Exam AZ-104 topic 5 question 107 discussion

I think the answers should be: 1) Obtain an IP address automatically The first 4 IP addresses within a subnet space are getting reserved for Azure automatically. Thus, 10.0.1.3 can't be the right answer. 10.0.2.1 is in the VNET space but falls out of the subnet space. 192.168.2.1 is just out of the VNET. 2) Configure VNET1 to use a custom DNS server This VNET1 should use our pre-created DNS server as its DNS server so tahat the member servers in contoso.com can resolve AD DS DNS names. Pls do not hesitate to correct me if I am wrong :)

Another dumb correct response. The only correct responses appear to be to use a dynamic IP address and custom DNS. But, in the real world, you would never configure a DC to use a dynamic IP address. Imagine the chaos if it is rebooted and acquires a different IP address and the SRV records are possibly not updated, not to mention the fact that now the client DNS configurations are pointing to an incorrect DNS address and won't be able to resolve A and SRV records for the domain. Madness.

Box 1: Nothing but obtain it automatically makes sense. Box 2: Use custom because nowhere it is stated that Azure knows somehow about Contoso.com . You need to make a custom DNS to point the VMs.

WRONG Obtain an IP address automatically Configure VNET1 to use a custom DNS server

box 1: obtain ip address automatically. -10.0.1.3 cant be used since it's a reserved IP address of azure. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq - 10.0.2.1 is not a subnet defined, it didnt mention to create a new subnet. 10.0.2.1 does not belong to 10.0.1.x subnet - 192.168.2.1 is not even IP address range of VNET1 obtaining ip is the only possible choice here. box 2: configure VNET1 to use a custom DNS -AD DS DNS is expected to be on prem and not on azure. -all the provided solution is to use azure, so why not just use custom dns and point it to the AD DS DNS. having automatic IP doesnt mean you need DNS to be automatic too.

Dumb question is dumb. First answer is definitely automatic. Second answer could be custom DNS or Private DNS Zone. I suspect they're looking for custom DNS on the vnet as the answer, as that would require the least effort, but who tf knows what the thought was by the person who wrote this? Private DNS Zone is my preferred solution in the real world, but this isn't the real world and stupidity rules supreme.

Answer is correct. For Box 1: Automatic is the only option due to the reserved IPs in subnets https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#are-there-any-restrictions-on-using-ip-addresses-within-these-subnets For Box 2, because your domain controller is now using DHCP to obtain an IP address. It will be better to use Private DNS zone. Custom DNS Server requires static IP.

- Obtain an IP address automatically - Configure VNET1 to use a custom DNS server

correcting its 443, because azure/bastion takes care of the vm network side. as in if you don't block it with a specific rule it works.

The answer is wrong. 1. Ideally you should use a static address for a DC, but the ones given are reserved by Azure. So you can't use 10.0.1.3 because it's reserved in the subnet address space 10.0.1.0/24. Then the only option in that subnet is to use DHCP and use static assignment. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq 2. Best approach will be to use a Private DNS zone, but the question is about moving the DC, which is already a DNS server. Then the answer is to configure the VNET to use a custom DNS server (the DC in this case).

within the VM the IP configuration should be DHCP client. In the Azure Platform you can create a static IP assignment on the DHCP server, so that it will provide always the same IP. You normally do not want a DC to change IP!

A&A is correct! Obtain an IP address automatically Configure VNET1 to use a custom DNS server

Single DC is very poor setup, but since the questions says "resolve AD DS DNS names" which appears to imply Active Directory Integration, which private zones doesn't support I'm going to say custom dns for Q2. ref: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/dns-for-on-premises-and-azure-resources "If you need to use existing DNS infrastructure (for example, Active Directory integrated DNS), ensure that the DNS server role is deployed onto at least two VMs and configure DNS settings in virtual networks to use those custom DNS servers." Q1: 5 IP's in subnet are reserved, first 4 and last 1. ref: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq "Are there any restrictions on using IP addresses within these subnets? Yes. Azure reserves the first four and last IP address for a total of 5 IP addresses within each subnet"

not sure , I can understand what is the right answer here. "For environments where name resolution across Azure and on-premises is required, it is recommended to use DNS Private Resolver service along with Azure Private DNS Zones. It offers many benefits over virtual machines based DNS solution, including cost reduction, built-in high availability, scalability, and flexibility. If you need to use existing DNS infrastructure (for example, Active Directory integrated DNS), ensure that the DNS server role is deployed onto at least two VMs and configure DNS settings in virtual networks to use those custom DNS servers." https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/dns-for-on-premises-and-azure-resources

Answer is 10.1.0.3 and configure Vnet1 to use a custom DNS server

IP: Automatic Name Resolution: Custom 1: As soon as you move DC1 to VNET1, irrespective of the DNS/IP config, Server1 can not resolve AD DS DNS names as there is ZERO mention of a P2P VPN between onsite where Server1 still is and the VNET... however 2: Lets assume the question means if Server 2 is also moved as well, or if there is a VPN\Express Route: You don't want to give a DC a DHCP IP but you are going to have too!: -10.0.2.1 and 192.168.2.1 are not in any defined subnet in the vNET. -10.0.1.3 is a reserved IP in a /24 network and can not be assigned https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq You need to point DNS for any domain members to the DC for AD DNS resolution so it has to be a Custom IP (of whatever gets assigned to DC1). (Private DNS zones don't support Active Directory DNS Zone Integration). Just pray no one shuts down DC1 and it gets a different IP when it starts up. Who decides the answers to these questions? This one couldn't be more wrong.

1. Obtain an IP address automatically 2. Create an Azure Private DNS zone named contoso.com https://learn.microsoft.com/en-us/azure/dns/private-dns-overview Azure Private DNS provides a reliable and secure DNS service for your virtual network. Azure Private DNS manages and resolves domain names in the virtual network without the need to configure a custom DNS solution. By using private DNS zones, you can use your own custom domain name instead of the Azure-provided names during deployment. Using a custom domain name helps you tailor your virtual network architecture to best suit your organization's needs. It provides a naming resolution for virtual machines (VMs) within a virtual network and connected virtual networks.