Skip to Content

Microsoft AZ-104: What Should You Use to Ensure Traffic Between Peered Azure VNets is Inspected by Network Virtual Appliance?

By: Author Alex Lim

Posted on

Categories Exam

Learn the correct solution for inspecting traffic between two peered Azure virtual networks using a Network Virtual Appliance (NVA). Discover how custom routes in a route table enable traffic inspection.

Table of Contents

Question

You have an Azure subscription that contains two peered virtual networks named VNet1 and VNet2.

You have a Network Virtual Appliance (NVA) named NetVA1.

You need to ensure that the traffic from VNet1 to VNet2 is inspected by using NetVA1.

What should you use?

A. a local network gateway
B. a route table that has custom routes
C. a service endpoint
D. IP address reservations

Answer

B. a route table that has custom routes

Explanation

To ensure that traffic from VNet1 to VNet2 is inspected by the Network Virtual Appliance (NVA) named NetVA1, you should use a route table that has custom routes (Option B).

When two Azure virtual networks are peered, they can communicate directly with each other by default. However, if you want to inspect the traffic between the peered VNets using an NVA, you need to configure custom routes in a route table.

Here’s how it works:

  1. Create a route table in Azure.
  2. Define custom routes in the route table that direct traffic destined for VNet2 to the private IP address of NetVA1.
  3. Associate the route table with the subnets in VNet1.

With this configuration, traffic originating from VNet1 and destined for VNet2 will be routed to NetVA1 for inspection before reaching its final destination in VNet2. The NVA can perform various security functions like firewalling, intrusion detection/prevention, and packet inspection.

The other options are not suitable for this scenario:

  • A local network gateway (Option A) is used for connecting an Azure VNet to an on-premises network via a VPN, not for traffic inspection between peered VNets.
  • A service endpoint (Option C) provides direct access from a VNet to an Azure service over the Azure backbone network, but it does not help with traffic inspection between VNets.
  • IP address reservations (Option D) ensure that a specific IP address is assigned to a resource, but they do not control traffic flow between VNets.

In summary, using custom routes in a route table is the correct way to inspect traffic between peered Azure virtual networks using a Network Virtual Appliance.

Microsoft AZ-104 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft AZ-104 exam and earn Microsoft AZ-104 certification.