AZ-104 – Question 235

You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1.

You need to ensure that you can configure a point-to-site connection from an on-premises computer to VNet1.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Add a service endpoint to VNet1
  • B. Reset GW1
  • C. Create a route-based virtual network gateway
  • D. Add a connection to GW1
  • E. Delete GW1
  • F. Add a public IP address space to VNet1

Correct Answer: EC

C: A VPN gateway is used when creating a VPN connection to your on-premises network.
Route-based VPN devices use any-to-any (wildcard) traffic selectors, and let routing/forwarding tables direct traffic to different IPsec tunnels. It is typically built on router platforms where each IPsec tunnel is modeled as a network interface or VTI (virtual tunnel interface).
E: Policy-based VPN devices use the combinations of prefixes from both networks to define how traffic is encrypted/decrypted through IPsec tunnels. It is typically built on firewall devices that perform packet filtering. IPsec tunnel encryption and decryption are added to the packet filtering and processing engine.
Incorrect Answers:
F: Point-to-Site connections do not require a VPN device or a public-facing IP address.



Please enter your comment!
Please enter your name here