exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 4 question 72 discussion

Actual exam question from Microsoft's AZ-305
Question #: 72
Topic #: 4
[All AZ-305 Questions]

Your company has offices in North America and Europe.

You plan to migrate to Azure.

You need to recommend a networking solution for the new Azure infrastructure. The solution must meet the following requirements:

• The Point-to-Site (P2S) VPN connections of mobile users must connect automatically to the closest Azure region.
• The offices in each region must connect to their local Azure region by using an ExpressRoute circuit.
• Transitive routing between virtual networks and on-premises networks must be supported.
• The network traffic between virtual networks must be filtered by using FQDNs.

What should you include in the recommendation?

  • A. Azure Virtual WAN with a secured virtual hub
  • B. virtual network peering and application security groups
  • C. virtual network gateways and network security groups (NSGs)
  • D. Azure Route Server and Azure Network Function Manager
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
SilverFox22
Highly Voted 1 year, 11 months ago
Selected Answer: A
The Virtual WAN meets the first 3 requirements, and the secured virtual hub has the Azure Firewall Manager, which can do the FQDN filtering. https://learn.microsoft.com/en-us/azure/firewall-manager/secured-virtual-hub https://learn.microsoft.com/en-us/azure/firewall/fqdn-filtering-network-rules
upvoted 24 times
steel72
1 year, 8 months ago
And NSG does not support FQDN filtering. Source or destination: Any, or an individual IP address, classless inter-domain routing (CIDR) block (10.0.0.0/24, for example), service tag, or application security group. https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#security-rules
upvoted 2 times
...
...
lombri
Highly Voted 1 year, 7 months ago
Selected Answer: A
Option A, Azure Virtual WAN with a secured virtual hub, is the best recommendation for this scenario as it allows for automatic connection of mobile users to the closest Azure region, connection of offices to their local Azure region via ExpressRoute circuits, support for transitive routing, and filtering of network traffic between virtual networks by using FQDNs. Option B, virtual network peering and application security groups, does not provide automatic connection of mobile users to the closest Azure region or support for transitive routing. Option C, virtual network gateways and network security groups (NSGs), does not provide automatic connection of mobile users to the closest Azure region or support for transitive routing, and filtering network traffic between virtual networks by using FQDNs is more challenging. Option D, Azure Route Server and Azure Network Function Manager, does not provide automatic connection of mobile users to the closest Azure region or support for filtering network traffic between virtual networks by using FQDNs.
upvoted 11 times
...
SeMo0o0o0o
Most Recent 3 weeks ago
Selected Answer: A
A is correct
upvoted 1 times
...
Lazylinux
7 months, 2 weeks ago
Selected Answer: A
I would say A is correct and as per below Virtual WAN: It represents the virtual overlay of the Azure Virtual Network and other Resources. it is networking service that brings many networking, security, and routing functionalities together to provide a single operational interface. HUB: You create a virtual hub in the Virtual WAN Resources . This is Microsoft Managed virtual network. You connect the various endpoints to the HUB – Azure virtual Network, Site-to-Site Some of the main features include: Remember there are two service tiers, Basic and STD Basic: ONLY S2S VPN
upvoted 1 times
Lazylinux
7 months, 2 weeks ago
Following up STD as per below Branch connectivity (via connectivity automation from Virtual WAN Partner devices such as SD-WAN or VPN CPE). Site-to-site VPN connectivity. Remote user VPN connectivity (point-to-site). Private connectivity (ExpressRoute). Intra-cloud connectivity (transitive connectivity for virtual networks). VPN ExpressRoute inter-connectivity. Routing, Azure Firewall, and encryption for private connectivity.
upvoted 1 times
...
...
Leocan
1 year, 2 months ago
Selected Answer: A
Azure Virtual WAN
upvoted 2 times
...
NotMeAnyWay
1 year, 4 months ago
Selected Answer: A
The recommendation that meets the requirements specified would be: A. Azure Virtual WAN with a secured virtual hub Azure Virtual WAN allows for transitive routing between virtual networks and on-premises networks, and the automatic connection to the closest Azure region for Point-to-Site (P2S) VPN connections. The offices in each region can connect to their local Azure region using ExpressRoute circuits that can be integrated into the Virtual WAN. A Secured Virtual Hub is an Azure Virtual WAN Hub with associated security and routing policies. It is a Microsoft-managed resource that lets you easily create hub-and-spoke architectures. When security and routing policies are associated with such a hub, it is referred to as a Secured Virtual Hub. The Secured Virtual Hub allows for Azure Firewall, which can filter the network traffic between virtual networks using Fully Qualified Domain Names (FQDNs).
upvoted 5 times
...
Dean208
1 year, 8 months ago
Selected Answer: A
Virtual WAN
upvoted 1 times
...
zellck
1 year, 9 months ago
Selected Answer: A
A is the answer. https://learn.microsoft.com/en-us/azure/firewall-manager/secured-virtual-hub A secured virtual hub is an Azure Virtual WAN Hub with associated security and routing policies configured by Azure Firewall Manager. Use secured virtual hubs to easily create hub-and-spoke and transitive architectures with native security services for traffic governance and protection. You can use a secured virtual hub to filter traffic between virtual networks (V2V), virtual networks and branch offices (B2V) and traffic to the Internet (B2I/V2I).
upvoted 4 times
...
Srirupam
1 year, 9 months ago
Selected Answer: A
Correct Answer A
upvoted 1 times
...
OPT_001122
1 year, 10 months ago
Selected Answer: A
A. Azure Virtual WAN with a secured virtual hub
upvoted 3 times
...
VBK8579
1 year, 10 months ago
Selected Answer: A
A. Azure Virtual WAN with a secured virtual hub.
upvoted 1 times
...
tfulanchan
1 year, 10 months ago
Not sure if this is relevant: Virtual Networks connected to the Secure Virtual Hub can send traffic to public, destinations on the Internet, using the Secure Hub as a central point of Internet access. This traffic can be filtered locally using Azure Firewall FQDN rules, or sent to a third-party security service for inspection. https://learn.microsoft.com/en-us/azure/virtual-wan/migrate-from-hub-spoke-topology#path-7
upvoted 1 times
...
Kay04
1 year, 10 months ago
Selected Answer: A
Only A can filter by FQDN
upvoted 1 times
...
[Removed]
1 year, 11 months ago
Selected Answer: A
A is correct
upvoted 1 times
...
mercuryit
1 year, 11 months ago
Selected Answer: A
B & C incorrect: they work at 4th network level Request is for FQDN filtering
upvoted 1 times
...
Mltytskr
1 year, 11 months ago
Selected Answer: A
According to https://learn.microsoft.com/en-us/azure/architecture/networking/hub-spoke-vwan-architecture#architecture, which shako shared, I think the answer needs to be A. This supports requirement 1 & 2 (P2S/ExpressRoute) per "Standard Virtual WAN supports any-to-any connectivity (Site-to-Site VPN, VNet, ExpressRoute, Point-to-site endpoints) in a single hub as well as across hubs." Requirement 2 "Virtual network peering is a nontransitive relationship between two virtual networks. While using Azure Virtual WAN, virtual network peering is managed by Microsoft. Each connection added to a hub will also configure virtual network peering. With the help Virtual WAN, all spokes will have a transitive relationship." Finally, requirement 4, "A virtual hub can be created as a secured virtual hub or converted to a secure one anytime after creation. For additional information, see Secure your virtual hub using Azure Firewall Manager." Azure Firewall Manager will allow the FQDN filtering.
upvoted 2 times
Mltytskr
1 year, 11 months ago
EDIT: the Virtual network peering is actually requirement 3, sorry.
upvoted 1 times
...
...
mVic
1 year, 11 months ago
Selected Answer: B
B should be the right one to include FQDN filtering requirement
upvoted 1 times
mVic
1 year, 11 months ago
I think Mltytskr and SilverFox are right, and the answer is A.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...