Does the solution meet the goal?

AZ-720 V1 1 Comment

A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).

A new subnet should be unreachable from the on-premises network.

You need to implement a solution.

Solution: Scale the gateway to Generation2.

Does the solution meet the goal?
A . Yes
B. No

Answer: B

Explanation:

Scaling the gateway to Generation2 will not prevent the on-premises network from reaching the new subnet. Scaling the gateway changes the hardware configuration of the VPN gateway, but it does not affect the routing or connectivity between the on-premises network and the virtual network.

A better solution would be to create a network security group (NSG) and associate it with the new subnet. The NSG can be configured to deny traffic from the on-premises network to the new subnet. This way, the new subnet will be isolated from the on-premises network.

Reference:

VPN Gateway Generation 2: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwgen2

Latest AZ-720 Dumps Valid Version with 81 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download AZ-720 PDF     AZ-720 Questions Online Training
Subscribe
Notify of
guest
1 Comment
Inline Feedbacks
View all comments
HENRY DSOUZA
HENRY DSOUZA
1 year ago

NO

Ya we can use NSG , better yet use outbound route-map on BGP to not advertise BGP routes for that subnet.

0
Reply