QUESTION 50

You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1. You need to ensure that you can configure a point-to-site connection from VNet1 to an on-premises computer. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Reset GW1. B. Create a route-based virtual network gateway. C. Delete GW1. D. Add a public IP address space to VNet1. E. Add a connection to GW1. F. Add a service endpoint to VNet1. Correct Answer: BC Section: (none) Explanation Explanation/Reference: Explanation: B: A VPN gateway is used when creating a VPN connection to your on-premises network. Route-based VPN devices use any-to-any (wildcard) traffic selectors, and let routing/forwarding tables direct traffic to different IPsec tunnels. It is typically built on router platforms where each IPsec tunnel is modeled as a network interface or VTI (virtual tunnel interface). C: Policy-based VPN devices use the combinations of prefixes from both networks to define how traffic is encrypted/decrypted through IPsec tunnels. It is typically built on firewall devices that perform packet filtering. IPsec tunnel encryption and decryption are added to the packet filtering and processing engine. Incorrect Answers: D: Point-to-Site connections do not require a VPN device or a public-facing IP address. References: https://docs.microsoft.com/en-us/azure/vpn-gateway/create-routebased-vpn-gateway- portal https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased- rm-ps