An app uses a virtual network with two subnets. One subnet is used for the application server. The other subnet is used for a database server. A network virtual appliance (NVA) is used as a firewall.
Traffic destined for one specific address prefix is routed to the NVA and then to an on-premises database server that stores sensitive data. A Border Gateway
Protocol (BGP) route is used for the traffic to the on-premises database server.
You need to recommend a method for creating the user-defined route.
Which two options should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Click on the arrows to vote for the correct answer
A. B. C. D.AC
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overviewThe scenario described involves a virtual network with two subnets, an application server, a database server, and a network virtual appliance (NVA) acting as a firewall. Traffic destined for a specific address prefix needs to be routed to an on-premises database server through a Border Gateway Protocol (BGP) route. To achieve this, a user-defined route must be created.
Option A: For the virtual network configuration, use a VPN. Using a VPN for the virtual network configuration would allow the traffic to be encrypted and sent over the internet to the on-premises database server. However, this option does not address the requirement for using a BGP route. Therefore, this option is not a complete solution.
Option B: For the next hop type, use virtual network peering. Virtual network peering enables traffic between virtual networks using Azure's backbone network, without going over the internet. However, it does not support BGP routing for on-premises networks. Therefore, this option is not a complete solution.
Option C: For the virtual network configuration, use Azure ExpressRoute. Azure ExpressRoute provides a dedicated, private connection between Azure data centers and on-premises infrastructure, bypassing the internet. This option satisfies the requirement for using a BGP route. By using ExpressRoute, the user-defined route can be created to route traffic to the on-premises database server. Therefore, this option is a valid solution.
Option D: For the next hop type, use a virtual network gateway. A virtual network gateway is used to create a secure connection between Azure virtual networks and on-premises networks. However, it does not support BGP routing for on-premises networks. Therefore, this option is not a complete solution.
In conclusion, the recommended method for creating the user-defined route in this scenario is to use Azure ExpressRoute for the virtual network configuration, as it provides a dedicated, private connection between Azure and on-premises infrastructure, and supports BGP routing for on-premises networks.