone. The public IP address or prefix configured to NAT gateway must match the same zone. NAT gateway resources with public IP addresses from a different zone, zone-redundancy or with no zone aren't allowed. NAT gateway can provide outbound connectivity for virtual machines from other availability zones different from itself. The virtual machine’s subnet needs to be configured to the NAT gateway resource to provide outbound connectivity. Additionally, multiple subnets can be configured to the same NAT gateway resource. see next post run out of buffer!!

YNN - Confirmed via lab

YNN If not Zonal NAT would have been deployed, multiple subnets can be configured to the same NAT gateway resource. https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-gateway-resource

Answer should be YNY. Minimum number of PIP you need for Nat Gateway is 1 and maximum is 16. It will work just like your home router where multiple devices are using same IP to go out. it is not one to one ratio. If Subnet1 has 50 VMs and you can only have 16 IP addresses in Nat gateway then there will be a problem (ip exhaustion) which is not the case here. Nat Gateways can be assigned to multiple Subnets https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/faq#can-virtual-network-nat-gateway-be-attached-to-multiple-subnets

YNN NAT GW is attached only to subnet1

YNN Agree with Tonys link, under the Zonal header it clearly states 'NAT gateway can provide outbound connectivity for virtual machines from other availability zones different from itself'

YNN for part 1 you can use NATgateway1 while your VM in different zone check: https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-availability-zones

NNN Only Subnet1 is connected to NATgateway1.

NNN. VM and NAT gate are in different zones. Subnet 2 is not using NAT gateway. NAT gateway uses a public prefix.