Azure Network Connectivity Strategy - Exam AZ-301 Drag and Drop

Designing a Network Connectivity Strategy for Azure Subscription - Exam AZ-301

Prev Question Next Question

Question

DRAG DROP -

You are designing a network connectivity strategy for a new Azure subscription. You identify the following requirements:

-> The Azure virtual machines on a subnet named Subnet1 must be accessible only from the computers in your London office.

-> Engineers require access to the Azure virtual machine on a subnet named Subnet2 over the Internet on a specific TCP/IP management port.

-> The Azure virtual machines in the West Europe Azure region must be able to communicate on all ports to the Azure virtual machines in the North Europe Azure region.

You need to recommend which components must be used to meet the requirements. The solution must minimize costs and administrative effort whenever possible.

What should you include in the recommendation? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Select and Place:

Explanations

Explanation

To meet the requirements of the scenario, we need to recommend the appropriate components for each requirement while minimizing cost and administrative effort. We can do this by using the following components:

  1. Network Security Group (NSG) - An NSG is a set of firewall rules that can be applied to a subnet, network interface, or virtual machine. We can use an NSG to restrict access to the Azure virtual machines on Subnet1 to the London office computers.

  2. Azure Bastion - Azure Bastion is a fully-managed platform that enables secure and seamless RDP/SSH connectivity to the Azure virtual machines. We can use Azure Bastion to provide Engineers with access to the Azure virtual machine on Subnet2 over the internet on a specific TCP/IP management port.

  3. Virtual Network Peering - Virtual Network Peering allows us to connect two virtual networks in the same region or different regions. We can use virtual network peering to allow Azure virtual machines in the West Europe Azure region to communicate on all ports with the Azure virtual machines in the North Europe Azure region.

Therefore, we should recommend the following components to meet the requirements:

  • For Subnet1: Network Security Group (NSG)
  • For Subnet2: Azure Bastion
  • For communication between regions: Virtual Network Peering.

Prev Question Next Question