ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 4.4: Network SolutionsDomain 4.4VNet PeeringHub and Spoke
This question is part of a case study — click to read the full scenario(Case 51)

CASE STUDY: Contoso Ltd is a global financial services firm with 10,000 employees. They have a primary on-premises data center in London and a secondary in New York. They are migrating to Azure and require a hub-and-spoke network topology. Requirements: 1) Secure connectivity between on-premises and Azure with at least 5 Gbps throughput and redundancy. 2) Centralized inspection of all outbound internet traffic from spoke VNets. 3) Spoke VNets must communicate with each other securely. 4) PaaS services (Storage, SQL) must be accessed privately without traversing the public internet. 5) Web applications in spokes require WAF protection and global load balancing.

Question 1 of 5: To meet Requirement 1 (Secure connectivity with at least 5 Gbps throughput and redundancy), which hybrid connectivity solution should you recommend?

View full case study page →

AZ-305 · Question 53 · Domain 4.4: Network Solutions

CASE STUDY: Contoso Ltd is a global financial services firm with 10,000 employees. They have a primary on-premises data center in London and a secondary in New York. They are migrating to Azure and require a hub-and-spoke network topology. Requirements: 1) Secure connectivity between on-premises and Azure with at least 5 Gbps throughput and redundancy. 2) Centralized inspection of all outbound internet traffic from spoke VNets. 3) Spoke VNets must communicate with each other securely. 4) PaaS services (Storage, SQL) must be accessed privately without traversing the public internet. 5) Web applications in spokes require WAF protection and global load balancing.

Question 3 of 5: To meet Requirement 3 (Spoke VNets must communicate with each other securely), how should you configure the routing?

Answer options:

A.

Create a full mesh of VNet peerings between all spokes.

B.

Configure VNet peering from each spoke to the hub, and use Azure Firewall in the hub to route traffic between spokes.

C.

Enable 'Allow forwarded traffic' on the spoke VNets.

D.

Use Azure ExpressRoute Global Reach.

How to approach this question

Identify how spoke-to-spoke traffic is handled in a hub-and-spoke topology.

Full Answer

B.Configure VNet peering from each spoke to the hub, and use Azure Firewall in the hub to route traffic between spokes.✓ Correct
Configure VNet peering from each spoke to the hub, and use Azure Firewall in the hub to route traffic between spokes.
In a hub-and-spoke architecture, spoke VNets do not peer directly with each other. Instead, they peer with the hub, and traffic between spokes is routed through a Network Virtual Appliance or Azure Firewall in the hub.

Common mistakes

Choosing full mesh peering, which defeats the purpose of a hub-and-spoke design.
52All questions54

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 6

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd is a global manufacturing company with 50,000 employees. They operate a mix of on-pre...MediumQ02A financial institution has 500 Windows Server VMs on-premises and 200 VMs in Azure. They need to...HardQ03An enterprise uses Azure Sentinel and Log Analytics. They ingest 500 GB of logs daily. The IT bud...HardQ04You are designing a monitoring strategy for a new Azure deployment consisting of App Service, Azu...EasyQ05A healthcare company uses Microsoft Entra ID (Azure AD). They need to implement a security policy...Medium
View all 55 questions →