Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
You manage two Azure virtual networks located in different Azure regions. The microservices hosted in each virtual network exchange approximately 4 Gbps of traffic and are highly sensitive to latency. Security policy states that traffic must never traverse the public internet. You want the simplest possible architecture that provides the lowest latency and highest throughput for the cross-region communication. Which connectivity option should you recommend?
Configure global virtual network peering directly between the two VNets.
Deploy an ExpressRoute circuit in each region and enable ExpressRoute Global Reach to connect the circuits.
Create active-active VPN gateways in each VNet and establish VNet-to-VNet Site-to-Site IPSec tunnels.
Implement a hub-and-spoke topology and route all traffic through an Azure Firewall in a central hub VNet.
Global virtual network peering links the two VNets directly across Microsoft's private backbone, so traffic never leaves Azure, incurs no encryption or tunnelling overhead, and can reach line-rate bandwidth limited only by the virtual machine NICs (up to 50 Gbps per VM). No gateways, route tables, or additional appliances are required, keeping operational complexity low.
Site-to-Site VPN or VNet-to-VNet connections send packets over IPSec tunnels that cross the public internet, adding latency and reducing throughput. A hub-and-spoke design that forces traffic through an Azure Firewall adds extra hops and performance overhead. ExpressRoute Global Reach can connect two circuits, but each VNet would need a dedicated ExpressRoute circuit, greatly increasing cost and management effort for performance similar to peering. Therefore, global VNet peering best meets the performance and simplicity requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Global Virtual Network Peering in Azure?
Open an interactive chat with Bash
Why is Site-to-Site VPN or VNet-to-VNet IPSec tunneling less efficient?
Open an interactive chat with Bash
What is ExpressRoute Global Reach and why is it not recommended in this scenario?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design infrastructure solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .