Home » Microsoft » AZ-300 v.2 » What should you do?
You have an Azure subscription named Subscription1 that contains two Azure networks named VNet1 and VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1.
On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1.
You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2.
You need to ensure that you can connect Client1 to VNet2.
What should you do?
A. Select Allow gateway transit on VNet1.
B. Download and re-install the VPN client configuration package on Client1.
C. Enable BGP on VPNGW1.
D. Select Allow gateway transit on VNet2.
Correct Answer: B
Explanation/Reference:
Explanation:
Point-to-Site certificate authentication connections require the following prerequisites:
A Dynamic VPN gateway.
The public key (.cer file) for a root certificate, which is uploaded to Azure. This key is considered a trusted certificate and is used for authentication.
A client certificate generated from the root certificate, and installed on each client computer that will connect. This certificate is used for client authentication.
A VPN client configuration package must be generated and installed on every client computer that connects. The client configuration package configures the native VPN client that’s already on the operating system with the necessary information to connect to the VNet.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing