Which two options should you recommend?

An app uses a virtual network with two subnets. One subnet is used for the application server. The other subnet is used for a database server. A network virtual appliance (NVA) is used as a firewall.

Traffic destined for one specific address prefix is routed to the NVA and then to an on-premises database server that stores sensitive data. A Border Gateway Protocol (BGP) route is used for the traffic to the on-premises database server.

You need to recommend a method for creating the user-defined route.

Which two options should you recommend? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A . For the virtual network configuration, use a VP
C . For the next hop type, use a virtual network peering.
D . For the virtual network configuration, use Azure ExpressRoute.
E . For the next hop type, use a virtual network gateway.

View Answer

Answer: AD

Explanation:

You can create custom, or user-defined, routes in Azure to override Azure’s default system routes, or to add additional routes to a subnet’s route table.

You can specify the following next hop types when creating a user-defined route:

– Virtual appliance: A virtual appliance is a virtual machine that typically runs a network application, such as a firewall.

– Virtual network gateway: Specify when you want traffic destined for specific address prefixes routed to a virtual network gateway. The virtual network gateway must be created with type VPN. You cannot specify a virtual network gateway created as type ExpressRoute in a user-defined route because with ExpressRoute, you must use BGP for custom routes.

– None: Specify when you want to drop traffic to an address prefix, rather than forwarding the traffic to a destination.

– Virtual network: Specify when you want to override the default routing within a virtual network.

– Internet: Specify when you want to explicitly route traffic destined to an address prefix to the Internet, or if you want traffic destined for Azure services with public IP addresses kept within the Azure backbone network.

Incorrect Answers:

B: You cannot specify VNet peering or VirtualNetworkServiceEndpoint as the next hop type in user-defined routes. Routes with the VNet peering or VirtualNetworkServiceEndpoint next hop types are only created by Azure, when you configure a virtual network peering, or a service endpoint.

C: You cannot specify a virtual network gateway created as type ExpressRoute in a user-defined route because with ExpressRoute, you must use BGP for custom routes.

Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview