Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

Your company uses a 5-Gbps ExpressRoute circuit with private peering to connect its on-premises datacenter to VNet1 in Azure. The circuit is provisioned through a service provider; ExpressRoute Direct is not in use. The security team now requires that all traffic over the circuit be encrypted in transit. You must meet the requirement while preserving the existing MPLS path and making the fewest topology changes. What should you recommend?

  • Deploy a route-based Azure VPN gateway in VNet1 and establish an IPsec site-to-site VPN that uses the ExpressRoute private peering.

  • Enable Azure Private Link for all workloads hosted in VNet1.

  • Replace the circuit with an Azure Virtual WAN secured virtual hub and connect the datacenter by using IPsec VPN.

  • Enable MACsec on the existing ExpressRoute circuit.

Microsoft Azure Security Engineer Associate AZ-500
Secure networking
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot