Prepare Azure Virtual Network for Site-to-Site VPN Connectivity | AZ-303 Exam Solution

Connect VNet1 to On-Premises Network with Site-to-Site VPN | AZ-303 Exam Solution

Question

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using

Azure ExpressRoute.

You plan to prepare the environment for automatic failover in case of ExpressRoute failure.

You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

BCD

https://docs.microsoft.com/en-za/archive/blogs/canitpro/step-by-step-configuring-a-site-to-site-vpn-gateway-between-azure-and-on-premise

To connect VNet1 to the on-premises network by using a site-to-site VPN and prepare the environment for automatic failover in case of ExpressRoute failure, you need to perform the following three actions:

A. Create a VPN gateway that uses the VpnGw1 SKU:

To establish a site-to-site VPN connection between Azure and your on-premises network, you need to create a VPN gateway in Azure. The VpnGw1 SKU provides the necessary features for high-performance site-to-site VPN connections, including active-active VPN gateways for automatic failover, and is suitable for production scenarios.

B. Create a connection:

After you create the VPN gateway, you need to create a connection to link your on-premises VPN device with the Azure VPN gateway. You will need to specify the IP address of the on-premises VPN device, the shared key for authentication, and other relevant settings.

C. Create a local site VPN gateway:

To complete the site-to-site VPN connection, you need to create a local site VPN gateway on your on-premises VPN device. This will enable the VPN traffic to be securely transmitted between the on-premises network and the Azure virtual network. The local site VPN gateway can be created using various VPN devices, such as Cisco, Fortinet, or Juniper.

D. Creating a gateway subnet is not a requirement for site-to-site VPN connection, but it is a prerequisite for creating a VPN gateway. Therefore, this action may be required, depending on whether you have already created a gateway subnet in the virtual network.

E. Create a VPN gateway that uses the Basic SKU:

Although the Basic SKU is cheaper than the VpnGw1 SKU, it does not support high-performance site-to-site VPN connections or automatic failover. Therefore, it is not recommended for production scenarios that require high availability and reliability.