CASE STUDY: Global Enterprise Network
Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They currently operate a mix of on-premises infrastructure (500 servers across 5 data centers) and Azure (20 subscriptions with 100+ VMs and various PaaS services). Their annual IT budget is $10 million, with plans to migrate 70% of workloads to Azure within 2 years.
The company needs to reduce IT costs by 30%, improve disaster recovery (current RTO: 24 hours -> target: 2 hours), enhance security posture to meet ISO 27001 and SOC 2 compliance, and enable remote work for 80% of employees. All solutions must support future growth of 20% annually.
Some legacy applications cannot be modified and must run on Windows Server 2012. Network connectivity requires 10 Gbps throughput to Azure with <20ms latency. GDPR compliance mandates that EU customer data must remain in European Azure regions.
QUESTION 1 OF 5:
Contoso needs to connect their 5 global data centers to Azure and provide any-to-any connectivity (e.g., Data Center 1 can talk to Data Center 2 via the Azure backbone). They also need to connect 20 different Azure VNets across 3 regions. They want a managed service that minimizes routing complexity.
Which network topology should you recommend?
AZ-305 · Question 55 · Domain 4.4: Design network solutions
CASE STUDY: Global Enterprise Network
Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They currently operate a mix of on-premises infrastructure (500 servers across 5 data centers) and Azure (20 subscriptions with 100+ VMs and various PaaS services). Their annual IT budget is $10 million, with plans to migrate 70% of workloads to Azure within 2 years.
The company needs to reduce IT costs by 30%, improve disaster recovery (current RTO: 24 hours -> target: 2 hours), enhance security posture to meet ISO 27001 and SOC 2 compliance, and enable remote work for 80% of employees. All solutions must support future growth of 20% annually.
Some legacy applications cannot be modified and must run on Windows Server 2012. Network connectivity requires 10 Gbps throughput to Azure with <20ms latency. GDPR compliance mandates that EU customer data must remain in European Azure regions.
QUESTION 5 OF 5:
Contoso has a Hub VNet and two Spoke VNets (Spoke A and Spoke B) in the West Europe region.
The VNets are peered (Hub-to-Spoke A, and Hub-to-Spoke B). A Network Virtual Appliance (NVA) firewall is deployed in the Hub VNet.
You need to ensure that when a VM in Spoke A tries to communicate with a VM in Spoke B, the traffic is forced through the NVA in the Hub VNet for inspection.
What must you configure?
Answer options:
User Defined Routes (UDRs) on the subnets in Spoke A and Spoke B.
Enable 'Allow gateway transit' on the VNet peerings.
Network Security Groups (NSGs) on the subnets in Spoke A and Spoke B.
Azure Route Server in the Hub VNet.
55 questions · hints · full answers · grading
Expert