New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-700 Exam - Topic 5 Question 75 Discussion

Actual exam question for Microsoft's AZ-700 exam
Question #: 75
Topic #: 5
[All AZ-700 Questions]

SIMULATION

Task 7

You need to ensure that hosts on VNET2 can access hosts on both VNET1 and VNET3. The solution must prevent hosts on VNET1 and VNET3 from communicating through VNET2.

Show Suggested Answer Hide Answer
Suggested Answer: A

Here are the steps and explanations for ensuring that hosts on VNET2 can access hosts on both VNET1 and VNET3, but hosts on VNET1 and VNET3 cannot communicate through VNET2:

To connect different virtual networks in Azure, you need to use virtual network peering.Virtual network peering allows you to create low-latency, high-bandwidth connections between virtual networks without using gateways or the internet1.

To create a virtual network peering, you need to go to the Azure portal and select your virtual network.Then select Peerings under Settings and select + Add2.

On the Add peering page, enter or select the following information:

Name: Type a unique name for the peering from the source virtual network to the destination virtual network.

Virtual network deployment model: Select Resource manager.

Subscription: Select the subscription that contains the destination virtual network.

Virtual network: Select the destination virtual network from the list or enter its resource ID.

Name of the peering from [destination virtual network] to [source virtual network]: Type a unique name for the peering from the destination virtual network to the source virtual network.

Configure virtual network access settings: Select Enabled to allow resources in both virtual networks to communicate with each other.

Allow forwarded traffic: Select Disabled to prevent traffic that originates from outside either of the peered virtual networks from being forwarded through either of them.

Allow gateway transit: Select Disabled to prevent either of the peered virtual networks from using a gateway in the other virtual network.

Use remote gateways: Select Disabled to prevent either of the peered virtual networks from using a gateway in the other virtual network as a transit point to another network.

Select Add to create the peering2.

Repeat the previous steps to create peerings between VNET2 and VNET1, and between VNET2 and VNET3. This will allow hosts on VNET2 to access hosts on both VNET1 and VNET3.

To prevent hosts on VNET1 and VNET3 from communicating through VNET2, you need to use network security groups (NSGs) to filter traffic between subnets.NSGs are rules that allow or deny inbound or outbound traffic based on source or destination IP address, port, or protocol3.

To create an NSG, you need to go to the Azure portal and select Create a resource. Search for network security group and select Network security group.Then select Create4.

On the Create a network security group page, enter or select the following information:

Subscription: Select your subscription name.

Resource group: Select your resource group name.

Name: Type a unique name for your NSG.

Region: Select the same region as your virtual networks.

Select Review + create and then select Create to create your NSG4.

To add rules to your NSG, you need to go to the Network security groups service in the Azure portal and select your NSG.Then select Inbound security rules or Outbound security rules under Settings and select + Add4.

On the Add inbound security rule page or Add outbound security rule page, enter or select the following information:

Source or Destination: Select CIDR block.

Source CIDR blocks or Destination CIDR blocks: Enter the IP address range of the source or destination subnet that you want to filter. For example, 10.0.1.0/24 for VNET1 subnet 1, 10.0.2.0/24 for VNET2 subnet 1, and 10.0.3.0/24 for VNET3 subnet 1.

Protocol: Select Any to apply the rule to any protocol.

Action: Select Deny to block traffic from or to the source or destination subnet.

Priority: Enter a number between 100 and 4096 that indicates the order of evaluation for this rule. Lower numbers have higher priority than higher numbers.

Name: Type a unique name for your rule.

Select Add to create your rule4.

Repeat the previous steps to create inbound and outbound rules for your NSG that deny traffic between VNET1 and VNET3 subnets. For example, you can create an inbound rule that denies traffic from 10.0.1.0/24 (VNET1 subnet 1) to 10.0.3.0/24 (VNET3 subnet 1), and an outbound rule that denies traffic from 10.0.3.0/24 (VNET3 subnet 1) to 10.0.1.0/24 (VNET1 subnet 1).

To associate your NSG with a subnet, you need to go to the Virtual networks service in the Azure portal and select your virtual network.Then select Subnets under Settings and select the subnet that you want to associate with your NSG5.

On the Edit subnet page, under Network security group, select your NSG from the drop-down list.Then select Save5.

Repeat the previous steps to associate your NSG with the subnets in VNET1 and VNET3 that you want to isolate from each other.


by Man at Nov 16, 2024, 11:46 PM

Limited Time Offer

25%

Off

Get Premium AZ-700 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Juan
3 months ago
Sounds complicated, but I think it’s doable!
upvoted 0 times
...
Mabel
3 months ago
You might need to configure NSGs for that.
upvoted 0 times
...
Freeman
3 months ago
Wait, can VNET2 really block traffic between VNET1 and VNET3?
upvoted 0 times
...
Chaya
4 months ago
Totally agree, peering is the way to go.
upvoted 0 times
...
Anissa
4 months ago
Just set up VNET peering for that!
upvoted 0 times
...
Alethea
4 months ago
I'm a bit confused about how to implement the restrictions without blocking all traffic. I hope I can remember the right commands!
upvoted 0 times
...
Louis
4 months ago
If I recall correctly, we might need to use Network Security Groups to restrict access between VNET1 and VNET3.
upvoted 0 times
...
Junita
4 months ago
I remember a practice question where we had to configure peering, but I'm not sure if that's the right approach here.
upvoted 0 times
...
Latrice
5 months ago
I think we need to set up some kind of routing or firewall rules to control the traffic between the VNETs.
upvoted 0 times
...
Genevieve
5 months ago
Ah, I see what they're getting at. I think I can use network security groups or route tables to isolate the VNETs as needed. Just need to make sure I configure it all correctly.
upvoted 0 times
...
Kristal
5 months ago
This seems straightforward enough. I'll probably start by mapping out the network connections and then look into Azure Virtual Network features that can help enforce the required access control.
upvoted 0 times
...
Cora
5 months ago
I'm a bit confused on how to prevent the cross-communication between VNET1 and VNET3 while still allowing access from VNET2. Might need to review some network security concepts.
upvoted 0 times
...
Cordell
5 months ago
Okay, I think I know how to approach this. I'll need to set up some network peering or VPN connections to enable the desired communication paths.
upvoted 0 times
...
Adaline
5 months ago
Hmm, this looks like a tricky one. I'll need to think through the network topology and routing requirements carefully.
upvoted 0 times
...
Ming
1 year ago
A is the way to go. As long as the explanation is clear, I'm confident I can make this work. Hey, does anyone else think 'VNET' sounds like a new type of vet clinic?
upvoted 0 times
Lashawnda
1 year ago
Let's follow the steps in the explanation to get this set up correctly.
upvoted 0 times
...
Christiane
1 year ago
Haha, 'VNET' does sound like a vet clinic!
upvoted 0 times
...
Albert
1 year ago
I agree, A seems like the best option here.
upvoted 0 times
...
Sharita
1 year ago
A) See the Explanation below for step by step instructions
upvoted 0 times
...
...
Mitsue
1 year ago
The instructions for option A better be good, because I'm not about to mess around with VNet configurations and end up breaking something!
upvoted 0 times
...
Garry
1 year ago
A seems like the logical choice here. Separating the VNet traffic while allowing VNET2 to access both VNET1 and VNET3 is exactly what the question is asking for.
upvoted 0 times
Sharen
1 year ago
Agreed, it's important to follow the instructions carefully to achieve the desired outcome
upvoted 0 times
...
Mona
1 year ago
That makes sense, we need to make sure the traffic is separated properly
upvoted 0 times
...
Mabelle
1 year ago
A) See the Explanation below for step by step instructions
upvoted 0 times
...
...
Teri
1 year ago
That makes sense. We can also use route tables to direct traffic between the virtual networks accordingly.
upvoted 0 times
...
Katlyn
1 year ago
Yes, we can create NSGs with specific rules to allow communication between VNET2 and VNET1/VNET3 while blocking communication between VNET1 and VNET3.
upvoted 0 times
...
Teri
1 year ago
I think we need to set up network security groups to control traffic between the virtual networks.
upvoted 0 times
...
Markus
1 year ago
I'm pretty sure the answer is A. That sounds like the best way to set up the VNet connections to prevent unwanted traffic between VNET1 and VNET3.
upvoted 0 times
Sharen
1 year ago
Let's make sure to carefully implement the steps to allow access between VNET2, VNET1, and VNET3 while maintaining security measures.
upvoted 0 times
...
Emeline
1 year ago
The solution provided in option A seems like the most effective way to achieve the desired network configuration.
upvoted 0 times
...
Virgina
1 year ago
It's important to prevent unwanted traffic between VNET1 and VNET3 for security reasons.
upvoted 0 times
...
Gene
1 year ago
I agree, following the step by step instructions is the best way to ensure proper setup.
upvoted 0 times
...
...

Save Cancel