Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
Your company runs an internal web app on a virtual machine scale set behind a Standard internal Azure Load Balancer in a virtual network. The VMs must call several public SaaS services on the internet. The solution must meet these requirements:
All egress traffic must use a single, static public IPv4 address.
Support at least 50,000 simultaneous outbound connections.
Minimize the number of public IP resources and avoid changing existing NSG outbound rules. Which Azure networking component should you add to the subnet to meet these requirements?
Deploy an Azure NAT Gateway and associate it with the subnet, using a single static public IP address.
Create an Azure Application Gateway with a public frontend IP and add the scale set to its backend pool.
Attach a Public SKU Azure Load Balancer to the subnet and configure outbound rules.
Assign instance-level public IP addresses to every virtual machine in the scale set.
An Azure NAT Gateway attaches directly to a virtual network subnet and translates the private source addresses of all resources in that subnet to one or more static public IP addresses. A single public IP linked to the NAT gateway provides 64,512 SNAT ports, so it can support more than 50,000 concurrent outbound connections while keeping the egress address static. Because the NAT gateway operates at the subnet level, you do not need to add instance-level public IPs, create an extra public load balancer, or modify existing network security group outbound rules. Using instance-level public IPs would defeat the requirement for a single egress address. A Public SKU Azure Load Balancer could share one frontend IP, but it allocates only about 1,024 SNAT ports per VM and may still require additional frontend IPs to scale, while adding an Application Gateway is intended for inbound HTTP(S) traffic-not large-scale outbound NAT.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Azure NAT Gateway and how does it work?
Open an interactive chat with Bash
Why does the Azure NAT Gateway support more outbound connections than a Public Load Balancer?
Open an interactive chat with Bash
How do NAT Gateways interact with NSG (Network Security Group) rules?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design infrastructure solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .