Does the solution meet the goal?

Topic 3, Misc. Questions Set

A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).

A new subnet should be unreachable from the on-premises network. You need to implement a solution.

Solution: Configure a route table with route propagation disabled.

Does the solution meet the goal?
A . Yes
B . No

View Answer

Answer: B

Explanation:

The proposed solution of configuring a route table with route propagation disabled will not meet the goal of making the new subnet unreachable from the on-premises network.

Route tables in Azure are used to control traffic flow within a virtual network and between virtual networks. By default, each subnet in an Azure virtual network is associated with a system-generated route table, which contains a default route that enables traffic to flow to and from all the subnets within the virtual network.

Disabling route propagation in a custom route table would prevent any new routes from being propagated to the associated subnets. However, it would not prevent traffic from the on-premises network from reaching the new subnet since traffic between the virtual network and the on-premises network would still use the default route in the system-generated route table.

To meet the goal of making the new subnet unreachable from the on-premises network, you would

need to create a new route table with a route that sends traffic destined for the new subnet to a null

interface. This would cause the traffic to be dropped and the subnet to be effectively unreachable

from the on-premises network.

Reference:

Microsoft documentation on how to create a custom route table and associate it with a subnet: https://docs.microsoft.com/en-us/azure/virtual-network/manage-route-table#create-a-custom-route-table.

Microsoft documentation on how to configure a route to a null interface: https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-create-route-table-portal#to-route-to-a-null-interface.