A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network. You need to implement a solution.
Solution: Configure subnet delegation.
Does the solution meet the goal?
A . Yes
B . No
Answer: B
Explanation:
The proposed solution, which is to configure subnet delegation, does not meet the goal of making the new subnet unreachable from the on-premises network. Subnet delegation is a mechanism to delegate management of a subnet to another resource such as a Network Virtual Appliance or a Service Endpoint. It does not provide any means to restrict or isolate a subnet from the rest of the network.
To meet the goal, you can use Network Security Groups (NSGs) to restrict traffic to and from the new
subnet. NSGs allow you to define inbound and outbound security rules that specify the type of traffic
that is allowed or denied based on different criteria such as source or destination IP address,
protocol, port number, etc. By creating a custom NSG and defining rules that deny traffic to and from
the new subnet, you can effectively make that subnet unreachable from the on-premises network.
Therefore, the correct answer is option B, "No".
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
Latest AZ-720 Dumps Valid Version with 81 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund