ExpertMedium1 markMultiple Choice
AZ-305 · Question 32 · Domain 3.1: Backup and Disaster Recovery
You are designing a disaster recovery solution to migrate and protect 100 on-premises VMware virtual machines to Azure using Azure Site Recovery (ASR).
The security team dictates that the replication traffic from the on-premises environment to Azure must be encrypted in transit and must travel over a private connection, not the public internet.
Which TWO components are required to achieve this? (Select TWO)
You are designing a disaster recovery solution to migrate and protect 100 on-premises VMware virtual machines to Azure using Azure Site Recovery (ASR).
The security team dictates that the replication traffic from the on-premises environment to Azure must be encrypted in transit and must travel over a private connection, not the public internet.
Which TWO components are required to achieve this? (Select TWO)
Answer options:
A.
Azure ExpressRoute or Site-to-Site VPN
B.
Azure Private Endpoint for the Recovery Services vault
C.
Azure Front Door
D.
Azure Bastion
E.
Azure Traffic Manager
How to approach this question
Identify the network connection needed for private routing, and the Azure feature that brings PaaS services (like the vault) into the private network.
Full Answer
Azure ExpressRoute or Site-to-Site VPN, Azure Private Endpoint for the Recovery Services vault
To replicate VMware VMs to Azure without using the public internet, you first need a private connectivity backbone, which is provided by Azure ExpressRoute or a Site-to-Site VPN. Secondly, because Azure Site Recovery uses a Recovery Services vault (which is a PaaS service with a public endpoint by default), you must configure an Azure Private Endpoint for the vault. This assigns the vault a private IP address from your VNet, ensuring all replication traffic stays on the private network.
Common mistakes
Forgetting the Private Endpoint. Even with ExpressRoute, traffic to PaaS services will route over Microsoft's public edge unless a Private Endpoint is used.
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 5
55 questions · hints · full answers · grading
More questions from this exam
Q01Contoso Ltd has 50 subscriptions across 3 business units. Each business unit manages its own IT o...EasyQ02You are designing a monitoring solution for a hybrid environment. The environment consists of 200...MediumQ03Your company uses Microsoft Sentinel integrated with a Log Analytics workspace. The workspace ing...HardQ04You are designing an application monitoring strategy using Application Insights. The application ...MediumQ05A highly regulated financial institution is migrating to Microsoft 365 and Azure. They currently ...Hard