Microsoft Azure Security Engineer Associate AZ-500 Practice Question
An Azure virtual network is connected to an on-premises datacenter through a VPN gateway that advertises the 0.0.0.0/0 default route to the virtual network by using BGP. After the change, virtual machines in the AppSubnet send all outbound internet traffic through the on-premises network, but they must regain direct internet access while continuing to reach the on-premises prefixes through the VPN gateway. Which configuration should you apply to AppSubnet?
Disable virtual network gateway route propagation on AppSubnet's route table.
Associate a route table to AppSubnet that contains a 0.0.0.0/0 route with next hop type Internet.
Deploy Azure Firewall in the virtual network and add a 0.0.0.0/0 route that points to the firewall's private IP.
Associate a route table to AppSubnet that contains a 0.0.0.0/0 route with next hop type None.
User-defined routes (UDRs) have higher precedence than routes learned through BGP. By creating a route table that contains a 0.0.0.0/0 entry with the next hop type set to Internet and associating that table with AppSubnet, you override the BGP-propagated default route only for that subnet. More-specific on-premises prefixes learned through BGP remain in the effective route set and are still used, so traffic destined for the on-premises network continues to flow through the VPN gateway. Setting the next hop to None would black-hole all internet traffic, disabling BGP propagation would also remove the on-premises routes, and deploying Azure Firewall does not by itself restore direct internet egress.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is BGP and why is it significant in this scenario?
Open an interactive chat with Bash
What are User-Defined Routes (UDRs) in Azure?
Open an interactive chat with Bash
What does the next hop type 'Internet' do in Azure routing configuration?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure networking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .