ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 4.4: Network SolutionsDomain 4NetworkingExpressRouteHybrid
This question is part of a case study — click to read the full scenario(Case 51)

CASE STUDY: Contoso Ltd is a global financial services company migrating to Azure.
Current environment: 3 on-premises datacenters (New York, London, Tokyo) connected via MPLS.
Azure footprint: 1 Hub VNet in East US, 1 Hub in UK South. 50 Spoke VNets peered to the Hubs.
Requirements:

  1. Encrypt all cross-region traffic.
  2. Inspect all internet-bound traffic from spokes.
  3. Connect Tokyo datacenter to Azure with guaranteed 10 Gbps and SLA.
  4. Ensure web apps in spokes are protected from SQL injection.
  5. Resolve on-premises DNS from Azure and vice versa.

QUESTION: To meet Requirement 2 (Inspect all internet-bound traffic from spokes), you deploy Azure Firewall in the Hub VNets. How must you configure the Spoke VNets to ensure traffic is routed to the firewall?

View full case study page →

AZ-305 · Question 52 · Domain 4.4: Network Solutions

CASE STUDY: Contoso Ltd is a global financial services company migrating to Azure.
Current environment: 3 on-premises datacenters (New York, London, Tokyo) connected via MPLS.
Azure footprint: 1 Hub VNet in East US, 1 Hub in UK South. 50 Spoke VNets peered to the Hubs.
Requirements:

  1. Encrypt all cross-region traffic.
  2. Inspect all internet-bound traffic from spokes.
  3. Connect Tokyo datacenter to Azure with guaranteed 10 Gbps and SLA.
  4. Ensure web apps in spokes are protected from SQL injection.
  5. Resolve on-premises DNS from Azure and vice versa.

QUESTION: Which solution should you recommend to meet Requirement 3 (Connect Tokyo datacenter to Azure with guaranteed 10 Gbps and SLA)?

Answer options:

A.

Site-to-Site VPN Gateway (VpnGw5)

B.

Azure ExpressRoute Standard

C.

Azure ExpressRoute Direct

D.

Azure Virtual WAN

How to approach this question

Match 'guaranteed 10 Gbps' and 'SLA' to the premium tier of ExpressRoute.

Full Answer

C.Azure ExpressRoute Direct✓ Correct
Azure ExpressRoute Direct
To achieve a guaranteed 10 Gbps connection with an enterprise SLA, a Site-to-Site VPN is insufficient because it relies on the public internet. Azure ExpressRoute provides a private, dedicated connection. Specifically, Azure ExpressRoute Direct allows customers to connect directly into Microsoft's global network at peering locations, providing dual 10 Gbps or 100 Gbps ports. This bypasses the typical partner model and provides the highest level of performance and SLA.

Common mistakes

Choosing Site-to-Site VPN. While high-SKU VPNs can reach high speeds, they can never offer a guaranteed SLA for throughput because they traverse the unpredictable public internet.
51All questions53

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 5

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd has 50 subscriptions across 3 business units. Each business unit manages its own IT o...EasyQ02You are designing a monitoring solution for a hybrid environment. The environment consists of 200...MediumQ03Your company uses Microsoft Sentinel integrated with a Log Analytics workspace. The workspace ing...HardQ04You are designing an application monitoring strategy using Application Insights. The application ...MediumQ05A highly regulated financial institution is migrating to Microsoft 365 and Azure. They currently ...Hard
View all 55 questions →