Bird
Raised Fist0
Azurecloud~20 mins

VPN Gateway for hybrid connectivity in Azure - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
VPN Gateway Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Architecture
intermediate
2:00remaining
Choosing the right VPN Gateway SKU for hybrid connectivity

You need to connect your on-premises network to Azure using a VPN Gateway. Your on-premises network has high traffic and requires support for multiple tunnels. Which VPN Gateway SKU should you choose?

AVpnGw3 SKU, supports multiple tunnels and high bandwidth
BVpnGw1 SKU, supports multiple tunnels and moderate bandwidth
CBasic SKU, supports up to 1 tunnel and low bandwidth
DStandard SKU, supports multiple tunnels and moderate bandwidth
Attempts:
2 left
💡 Hint

Consider the number of tunnels and bandwidth needed for your hybrid network.

service_behavior
intermediate
2:00remaining
Behavior of BGP with Azure VPN Gateway

You configure BGP (Border Gateway Protocol) on your Azure VPN Gateway and your on-premises VPN device. What is the expected behavior when BGP is enabled?

ABGP advertises routes dynamically between Azure and on-premises networks
BRoutes are statically configured and do not change dynamically
CBGP disables VPN tunnels and uses ExpressRoute instead
DBGP only works with Basic SKU VPN Gateways
Attempts:
2 left
💡 Hint

Think about what BGP does in network routing.

security
advanced
2:00remaining
Securing VPN Gateway connections with IPsec/IKE policies

You want to enforce specific encryption and hashing algorithms for your VPN Gateway connections to comply with your company's security policy. Which Azure feature allows you to customize these settings?

ASet up Network Security Groups (NSGs) on the VPN Gateway subnet
BConfigure IPsec/IKE policy on the VPN Gateway connection
CEnable Azure DDoS Protection on the VPN Gateway
DUse Azure Firewall to filter VPN traffic
Attempts:
2 left
💡 Hint

Look for a feature that controls encryption and hashing algorithms on VPN tunnels.

Configuration
advanced
2:00remaining
Configuring active-active VPN Gateway for high availability

You want to configure an Azure VPN Gateway in active-active mode to ensure high availability for your hybrid connection. Which of the following is a required step?

ADeploy two VPN Gateways in different regions and connect them with ExpressRoute
BUse Basic SKU VPN Gateway with multiple tunnels enabled
CEnable active-active mode on a VpnGw2 or higher SKU and configure two public IP addresses
DConfigure BGP only on one tunnel and disable it on the other
Attempts:
2 left
💡 Hint

Active-active mode requires specific SKU and multiple IP addresses.

Best Practice
expert
2:00remaining
Optimizing hybrid connectivity with VPN Gateway and ExpressRoute

Your company uses both VPN Gateway and ExpressRoute to connect on-premises to Azure. You want to optimize routing and failover between these connections. Which approach follows best practices?

AUse ExpressRoute for all traffic and disable VPN Gateway to avoid conflicts
BUse VPN Gateway only for backup and disable BGP on ExpressRoute
CConfigure static routes on VPN Gateway and dynamic routes on ExpressRoute without BGP
DAdvertise all on-premises routes over both VPN Gateway and ExpressRoute with BGP, and configure route priorities
Attempts:
2 left
💡 Hint

Think about how to use BGP and route priorities for failover.

Practice

(1/5)
1. What is the primary purpose of an Azure VPN Gateway in hybrid connectivity?
easy
A. To manage Azure Active Directory users
B. To securely connect an Azure virtual network with an on-premises network
C. To provide public internet access to Azure resources
D. To host web applications in Azure

Solution

  1. Step 1: Understand VPN Gateway role

    An Azure VPN Gateway creates a secure tunnel between Azure and on-premises networks.

  2. Step 2: Identify correct purpose

    Among the options, only connecting Azure virtual network with on-premises securely matches the VPN Gateway's role.

  3. Final Answer:

    To securely connect an Azure virtual network with an on-premises network -> Option B

  4. Quick Check:

    VPN Gateway = Secure hybrid connection [OK]
Hint: VPN Gateway links cloud and local networks securely [OK]
Common Mistakes:
  • Confusing VPN Gateway with web hosting services
  • Thinking VPN Gateway manages user identities
  • Assuming VPN Gateway provides public internet access
2. Which subnet name must you use when creating a VPN Gateway in an Azure virtual network?
easy
A. PublicSubnet
B. VPNSubnet
C. Subnet1
D. GatewaySubnet

Solution

  1. Step 1: Recall required subnet for VPN Gateway

    Azure requires a subnet named exactly 'GatewaySubnet' for VPN Gateway deployment.

  2. Step 2: Verify option correctness

    Only 'GatewaySubnet' matches the required name; others are invalid for VPN Gateway.

  3. Final Answer:

    GatewaySubnet -> Option D

  4. Quick Check:

    VPN Gateway subnet = GatewaySubnet [OK]
Hint: Always name VPN Gateway subnet as GatewaySubnet [OK]
Common Mistakes:
  • Using generic subnet names instead of GatewaySubnet
  • Confusing VPNSubnet with GatewaySubnet
  • Not creating a dedicated subnet for VPN Gateway
3. Given this Azure CLI command snippet to create a VPN Gateway: 
az network vnet-gateway create --name MyVpnGateway --public-ip-address MyPublicIP --resource-group MyResourceGroup --vnet MyVNet --gateway-type Vpn --vpn-type RouteBased --sku VpnGw1
What VPN type is being used here?
medium
A. RouteBased
B. PointToSite
C. ExpressRoute
D. PolicyBased

Solution

  1. Step 1: Analyze the command parameters

    The parameter '--vpn-type RouteBased' explicitly sets the VPN type to RouteBased.

  2. Step 2: Confirm VPN type meaning

    RouteBased VPN supports flexible connections and is commonly used for hybrid networks.

  3. Final Answer:

    RouteBased -> Option A

  4. Quick Check:

    --vpn-type RouteBased means RouteBased VPN [OK]
Hint: Look for --vpn-type parameter to identify VPN type [OK]
Common Mistakes:
  • Confusing PolicyBased with RouteBased
  • Assuming ExpressRoute is a VPN type
  • Mixing PointToSite with Site-to-Site VPN types
4. You deployed a VPN Gateway but the connection to your on-premises network fails. Which of these is a likely misconfiguration?
medium
A. The virtual network has too many subnets
B. The VPN Gateway SKU is set to Basic for high throughput needs
C. The GatewaySubnet is missing or incorrectly named
D. The public IP address is assigned to a VM instead of the VPN Gateway

Solution

  1. Step 1: Check subnet configuration

    VPN Gateway requires a correctly named GatewaySubnet; missing or wrong name causes failure.

  2. Step 2: Evaluate other options

    Too many subnets is not a direct cause; SKU Basic may limit performance but not cause failure; public IP must be assigned to VPN Gateway, not VM.

  3. Final Answer:

    The GatewaySubnet is missing or incorrectly named -> Option C

  4. Quick Check:

    GatewaySubnet misconfiguration causes VPN failure [OK]
Hint: Verify GatewaySubnet exists and is named correctly [OK]
Common Mistakes:
  • Ignoring GatewaySubnet naming requirements
  • Assigning public IP to wrong resource
  • Assuming SKU affects connection establishment
5. You want to set up a hybrid network with Azure using a VPN Gateway. Your on-premises network uses static routing. Which VPN type should you choose for maximum flexibility and why?
hard
A. RouteBased, because it supports both static and dynamic routing
B. PolicyBased, because it supports static routing only
C. ExpressRoute, because it is faster than VPN
D. PointToSite, because it supports multiple clients

Solution

  1. Step 1: Understand VPN types and routing

    PolicyBased VPN supports only static routing; RouteBased supports static and dynamic routing.

  2. Step 2: Match VPN type to flexibility needs

    RouteBased VPN is more flexible and recommended for hybrid networks with static or dynamic routing.

  3. Step 3: Exclude other options

    ExpressRoute is a different service, not a VPN type; PointToSite is for individual client connections, not site-to-site.

  4. Final Answer:

    RouteBased, because it supports both static and dynamic routing -> Option A

  5. Quick Check:

    RouteBased VPN = flexible routing support [OK]
Hint: Choose RouteBased VPN for static and dynamic routing support [OK]
Common Mistakes:
  • Choosing PolicyBased for flexibility
  • Confusing ExpressRoute with VPN Gateway
  • Using PointToSite for site-to-site connectivity