| Question.26 You have an Azure subscription that contains the resources in the following table.  To which subnets can you apply NSG1? (A) The subnets on VNet1 only (B) The subnets on VNet2 and VNet3 only (C) The subnets on VNet2 only (D) The subnets on VNet3 only (E) The subnets on VNet1, VNet2, and VNet3 |
26. Click here to View Answer
Answer is (D) the subnets on VNet3 only
You can assign NSG to the Subnet of the VNet in the same region where NSG is.
NSG1 is in East US and only VNet3 Subnets are in East US.
All Azure resources are created in an Azure region and subscription. A resource can only be created in a virtual network that exists in the same region and subscription as the resource.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm
| Question.27 You have a virtual network named VNet1 that has the configuration shown in the following exhibit.  Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.  |
27. Click here to View Answer
Box 1: add an address space
You can add and remove address ranges for a virtual network. An address range must be specified in CIDR notation and cannot overlap with other address ranges within the same virtual network. We need to add the 192.168.1.0/24 CIDR (192.168.1.0 – 192.168.1.255) to the address space.
Box 2: add a subnet
The default subnet range is 10.2.0.0 – 10.2.0.255 . So, if you want to add an IP address from 10.2.1.0/24 you need to add a new subnet. When you assign an IP address range to a vnet (in this case from 10.2.0.0 to 10.2.255.255) you are reserving that IP address range. So, 10.2.1.0 to 10.2.1.255 are not currently used. You must create another subnet to use them.
Reference:
https://docs.microsoft.com/en-us/office365/enterprise/designing-networking-for-microsoft-azure-iaas
| Question.28 You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant. Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16. Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24. You need to connect VNet1 to VNet2. What should you do first? (A) Move VM1 to Subscription2. (B) Move VNet1 to Subscription2. (C) Modify the IP address space of VNet2. (D) Provision virtual network gateways. |
28. Click here to View Answer
Answer is (D) Provision virtual network gateways.
There is no overlap between the VNets:
VNet1: 10.0.0.0/16 – CIDR IP Range 10.0.0.0 – 10.0.255.255
VNet2: 10.10.0.0/24 – CIDR IP Range 10.10.0.0 – 10.0.0.255
Note: If a virtual network has address ranges that overlap with another virtual network or on-premises network, the two networks can’t be connected.
You can connect virtual networks (VNets) by using the VNet-to-VNet connection type. Virtual networks can be in different regions and from different subscriptions. When you connect VNets from different subscriptions, the subscriptions don’t need to be associated with the same Active Directory tenant.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
| Question.29 You have an Azure subscription that contains three virtual networks named VNET1, VNET2, and VNET3. Peering for VNET1 is configured as shown in the following exhibit.  Peering for VNET2 is configured as shown in the following exhibit.  Peering for VNET3 is configured as shown in the following exhibit.  How can packets be routed between the virtual networks?  |
29. Click here to View Answer
VNet1: Peered with VNet2 and VNet3
VNet2: Peered with VNet1
VNet3: Peered with VNet1
Box 1. VNET2 and VNET3
VNet1 is peered with VNet2 and VNet3. Also Gateway transit is disabled.
Box 2: VNET1 only
Gateway transit is disabled, so it can only communicate with the connected VNET1.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit
| Question.30 You have an Azure subscription that contains the resources shown in the following table.  You need to create a network interface named NIC1. In which location can you create NIC1? (A) East US and North Europe only (B) East US only (C) East US, West Europe, and North Europe (D) East US and West Europe only |
30. Click here to View Answer
Answer is (B) East US only
Before creating a network interface, you must have an existing virtual network in the same location and subscription you create a network interface in.
If you try to create a NIC on a location that does not have any Vnets you will get the following error: “The currently selected subscription and location lack any existing virtual networks. Create a virtual network first.”
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface