Exam AZ-700 topic 1 question 10 discussion

Actual exam question from Microsoft's AZ-700

Question #: 10
Topic #: 1

HOTSPOT -
You have the hybrid network shown in the Network Diagram exhibit.

You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit.

You have a peering connection between Vnet1 and Vnet3 as shown in the Peering-Vnet1-Vnet3 exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer

Suggested Answer:

Box 1: Yes -
Virtual network peering seamlessly connects two Azure virtual networks, merging the two virtual networks into one for connectivity purposes.

Box 2: No -
No Virtual Gateway is used.
Gateway transit is a peering property that lets one virtual network use the VPN gateway in the peered virtual network for cross-premises or VNet-to-VNet connectivity. The following diagram shows how gateway transit works with virtual network peering.

In the diagram, gateway transit allows the peered virtual networks to use the Azure VPN gateway in Hub-RM. Connectivity available on the VPN gateway, including S2S, P2S, and VNet-to-VNet connections, applies to all three virtual networks.

Box 3: No -
No Virtual Gateway is used.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit

by DerekKey at Sept. 3, 2022, 9:17 a.m.

Comments

Submit Cancel

amt2022

Highly Voted 1 year, 9 months ago

Correct answer Y,N,N. Remember Azure VNET Peering is NON-Transitive. Meaning, only direct peered VNETs can talk to each other. To make it transitive you either use VNET Gateway or NVAs/Azure FireWall.

upvoted 18 times

...

Prutser2

Highly Voted 2 years, 1 month ago

correct, vnet1 cannot be a trnsit between vnets2 and 3, without using the gateway as transit

upvoted 6 times

vikrants31

11 months, 2 weeks ago

Incorrect. Vnet2 can communicate to Vnet3 because the communication is via AZURE backbone not via Gateway, gateway is only required if Vnet2 wants to communicate to On-prem. My take YYN As per this MSDOC https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

upvoted 2 times

c2e9cb4

11 months, 1 week ago

This is not correct No transitivity be default between spokes vnets

upvoted 4 times

...

Eddie_Sli

Most Recent 4 months ago

Y, N, N Correct, As mentioned by amt2022 and morito

upvoted 3 times

...

Jastix

8 months, 3 weeks ago

YYN amt2022. Unfortunately your are incorrect. VNet peering is non-transitive by default. This default behaviour can be altered by selecting the appropriate option 'allow forwarded traffic from the peered vnet'. This would allow 'vnet-3' to receive forwarded traffic from 'vnet-1' (i.e. traffic that is sent from vnet2 is forwarded from vnet1 to vnet2. So the correct option in box 2 is YES. Therefore the answer to the question is YYN. Vnet1 does not allow gateway transit, so vnet3 cannot communicate with the on-prem network.

upvoted 2 times

morito

4 months, 2 weeks ago

This is not correct. If you actually bother to create a virtual network and check the description that is shown for this option. It reads: Enabling this option will allow the peered virtual network to receive traffic from virtual networks peered to 'test'. For example, if vnet-2 has an NVA that receives traffic from outside of vnet-2 that gets forwards to vnet-1, you can select this setting to allow that traffic to reach vnet-1 from vnet-2. While enabling this capability allows the forwarded traffic through the peering, it doesn't create any user-defined routes or network virtual appliances. User-defined routes and network virtual appliances are created separately. Meaning that only selecting this option won't enable the peering between VNET 2 & VNET 3

upvoted 2 times